> ## Documentation Index
> Fetch the complete documentation index at: https://docs.theauthapi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticating a key

> How to validate a key

Rate Limiting
Limiting access to your API helps to prevent abuse and ensure fair usage among all users.

Using the /api-keys/auth/ endpoint, we can test a key is valid.

```bash theme={null}
curl --location --request POST 'https://api.theauthapi.com/api-keys/auth/[API-KEY]' \
--header 'x-api-key: [ACCESS-KEY]'
```

#### Good Result - `200`

```json theme={null}
{
  "key": "live_cQkeqA79HV8*********",
  "name": "Name your key!",
  "customMetaData": {},
  "customAccountId": null,
  "customUserId": null,
  "env": "live",
  "createdAt": "2024-11-03T17:09:01.623Z",
  "updatedAt": "2024-11-03T17:09:01.623Z",
  "isActive": true,
  "expiresAt": "2024-11-04T17:16:00.000Z",
  "rateLimitConfigs": {
    "rateLimit": 10,
    "rateLimitTtl": 60
  },
  "creationContext": {}
}
```

#### Rate limit hit - `429`

```json theme={null}
{
  "statusCode": 429,
  "message": "Too many requests"
}
```

#### Access denied - `404`

The key has been revoked, or the malformed.

```json theme={null}
{
  "statusCode": 404,
  "message": "Invalid client key",
  "error": "Not Found"
}
```
