Overview
Validate a download token and inspect artifact metadata — such as content type and file size — without consuming the token or transferring any bytes. This is useful for confirming token validity before initiating a download, or for retrievingContent-Length and Content-Type to set up progress indicators in your UI.
Unlike
GET, HEAD does not consume the token. The token remains valid and can still be used for a subsequent GET request to stream the artifact bytes.Endpoint
Security
This route is unauthenticated. Do not include anAuthorization header — it is neither required nor accepted. The download token is the sole credential.
Path Parameters
The short-lived download token to validate.
Response
Status:200 OK
The response contains headers describing the artifact but no response body. Relevant headers include:
| Header | Description |
|---|---|
Content-Type | MIME type of the artifact (e.g. application/pdf, image/png) |
Content-Length | Size of the artifact in bytes |
Content-Disposition | Suggested filename for the download |
200 response confirms the token is valid and has not yet been consumed.
A 4xx response indicates the token is invalid, expired, or already consumed.
Example Request
Example response headers
Checking Token Validity in Scripts
HEAD vs GET Comparison
HEAD | GET | |
|---|---|---|
| Streams artifact bytes | ❌ | ✅ |
| Consumes the token | ❌ | ✅ |
| Returns artifact headers | ✅ | ✅ |
| Useful for validity checks | ✅ | ❌ |