Ask AI is now on the home page — ask a question and get a sourced answer from the Ory docs. You'll also find it in the bottom-right corner of any page.

Skip to main content

OAuth 2.0 token introspection

Token introspection is a mechanism for resource servers to obtain information about access tokens. With this specification, resource servers can check the validity of access tokens and discover other information, such as which user and which scopes are associated with the token.

important

Token introspection is meant for first-party or internal use only. The endpoint shouldn't be exposed publicly.

// Copyright © 2026 Ory Corp

import { Configuration, OAuth2Api } from "@ory/client"

const ory = new OAuth2Api(
new Configuration({
basePath: `https://${process.env.ORY_PROJECT_SLUG}.projects.oryapis.com`,
accessToken: process.env.ORY_API_KEY,
}),
)

export async function introspectToken(accessToken: string) {
const { data } = await ory.introspectOAuth2Token({ token: accessToken })
data.active // true or false
}