I am using Firebase Cloud Messaging (FCM) and as per the abreviated code below everytime a new Token is generated on the Customer Device... I send this new TOKEN to my SERVER DB (Cloud) where I save it in order to be able to send future Push Notification from the Server to the Device using the CFM API.

    //public class CFMInstanceIDService extends FirebaseInstanceIdService ...

    public void onTokenRefresh() {
        ...
        String cfmToken = FirebaseInstanceId.getInstance().getToken();        
        ...     
        sendRegistrationToServer(customerGuid, cfmToken);
    }

By doing this I have on the Server a list of ALL (multiples) Devices where a Customer is logged-in. (Tablet, Phone, iPhone, Android, etc)

Is there any way to verify/validate a Token at any time?

I would like to know/ensure that all the tokens that I have associated to a Customer belong to real Devices. I don't want to send Push Notifications to not-existing Tokens.

No such thing exists, the only information you can get from a token is app information and not wether it is valid or not

https://developers.google.com/instance-id/reference/server#get_information_about_app_instances

what you should be doing is watching for the response when you go to send push's out and if keys are not valid anymore the response will tell you what keys should be deleted withNotRegistered

https://firebase.google.com/docs/cloud-messaging/server

Here is an example curl request that shows how to validate a token without actually having to send a message:

curl -H "Content-Type: application/json" -H "Authorization: key=$FCM_API_KEY" https://fcm.googleapis.com/fcm/send -d '{"registration_ids":["$FCMTOKEN"]}'

Example invalid response:

{"multicast_id":7452350602151058088,"success":0,"failure":1,"canonical_ids":0,"results":[{"error":"InvalidRegistration"}]}

Example valid response:

{"multicast_id":9133870199216310277,"success":1,"failure":0,"canonical_ids":0,"results":[{"message_id":"0:1502817580237626%f590ddc2f9fd7ecd"}]}

I got this answer from google's firebase support team.

There is no way to validate if a token is still valid prior to send the downstream message. What you need to do is to check the response after sending the message and then check if the response contains any error.

For example, if the server returns an 200 + error:NotRegistered http code, it means that an existing registration token may cease to be valid.

In the section "Downstream message error response codes of FGC", you will find documented every possible status response.

Actually there is a workaround, you can use dry_run = true

This parameter, when set to true, allows developers to test a request without actually sending a message.

firebase docs

if user unsubscribe, you have a response with NotRegistered but real sending won't be performed