To make API calls users need Client ID, username, and API key, which could be found inside the user account API Documentation. More details on API keys inside API Keys FAQ.

A CLIENT_SECRET is a private key known only to you/your application and the authorization server.

The API requests to Veryfi are signed so that Veryfi can identify who sent them.

When a user sends a POST request, the request is being encoded by the CLIENT_SECRET, "signature". A signed POST request is a request itself + signature from a request. The server receives a request and signature. It can then check this signature along with the signature on file. Since the authorized server knows the client_secret, it can validate and compare if the signature from the incoming request coincides with the signature on the server-side.

Users can encode the POST request payload, timestamp, and use the CLIENT_SECRET to sign it using SHA-256.

Since CLIENT_SECRET is essential to the application's own password. When using a Veryfi SDK, it automatically does the signing.

Have questions? Please reach out to support@veryfi.com

Other Related Articles:

Veryfi API Keys

Veryfi OCR API Self-Serve Portal Walk-Through

API Documentation

What Document Types Veryfi Supports

Languages Veryfi OCR API works with

File formats Veryfi supports

Want to know if the submitted image is ok or blurry

How to Improve the Accuracy

Did this answer your question?