Credential verification
Confirm API tokens, tenant context, billing, and wallet status for integrations
Credential verification
Use this endpoint after you save an API token in an external system (ERP, POS, or custom integration). It answers three practical questions in one call: Is the token still valid?, Which organization does it belong to?, and Is the account in good standing for API use?
Pair it with the unauthenticated health check (GET /api/v1/health) to confirm reachability before you send a Bearer token.
Endpoint
GET /api/v1/auth/credentials| Requirement | Detail |
|---|---|
| Authentication | Authorization: Bearer <token> (JWT from login or a long-lived token from the admin dashboard) |
| Organization | Usually inferred from the token. If the user belongs to more than one tenant, send X-Organization-ID (same as other tenant APIs). |
| Billing suspension | This route stays available when catalog APIs are suspended for overdue billing, so connectors can still read billing and token status. |
OpenAPI reference: GET /api/v1/auth/credentials (Swagger explorer) or docs/swagger.json under the Auth tag.
When to use it
- After configuring a connector — Run once when Odoo, a script, or another integration stores
linkit.worksURL and API token. - On a schedule — Poll daily or weekly to detect revoked tokens or subscription issues before sync jobs fail.
- Before large sync jobs — Check
service_operationalandbilling.statusso operators see a clear reason instead of scattered403errors on product or order endpoints.
Example request
curl -sS "https://linkit.works/api/v1/auth/credentials" \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "Accept: application/json"With an explicit organization:
curl -sS "https://linkit.works/api/v1/auth/credentials" \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "X-Organization-ID: org_abc123"Example response
{
"checked_at": "2026-05-18T12:00:00Z",
"user": {
"id": "usr_abc123",
"email": "ops@example.com",
"name": "Ops User",
"type": "user"
},
"organization": {
"id": "org_abc123",
"name_en": "Acme Trading",
"name_ar": "",
"slug": "acme-trading",
"is_active": true,
"bundle": "starter",
"erp": "odoo-ecommerce-orders",
"pos": "odoo-pos-orders"
},
"billing": {
"organization_id": "org_abc123",
"status": "PAID",
"service_operational": true,
"in_trial": false,
"amount_due_now": 0,
"billing_mode": "hybrid",
"currency": "SAR"
},
"wallet": {
"balance": 150.5,
"currency": "SAR"
},
"token": {
"valid": true,
"revoked": false,
"auth_type": "linkit",
"token_generation": 3,
"server_generation": 3,
"invalidate_on_password_change": true,
"password_invalidated": false
},
"service_operational": true
}Response fields (plain language)
organization
The tenant your token is acting for: display names, URL-friendly slug, whether the org record is active, and optional ERP/POS app slugs Linkit has on file for that customer.
billing
Subscription state for the tenant. Common status values:
| Status | Meaning for operators |
|---|---|
TRIAL | Trial period; full API access until trial ends. |
PAID | Subscription current; integrations should run normally. |
PENDING_GRACE | Payment is late but still inside the grace window; resolve billing soon. |
OVERDUE | Grace period ended; catalog and integration APIs are suspended until payment is settled. |
Also check service_operational (top level and inside billing): when false, treat the account as blocked for normal API work even if this credential check succeeds. See Billing suspension.
amount_due_now and related fields show what is owed in SAR; billing_mode reflects hybrid, flat fee, or branch-only pricing.
wallet
Prepaid balance in Saudi Riyal (SAR) used for platform charges and top-ups—not the same as a payment-gateway checkout, but the running balance Linkit holds for the organization.
token
Whether the presented Bearer token is still trusted:
| Field | Meaning |
|---|---|
valid | Token is structurally accepted for this request. |
revoked | Server generation no longer matches (password reset, admin revocation, or newer login). Obtain a new token. |
password_invalidated | User changed password and the token was issued with password binding. Obtain a new token. |
auth_type | How the request was authenticated (linkit JWT vs PocketBase session, etc.). |
A 200 response with token.revoked: true means Linkit accepted the HTTP call but the integrator should stop using that token and refresh credentials.
service_operational
Single flag summarizing whether routine tenant API and integration work should proceed. It follows billing when a payment service is configured; otherwise it falls back to the organization is_active flag.
Errors
| HTTP | Typical cause |
|---|---|
400 | Token valid but organization could not be resolved (missing membership or X-Organization-ID). |
401 | No Authorization header, expired token, or invalid credentials. |
403 | Rare on this route; insufficient access to the requested organization. |
500 | Temporary failure loading billing or wallet data; retry with backoff. |
Odoo Linkit module
The Odoo plugin uses two checks from the connection form:
- Test health —
GET /api/v1/health(no token). Confirms base URL and that Linkit is up. - Verify credentials —
GET /api/v1/auth/credentials(Bearer token). Confirms the saved token, shows tenant name, billing status, wallet balance, and whether the token is revoked.
Store a token from the Linkit admin (or login flow), run verify once, then rely on sync endpoints for catalog and orders. Re-run verify after password changes, token rotation, or billing incidents.