Can we decode API key / how to make sure that the API key is secure?

I am building user management activation flow in Java using existing okta api for example “{{url}}/api/v1/users?activate=true”
This API takes APIKEY, can we verify the apikey before granting the user to perform the action?

The API token is opaque. Accessing a resource is the easiest way to validate the key.

Are you looking for something more specific?