Authentication

You can access Verifiet's API using OAuth2 JSON Web Token (JWT) access tokens.

Obtain Client Id and Client Secret

You need to contact Verifiet Team ↗ to obtain a CLIENT_ID and CLIENT_SECRET. CLIENT_SECRET is the unique secret generated only for you. Make sure you DO NOT share it with anyone or store in code anywhere.

Token has a default validity of 30 days, and must be refreshed in order to retain access. You can request to change the default validity period if you want to reduce the token validity period for stronger security.

Obtaining an access token (OAuth2)

You can request an access token by programmatically accessing Verifiet's auth endpoint. This can be done in Command Line Interface (CLI) tool, or can be done programmatically using http libraries.

In the following example, we will use ZSH terminal. Set CLIENT_ID and and CLIENT_SECRET in the request template below to get an access token.

Request

POST
curl --request POST \
--url https://login.verifiet.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"<CLIENT_ID>","client_secret":"<CLIENT_SECRET>","audience":"https://api.verifiet.com/v1/","grant_type":"client_credentials"}'

Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJIekUyVzZZaXU0UUVoZTd0a0R2WCJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLnZlcmlmaWV0LmNvbS8iLCJzdWIiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWEBjbGllbnRzIiwiYXVkIjoiaHR0cHM6Ly9hcGkudmVyaWZpZXQuY29tL3YxLyIsImlhdCI6MTcxMTA0Mzc2OCwiZXhwIjoxNzEzNjM1NzY4LCJzY29wZSI6InJlYWQ6Y29tcGFueSByZWFkOmVtYWlsIHJlYWQ6ZG9tYWluIHJlYWQ6YW1sIHJlYWQ6cGhvbmUgcmVhZDp2aXNpb24iLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWCJ9",
    "scope": "read:company read:aml",
    "expires_in": 2592000,
    "token_type": "Bearer"
}
PropertyTypeDescription
access_tokenbooleanThis is the token you will be using to make an API call.
scopestringThis is the permission granted for the clientId in Verifiet.
expires_inintThis indicates how many seconds later will the token expire.
token_typestringThis is the type of token.

Making a request using AccessToken

Add header Authorization: Bearer {accessToken} in your request when calling Verifiet's API endpoint. An example will be:

Request

curl -G https://api.verifiet.com/v1/company/uk/2372173 \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJIekUyVzZZaXU0UUVoZTd0a0R2WCJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLnZlcmlmaWV0LmNvbS8iLCJzdWIiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWEBjbGllbnRzIiwiYXVkIjoiaHR0cHM6Ly9hcGkudmVyaWZpZXQuY29tL3YxLyIsImlhdCI6MTcxMTA0Mzc2OCwiZXhwIjoxNzEzNjM1NzY4LCJzY29wZSI6InJlYWQ6Y29tcGFueSByZWFkOmVtYWlsIHJlYWQ6ZG9tYWluIHJlYWQ6YW1sIHJlYWQ6cGhvbmUgcmVhZDp2aXNpb24iLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWCJ9"

Always keep your token safe and reset it if you suspect it has been compromised.

Authorization

Your permission to the API is also granted based on your pricing plan. Make sure your plan tier offers access to the API you are intending to call.

The scope field indicates the permission to Verifiet's API. For example, "read:company read:aml" indicate that the access token has both access to get company, and get AML data. The name of the permission may evolve over time, so there is no need to programmatically store it.

Endpoint

The endpoint for Verifiet's APIs check is https://api.verifiet.com/v1/. The endpoint is backed by RESTful protocol, and uses standard HTTP verbs such as GET or POST. The endpoint is secured by OAuth2, and requires a Bearer token to authenticate.