Skip to main content

API Key Authentication

Verilock uses API key authentication. Include your API key in the X-API-Key header of every request.
Keep your API keys secure. Never expose your API secret key in client-side code, public repositories, or browser requests. All API calls should be made from your backend server.
Request Header
X-API-Key: your_api_key_here
Content-Type: application/json
Accept: application/json

curl -X GET \
  "https://verilock.io/api/v1/sessions" \
  -H "X-API-Key: your_api_key_here" \
  -H "Accept: application/json"

Rate Limiting

API requests are rate limited per API key. Current limits are returned in response headers:
HeaderDescription
X-RateLimit-LimitMaximum requests per minute
X-RateLimit-RemainingRemaining requests in current window
Retry-AfterSeconds until the rate limit resets (only on 429)

Error Response

If authentication fails, the API returns a 401 error:
401 Unauthorized
{
  "error": "Unauthorized",
  "message": "Invalid or missing API key."
}