Skip to main content

Verify Key

Check if an email + SSH key pair has been verified. Returns the user’s organization list for org selection.

Endpoint

POST /api/shell-auth/verify-key

Request

{
  "email": "user@example.com",
  "ssh_public_key": "ssh-ed25519 AAAA..."
}
FieldTypeRequiredDescription
emailstringYesUser’s email address
ssh_public_keystringYesSSH public key submitted during initiation

Response

Verified (200)

{
  "verified": true,
  "is_active": true,
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "key_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
  "orgs": [
    {
      "org_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "name": "alice",
      "role": "admin"
    },
    {
      "org_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
      "name": "acme-corp",
      "role": "member"
    }
  ]
}
FieldDescription
verifiedWhether the SSH key pair is verified
is_activeWhether the user account is active
user_idThe authenticated user’s ID
key_idThe SSH key record ID
orgsList of organizations the user belongs to
orgs[].org_idOrganization ID (use this when creating API keys)
orgs[].nameOrganization display name
orgs[].roleUser’s role: admin, member, or owner

Not verified (401)

{
  "verified": false,
  "is_active": false,
  "reason": "No verified SSH key found for this email and public key"
}
The user hasn’t clicked the verification link yet. Continue polling.

Polling pattern

Poll this endpoint after calling POST /api/shell-auth until verified is true: 
loop:
  response = POST /api/shell-auth/verify-key
  if response.verified == true:
    break  → proceed to org selection + API key creation
  wait 2-3 seconds
  repeat
Verification links expire after 10 minutes. If the user doesn’t verify in time, re-initiate with POST /api/shell-auth.

Org selection

The orgs array contains all organizations the user has access to. Use this to present an org picker to the user before creating an API key.
  • Users with one org can skip the picker
  • Users with multiple orgs should select which org to create the API key for
  • The role field indicates the user’s permissions in each org

Example

curl -X POST https://vers.sh/api/shell-auth/verify-key \
  -H "Content-Type: application/json" \
  -d '{
    "email": "alice@company.com",
    "ssh_public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIExample..."
  }'

Next step

Once verified, create an API key with POST /api/shell-auth/api-keys, passing the selected org_name.