2 min read
Definition
Introspection (RFC 7662) is a server call that returns active: true/false for a token plus its metadata. Unlike local JWKS verification, it sees revocations before natural expiry — at the cost of a round trip per check.
In plain terms
Asking the server, live, whether a token is still good.
Why it matters here
Reach for it on sensitive paths where instant revocation matters. See the introspection endpoint.
Related reading

JWKS (JSON Web Key Set)
A JWKS is the published set of public keys that sign partner access tokens. Fetch it, cache by key ID, and…
Read →
Access token
An access token is the short-lived bearer JWT you send as Authorization: Bearer on partner calls. You mint it…
Read →
Scope
A scope is a named capability on an OAuth token — like applications:write — that bounds what the token can…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.