# Verify JWT Token using API (serverless)

If you don't have a backend server, for example, if you're using Webflow, we have provided an API endpoint to validate the access token from Cotter.

## Verify JWT Token from Cotter

<mark style="color:green;">`POST`</mark> `https://worker.cotter.app/verify`

If you don't have a server to verify Cotter's JWT token, you can do so by calling this API.

#### Headers

| Name         | Type   | Description                                                                                                                   |
| ------------ | ------ | ----------------------------------------------------------------------------------------------------------------------------- |
| API\_KEY\_ID | string | Your "API\_KEY\_ID". It's recommended to include your API KEY ID so it validates that the token is made for **your project.** |
| Content-Type | string | `application/json`                                                                                                            |

#### Request Body

| Name         | Type   | Description                                                                                                                                                            |
| ------------ | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| oauth\_token | object | The \`oauth\_token\` object that is returned by Cotter's Response. It should have an attribute called \`access\_token\` with the access token that you want to verify. |

{% tabs %}
{% tab title="200 Check if the token is valid based on the success value." %}

```javascript
// For valid tokens: 
{
    "success":true 
}

// If there's a problem:
{
    "success":false,
    "reason":"Error: Invalid JWT token"
}
```

{% endtab %}
{% endtabs %}

**Example HTTP Request:**

```
POST https://worker.cotter.app/verify
Content-Type: application/json
API_KEY_ID: <YOUR API KEY ID>

{
    "oauth_token": {
        "access_token": "eyJhbGciOiJFUzI1Ni...",
        "id_token": "eyJhbGciOiJFUzI1NiIsIm...",
        "refresh_token": "55185:BjD1Hh8ea...",
        "expires_in": 3600,
        "token_type": "Bearer",
        "auth_method": "OTP"
    }
}
```

#### Example with Javascript:

```markup
<!--Get Cotter JS SDK-->
<script
    src="https://unpkg.com/cotter@0.3.16/dist/cotter.min.js"
    type="text/javascript"
></script>

<script>
  async function checkAccessToken() {
    // 1. Get the logged-in user's access token
    let cotter = new Cotter("API_KEY_ID"); // 👈 Specify your API KEY ID here
    let token = await cotter.tokenHandler.getAccessToken();
    var accessToken = token?.token;

    // 2. Construct the body
    let body = {
      oauth_token: {
        access_token: accessToken
      }
    };

    // 3. If user is logged in then we fetch the user data
    let url = "https://worker.cotter.app/verify";
    fetch(url, {
      method: "POST",
      cache: "no-cache",
      headers: {
        "Content-Type": "application/json",
        API_KEY_ID: "API_KEY_ID"   // 👈 Specify your API KEY ID here
      },
      mode: "cors",
      body: JSON.stringify(body)
    })
      .then((resp) => resp.json())
      .then((data) => {
        if (!data.success) {
          window.location.href = "/login"; // Redirect to your login page
        } else {
          console.log("Token is valid!");
        }
      });
  }
</script>
```