> ## Documentation Index
> Fetch the complete documentation index at: https://docs.timbrix.mx/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate API Key

> Test endpoint to validate API key authentication and scopes. Use X-API-Key header.

Validates an API key's authentication and scopes.

## Authentication

This endpoint uses **API Key authentication** via the `X-API-Key` header (not Bearer token).

## Use Cases

* Test if an API key is valid and active
* Verify key has required scopes
* Check key expiration status
* Validate before making actual API calls

## Response

Returns validation details:

* Whether the key is valid
* Key ID and name
* Organization ID
* Assigned scopes
* Expiration date
* Active status

## Example

```bash theme={null}
curl -X POST http://localhost:3001/api/api-keys/validate \
  -H "X-API-Key: sk_..."
```

## Error Responses

* `401 Unauthorized`: Invalid or expired API key
* `403 Forbidden`: Key lacks required scopes


## OpenAPI

````yaml POST /api-keys/validate
openapi: 3.1.0
info:
  title: Timbrix API
  description: >-
    REST API with OAuth2 server for managing organizations, members, and
    webhooks
  version: '1.0'
  contact: {}
servers:
  - url: http://sandbox.mintlify.com
    description: Sandbox environment
  - url: http://localhost:3001/api
    description: Local development
security: []
tags:
  - name: organizations
    description: Organization management endpoints
  - name: oauth
    description: OAuth2 authentication and authorization
  - name: webhooks
    description: Webhook configuration and delivery
  - name: users
    description: User information endpoints
  - name: api-keys
    description: API Keys management and validation
paths:
  /api-keys/validate:
    post:
      tags:
        - api-keys
      summary: Validate API key
      description: >-
        Test endpoint to validate API key authentication and scopes. Use
        X-API-Key header.
      operationId: ApiKeysController_validate
      parameters: []
      responses:
        '200':
          description: API key is valid and active
        '401':
          description: Invalid or expired API key
        '403':
          description: API key does not have required scopes
      security:
        - apiKey: []
components:
  securitySchemes:
    apiKey:
      type: apiKey
      in: header
      name: X-API-Key
      description: 'API Key for authentication (format: sk_...)'

````