Validate Server Key
Before making any System API calls, use this endpoint to verify that your X-Server-Key is correct.
The server key is passed as the raw request body — not as a header.
Validate Server Key
GET /minimal/proof/v1/validate/server/key
How it Works
Unlike other System API endpoints, the server key is not passed as a header here — it is sent as the raw request body. The API checks the key against the server configuration and returns whether it is valid.
curl --request GET \
--url 'https://<your-domain>/minimal/proof/v1/validate/server/key' \
--header 'Content-Type: application/json' \
--header 'X-Org-Id: <your-org-id>' \
--header 'X-Project-Id: <your-project-id>' \
--header 'X-User-Id: <your-user-id>' \
--header 'X-User-Roles: admin,user' \
--data 'minimal_<your-server-key>'
Required Headers
| Header | Description |
|---|---|
X-Org-Id | Organisation identifier |
X-Project-Id | Project identifier |
X-User-Id | Authenticated user's identifier |
X-User-Roles | Comma-separated roles (e.g., admin,user) |
Content-Type | Must be application/json |
Request Body
Send the server key as a raw string in the request body — no JSON wrapping needed:
minimal_oJdz••••••••••••••••••••••••••••••••••••••E7R
Response
200 OK — server key is valid:
{
"code": 200,
"status": "OK",
"message": "server key is valid"
}
403 Forbidden — server key is invalid or does not match:
{
"code": 403,
"status": "Forbidden",
"message": "invalid server key"
}
Common Errors
| Code | Cause |
|---|---|
400 | Request body is empty — server key must be provided in the body |
401 | Missing X-User-Id header |
403 | Server key is incorrect or does not match the server configuration |