Validating API Keys
Test that your API key is working correctly before integrating it into applications.
Validation Test
The simplest way to verify an API key is to call any list endpoint, such as the applications endpoint:
Expected response:
import requests
def test_api_key(api_key, base_url):
headers = {"Authorization": f"Bearer {api_key}"}
try:
response = requests.get(f"{base_url}/api/apps", headers=headers)
response.raise_for_status()
print(f"✓ API key is valid - Found {response.json()['count']} applications")
return True
except requests.exceptions.HTTPError as e:
if e.response.status_code == 401:
print("✗ API key is invalid or expired")
elif e.response.status_code == 403:
print("✗ API key lacks required permissions")
return False
test_api_key("YOUR_API_KEY", "https://your-shield-host:8080")
const axios = require('axios');
async function testApiKey(apiKey, baseUrl) {
const headers = { 'Authorization': `Bearer ${apiKey}` };
try {
const response = await axios.get(`${baseUrl}/api/apps`, { headers });
console.log(`✓ API key is valid - Found ${response.data.count} applications`);
return true;
} catch (error) {
if (error.response) {
if (error.response.status === 401) {
console.log('✗ API key is invalid or expired');
} else if (error.response.status === 403) {
console.log('✗ API key lacks required permissions');
}
}
return false;
}
}
testApiKey('YOUR_API_KEY', 'https://your-shield-host:8080');
Common HTTP Status Codes
| Status Code | Meaning | Resolution |
|---|---|---|
| 200 OK | API key is valid | Proceed with integration |
| 401 Unauthorized | Invalid, expired, or missing key | Verify key value, check expiration date |
| 403 Forbidden | Valid key but insufficient permissions | Generate new key with required permissions |
| 500 Internal Server Error | Shield processing error | Check Shield logs, contact support |
Related Topics
- Troubleshooting - Common authentication issues
- Managing API Keys - Key rotation and security best practices
- Using API Keys - Integration examples