How an API can verify a bearer JWT Access Token. Token expiration: The current date/time must be before the expiration date/time listed in the exp claim .