All API requests are authenticated with an API-KEY header. You can try the API without a key using the sandbox — unauthenticated requests are rate limited to 5 requests per minute and automatically use a public sandbox account.
# Authenticated (production)
curl -X POST https://api.connect.verifyyou.com/v2/verification/create \
-H "API-KEY: your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"redirect": "https://yourapp.com/verified"}'
# Unauthenticated (sandbox, rate limited)
curl -X POST https://api.connect.verifyyou.com/v2/verification/create \
-H "Content-Type: application/json" \
-d '{"redirect": "https://yourapp.com/verified"}'
Keep your API key secret. Never expose it in client-side code — always call the API from your backend.
