The OAuth2 token introspection endpoint in Ory Hydra is actually available, but it's not included in the

.well-known/openid-configuration

because it's considered an administrative endpoint and should not be publicly exposed. According to the Ory Hydra documentation, the introspection endpoint is located at

/admin/oauth2/introspect

and is part of the administrative API [Ory Hydra API Reference](https://www.ory.sh/docs/reference/api). This endpoint is intended for internal or first-party use only and should not be exposed publicly. To use the introspection endpoint: 1. Ensure that you're accessing it through the administrative port (default 4445) of Ory Hydra [Ory Hydra Production Guide](https://www.ory.sh/docs/hydra/self-hosted/production#exposing-administrative-and-public-api-endpoints). 2. Properly secure the endpoint using an API Gateway or Authorization Proxy if you need to expose it [Ory Hydra Production Guide](https://www.ory.sh/docs/hydra/self-hosted/production#exposing-administrative-and-public-api-endpoints). 3. When making requests to the introspection endpoint, you'll need to authenticate. The endpoint requires authentication, but there's no built-in access control [Ory Hydra Production Guide](https://www.ory.sh/docs/hydra/self-hosted/production#exposing-administrative-and-public-api-endpoints). Here's an example of how to use the introspection endpoint with the Ory CLI:

bash ory introspect token $access_token --project "$PROJECT_ID"

[Ory Network OAuth2 Guide](https://www.ory.sh/docs/getting-started/ory-network-oauth2) Remember, the introspection endpoint is intentionally not included in the

.well-known/openid-configuration

to prevent public exposure. It's designed to be used internally for token validation and should be accessed and secured accordingly.