> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neo.projectdiscovery.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate a BYOK provider key

> Validate an API key against a provider without saving it.
Useful for checking if a key is valid before committing.

Supported providers: openrouter, anthropic, openai, google, xai, vercel-gateway, google-vertex, amazon-bedrock, azure-foundry.




## OpenAPI

````yaml https://neo.api.projectdiscovery.io/api/openapi.json post /api/v1/byok/providers/{provider}/validate
openapi: 3.1.0
info:
  contact:
    name: ProjectDiscovery
    url: https://neo.projectdiscovery.io
  description: Neo API Server - Security agent orchestration platform
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
  title: Neo API
  version: 1.0.0
servers:
  - description: Production
    url: https://neo.api.projectdiscovery.io
  - description: Local development
    url: http://localhost:8080
security: []
tags:
  - description: Task execution and management
    name: Tasks
  - description: Agent listing and management
    name: Agents
  - description: Public agent directory
    name: Agent Directory
  - description: User file storage management
    name: Files
  - description: User working memory management
    name: Memory
  - description: Scheduled and recurring task management
    name: Schedules
  - description: Knowledge base and semantic search
    name: Knowledge
  - description: Encrypted user credentials and API keys
    name: Secrets
  - description: Neo API key management for programmatic access
    name: API Keys
  - description: User profile and account information
    name: User
  - description: Task and LLM usage tracking
    name: Usage
  - description: Bring Your Own Key provider management
    name: BYOK
  - description: Model discovery and capabilities
    name: Models
  - description: Third-party integrations
    name: Integrations
  - description: Skill knowledge documents for agent prompts
    name: Skills
  - description: Team management and member invitations
    name: Teams
  - description: Prompt library management and discovery
    name: Prompts
  - description: Slack bot integration for workspace installation and OAuth
    name: Slack
  - description: GitHub integration for PR reviews and repository management
    name: GitHub
  - description: Vulnerability issue tracking and management
    name: Issues
  - description: Subscription billing and plans
    name: Billing
  - description: Project management and member assignments
    name: Projects
  - description: SSH key pair generation and management for remote server access
    name: SSH Keys
  - description: Codebase structural analysis and mapping
    name: Codemaps
  - description: AI-generated codebase documentation and security analysis
    name: CodeWiki
  - description: Captured HTTP traffic query and replay
    name: Network Events
paths:
  /api/v1/byok/providers/{provider}/validate:
    post:
      tags:
        - BYOK
      summary: Validate a BYOK provider key
      description: >
        Validate an API key against a provider without saving it.

        Useful for checking if a key is valid before committing.


        Supported providers: openrouter, anthropic, openai, google, xai,
        vercel-gateway, google-vertex, amazon-bedrock, azure-foundry.
      operationId: post-v1-byok-provider-validate
      parameters:
        - description: Provider identifier
          in: path
          name: provider
          required: true
          schema:
            enum:
              - openrouter
              - anthropic
              - openai
              - google
              - xai
              - vercel-gateway
              - google-vertex
              - amazon-bedrock
              - azure-foundry
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ValidateProviderKeyRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationResult'
          description: Validation result
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
          description: Invalid provider or missing api_key
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
          description: Unauthorized
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
          description: Forbidden - BYOK not enabled or not a team admin
        '500':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
          description: Internal server error
      security:
        - BearerAuth: []
        - ApiKeyAuth: []
components:
  schemas:
    ValidateProviderKeyRequest:
      properties:
        api_key:
          description: |
            The provider API key to validate.
            For google-vertex: must be the full GCP service account JSON string
            (containing type, client_email, private_key, project_id).
          type: string
        location:
          description: >
            Cloud region or endpoint URL for location-aware providers:

            - google-vertex: GCP region for Vertex AI (e.g. "us-central1",
            "us-east5"). Defaults to "us-central1".

            - amazon-bedrock: AWS region (e.g. "us-east-1"). Defaults to
            "us-east-1".

            - azure-foundry: Foundry endpoint URL (e.g.
            "https://{resource}.openai.azure.com" or legacy
            "https://{resource}.services.ai.azure.com"). Required.

            Ignored by URL-based providers — use `base_url` instead.
          nullable: true
          type: string
      required:
        - api_key
      type: object
    ValidationResult:
      properties:
        details:
          description: Additional details about the validation result
          type: string
        error:
          description: Error message if validation failed
          type: string
        valid:
          description: Whether the API key is valid
          type: boolean
      required:
        - valid
      type: object
    ErrorResponse:
      properties:
        code:
          description: >
            Stable machine-readable error code — branch on this rather than

            matching the human `error`/`message` strings. Domain codes include

            `user_spending_cap_reached`, `project_spending_cap_reached`, and

            `insufficient_neo_credits`; otherwise it mirrors the error kind

            (e.g. `forbidden`, `invalid_request`, `not_exists`,
            `already_exists`).
          example: user_spending_cap_reached
          type: string
        error:
          example: Bad request
          type: string
        error_id:
          description: Correlation id for a specific error instance, when present.
          type: string
        kind:
          description: Coarse error category (e.g. "forbidden request", "invalid request").
          example: forbidden request
          type: string
        message:
          description: |
            Human-readable detail (the kind prefixed to the error). For display,
            not for branching.
          type: string
      required:
        - error
      type: object
  securitySchemes:
    BearerAuth:
      bearerFormat: JWT
      description: JWT authentication token
      scheme: bearer
      type: http
    ApiKeyAuth:
      description: Neo API key (neo_sk_* prefix)
      in: header
      name: X-Api-Key
      type: apiKey

````