> ## Documentation Index
> Fetch the complete documentation index at: https://orchestrator-docs.hexoforge.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify access token

> Introspect a JWT access token and return claims.

Validates the access token in `Authorization` and returns claims. Requires `X-API-Key` and **Bearer** token.

<Info>
  Send both `X-API-Key` and `Authorization: Bearer` with the token under test.
</Info>

## Response

**200 OK**

```json theme={null}
{
  "valid": true,
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "roles": ["user", "editor"],
  "permissions": ["read:posts", "write:posts"]
}
```

<ResponseField name="valid" type="boolean">
  Whether the token is currently valid.
</ResponseField>

<ResponseField name="user_id" type="string">
  Present when `valid` is true.
</ResponseField>

<ResponseField name="roles" type="string[]">
  Role slugs when valid.
</ResponseField>

<ResponseField name="permissions" type="string[]">
  Permission slugs when valid.
</ResponseField>

## Status codes

| Code | Meaning                            |
| ---- | ---------------------------------- |
| 200  | Body describes validity            |
| 401  | Token invalid, expired, or revoked |
