Authentication
You can access Verifiet's API using OAuth2 JSON Web Token (JWT) access tokens.
Obtain Client Id and Client Secret
You need to contact Verifiet Team ↗ to obtain a CLIENT_ID
and CLIENT_SECRET
. CLIENT_SECRET
is the unique secret generated only for you. Make sure you DO NOT share it with anyone or store in code anywhere.
Token has a default validity of 30 days, and must be refreshed in order to retain access. You can request to change the default validity period if you want to reduce the token validity period for stronger security.
Obtaining an access token (OAuth2)
You can request an access token by programmatically accessing Verifiet's auth endpoint. This can be done in Command Line Interface (CLI) tool, or can be done programmatically using http libraries.
In the following example, we will use ZSH terminal. Set CLIENT_ID and
and CLIENT_SECRET
in the request template below to get an access token.
Request
curl --request POST \
--url https://login.verifiet.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"<CLIENT_ID>","client_secret":"<CLIENT_SECRET>","audience":"https://api.verifiet.com/v1/","grant_type":"client_credentials"}'
Response
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJIekUyVzZZaXU0UUVoZTd0a0R2WCJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLnZlcmlmaWV0LmNvbS8iLCJzdWIiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWEBjbGllbnRzIiwiYXVkIjoiaHR0cHM6Ly9hcGkudmVyaWZpZXQuY29tL3YxLyIsImlhdCI6MTcxMTA0Mzc2OCwiZXhwIjoxNzEzNjM1NzY4LCJzY29wZSI6InJlYWQ6Y29tcGFueSByZWFkOmVtYWlsIHJlYWQ6ZG9tYWluIHJlYWQ6YW1sIHJlYWQ6cGhvbmUgcmVhZDp2aXNpb24iLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWCJ9",
"scope": "read:company read:aml",
"expires_in": 2592000,
"token_type": "Bearer"
}
Property | Type | Description |
---|---|---|
access_token | boolean | This is the token you will be using to make an API call. |
scope | string | This is the permission granted for the clientId in Verifiet. |
expires_in | int | This indicates how many seconds later will the token expire. |
token_type | string | This is the type of token. |
Making a request using AccessToken
Add header Authorization: Bearer {accessToken}
in your request when calling Verifiet's API endpoint. An example will be:
Request
curl -G https://api.verifiet.com/v1/company/uk/2372173 \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJIekUyVzZZaXU0UUVoZTd0a0R2WCJ9.eyJpc3MiOiJodHRwczovL2xvZ2luLnZlcmlmaWV0LmNvbS8iLCJzdWIiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWEBjbGllbnRzIiwiYXVkIjoiaHR0cHM6Ly9hcGkudmVyaWZpZXQuY29tL3YxLyIsImlhdCI6MTcxMTA0Mzc2OCwiZXhwIjoxNzEzNjM1NzY4LCJzY29wZSI6InJlYWQ6Y29tcGFueSByZWFkOmVtYWlsIHJlYWQ6ZG9tYWluIHJlYWQ6YW1sIHJlYWQ6cGhvbmUgcmVhZDp2aXNpb24iLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiIzRW5ubHRBTURhVTRENlNzSTlFNEJOYTFoSXN6YVpPWCJ9"
Always keep your token safe and reset it if you suspect it has been compromised.
Authorization
Your permission to the API is also granted based on your pricing plan. Make sure your plan tier offers access to the API you are intending to call.
The scope
field indicates the permission to Verifiet's API. For example, "read:company read:aml" indicate that the access token has both access to get company, and get AML data. The name of the permission may evolve over time, so there is no need to programmatically store it.
Endpoint
The endpoint for Verifiet's APIs check is https://api.verifiet.com/v1/
. The endpoint is backed by RESTful protocol, and uses standard HTTP verbs such as GET
or POST
. The endpoint is secured by OAuth2, and requires a Bearer token to authenticate.