Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.slideless.ai/llms.txt

Use this file to discover all available pages before exploring further.

For most use cases, the slideless CLI is easier than calling this endpoint directly. The CLI command equivalents are slideless verify (exit-code-based pass/fail) and slideless whoami (full identity output).

When to use

Test that an API key is valid before making destructive calls. Useful at the start of CI jobs, scripts, or interactive setup flows. The marketplace setup-slideless skill uses this endpoint to confirm a freshly-created key works. The endpoint is intentionally cheap — it touches Firestore once but does no storage or compute work.

Endpoint

POST https://europe-west1-slideless-ai.cloudfunctions.net/verifyApiKey

Auth

HeaderValue
AuthorizationThe key you want to verify (cko_… or cka_…)
No request body.

Response (200)

For an organization key (cko_): 
{
  "success": true,
  "data": {
    "type": "org-api-key",
    "keyName": "claude-skill",
    "keyPrefix": "cko_abcd",
    "scopes": ["presentations:write", "presentations:read"],
    "organizationId": "org-uuid",
    "organizationName": "Romain's workspace",
    "createdAt": "2026-04-15T10:00:00.000Z",
    "expiresAt": null,
    "lastUsedAt": "2026-04-19T09:12:00.000Z",
    "requestId": "0192f1c3-..."
  }
}
For an admin key (cka_), organizationId and organizationName are null; type is "admin-api-key".
FieldTypeDescription
successbooleanAlways true on 200
data.typestring"org-api-key" or "admin-api-key"
data.keyNamestring | nullHuman-readable label given at creation
data.keyPrefixstring | nullFirst 8 chars (cko_abcd) — safe to display
data.scopesarray of stringsThe scopes attached to this key
data.organizationIdstring | nullThe org context (null for admin keys)
data.organizationNamestring | nullThe org’s display name (null for admin keys)
data.createdAt, data.expiresAt, data.lastUsedAtISO 8601 string | nullTimestamps
data.requestIdUUIDv7 stringTrace ID — include in support requests

Errors

StatusCodeCauseFix
401unauthenticatedMissing, malformed, or revoked keySend a valid cko_ or cka_ value in Authorization
405method-not-allowedUsed GET/PUT/etc.Use POST
500internalBackend error fetching metadataRetry; if persistent, include requestId in support request
Error response shape (same envelope as every other CLI-facing endpoint): 
{
  "success": false,
  "error": {
    "code": "unauthenticated",
    "message": "Invalid or missing API key."
  }
}

Examples

curl

curl -sS -X POST \
  -H "Authorization: Bearer $SLIDELESS_API_KEY" \
  https://europe-west1-slideless-ai.cloudfunctions.net/verifyApiKey

Node.js

const res = await fetch(
  'https://europe-west1-slideless-ai.cloudfunctions.net/verifyApiKey',
  {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${process.env.SLIDELESS_API_KEY}` }
  }
);

const body = await res.json();
if (!body.success) {
  throw new Error(`Invalid Slideless key: ${body.error?.message}`);
}
console.log(`Authenticated as ${body.data.organizationName} with scopes: ${body.data.scopes.join(', ')}`);

Operational use

  • At the start of long-running scripts. Fail fast if the key is wrong before doing any real work.
  • In CI before deploys. Make sure the secret in your CI vault is still valid.
  • In setup wizards. The marketplace setup-slideless skill calls this immediately after the user pastes the key, so users get instant feedback.