Odit Verify

Authentication

API keys are minted from the dashboard and passed via the x-api-key header.

Get a key

  1. Sign up for an account.
  2. Open the dashboard.
  3. Mint a key with a memorable label (e.g. pattern-admin).
  4. Copy the plaintext now. We only store a SHA-256 hash — the plaintext is shown once and never again.

Send it

Pass the key in the x-api-key request header:

curl https://v.odit.et/api/verify \
  -H "x-api-key: vk_live_xxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "content-type: application/json" \
  -d '{"reference":"DF33KS5FB9"}'

Revoke

Hit the Revoke button next to the key in the dashboard. Calls using a revoked key return 401 revoked_key immediately.

Key prefix

The first 14 chars of each key (e.g. vk_live_a3f9c2) are stored in plaintext as the prefix. The dashboard shows this; we also return it on successful responses as the x-api-key-prefix header for log correlation.

Previous

Overview

Next

POST /api/verify

On this page