API calls currently trigger input model validation rules, which disallow valid input. In general, the type of validation appropriate for keyboard input may not be identical to the validation rules for data supplied over the API. Specifically, the '<>' characters are valid in the comment field of an SSH key, but are disallowed by the API. We've also run into the problem where the '<' character appears in a Department name.

The API input model validation rules should perhaps be applied less broadly to data transmitted over the API, or the restriction on the '<>' characters should be documented.