---
title: Validate API key
description: Validate an API key and retrieve associated metadata.
descriptions:
  validate_api_key:
    value: The API key value to validate.
  validate_api_key_response:
    api_key: 'The API key object if valid, null otherwise.'
    id: The unique identifier for the API key.
    owner: The owner of the API key (organization).
    name: The human-readable name assigned to the API key.
    obfuscated_value: The obfuscated API key value showing only prefix and last few characters.
    created_at: The timestamp when the API key was created.
    updated_at: The timestamp when the API key was last updated.
    last_used_at: 'The timestamp when the API key was last used, null if never used.'
    permissions: Array of permission strings assigned to this API key.
reference:
  curl:
    - key: validate-api-key
      id: validate_api_key_request
      url: /reference/authkit/api-keys/validate
      title: /api_keys/validations
      type: POST
      parameters:
        - key: value
          type: string
          description: (validate_api_key.value)
      returns:
        - key: api_key
          type: object | null
          description: (validate_api_key_response.api_key)
          properties:
            - key: id
              type: string
              description: (validate_api_key_response.id)
            - key: owner
              type: object
              description: (validate_api_key_response.owner)
              properties:
                - key: type
                  type: string
                  description: 'The type of owner (e.g., "organization")'
                - key: id
                  type: string
                  description: The ID of the owner
            - key: name
              type: string
              description: (validate_api_key_response.name)
            - key: obfuscated_value
              type: string
              description: (validate_api_key_response.obfuscated_value)
            - key: created_at
              type: string
              description: (validate_api_key_response.created_at)
            - key: updated_at
              type: string
              description: (validate_api_key_response.updated_at)
            - key: last_used_at
              type: string | null
              description: (validate_api_key_response.last_used_at)
            - key: permissions
              type: array
              description: (validate_api_key_response.permissions)
originalPath: >-
  .tmp-workos-clone/packages/docs/content/reference/authkit/api-keys/validate.mdx
---

## Validate API key

Validates an API key and returns its associated metadata if the key is valid. Your application's API uses this endpoint to authenticate incoming requests that include an API key.

The endpoint returns the complete API key object when validation succeeds, allowing you to access the key's permissions and owner information for authorization purposes. If the key is invalid, the endpoint returns `null` for the `api_key` field.

<CodeBlock referenceId="validate_api_key_request">
  <CodeBlockTab title="Request" file="validate-request" />
  <CodeBlockTab title="Response" file="validate-response" />
</CodeBlock>