Offline Validation of Access Tokens

SpaceCode access tokens conform to JSON Web Token (JWT) standard. To reduce the number of requests, access tokens can be validated in a third-party service without making requests to SpaceCode per token. You can cache the service public key and validate access tokens offline using JSON Web Key Set (JWKS).

SpaceCode API has a dedicated endpoint that returns JSON Web Key Set. It can be accessed at: <SpaceCode service URL>/oauth/jwks.json

Here is an example of a JWKS returned from the endpoint:

For details, refer to JSON Web Key Set Properties.