Client ID, username, and API key

Updated over a week ago

To make API calls users need Client ID, username, and API key, which could be found inside the user account API Keys section.

More details on API keys inside API Docs

A CLIENT_SECRET is a private key known only to you/your application and the authorization server.

The API requests to Veryfi are signed so that Veryfi can identify who sent them.

When a user sends a POST request, the request is being encoded by the CLIENT_SECRET, "signature". A signed POST request is a request itself + signature from a request. The server receives a request and signature. It can then check this signature along with the signature on file. Since the authorized server knows the client_secret, it can validate and compare if the signature from the incoming request coincides with the signature on the server-side.

Users can encode the POST request payload, timestamp, and use the CLIENT_SECRET to sign it using SHA-256.

Since CLIENT_SECRET is essential to the application's own password. When using a Veryfi SDK, it automatically does the signing.

Have questions? Please reach out to support@veryfi.com

Other Related Articles:

Did this answer your question?