> ## Documentation Index > Fetch the complete documentation index at: https://help-plum.xoxoday.com/llms.txt > Use this file to discover all available pages before exploring further. # Validate Token > Validate whether the current `access_token` is still active. Pass the Bearer token in the `Authorization` header. At any point, if you want to validate if the `access_token` is valid or not, then you can call the endpoint as outlined on this page. The client application will pass the bearer token in the header. The response to the request will be as outlined on the right-hand side panel. ## Response Schema | \*\*Property \*\* | \*\* Type \*\* | \*\* Description\*\* | | ---------------------- | -------------- | --------------------------------------------------------- | | access\_token | string | Newly generated access token for authenticated API calls. | | token\_type | string | Always `"bearer"`. | | expires\_in | number | Token validity duration in seconds. | | access\_token\_expiry | number | Epoch timestamp (ms) when the access token will expire. | | refresh\_token\_expiry | number | Epoch timestamp (ms) when the refresh token will expire. | ## OpenAPI ````yaml specs/reward-link-api.yaml GET /token openapi: 3.0.3 info: title: Xoxoday Reward Link API version: '1.2' description: > APIs for automating reward distribution via personalized reward links and campaigns. **Auth endpoints** resolve against `https://stagingstores.xoxoday.com/chef/v1/oauth` using a per-operation server override. **Campaign + Link operations** use `https://stagingstores.xoxoday.com/chef/v1/oauth/api` as the base. `/generateLink` and `/sendLinks` have dedicated real paths. Campaign operations (`/campaignList`, `/campaignDetails`) use short virtual path suffixes because both operations share the same real URL (`/v1/oauth/api`) and OpenAPI does not allow two POST operations on the same path. servers: - url: https://stagingstores.xoxoday.com/chef/v1/oauth/api description: Sandbox - url: https://accounts.xoxoday.com/chef/v1/oauth/api description: Production - url: https://canvas.xoxoday.com/chef/v1/oauth/api description: Testing security: - BearerAuth: [] tags: - name: Authentication description: Token management — validate and refresh access tokens. - name: Campaigns description: Fetch reward link campaigns and their details. - name: Links description: Generate and send reward links to recipients. paths: /token: get: tags: - Authentication summary: Validate Token description: > Validate whether the current `access_token` is still active. Pass the Bearer token in the `Authorization` header. operationId: validateToken responses: '200': description: Token is valid. content: application/json: schema: type: object properties: access_token: type: string description: The validated access token. token_type: type: string description: Always `bearer`. expires_in: type: number description: Token validity duration in seconds. access_token_expiry: type: number description: Epoch timestamp (ms) when the access token expires. refresh_token_expiry: type: number description: Epoch timestamp (ms) when the refresh token expires. example: access_token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9... token_type: bearer expires_in: 1296000 access_token_expiry: 1718000000000 refresh_token_expiry: 1720000000000 '401': $ref: '#/components/responses/Unauthorized' servers: - url: https://stagingstores.xoxoday.com/chef/v1/oauth description: Sandbox - url: https://accounts.xoxoday.com/chef/v1/oauth description: Production - url: https://canvas.xoxoday.com/chef/v1/oauth description: Testing components: responses: Unauthorized: description: Missing or invalid access token. content: application/json: schema: type: object properties: error: type: string example: Unauthorized securitySchemes: BearerAuth: type: http scheme: bearer description: '`Authorization: Bearer `' ````