Verify User API Key (Service-to-Service)
POST/apikeys/verify
Public endpoint for other services to verify user API keys.
Typical Flow: 1. External service receives a user's API key 2. Sends a request to this endpoint to verify it 3. Uses its own system API key in the X-API-Key header 4. Receives information about the user owning the API key
Usage Examples: - Microservices verify user API keys - External services validate authentication - API Gateway verifies user permissions
Required Authentication: - X-API-Key header with the requesting service's API key - Does not require user JWT token
Information Returned: - Data of the user owning the API key - User's permissions and role - Account status and associated company
Important Notes: - Only authorized services can use this endpoint - The verified API key must be active - Includes information about the user's company - Usage is logged for auditing
Request
Responses
- 200
- 400
- 401
User API key successfully verified
Invalid or inactive user API key
Invalid or missing service API key