Authentication

Every request to the API must be authenticated using an API key.
The same authentication model applies whether you interact with the REST API directly or use one of the official SDKs.

Creating and managing API keys

API keys are managed from your dashboard. Visit Profile › API Access to create, rename, pause, re-enable, or revoke API keys.

Changes take effect immediately.
You may have multiple active keys at the same time.

See Security for guidance on key storage, rotation, and exposure risks.

How authentication works

The API accepts authentication via an HTTP header, a JSON field in the request body, or a query parameter.

All documentation examples use the recommended method: HTTP header + POST + JSON body. This is the safest and most predictable approach in production environments.

Recommended method: HTTP header

1
curl "https://api.verifyvat.com/v1/verify" \
2
  -H "x-api-key: {YOUR_API_KEY}" \
3
  -H "Content-Type: application/json" \
4
  -d '{ "type": "no_orgnr", "id": "914778271" }'

This method avoids accidental key exposure through logs, URLs, or intermediaries.

Using authentication with the SDKs

The official SDKs use the same API key mechanism as the REST API.
By default, SDK clients automatically read configuration from environment variables and work out of the box when these are present.

1
VERIFYVAT_API_KEY={YOUR_API_KEY}
2
# Optional override for custom deployments
3
# VERIFYVAT_BASE_URL=https://api.verifyvat.com

SDK client configuration

You can also provide credentials explicitly when creating a client.

Please select a language above to view the corresponding code sample.

1
import { createVerifyVatClient } from '@verifyvat/sdk'
2

3
const client = createVerifyVatClient({
4
    apiKey: '{YOUR_API_KEY}',
5
})

1
from verifyvat_sdk import VerifyVatClient
2

3
client = VerifyVatClient(api_key="{YOUR_API_KEY}")

See SDK overview for installation, configuration, and runtime behaviour.

Alternative authentication methods

Alternative mechanisms are supported for compatibility, but are not recommended for general use.

1
### JSON body:
2
POST https://api.verifyvat.com/v1/verify
3
Content-Type: application/json
4
{
5
    "api-key": "{YOUR_API_KEY}"
6
}
7

8
### Query parameter:
9
GET https://api.verifyvat.com/v1/verify?api-key={YOUR_API_KEY}

These methods behave identically at the API level, but increase the risk of accidental key exposure.