API access
Create and manage API keys for programmatic access.
Overview
VerifyWise offers API access so you can integrate with external applications, scripts and automation workflows. API keys let you authenticate requests without an interactive login.
Use API keys to build custom integrations, automate data sync or connect VerifyWise with your existing tools.
Accessing API keys
To manage API keys:
- Go to Settings from the bottom of the sidebar
- Select the API keys tab
- View your existing keys or create new ones
Creating an API key
To create a new API key:
- Click "Create new key" or "Create API key"
- Enter a descriptive name for the key (e.g., "Production API key", "CI/CD pipeline")
- Click Create
- Copy the generated key right away
- Click "I copied the key" to close the dialog
Key naming best practices
Use descriptive names that make the key's purpose clear:
- Environment-based: Production API key, Staging API key, Development key
- Purpose-based: Model sync key, Reporting automation, CI/CD integration
- Application-based: Data pipeline key, Dashboard integration
Key names must be between 3 and 50 characters. Each name has to be unique within your organization.
Viewing API keys
The API keys list shows the following for each key:
- Name: The descriptive name you gave the key
- Status: Whether the key is Active or Expired
- Created: When the key was created
- Expires: When the key will expire
Active keys have a green status badge. Expired keys show a warning indicator and can no longer be used.
Deleting API keys
To delete an API key:
- Find the key in the API keys list
- Click the delete icon for that key
- Confirm the deletion when prompted
Using API keys
Include your API key in the request headers to authenticate:
- Header name: Authorization
- Header value: Bearer YOUR_API_KEY
Security best practices
- Never share keys: Keep API keys confidential. Don't share them in emails, chat or version control.
- Use environment variables: Store keys in environment variables rather than hard-coding them.
- Rotate regularly: Create new keys periodically and delete old ones to limit exposure.
- Use separate keys: Create different keys for different environments and purposes.
- Act on compromises: If you suspect a key has been compromised, delete it right away and create a new one.
- Limit access: Only admins should manage API keys.
Key expiration
API keys have an expiration date set at creation. Keep an eye on your keys and create new ones before existing keys expire to avoid interruptions.
When a key expires:
- The key status changes to Expired
- API requests using the key get rejected
- You'll need to create a new key and update your applications
Troubleshooting
Receiving 401 Unauthorized errors
- Check that the API key is correct and complete
- Verify the key hasn't expired
- Make sure the Authorization header is formatted properly
- Confirm the key hasn't been deleted
Lost API key
If you lose an API key, there's no way to retrieve it. Create a new key, update your applications to use it and delete the old one.
Frequently asked questions
How many API keys can I create?
Each organization can have up to 10 API keys at a time. If you hit the maximum, delete unused keys before creating new ones.
Why am I getting a duplicate name error?
Each API key needs a unique name within your organization. If a key with that name already exists, pick a different name or delete the existing key first.
What permissions does an API key have?
API keys give access to VerifyWise API endpoints based on your organization's permissions. The specific endpoints and operations available are documented in the API reference.
Are there rate limits?
API requests may be rate-limited to keep the platform stable. If you run into rate limit errors, reduce request frequency or contact support.