Verify access token

curl --request POST \
  --url https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/verify \
  --header 'X-API-Key: <api-key>'

{
  "valid": true,
  "user_id": "<string>",
  "roles": [
    "<string>"
  ],
  "permissions": [
    "<string>"
  ]
}

POST

api

pub

{project_id}

auth

verify

Verify access token

curl --request POST \
  --url https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/verify \
  --header 'X-API-Key: <api-key>'

{
  "valid": true,
  "user_id": "<string>",
  "roles": [
    "<string>"
  ],
  "permissions": [
    "<string>"
  ]
}

Validates the access token in Authorization and returns claims. Requires X-API-Key and Bearer token.

Send both X-API-Key and Authorization: Bearer with the token under test.

Response

200 OK

{
  "valid": true,
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "roles": ["user", "editor"],
  "permissions": ["read:posts", "write:posts"]
}

valid

boolean

Whether the token is currently valid.

user_id

string

Present when valid is true.

roles

string[]

Role slugs when valid.

permissions

string[]

Permission slugs when valid.

Status codes

Code	Meaning
200	Body describes validity
401	Token invalid, expired, or revoked

Current user profile Start TOTP setup

⌘I

Overview

Gate API

Public API

Verify access token

Response

Status codes

Overview

Gate API

Public API

Documentation Index

​Response

​Status codes

Response

Status codes