Authentication
The VerifyMaill API uses API keys to authenticate requests. Pass your secret
key as a Bearer token in the Authorization header.
Authorization: Bearer sk_your_api_keycurl "https://api.verifymaill.com/v1/verify?email=jane@example.com" \ -H "Authorization: Bearer sk_your_api_key"const res = await fetch("https://api.verifymaill.com/v1/verify?email=jane@example.com", { headers: { Authorization: `Bearer ${process.env.VERIFYMAIL_API_KEY}` },});import os, requests
res = requests.get( "https://api.verifymaill.com/v1/verify", params={"email": "jane@example.com"}, headers={"Authorization": f"Bearer {os.environ['VERIFYMAIL_API_KEY']}"},)Key types
Section titled “Key types”| Key | Prefix | Where it’s used | Exposable? |
|---|---|---|---|
| Secret API key | sk_ |
Server-side API requests | No — keep it secret |
| Widget (publishable) key | pk_ |
Browser / the widget | Yes |
Keeping keys safe
Section titled “Keeping keys safe”- Never ship a secret key in client-side code, a mobile app, or a public repo. Use the publishable widget key in the browser.
- Store keys in environment variables or a secrets manager.
- Use separate keys per environment (e.g. test vs. production) and per service, so you can rotate or revoke independently.
- Rotate immediately if a key is exposed — create a new key, deploy it, then revoke the old one.