My experience is similar to yours. I've posted an edited snippet of my .net solution on Stack Overflow, but I am not sure if this is sufficient. Also, status code 200 is returned even with a randomly typed string for 'token'. It isn't very clear if that solution is enough. I will appreciate it if someone with more experience helps. Thanks.