Verify

import { verifyKey } from "@unkey/api";

const { result, error } = await verifyKey({ key: "key_123", apiId: "api_123" });

if (error) {
  // handle potential network or bad request error
  // a link to our docs will be in the `error.docs` field
  console.error(error.message);
  return;
}

if (!result.valid) {
  // do not grant access
  return;
}

// process request
console.log(result);

{
  "result": {
  "keyId": "key_1234",
  "valid": true,
  "name": "Customer X",
  "ownerId": "user_123",
  "meta": {
    "roles": [
      "admin",
      "user"
    ],
    "stripeCustomerId": "cus_1234"
  },
  "expires": 123,
  "ratelimit": {
    "limit": 10,
    "remaining": 9,
    "reset": 3600000
  },
  "remaining": 1000,
  "code": "VALID",
  "enabled": true,
  "permissions": [
    "dns.record.update",
    "dns.record.delete"
  ],
  "environment": "test",
  "identity": {
    "id": "<string>",
    "externalId": "<string>",
    "meta": {}
  }
}
}

import { verifyKey } from "@unkey/api";

const { result, error } = await verifyKey({ key: "key_123", apiId: "api_123" });

if (error) {
  // handle potential network or bad request error
  // a link to our docs will be in the `error.docs` field
  console.error(error.message);
  return;
}

if (!result.valid) {
  // do not grant access
  return;
}

// process request
console.log(result);

{
  "result": {
  "keyId": "key_1234",
  "valid": true,
  "name": "Customer X",
  "ownerId": "user_123",
  "meta": {
    "roles": [
      "admin",
      "user"
    ],
    "stripeCustomerId": "cus_1234"
  },
  "expires": 123,
  "ratelimit": {
    "limit": 10,
    "remaining": 9,
    "reset": 3600000
  },
  "remaining": 1000,
  "code": "VALID",
  "enabled": true,
  "permissions": [
    "dns.record.update",
    "dns.record.delete"
  ],
  "environment": "test",
  "identity": {
    "id": "<string>",
    "externalId": "<string>",
    "meta": {}
  }
}
}

import { verifyKey } from "@unkey/api";

const { result, error } = await verifyKey({ key: "key_123", apiId: "api_123" });

if (error) {
  // handle potential network or bad request error
  // a link to our docs will be in the `error.docs` field
  console.error(error.message);
  return;
}

if (!result.valid) {
  // do not grant access
  return;
}

// process request
console.log(result);

{
  "result": {
  "keyId": "key_1234",
  "valid": true,
  "name": "Customer X",
  "ownerId": "user_123",
  "meta": {
    "roles": [
      "admin",
      "user"
    ],
    "stripeCustomerId": "cus_1234"
  },
  "expires": 123,
  "ratelimit": {
    "limit": 10,
    "remaining": 9,
    "reset": 3600000
  },
  "remaining": 1000,
  "code": "VALID",
  "enabled": true,
  "permissions": [
    "dns.record.update",
    "dns.record.delete"
  ],
  "environment": "test",
  "identity": {
    "id": "<string>",
    "externalId": "<string>",
    "meta": {}
  }
}
}

Request

key

string

required

The key you want to verify.

apiId

string

The api this key belongs to. This will be required soon.

ratelimit

object

Override the behavior of the ratelimit for this verification.

Hide properties

cost

number

default:1

The cost of this verification. This will be subtracted from the ratelimit. Use this if you need to ratelimit based on what the user is trying to access. For example, you may want to ratelimit a user based on the tokens they are using in the context of LLM APIs.

Response

result

Hide properties

keyId

string

required

The id of the key you are verifying.

valid

boolean

required

Whether or not this key is valid and has passed the ratelimit. If false you should not grant access to whatever the user is requesting

name

string

The name of the key you are verifying.

ownerId

string

If you have set an ownerId on this key it is returned here. You can use this to clearly authenticate a user in your system.

meta

object

This is the meta data you have set when creating the key.Example:

{
  "billingTier": "PRO",
  "trialEnds": "2023-06-16T17:16:37.161Z"
}

expires

int

The unix timestamp in milliseconds indicating when this key expires.

ratelimit

object

The current ratelimit state.

Show properties

limit

int

required

Current limit after this verification.

remaining

int

required

Remaining limit inside this burst window.

reset

int

required

A unix timestamp in millisecond when the ratelimit gets refilled the next time.

remaining

int

Shows how many more times this key may be verified before being invalidated. Only applies to keys where you have set a remaining count.

code

string

If the key is invalid this field will be set to the reason why it is invalid.Possible values are:

NOT_FOUND - The key does not exist
FORBIDDEN - You are not allowed to verify this key. For example because of additional security checks like IP whitelists
USAGE_EXCEEDED - The key has been used up and is no longer valid
RATE_LIMITED - The verification has been blocked due to ratelimiting
DISABLED - The key is disabled
EXPIRED - The key has expired

enabled

bool

Shows if the key is enabled or disabled.

permissions

string[]

A list of all the permissions this key is connected to.

environment

string

The environment of the key, this is what what you set when you crated the key

identity

Object

The associated identity of this key.

Show properties

identity.id

string

required

identity.externalId

string

required

identity.meta

object

required

A free form JSON object. You can store any data you want here. As long as its properly formatted JSON.

Show properties

identity.meta.{key}

any | null

Create Get

Official Libraries

Community Libraries

Request

Response

Official Libraries

Community Libraries

​Request

​Response

Request

Response