HarpGamer

Stuart, thank you for the thorough response. I imagine /api/core/me will be my initial approach then swap in a lighter-weight REST API endpoint to do a quicker validation.

A lazy ask since I haven't done enough research yet. My community is acting as IDP. My custom web-application, henceforth PoCApp, successfully navigates the OAuth flow to authenticate the user against Invision. Now PoCApp makes API calls to PoCAPI. PoCAPI is separate from Invision. PoCAPI should leverage the bearer token to authenticate and authorize the user for the API call. Is there a standard approach for PoCAPI to communicate with Invision to validate the authentication? I'm suspecting I need to write an addon API (introspection endpoint) to Invision that PoCAPI will call to do the validation but am curious if there is something hiding or some overloading of the OAuth endpoints will get me what I need. PoCAPI will call a separate authorization engine once the authentication is validated. Thank you for helping me overcome the brain block!