Skip to main content
Use this endpoint to confirm that a Dashboard access token is still valid before making sensitive requests. Shogun returns metadata about the token including the associated user and when the token expires.

Endpoint

POST https://baasapi.payrepmfb.com/api/v1/auth/web/verify
Authentication required: Authorization: Bearer <access_token>

Request body

token
string
required
The access token you want to verify.

Example request

curl --request POST \
  --url https://baasapi.payrepmfb.com/api/v1/auth/web/verify \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' \
  --header 'Content-Type: application/json' \
  --data '{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

Response

A successful request confirms the token is valid and returns associated metadata. 
{
  "status": true,
  "response_code": "00",
  "message": "Token is valid",
  "data": {
    "user_id": "usr_a1b2c3d4",
    "email": "admin@yourbusiness.com",
    "role": "ADMIN",
    "issued_at": "2026-04-28T08:00:00Z",
    "expires_at": "2026-04-28T09:00:00Z"
  }
}

Response fields

data.user_id
string
Unique identifier of the user associated with the token.
data.email
string
Email address of the user the token belongs to.
data.role
string
Role of the token’s owner. Possible values: ADMIN, INITIATOR, REVIEWER, AUTHORIZER.
data.issued_at
string
ISO 8601 timestamp indicating when the token was issued.
data.expires_at
string
ISO 8601 timestamp indicating when the token expires. Use the Refresh Token endpoint before this time to maintain the session.