IABTechLab · sunnywu · Feb 25, 2026 · Apr 1, 2026
diff --git a/Dockerfile b/Dockerfile
@@ -16,7 +16,7 @@ COPY ./target/${JAR_NAME}-${JAR_VERSION}-sources.jar /app
 COPY ./conf/default-config.json /app/conf/
 COPY ./conf/*.xml /app/conf/
 
-RUN apk add --no-cache --upgrade libpng && adduser -D uid2-core && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating
+RUN apk add --no-cache --upgrade libpng gnutls && adduser -D uid2-core && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating
 USER uid2-core
 
 CMD java \

diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java
@@ -221,6 +221,8 @@ private Router createRoutesSetup() {
             .handler(auth.handleWithAudit(attestationMiddleware.handle(this::handlePartnerRefresh), List.of(Role.OPTOUT_SERVICE)));
         router.get(Endpoints.OPS_HEALTHCHECK.toString())
             .handler(this::handleHealthCheck);
+        router.get(Endpoints.OPERATOR_KEY_CHECK.toString())
+            .handler(auth.handleWithAudit(this::handleOperatorKeyCheck, List.of(Role.OPERATOR)));
         router.get(Endpoints.OPERATOR_CONFIG.toString())
             .handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleGetConfig), List.of(Role.OPERATOR)));
 
@@ -269,6 +271,10 @@ private void handleHealthCheck(RoutingContext rc) {
         }
     }
 
+    private void handleOperatorKeyCheck(RoutingContext rc) {
+        rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json").end("{\"status\":\"ok\"}");
+    }
+
     private void handleAttestAsync(RoutingContext rc) {
         String token = AuthMiddleware.getAuthToken(rc);
         IAuthorizable profile = authProvider.get(token);

diff --git a/src/main/java/com/uid2/core/vertx/Endpoints.java b/src/main/java/com/uid2/core/vertx/Endpoints.java
@@ -21,7 +21,8 @@ public enum Endpoints {
     SERVICE_LINKS_REFRESH("/service_links/refresh"),
     OPERATORS_REFRESH("/operators/refresh"),
     PARTNERS_REFRESH("/partners/refresh"),
-    OPERATOR_CONFIG("/operator/config");
+    OPERATOR_CONFIG("/operator/config"),
+    OPERATOR_KEY_CHECK("/ops/operator_key_check");
 
     private final String path;
 

diff --git a/src/test/java/com/uid2/core/vertx/CoreVerticleTest.java b/src/test/java/com/uid2/core/vertx/CoreVerticleTest.java
@@ -893,6 +893,28 @@ void keysRefreshSuccessNoHeaderVersion(Vertx vertx, VertxTestContext testContext
         });
     }
 
+    @Test
+    @Tag("dontForceJwt")
+    void operatorKeyCheckReturns200ForValidOperatorKey(Vertx vertx, VertxTestContext testContext) {
+        fakeAuth(Role.OPERATOR);
+        this.get(vertx, Endpoints.OPERATOR_KEY_CHECK.toString(), testContext.succeeding(response -> testContext.verify(() -> {
+            assertEquals(200, response.statusCode());
+            assertEquals("application/json", response.getHeader(HttpHeaders.CONTENT_TYPE));
+            assertEquals("{\"status\":\"ok\"}", response.bodyAsString());
+            testContext.completeNow();
+        })));
+    }
+
+    @Test
+    @Tag("dontForceJwt")
+    void operatorKeyCheckReturns401ForUnknownKey(Vertx vertx, VertxTestContext testContext) {
+        when(authProvider.get(any())).thenReturn(null);
+        this.get(vertx, Endpoints.OPERATOR_KEY_CHECK.toString(), testContext.succeeding(response -> testContext.verify(() -> {
+            assertEquals(401, response.statusCode());
+            testContext.completeNow();
+        })));
+    }
+
     @Test
     @Tag("dontForceJwt")
     void getConfigSuccess(Vertx vertx, VertxTestContext testContext) {