Skip to main content

Validate User

The validate-user API validates user authentication and returns the complete user payload if both are valid.

Endpoint

GET https://api.buildbleu.com/functions/v1/validate-user

Authentication & Authorization

This endpoint requires dual authentication:

  1. User Authentication: Supabase JWT token in Authorization header
  2. API Key Authentication: Valid API key in X-Bleu-Token header

Request Format

Headers (Required)

HeaderDescriptionExample
AuthorizationBearer token with Supabase user JWTBearer USER_JWT
X-Bleu-TokenAPI key for validationBLEU_API_KEY

Request Body

No request body is required for this endpoint.

Examples

Basic Request

curl -X GET \
  --verbose \
  --header "Authorization: Bearer USER_JWT" \
  --header "X-Bleu-Token: BLEU_API_KEY" \
  https://api.buildbleu.com/functions/v1/validate-user
Security

Always use environment variables or secure key management systems. Never include API keys in:

  • Client-side JavaScript code
  • Public repositories
  • Log files or error messages
  • URL parameters

Response Codes

200 - Success

User and API key validated successfully. Returns complete user payload.

{
  "success": true,
  "user": {
    "id": "user-uuid",
    "email": "user@example.com",
    "bytes": 1000,
    "created_at": "2024-01-01T00:00:00Z",
    "updated_at": "2024-01-01T00:00:00Z"
  }
}

Error Responses

StatusDescriptionCommon Causes
401Authentication failureMissing/invalid X-Bleu-Token header, expired API key, invalid JWT, missing Authorization header
404User not foundUser doesn't exist in database
405Method not allowedUsing POST, PUT, DELETE instead of GET
500Server-side errorDatabase issues, internal server errors

All error responses return JSON with an error field containing the error message.

Use Cases

User Session Validation

Use this endpoint to validate that a user's session is still active and their API key is valid:

// Check if user session is still valid
const validateUser = async (userJWT, apiKey) => {
  const response = await fetch('https://api.buildbleu.com/functions/v1/validate-user', {
    method: 'GET',
    headers: {
      'Authorization': `Bearer ${userJWT}`,
      'X-Bleu-Token': apiKey
    }
  });
  
  if (response.status === 200) {
    const data = await response.json();
    return data.user; // Return user data
  } else {
    // Handle authentication failure
    throw new Error('User session invalid');
  }
};

API Key Validation

Validate that an API key is active and can be used for subsequent requests:

// Validate API key before making other API calls
const validateApiKey = async (apiKey) => {
  const response = await fetch('https://api.buildbleu.com/functions/v1/validate-user', {
    method: 'GET',
    headers: {
      'Authorization': `Bearer ${userJWT}`,
      'X-Bleu-Token': apiKey
    }
  });
  
  return response.status === 200;
};

Integration Flow

  1. Before making any API calls, validate the user session and API key
  2. Check the response status:
    • 200: User and API key are valid, proceed with application logic
    • Any other status: Handle authentication error and redirect to login
  3. Use the returned user data for application-specific logic
  4. Implement session refresh logic when validation fails
Performance

This endpoint is lightweight and designed for frequent validation calls.
It doesn't modify any data or consume user bytes.