Skip to main content

API Key Authentication

All server-side API calls use HTTP Basic Auth with your API Key and API Secret.
curl -X POST https://ivs.idenfy.com/api/v2/token \
  -u "YOUR_API_KEY:YOUR_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"clientId": "user-123"}'
import requests

response = requests.post(
    "https://ivs.idenfy.com/api/v2/token",
    auth=("YOUR_API_KEY", "YOUR_API_SECRET"),
    json={"clientId": "user-123"}
)
const response = await fetch("https://ivs.idenfy.com/api/v2/token", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: "Basic " + Buffer.from("YOUR_API_KEY:YOUR_API_SECRET").toString("base64"),
  },
  body: JSON.stringify({ clientId: "user-123" }),
});
$ch = curl_init("https://ivs.idenfy.com/api/v2/token");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_USERPWD, "YOUR_API_KEY:YOUR_API_SECRET");
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json"]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(["clientId" => "user-123"]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = json_decode(curl_exec($ch), true);
The Authorization header is: Basic base64(API_KEY:API_SECRET)

Get Your Keys

  1. Log in to iDenfy Dashboard
  2. Go to Settings → API Keys
  3. Select Generate
Detailed guide →

Two Types of Auth

Auth typeUsed forWhere
Basic Auth (API Key + Secret)All server-side API callsYour backend only
authTokenClient-side verification UIiFrame, redirect, mobile SDK
The flow:
Backend (Basic Auth) → POST /api/v2/token → returns authToken
Frontend (authToken) → Verification UI     → results via webhook to backend
The authToken is short-lived and scoped to one verification. It’s safe to pass to the client.
Never expose your API Secret in client-side code — browser JavaScript, mobile apps, or public repos. Use it only on your server.