Token validation

You can configure application programming interface (API) and Web + API applications to use access token validators to locally verify signed and encrypted access tokens. This feature works in conjunction with token providers that support JSON Web Signature (JWS) and JSON Web Encryption (JWE) validation.

When using PingFederate as the token provider for this feature, export the Generated: ENGINE keypair from PingAccess, located under Security → Key Pairs, and import to PingFederate trusted certificate authorities (CAs).