Feedback
Roadmap
Changelog
← Back to all posts

Add Auth Token Validation Endpoint

Problem Statement

Clients currently authenticate customers using the PelcroOpen Login API, which returns anauth.tokenupon successful authentication. However, there isno dedicated API endpoint to validate whether an existingauth.tokenis still valid or active.
Clients such asEnergy Intelneed a way toprogrammatically verify token validitywhen managing sessions or protecting resources across their systems. Without this capability, clients must rely on indirect methods (e.g., attempting authenticated requests) to determine whether a token is valid, which introduces unnecessary complexity and inefficiency.
A dedicated endpoint would provide aclear, standardized, and API-first methodto confirm whether anauth.tokenis valid, expired, or invalid.

User Story

As aPelcro API client (Energy Intel),
I want toverify whether anauth.tokenis valid via a dedicated API endpoint,
so that I cansecurely validate user sessions and control access to protected resources without making additional authenticated API calls.

Proposed Solution

Introduce anew API endpointthat validates anauth.tokenissued via the Open Login authentication flow.
The endpoint should:

  • Accept an auth.token

  • Verify whether the token:

    • Exists

    • Is valid

    • Has not expired

    • Has not been revoked

  • Return a clear validation response.


Definition of Done (DoD)

  1. API Endpoint Implemented

    • A new endpoint [clarify endpoint path] exists to validate auth.token.

  2. Token Validation Logic

    • Endpoint verifies:

      • Token existence

      • Token expiration

      • Revocation status

      • Associated customer.

  3. Response Standardization

    • Returns structured JSON indicating:

      • Token validity (true/false)

      • Reason if invalid

      • Optional attributes (customer ID, expiration timestamp).

  4. Security Requirements

    • Endpoint respects Pelcro authentication and rate-limiting policies.

    • Tokens are validated without exposing sensitive data.

  5. Documentation

    • Endpoint documented in Pelcro API Docs.

    • Example requests and responses included.

  6. Testing

    • Unit tests for validation logic.

    • API tests covering:

      • Valid token

      • Expired token

      • Revoked token

      • Invalid token format.

Please authenticate to join the conversation.

Upvoters
Status

Backlog

Board
πŸ’‘

Pelcro Product

Date

16 days ago

Author

Rana Haleem

Subscribe to post

Get notified by email when there are changes.