Documentation

Validate API keys with one HTTP call. Works with any backend language.

Validate a key

GET /api/validate/{key}

Response (valid):
{
  "valid": true,
  "key_id": "...",
  "project_id": "...",
  "user_id": null,
  "scopes": ["read", "write"],
  "rate_limit": { "limit": 1000, "remaining": 997, "window": "1h" }
}

Response (invalid):
{ "valid": false, "error": "Invalid or revoked key" }

Express.js middleware

const validateApiKey = async (req, res, next) => {
  const key = req.headers['x-api-key']
  const r = await fetch(`https://henry-apikeys.vercel.app/api/validate/${key}`)
  const { valid, scopes } = await r.json()
  if (!valid) return res.status(401).json({ error: 'Invalid API key' })
  req.apiKey = { scopes }
  next()
}

app.use('/api', validateApiKey)

Create a key via API

POST /api/v1/keys
Authorization: Bearer YOUR_ADMIN_KEY
{ "project_id": "...", "name": "Production", "scopes": ["read", "write"] }

Response: { "key": { ... }, "full_key": "hak_abc123..." }  // Store full_key — shown once!

MCP server

POST /api/mcp — Tools: list_projects, list_keys, create_key, revoke_key, get_usage