Authentication

API key authentication
Get your keys
Two types of auth

API key authentication

All server-side API calls use HTTP Basic Auth with your API Key and API Secret.

curl -X POST https://ivs.idenfy.com/api/v2/token \
  -u "YOUR_API_KEY:YOUR_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"clientId": "user-123"}'

The Authorization header is: Basic base64(API_KEY:API_SECRET)

Get your keys

Log in to iDenfy Dashboard
Go to Settings → API Keys
Click Generate

Detailed guide →

Two types of auth

Auth type	Used for	Where
Basic Auth (API Key + Secret)	All server-side API calls	Your backend only
authToken	Client-side verification UI	iFrame, redirect, mobile SDK

The flow:

Backend (Basic Auth) → POST /api/v2/token → returns authToken
Frontend (authToken) → Verification UI     → results via webhook to backend

The authToken is short-lived and scoped to one verification. It’s safe to pass to the client.

Never expose your API Secret in client-side code — browser JavaScript, mobile apps, or public repos. Use it only on your server.

Quickstart Choosing Your Integration

⌘I

Start Here

ID Verification (KYC)

Business Verification (KYB)

AML Screening

Face Authentication

Fraud Prevention

Bank Verification

Going Live

Reference

API key authentication

Get your keys

Two types of auth

Start Here

ID Verification (KYC)

Business Verification (KYB)

AML Screening

Face Authentication

Fraud Prevention

Bank Verification

Going Live

Reference

​API key authentication

​Get your keys

​Two types of auth

API key authentication

Get your keys

Two types of auth