Authorization

API Authentication

Introduction to API Authentication in VOVE ID

In VOVE ID's RESTful API, authentication and authorization are streamlined through the use of an API Key. This method ensures that API requests are processed securely and efficiently, confirming that they are coming from authorized sources. Clients must manage this key with utmost confidentiality to maintain the integrity and security of their interactions with VOVE ID.

Using the API Key

  • Obtaining the API_KEY: Upon successful registration with VOVE ID, clients are issued a unique API Key. This key serves as the primary credential for authenticating API requests.

  • Making Authenticated Requests: When making calls to VOVE ID’s API, the API_KEY must be included in the request header. This is essential for the API to validate and process the request.

Best Practices for API Key Management

  • Security: The API_KEY is akin to a password. It should be treated with the same level of security and never be exposed in client-side code or front-end applications. Exposing the API Key can lead to unauthorized access and potential misuse of the VOVE ID services.

  • Environment Variables: Store the API_KEY in environment variables or server-side configuration files. This practice helps in keeping the key secure and separate from your codebase.

  • Regeneration: In case of a potential key compromise, Please reach out to your Account Manager urgently and ask to regenerate a new API_KEY, VOVE ID allows the regeneration of the API Key.

Warning: Key Exposure Risks

  • Do Not Embed in Front-End Code: Embedding the API Key in your front-end code can lead to serious security vulnerabilities, as the key can be easily extracted by end-users or malicious actors.

  • Do Not Store Publicly: Avoid storing the API Key in publicly accessible areas such as GitHub repositories, client-side scripts, or public cloud storage.

Example

To request a token, send a POST request with your business identifier and business secret key to VOVE ID's authorization service:

GET /v2/sessions/:refId HTTP/1.1
Content-Type: application/json
x-api-key: API_KEY

Conclusion

Proper management and use of the API Key are paramount in ensuring the security and efficiency of your interactions with the VOVE ID API. By following these best practices, you can safeguard your application against unauthorized access and maintain the confidentiality of the sensitive data processed through our platform.

PreviousQuick startNextVerification session

Last updated