Skip to main content

API Key Management

Rotating API keys regularly is a security best practice. The Veryfi partner API lets you create, remove, and reset keys programmatically, useful when responding to a leak, satisfying a compliance policy, or updating credentials stored across many integrations (for example payroll or HR systems).

This page describes the recommended rotation flow. The request and response details for each operation live in the Settings section of the API reference.

Before you start

  • Same authentication model as the rest of the partner API. See Authentication.
  • Two API keys per account. This is a hard limit, you cannot add a third key without removing one first.

The idea is simple: introduce the new key first, move every consumer to it, and only then retire the old one. No coordinated cutover required.

  1. Check how many keys you currently have in Settings → Keys (or via the list endpoint) and decide which key, if any, you plan to retire.
  2. Create a new key with POST /api/v8/partner/client-keys. Save the returned id and value.
  3. Roll out the new value to every integration, worker, or partner system that uses your Veryfi credentials. Verify each one is producing successful calls with the new key before moving on.
  4. Delete the old key with DELETE /api/v8/partner/client-keys/{id}. The API returns an error if you try to delete your only remaining key.

User-friendly key management is available in the Web Portal to users with admin rights and API Keys access.

caution

Test the new key against a non-production path or low-risk call before you delete the old one. A premature delete will lock out any integration still pointing at the old value.

When to use reset instead

POST /api/v8/partner/client-keys/reset regenerates every key in one call and returns the new values. All previous keys stop working immediately.

Reset is appropriate when you can afford a coordinated cutover, a maintenance window, an incident response, or a setup where a single operator controls every consumer of the keys at once. It is not the right tool for gradual migration across many independent systems.

Try it from the docs

Each endpoint page under Settings ships with an interactive "Try it" panel. Sign in to Veryfi from the doc to populate your real credentials and send live requests against your account:

You can also manage keys from the Hub UI under Settings → Keys.