How can I tell if there is an issue with my API Key?

You are receiving error messages in your flows, or from the agent, and you aren’t sure if it’s an issue with the API key.

How can you quickly check?

There is an available /health endpoint for your account:
https://api.prefect.cloud/api/accounts/<account>/workspaces/<workspace>/health

You can validate if your API key is still valid with the following command; replace with your account and workspace URL. Notice the “api.prefect.cloud”:

curl -i -H ‘Authorization: Bearer <api key here>’ https://api.prefect.cloud/api/accounts/<account>/workspaces/<workspace>/health

A bad response will appear as follows. Note a 401 means unauthorized.

HTTP/2 401
date: Thu, 12 Jan 2023 19:43:40 GMT
server: istio-envoy
x-deny: ext-authz
content-length: 47
content-type: application/json
x-envoy-upstream-service-time: 5
via: 1.1 google
content-security-policy: default-src 'none'; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-permitted-cross-domain-policies: none
referrer-policy: same-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

{"detail":"Invalid authentication credentials"}%

A valid API key response will appear as follows. Note the 200 response code.

HTTP/2 200
date: Thu, 12 Jan 2023 18:46:52 GMT
server: istio-envoy
content-length: 4
content-type: application/json
x-envoy-upstream-service-time: 12
via: 1.1 google
content-security-policy: default-src 'none'; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-permitted-cross-domain-policies: none
referrer-policy: same-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

true%
1 Like