Comment 17 for bug 861854

For the check token call:
HEAD v2.0/tokens/(tokenid)?belongsTo=string (where string is the tenant in scope).

This is mapped to:
HEAD v2.0/OS-KSVALIDATE/token/validate

But if v2.0/tokens is disabled, it will return a 503 with no message-body in the response. The user will need to try a GET if they want more information or don't understand the 503 by itself.