Validate OAuth session

curl --request GET \
  --url https://api.useadam.io/v1/adam/oauth/token/validate \
  --header 'Authorization: <authorization>' \
  --header 'X-API-Key: <api-key>'

{
  "status": "success",
  "message": "Business validated successfully",
  "data": {
    "uuid": "business-uuid",
    "name": "Acme LLC",
    "email": "owner@example.com",
    "logo": null,
    "currency": "USD",
    "country": "US",
    "timezone": "America/New_York",
    "authentication_method": "oauth",
    "expires_at": "2026-06-16T15:30:00+00:00"
  }
}

GET

https://api.useadam.io/v1/adam

oauth

token

validate

Validate OAuth session

curl --request GET \
  --url https://api.useadam.io/v1/adam/oauth/token/validate \
  --header 'Authorization: <authorization>' \
  --header 'X-API-Key: <api-key>'

{
  "status": "success",
  "message": "Business validated successfully",
  "data": {
    "uuid": "business-uuid",
    "name": "Acme LLC",
    "email": "owner@example.com",
    "logo": null,
    "currency": "USD",
    "country": "US",
    "timezone": "America/New_York",
    "authentication_method": "oauth",
    "expires_at": "2026-06-16T15:30:00+00:00"
  }
}

Send both X-API-Key (your app tyms_sk_...) and Authorization: Bearer <access_token>. Same requirement applies to all other business-scoped endpoints when using OAuth.

Authorizations

X-API-Key

string

header

default:your_tyms_sk_or_partner_key

required

Business secret tyms_sk_... for all routes except Register business, which expects your partner secret.

Headers

Authorization

string

required

Bearer OAuth access token from exchange or refresh.

Response

Authorized business profile

status

string

message

string

data

object

Hide child attributes

data.uuid

string

data.name

string

data.email

string

data.logo

string | null

data.currency

string

data.country

string

data.timezone

string

data.authentication_method

string

Example:

"oauth"

data.expires_at

string<date-time>

Revoke access List accounts