TsgcWSAPIKeyManager › Events › OnKeyValidated
Fired every time ValidateKey completes; carries the key, an aValid flag and the reason.
property OnKeyValidated: TsgcAPIKeyOnKeyValidated;
// TsgcAPIKeyOnKeyValidated = procedure(Sender: TObject; const aKey: string; aValid: Boolean; const aReason: string) of object—
Fires synchronously at the end of every ValidateKey call (including the ValidateKey that IsRequestAuthorized runs internally). aValid is the final Boolean answer after all checks; aReason is a machine-readable code such as "ok", "unknown", "revoked", "expired", "scope_missing", "ip_not_allowed", "https_required" or a custom string returned from OnValidation. Use it to feed metrics dashboards and to drive rate-based fraud detection (too many "unknown" rejections from one IP = brute-force). The event is read-only; to override the decision use OnValidation instead.
procedure TForm1.sgcWSAPIKeyManager1KeyValidated(Sender: TObject;
const aKey: string; aValid: Boolean; const aReason: string);
begin
if not aValid then
Inc(FFailureCounters[aReason]);
end;