> ## Documentation Index
> Fetch the complete documentation index at: https://docs.trustware.io/llms.txt
> Use this file to discover all available pages before exploring further.

# GET /validate

> Verify that an API key is active and authorized. Use this for connectivity testing and key validation at startup.

`GET https://api.trustware.io/api/v1/sdk/validate`

Verifies that an API key is active and returns metadata about the key. Use this at application startup to confirm your key is valid before making route requests, or as a lightweight connectivity check.

## Request

No request body. Pass your API key in the `X-API-Key` header.

```js theme={null}
const response = await fetch("https://api.trustware.io/api/v1/sdk/validate", {
  headers: { "X-API-Key": process.env.TW_KEY },
});
const { valid, status, message } = (await response.json());
```

## Response

```json theme={null}
{
  "valid": true,
  "status": "active",
  "message": "API key is valid and active",
  "key_id": "80fe6ff0-5320-4330-ad40-bb034a474e55",
  "label": "Trustware Swap",
  "project_id": "b7a4c5d1-9f3e-4b8a-a210-d2c44d3e6f80",
  "created_at": "2026-04-07T01:45:02.397093Z",
  "last_used_at": "2026-04-15T15:38:28.94439Z",
  "quote": {
    "id": "99",
    "text": "What about elevenses?"
  }
}
```

| Field          | Description                                                                 |
| -------------- | --------------------------------------------------------------------------- |
| `valid`        | `true` if the key is active and authorized.                                 |
| `status`       | Key status: `active` or `inactive`.                                         |
| `message`      | Human-readable validation message.                                          |
| `key_id`       | Unique identifier for this key.                                             |
| `label`        | Label assigned to this key when it was created.                             |
| `project_id`   | Identifier of the project this key belongs to.                              |
| `created_at`   | When the key was created (ISO 8601).                                        |
| `last_used_at` | When the key was last used (ISO 8601). Useful for auditing.                 |
| `quote`        | Heartbeat payload — a lightweight response included on every validate call. |

## Startup validation

Call this endpoint once at application startup to fail fast if the key is misconfigured:

```js theme={null}
async function validateKey() {
  const res = await fetch("https://api.trustware.io/api/v1/sdk/validate", {
    headers: { "X-API-Key": process.env.TW_KEY },
  });
  if (!res.ok) throw new Error("Trustware API key validation failed");
  const { valid, message } = await res.json();
  if (!valid) throw new Error(`Trustware key invalid: ${message}`);
}
```
