> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kubiya.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate Token

> Validate authentication token and return organization data.

This endpoint allows other services (like context-graph-api) to validate
tokens without duplicating auth logic. The control plane handles all
validation, caching, and Kubiya API integration.

The token should be passed in the Authorization header:
- Bearer <token> for user JWT tokens
- UserKey <token> for worker/API key tokens

Returns:
    Organization dict with user and org information:
    {
        "id": "org-slug",
        "name": "Organization Name",
        "slug": "org-slug",
        "user_id": "user-uuid",
        "user_email": "user@example.com",
        "user_name": "User Name",
        "user_avatar": "...",
        "user_status": "...",
        "user_groups": [...]
    }

Raises:
    401: Invalid or expired token
    500: Internal server error

Example:
    ```bash
    curl -H "Authorization: Bearer <token>" \
      https://control-plane.kubiya.ai/api/v1/auth/validate
    ```



## OpenAPI

````yaml https://control-plane.kubiya.ai/api/openapi.json get /api/v1/auth/validate
openapi: 3.1.0
info:
  title: Agent Control Plane API
  description: Multi-tenant agent orchestration with Temporal workflows
  version: 1.0.0
servers: []
security:
  - BearerAuth: []
tags:
  - name: health
    description: 🏥 **Health & Status** - Check API health and availability
  - name: authentication
    description: 🔐 **Authentication** - Token validation and auth management
  - name: agents
    description: 🤖 **Agents** - Create and manage AI agents with custom capabilities
  - name: skills
    description: 🛠️ **Tool Sets** - Manage agent skills and tool configurations
  - name: integrations
    description: 🔌 **Integrations** - Connect to external services (Kubiya managed)
  - name: custom-integrations
    description: >-
      ⚙️ **Custom Integrations** - User-defined integration instances with env
      vars, secrets, and files
  - name: integration-templates
    description: >-
      📦 **Integration Templates** - Pre-configured templates for common
      services (PostgreSQL, Redis, MongoDB, etc.)
  - name: secrets
    description: 🔑 **Secrets** - Secure credential storage and retrieval
  - name: teams
    description: 👥 **Teams** - Team management and collaboration
  - name: workflows
    description: 📊 **Workflows** - Multi-step automation and orchestration
  - name: executions
    description: ▶️ **Executions** - Track and monitor workflow runs
  - name: jobs
    description: ⏰ **Jobs** - Scheduled and webhook-triggered tasks
  - name: policies
    description: 🛡️ **Policies** - Access control and security policies
  - name: analytics
    description: 📈 **Analytics** - Usage metrics and performance monitoring
  - name: projects
    description: 📁 **Projects** - Project organization and management
  - name: environments
    description: 🌍 **Environments** - Environment configuration (dev, staging, prod)
  - name: models
    description: 🧠 **Models** - LLM model configuration and management
  - name: runtimes
    description: ⚡ **Runtimes** - Agent execution runtime environments
  - name: workers
    description: 👷 **Workers** - Worker registration and heartbeat monitoring
  - name: storage
    description: 💾 **Storage** - File storage and cloud integration
  - name: context-graph
    description: 🕸️ **Context Graph** - Knowledge graph and context management
  - name: temporal-workflows
    description: >-
      ⚙️ **Temporal Workflows** - Background workflows for context graph
      ingestion, connector operations, and scheduled jobs
  - name: templates
    description: 📝 **Templates** - Reusable configuration templates
paths:
  /api/v1/auth/validate:
    get:
      tags:
        - authentication
      summary: Validate Token
      description: |-
        Validate authentication token and return organization data.

        This endpoint allows other services (like context-graph-api) to validate
        tokens without duplicating auth logic. The control plane handles all
        validation, caching, and Kubiya API integration.

        The token should be passed in the Authorization header:
        - Bearer <token> for user JWT tokens
        - UserKey <token> for worker/API key tokens

        Returns:
            Organization dict with user and org information:
            {
                "id": "org-slug",
                "name": "Organization Name",
                "slug": "org-slug",
                "user_id": "user-uuid",
                "user_email": "user@example.com",
                "user_name": "User Name",
                "user_avatar": "...",
                "user_status": "...",
                "user_groups": [...]
            }

        Raises:
            401: Invalid or expired token
            500: Internal server error

        Example:
            ```bash
            curl -H "Authorization: Bearer <token>" \
              https://control-plane.kubiya.ai/api/v1/auth/validate
            ```
      operationId: validate_token_api_v1_auth_validate_get
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                additionalProperties: true
                type: object
                title: Response Validate Token Api V1 Auth Validate Get
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: 'Enter your Kubiya API token (format: Bearer <token>)'

````