Skip to main content

Token Introspection


AnchorOverview

Most API Requests in Quiltt require a valid App Secret or User Session Token. Quiltt provides several endpoints to validate that a particular token is valid.


AnchorCheck App Secret

GET
https://auth.quiltt.io/v1/users/session

Verify that your App Secret is valid.

Successful requests will return up-to-date information about your App:

App

id string
name string
environment string

Authorization

Pass in your App Secret in the Authorization HTTP header:

Authorization: Bearer {{APP_SECRET}}

Response - 200 OK

{
"id": "7d86b825-f937-4cb5-97cc-384603736d7b",
"name": "My Project",
"environment": "Test"
}

AnchorCheck User Session

GET
https://auth.quiltt.io/v1/users/session

Verify that a User Session Token is valid.

Successful requests will return up-to-date information about the User Session:

User Session

id string
expiration integer
userId string
token string

Authorization

Pass in the User Session Token in the Authorization HTTP header:

Authorization: Bearer {{USER_SESSION_TOKEN}}

Response - 200 OK

{
"id": "4505c651-8717-4f4e-a0ce-f707172c33d8",
"expiration": 1620938721,
"userId": "3baa7624-2053-46b4-93f6-9132ce6ec65a",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE2MjA4NTY3MzgsImlhdCI6MTYyMDg1NjczOCwianRpIjoiZDZlMmM4YjAtOTYwMi00YmY2LTk0MmUtOWUxYmY3NjkwMDhkIiwiaXNzIjoiYXV0aC5xdWlsdHQuaW8iLCJhdWQiOiJhcGkucXVpbHR0LmlvIiwiZXhwIjoxNjIwOTQzMTM4LCJ2ZXIiOjEsImFpZCI6IjdkODZiODI1LWY5MzctNGNiNS05N2NjLTM4NDYwMzczNmQ3YiIsInVpZCI6IjNiYWE3NjI0LTIwNTMtNDZiNC05M2Y2LTkxMzJjZTZlYzY1YSJ9.WGdEeHFLMXuBVUaNbdd9C2bjq189jDG9ebOiR0FjsUB8zdMu8V5khf1smgBRyJR80Hxi-IJvNCUULjrQMFlXNg"
}