This endpoint lets you introspect a JSON web token (JWT) that has been generated with the /token/ endpoint.
This endpoint requires authorization using a client ID and client secret. To get a client ID and secret, you must have created a client application in Alation at Admin Settings > Authorization in the OAuth Client Applications section.
Authorization can occur in one of two ways:
The client ID and secret can be passed as part of the header using the Basic authentication scheme, where the client ID is the username and the client secret is the password.
The client ID and secret can be passed in the request body using the client_id and client_secret body parameters.
You can use the verify_token parameter to skip signature verification if it has already been verified offline. Skipping signature verification is not recommended per RFC 7662.