Authentication
All Veriglob API endpoints require authentication. This guide covers the available authentication methods and how to implement them in your applications.
Authentication Methods
Section titled “Authentication Methods”Bearer Token (Authorization Header)
Section titled “Bearer Token (Authorization Header)”Include your API key in the Authorization header using the Bearer scheme:
curl -X GET "https://api.veriglob.com/v1/did/did:key:z6Mk..." \ -H "Authorization: Bearer your-api-key-here"API Key Header
Section titled “API Key Header”Alternatively, use the X-API-Key header:
curl -X GET "https://api.veriglob.com/v1/did/did:key:z6Mk..." \ -H "X-API-Key: your-api-key-here"Obtaining API Keys
Section titled “Obtaining API Keys”Generate a New API Key
Section titled “Generate a New API Key”Create a new API key using the API Keys endpoint:
curl -X POST "https://api.veriglob.com/v1/keys/generate" \ -H "Authorization: Bearer your-session-token" \ -H "Content-Type: application/json" \ -d '{ "name": "My Application Key" }'Response:
{ "status": "success", "message": "API key generated successfully", "data": { "key_id": "key_abc123", "api_key": "vg_live_xxxxxxxxxxxxxxxxxxxx", "name": "My Application Key", "tier": "free", "created_at": "2024-01-15T10:30:00Z" }}Rate Limiting
Section titled “Rate Limiting”Rate limits are enforced based on your subscription tier:
| Tier | Requests per Minute |
|---|---|
| Free | 10 |
| Basic | 100 |
| Pro | 1,000 |
| Enterprise | 10,000 |
Rate Limit Headers
Section titled “Rate Limit Headers”All API responses include rate limit information in the headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per minute for your tier |
X-RateLimit-Remaining | Remaining requests in current window |
X-RateLimit-Reset | Unix timestamp when the limit resets |
Rate Limit Exceeded Response
Section titled “Rate Limit Exceeded Response”When you exceed your rate limit, you’ll receive a 429 Too Many Requests response:
{ "status": "error", "message": "Rate limit exceeded", "error": "You have exceeded your rate limit. Please wait before making more requests."}Authentication Errors
Section titled “Authentication Errors”401 Unauthorized
Section titled “401 Unauthorized”Returned when the API key is missing or invalid:
{ "status": "error", "message": "Unauthorized", "error": "Invalid or missing API key"}403 Forbidden
Section titled “403 Forbidden”Returned when the API key doesn’t have permission for the requested resource:
{ "status": "error", "message": "Forbidden", "error": "Your API key does not have access to this resource"}Security Best Practices
Section titled “Security Best Practices”- Never expose API keys in client-side code - Always make API calls from your server
- Use environment variables - Store API keys in environment variables, not in code
- Rotate keys regularly - Generate new keys periodically and revoke old ones
- Use minimal permissions - Request only the access level you need
- Monitor usage - Regularly check your API usage for unusual patterns
Code Examples
Section titled “Code Examples”JavaScript/Node.js
Section titled “JavaScript/Node.js”const response = await fetch('https://api.veriglob.com/v1/did', { method: 'POST', headers: { Authorization: `Bearer ${process.env.VERIGLOB_API_KEY}`, 'Content-Type': 'application/json', }, body: JSON.stringify({}),});
const data = await response.json();Python
Section titled “Python”import requestsimport os
headers = { 'Authorization': f'Bearer {os.environ["VERIGLOB_API_KEY"]}', 'Content-Type': 'application/json'}
response = requests.post( 'https://api.veriglob.com/v1/did', headers=headers, json={})
data = response.json()req, _ := http.NewRequest("POST", "https://api.veriglob.com/v1/did", nil)req.Header.Set("Authorization", "Bearer "+os.Getenv("VERIGLOB_API_KEY"))req.Header.Set("Content-Type", "application/json")
client := &http.Client{}resp, _ := client.Do(req)Next Steps
Section titled “Next Steps”- Quick Start Guide - Make your first API call
- DID Operations - Create and resolve DIDs
- API Keys Reference - Manage your API keys