diff --git a/.github/workflows/R-CMD-check.yaml b/.github/workflows/R-CMD-check.yaml
index ab4bda7..4663932 100644
--- a/.github/workflows/R-CMD-check.yaml
+++ b/.github/workflows/R-CMD-check.yaml
@@ -17,6 +17,8 @@ jobs:
       matrix:
         config:
           - {os: windows-latest, r: 'release'}
+          - {os: macOS-latest,   r: 'release'}
+          - {os: ubuntu-latest,   r: 'release'}
 
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
diff --git a/NAMESPACE b/NAMESPACE
index 8974032..350c662 100644
--- a/NAMESPACE
+++ b/NAMESPACE
@@ -12,7 +12,6 @@ export(new_reply)
 export(new_thread)
 export(new_version)
 export(objr)
-export(objr_auth)
 export(participant_bypass_2fa)
 export(participants)
 export(upload_file)
diff --git a/R/assets.R b/R/assets.R
index 270d013..d3d7956 100644
--- a/R/assets.R
+++ b/R/assets.R
@@ -83,7 +83,13 @@ asset_info <- function(asset_uuid,
     httr2::resp_body_json()
 
   # Return useful information as list
-  response[c("uuid", "name", "type", "extension", "description")]
+  list(
+    uuid = response$uuid,
+    name = response$name,
+    type = response$type,
+    extension = response$extension,
+    description = response$description
+  )
 
 }
 
diff --git a/R/objr.R b/R/objr.R
index 475dbb7..1b41293 100644
--- a/R/objr.R
+++ b/R/objr.R
@@ -109,7 +109,7 @@ objr <- function(endpoint,
 #' token <- "test"
 #' httr2::request("http://example.com") |> objr_auth()
 #'
-#' @export
+#' @noRd
 
 objr_auth <- function(req) {
 
@@ -227,9 +227,8 @@ error <- function(response) {
 
 check_pages <- function(response, call = rlang::caller_env()) {
 
-  metadata <- if(httr2::resp_has_body(response)) {
-    try(httr2::resp_body_json(response)$metadata)
-  }
+  metadata <- tryCatch(httr2::resp_body_json(response)$metadata,
+                       error = function(e) NULL)
 
   if(!is.null(metadata)) {
 
diff --git a/R/utils.R b/R/utils.R
index 555c335..6ac0968 100644
--- a/R/utils.R
+++ b/R/utils.R
@@ -144,3 +144,42 @@ random_uuid <- function(seed = NULL) {
     paste0(collapse = "-")
 
 }
+
+
+#' Check string is valid UUID format
+#'
+#' @param uuid Character string
+#'
+#' @return `uuid`, invisibly.
+#'
+#' @details See the [Getting Started vignette]
+#'   (https://scotgovanalysis.github.io/objr/
+#'   articles/objr.html#universally-unique-identifiers) for valid UUID format.
+#'
+#' @noRd
+
+check_uuid <- function(uuid,
+                       error_arg = rlang::caller_arg(uuid),
+                       error_call = rlang::caller_env()) {
+
+  if(!rlang::is_string(uuid)) {
+    cli::cli_abort("{.arg {error_arg}} must be a string.",
+                   call = error_call)
+  }
+
+  valid <- grepl(paste(rep("[A-Za-z0-9]{4}", 8), collapse = "-"),
+                 uuid)
+
+  if(!valid) {
+    cli::cli_abort(c(
+      "{.arg {error_arg}} must be valid UUID format.",
+      "i" = paste0("See the {.href [Getting Started vignette]",
+                   "(https://scotgovanalysis.github.io/objr/",
+                   "articles/objr.html#universally-unique-identifiers)} ",
+                   "for valid format.")
+      ), call = error_call)
+  }
+
+  invisible(uuid)
+
+}
diff --git a/_pkgdown.yml b/_pkgdown.yml
index aa05005..6b05f58 100644
--- a/_pkgdown.yml
+++ b/_pkgdown.yml
@@ -43,12 +43,11 @@ figures:
 
 reference:
 
-- title: API calls
-  contents:
+- contents:
   - objr
   - my_user_id
 
-- subtitle: Workspaces
+- title: Workspaces
   desc: >
     Workspaces are the containers that connect a collection of documents and
     folders (Assets) with a collection of Users (Participants)
@@ -56,7 +55,7 @@ reference:
   - my_workspaces
   - participants
 
-- subtitle: Assets
+- title: Assets
   desc: Assets represent Documents and Folders that are added to Workspaces
   contents:
   - workspace_assets
@@ -67,17 +66,13 @@ reference:
   - new_version
   - delete_asset
 
-- subtitle: Comments
+- title: Comments
   desc: View comments and create new threads and replies in workspaces
   contents:
   - comments
   - new_thread
   - new_reply
 
-- title: API authentication
-  contents:
-  - objr_auth
-
 - title: Two-factor authentication
   contents:
   - allow_bypass_2fa
diff --git a/man/objr_auth.Rd b/man/objr_auth.Rd
deleted file mode 100644
index 2c67fd2..0000000
--- a/man/objr_auth.Rd
+++ /dev/null
@@ -1,29 +0,0 @@
-% Generated by roxygen2: do not edit by hand
-% Please edit documentation in R/objr.R
-\name{objr_auth}
-\alias{objr_auth}
-\title{Authenticate HTTP request}
-\usage{
-objr_auth(req)
-}
-\arguments{
-\item{req}{An \href{https://httr2.r-lib.org/reference/request.html}{httr2 request}}
-}
-\value{
-A modified \href{https://httr2.r-lib.org/reference/request.html}{httr2 request}
-}
-\description{
-This sets the authorisation header of an HTTP request. If a
-token variable exists in global environment, this is used, otherwise,
-the user is prompted to enter an authenticating username and password.
-}
-\examples{
-\dontrun{
-httr2::request("http://example.com") |>
-  objr_auth()
-}
-
-token <- "test"
-httr2::request("http://example.com") |> objr_auth()
-
-}
diff --git a/tests/testthat/test-utils.R b/tests/testthat/test-utils.R
index b5637a0..a9db064 100644
--- a/tests/testthat/test-utils.R
+++ b/tests/testthat/test-utils.R
@@ -131,3 +131,29 @@ test_that("Setting seed returns consistent value", {
   )
 
 })
+
+
+# check_uuid ----
+
+test_that("Function returns UUID invisibly", {
+
+  expect_invisible(check_uuid(random_uuid()))
+
+  uuid <- random_uuid(1)
+  expect_equal(uuid, random_uuid(1))
+
+})
+
+test_that("Error returned if string not supplied", {
+
+  expect_error(check_uuid(1))
+  expect_error(check_uuid(c(random_uuid(1), random_uuid(2))))
+
+})
+
+test_that("Error returned if string not valid UUID", {
+
+  expect_error(check_uuid("invalid_uuid"))
+  expect_error(check_uuid(substr(random_uuid(1), 1, 9)))
+
+})