Verify a Secret
Verifies whether a provided secret value is valid and active for a recipient. This is used during artifact retrieval to validate the secret authentication factor.
POST /v1/recipients/:recipientId/secrets/verify
Path Parameters
| Parameter | Type | Description |
|---|
recipientId | string | The recipient ID |
Request Body
| Parameter | Type | Required | Description |
|---|
secret | string | Required | The secret value to verify |
Example Request
curl -X POST https://api.docyard.io/v1/recipients/rcp_01HQ3N.../secrets/verify \
-H "Authorization: Bearer dk_live_a1b2c3d4..." \
-H "Content-Type: application/json" \
-d '{
"secret": "dys_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
}'
Response
{
"valid": true,
"secretId": "sec_01HQ5A..."
}
{
"valid": false,
"secretId": null
}
Error Handling
| Status | Condition |
|---|
400 | secret is missing |
401 | Missing or invalid API key |
404 | Recipient not found |
Verification checks against all ACTIVE secrets for the recipient. Secrets with status ROTATED or REVOKED will not pass verification. Expired secrets also fail verification.
