BUG - check_api_key should not return HTTP401 when api key is invalid/expired #663
Assignees
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When using POST /o/check_api_key, if the provided api key is invalid or expired the server responds with an HTTP 401 and a JSON with an error message. The HTTP 401 response is also used when the application's auth header is invalid, which is correct. When the api key is invalid or expired it should not use the http response indicating authorization failed if the application auth header is valid.
Instead, for an expired or invalid token, it should return 200 with a status indicating invalid and an error message.
Expected Behaviour
Add to all return messages a boolean property "valid".
When the apikey is invalid, return HTTP 200 with response body like:
{ "valid": false, "error": "...message explaining why invalid" }Actual Behaviour
Returns 401 with JSON body with a "error" message
Your Environment
Version: 5.4.0
The text was updated successfully, but these errors were encountered: