API Key Validation

Endpoint

GET /v1/validation

Overview

Check whether an API key is valid, expired, or revoked. This is a common endpoint that can be used regardless of key type. We recommend calling this endpoint first to verify key validity when initializing your SDK or app.

Request

curl https://api.ones1ght.com/v1/validation \
  -H "Authorization: Bearer $API_KEY"

Response

Valid Key

{
  "success": true,
  "data": {
    "status": "active",
    "key_type": "client_sdk",
    "key_prefix": "osk_two_708f",
    "tenant_code": "two",
    "created_at": "2026-04-17T05:36:28.123Z",
    "expires_at": "2026-06-16T05:36:28.123Z"
  }
}

Invalid Key

If the key does not exist or is invalid, a 401 error is returned:

{
  "success": false,
  "message": "Invalid or expired API key"
}

Response Fields

Field	Description	Notes
`status`	Key status	`active`, `expired`, `revoked`
`key_type`	Key type	`client_sdk` (SDK) or `rest_api` (Server)
`key_prefix`	First 12 characters of the key (for identification)	-
`tenant_code`	Tenant code	-
`created_at`	Key creation timestamp	(UTC)
`expires_at`	Expiration timestamp (`null` if permanent)	(UTC)

Getting Started

Features

Workspace

Management

Support

Open API

API Key Validation

Endpoint

Overview

Request

Response

Valid Key

Invalid Key

Response Fields

Getting Started

Features

Workspace

Management

Support

Open API

​Endpoint

​Overview

​Request

​Response

​Valid Key

​Invalid Key

​Response Fields

Endpoint

Overview

Request

Response

Valid Key

Invalid Key

Response Fields