--- title: Token validation description: You can configure application programming interface (API) and Web + API applications to use access token validators to locally verify signed and encrypted access tokens. This feature works in conjunction with token providers that support JSON Web Signature (JWS) and JSON Web Encryption (JWE) validation. component: pingaccess version: 9.0 page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_token_validation canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_token_validation.html revdate: February 6, 2023 --- # Token validation You can configure application programming interface (API) *(tooltip: \
\

A specification of interactions available for building software to access an application or service.\

\
)* and Web + API applications to use access token validators to locally verify signed and encrypted access tokens. This feature works in conjunction with token providers that support JSON Web Signature (JWS) *(tooltip: \
\

A signed instance of a JSON Web Token (JWT) based on IETF standard syntax and used for the exchange of signed content.\

\
)* and JSON Web Encryption (JWE) *(tooltip: \
\

A signed and encrypted instance of a JSON Web Token (JWT) based on IETF standard syntax and used for the exchange of encrypted content.\

\
)* validation. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When using PingFederate as the token provider for this feature, export the `Generated: ENGINE` keypair from PingAccess, located under **Security → Key Pairs**, and import to PingFederate trusted certificate authorities (CAs). |