© 2018 Capita Business Services Ltd. All rights reserved.
Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.
Web based API access to data held within SIMS ID.
The access token validation endpoint can be used to validate self-contained JWTs if the consumer does not have support for appropriate JWT or cryptographic libraries.
You can either GET or POST to the validation endpoint. Due to query string size restrictions, POST is recommended.
POST /connect/accesstokenvalidation
token=<token>
or
GET /connect/accesstokenvalidation?token=<token>
A successful response will return a status code of 200 and the associated claims for the token. An unsuccessful response will return a 400 with an error message.
It is also possible to pass a scope that is expected to be inside the token:
POST /connect/accesstokenvalidation
token=<token>&
expectedScope=partner
Whilst this endpoint can be used to validate reference tokens, we advise not to do so for confidentiality purposes as the access token validation endpoint does not enforce client authentication.