fix(api-key): remove strict length pre-check in verifyApiKey (#6259)

Signed-off-by: GautamBytes <manchandanigautam@gmail.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>

packages/better-auth/src/plugins/api-key/api-key.test.ts

@@ -948,7 +948,7 @@ describe("api-key", async () => {
 			},
 		});
 		expect(apiKey.valid).toBe(false);
-		expect(apiKey.error?.code).toBe("KEY_NOT_FOUND");
+		expect(apiKey.error?.code).toBe("INVALID_API_KEY");
 	});
 
 	let rateLimitedApiKey: ApiKey;

packages/better-auth/src/plugins/api-key/routes/verify-api-key.ts

@@ -246,20 +246,6 @@ export function verifyApiKey({
 		async (ctx) => {
 			const { key } = ctx.body;
 
-			if (key.length < opts.defaultKeyLength) {
-				// if the key is shorter than the default key length, than we know the key is invalid.
-				// we can't check if the key is exactly equal to the default key length, because
-				// a prefix may be added to the key.
-				return ctx.json({
-					valid: false,
-					error: {
-						message: ERROR_CODES.INVALID_API_KEY,
-						code: "KEY_NOT_FOUND" as const,
-					},
-					key: null,
-				});
-			}
-
 			if (opts.customAPIKeyValidator) {
 				const isValid = await opts.customAPIKeyValidator({ ctx, key });
 				if (!isValid) {