REST APIs ~ Mobile Procurement (MOBPROC) v1
Developer Portal - Log In

Access Tokens

How to Validate an Access Token

The following information is required to validate an access token:

  • access_token: The access token to be validated.


NOTE: Some client IDs may not have the permissions required to validate tokens. When requested, this permission is granted on a case by case basis.

Endpoints

An access token is validated by making an HTTP GET to our validation endpoint. The specific endpoint used will depend upon your instance’s environment type:

  • For Production: http://tngo-prod-oauth-ping-validator.cloudhub.io
  • For QA: http://tngo-qa-oauth-ping-validator.cloudhub.io


Request Query Parameters

To validate an access token, the following query parameters need to be passed with this GET request:

Query Parameter Description Example
access_token The access token to be validated. jf8ANPs5ETFT1RPnfJnZpbcWjz2f


Example

The following is an example of a GET request to validate a token:

https://oauthqa.tangoe.com/as/token.oauth2?grant_type=urn:pingidentity.com:oauth2:grant_type:validate_bearer&token=8jmFdZdww2h3FDYNJEHXgvtnXbdc&client_id=286ff94127c8801e9227d89337c14351&client_secret=72g30d2857fo4a41A9525345572AC72LK

The following is an example of a response that might be returned:

 {
    "scope": "MOBPROC",
    "expires_in": 7186,
    "client_id": "286ff94127c8801e9227d89337c14351",
    "access_token": {
        "platform": "command",
        "tenant": "XYZ",
        "multitenant": "false",
        "domain": "*",
        "identityProvider": "pcv_edge",
        "identifier": "api.account.xyz"
    }
  }

The following properties are returned in the token validation response:

Property Description Example
scope OAuth scopes that are associated with the access token being validated. MOBPROC
expires_in Number of seconds that the access token will be valid. 7188
client_id Tangoe-assigned client ID for the API client application that requested the access token being validated. a98b70cddd5f1432221360bd732f5ec1
platform Source system that is associated with the access token. command
tenant The Tangoe-assigned code that identifies the client account. ABC
multitenant Boolean to indicate that caller has access to data for more than one tenant. false
identityProvider Identifies the authenticating entity. pcv_edge
identifier Identity that was authorized by security provider (e.g., Ping). api.account.xyz