For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Truework.comAPI StatusGet your API key
HomeGuidesAPI referenceHelp
HomeGuidesAPI referenceHelp
    • Introduction
  • Using the API
    • Authentication
    • Versioning
    • Webhooks
    • Sandbox environment
    • Monitoring
    • Limits
  • Verification orders & reports
    • POSTCreate a target employer order
    • POSTCreate an employer search order
    • POSTCreate a Truework Direct order
    • GETGet one order
    • GETGet all orders
    • PUTCancel an order
    • GETGet one report
    • GETGet order events
    • POSTReverify a report
  • Public beta APIs
  • Previous API versions
    • API version 2022-08-01
    • API version 2020-12-07
    • API version 2019-10-15
LogoLogo
Truework.comAPI StatusGet your API key
On this page
  • How Truework Authenticates API requests
  • API and Publishable Key management
  • Creating an API key
  • Creating a Publishable key
  • Revoking an API or Publishable Key
Using the API

Authentication and API Key management

Was this page helpful?
Previous

API versioning

Next
Built with

How Truework Authenticates API requests

Truework authenticates requests to our API using API Keys and Publishable Keys. If the required authentication token is not included with a request or is revoked, the request will return an error.

API Keys are generated using Python’s built-in secrets library, which ensures cryptographic randomness of the produced bytes used in the API key. The number of bytes used in generating the API key is guaranteed to be at least 32 random bytes, though this number may increase without notice in the future.

An API Key is used to create verification requests, view the results of completed reports, cancel a verification request, and create internal API dashboards. API Keys should be kept secret, and should not be checked into version control. If you suspect an API key has been compromised, you should revoke that API key and immediately create a new one.

For those using the Truework Direct order endpoint, a Publishable Key is also required. A Publishable Key is used to initialize the Truework.js widget and support co-branding. This key type is not meant to be secret. This means you can safely include the Publishable Key in public facing code, like Javascript/HTML.

API and Publishable Key management

Creating an API key

To create an API key:

  1. Navigate to developer settings in the Truework app
  2. Under the “API” header scroll down to the “Sandbox” or “Production” card, depending on the environment you are generating the key for, and expand the API Key section by clicking the “Edit” button.
  3. Optionally, enter a description for the key, and click “Generate”.

The API key you created will appear in the card as a urlsafe string that begins with the prefix tw_sk_test_ in Sandbox tw_sk_ in Production.

Creating a Publishable key

To create a Publishable key:

  1. Navigate to developer settings in the Truework app
  2. Under the “Publishable Key” header scroll down to the “Sandbox” or “Production”card, depending on the environment you are generating the key for, and expand the Publishable Key section by clicking the “Edit” button.
  3. Optionally enter a description for the key, and click “Generate”.

The API key you created will appear in the card above.

Revoking an API or Publishable Key

To revoke an API or Publishable Key, simply click the “Revoke” button next to the key you wish to revoke. Make sure your key is not in use before revoking it, as any request using the key will return errors once it is revoked and there’s no way to undo this action.