All Collections
OCR API Platform
API
What is CLIENT_SECRET?
What is CLIENT_SECRET?

Client ID, username, and API key

Updated over a week ago

To make API calls users need Client ID, username, and API key, which could be found inside the user account API Keys section.

More details on API keys inside API Docs

A CLIENT_SECRET is a private key known only to you/your application and the authorization server.

The API requests to Veryfi are signed so that Veryfi can identify who sent them.

When a user sends a POST request, the request is being encoded by the CLIENT_SECRET, "signature". A signed POST request is a request itself + signature from a request. The server receives a request and signature. It can then check this signature along with the signature on file. Since the authorized server knows the client_secret, it can validate and compare if the signature from the incoming request coincides with the signature on the server-side.

Users can encode the POST request payload, timestamp, and use the CLIENT_SECRET to sign it using SHA-256.

Since CLIENT_SECRET is essential to the application's own password. When using a Veryfi SDK, it automatically does the signing.

Have questions? Please reach out to support@veryfi.com

Other Related Articles:

Veryfi API Keys

Veryfi OCR API Self-Serve Portal Walk-Through

API Documentation

What Document Types Veryfi Supports

Languages Veryfi OCR API works with

File formats Veryfi supports

Want to know if the submitted image is ok or blurry

How to Improve the Accuracy

Related Articles
Can I have a Sandbox or Dev environment?
Webhooks and Asynchronous Processing
Veryfi API Keys
New: Interactive API
Dart SDK: for Veryfi OCR API
Did this answer your question?