Skip to content

Authentication

The VerifyMaill API uses API keys to authenticate requests. Pass your secret key as a Bearer token in the Authorization header.

Authorization: Bearer sk_your_api_key
Terminal window
curl "https://api.verifymaill.com/v1/verify?email=jane@example.com" \
-H "Authorization: Bearer sk_your_api_key"
Key Prefix Where it’s used Exposable?
Secret API key sk_ Server-side API requests No — keep it secret
Widget (publishable) key pk_ Browser / the widget Yes
  • Never ship a secret key in client-side code, a mobile app, or a public repo. Use the publishable widget key in the browser.
  • Store keys in environment variables or a secrets manager.
  • Use separate keys per environment (e.g. test vs. production) and per service, so you can rotate or revoke independently.
  • Rotate immediately if a key is exposed — create a new key, deploy it, then revoke the old one.