TsgcWSAPIKeyManager › Methods › ValidateKey
Validates a raw key and optionally enforces a required scope and records the requester's IP.
function ValidateKey(const aKey: string; const aRequiredScope: string = ''; const aIP: string = ''): Boolean;| Name | Type | Description |
|---|---|---|
aKey | const string | Raw plaintext key as presented by the client (the value the customer received from IssueKey). The method re-hashes it internally before comparing. |
aRequiredScope | const string | Optional scope the key must carry. Empty skips the scope check; a non-empty value is matched against the scopes stored on the key. |
aIP | const string | Requester IP used for the IPAllowlist check and recorded on the audit entry when Audit.IncludeIP is True. |
True when the key is known, active (or within its rotation grace window), not expired, not revoked, matches aRequiredScope (when supplied) and passes the IPAllowlist / OnValidation hooks. False otherwise. (Boolean)
Constant-time compares the re-hashed key against the stored digest, checks status (kksActive or kksRotated within GracePeriodSec), runs IsExpired when EnforceExpiry is True, verifies the scope with HasScope, applies the IPAllowlist and finally calls OnValidation where custom logic can still overturn the result. Every call increments Stats.TotalValidations (and TotalValidationFailures on reject), fires OnKeyValidated with the machine-readable reason and appends an audit entry. When Enabled is False it short-circuits to True.
if not sgcWSAPIKeyManager1.ValidateKey(vRawKey, 'read:orders', Connection.IP) then
Connection.Disconnect;