Verify a key
Changelog
Date | Changes |
---|---|
Dec 06 2023 | Introduced endpoint |
Jul 08 2024 | Added EXPIRED code |
Body
The key to verify
1
The id of the api where the key belongs to. This is optional for now but will be required soon. The key will be verified against the api's configuration. If the key does not belong to the api, the verification will fail.
Perform RBAC checks
Use 'ratelimits' with [{ name: "default", cost: 2}]
You can check against multiple ratelimits when verifying a key. Let's say you are building an app that uses AI under the hood and you want to limit your customers to 500 requests per hour, but also ensure they use up less than 20k tokens per day.
Customize the behaviour of deducting remaining uses. When some of your endpoints are more expensive than others, you can set a custom cost
for each.
Tags do not influence the outcome of a verification. They can be added to filter or aggregate historical verification data for your analytics needs. To unkey, a tag is simply a string, we don't enforce any schema but leave that up to you. The only exception is that each tag must be between 1 and 128 characters long. A typical setup would be to add key-value pairs of resources or locations, that you need later when querying.
Response
A machine readable code why the key is not valid. Possible values are:
- VALID: the key is valid and you should proceed
- NOT_FOUND: the key does not exist or has expired
- FORBIDDEN: the key is not allowed to access the api
- USAGE_EXCEEDED: the key has exceeded its request limit
- RATE_LIMITED: the key has been ratelimited
- UNAUTHORIZED: the key is not authorized
- DISABLED: the key is disabled
- INSUFFICIENT_PERMISSIONS: you do not have the required permissions to perform this action
- EXPIRED: The key was only valid for a certain time and has expired.
These are validation codes, the HTTP status will be 200.
VALID
, NOT_FOUND
, FORBIDDEN
, USAGE_EXCEEDED
, RATE_LIMITED
, UNAUTHORIZED
, DISABLED
, INSUFFICIENT_PERMISSIONS
, EXPIRED
Whether the key is valid or not. A key could be invalid for a number of reasons, for example if it has expired, has no more verifications left or if it has been deleted.
Sets the key to be enabled or disabled. Disabled keys will not verify.
The environment of the key, this is what what you set when you crated the key
The unix timestamp in milliseconds when the key will expire. If this field is null or undefined, the key is not expiring.
The associated identity of this key.
The id of the key
Any additional metadata you want to store with the key
The name of the key, give keys a name to easily identifiy their purpose
The id of the tenant associated with this key. Use whatever reference you have in your system to identify the tenant. When verifying the key, we will send this field back to you, so you know who is accessing your API.
A list of all the permissions this key is connected to.
The ratelimit configuration for this key. If this field is null or undefined, the key has no ratelimit.
The number of requests that can be made with this key before it becomes invalid. If this field is null or undefined, the key has no request limit.
Was this page helpful?