Truework authenticates requests to the API using your API keys. If no API key is included with a request, or the included API key has been revoked, the request will return an error.
API keys can be used to create verification requests on your behalf, and to view the results of completed verifications. As such, they should be kept secret, and should not be checked into version control. If you suspect an API key has been compromised, you should revoke that API key and create a new one.
Using Your API Key
For more information on how to use an API key for authentication, see the authentication reference page.
To create an API key, navigate to your settings page. Find the
"API Settings — Production" card and expand the API key section by clicking the "Edit" button. Then, optionally enter a
description for the key you will create, and click "Generate". Your new API key will appear in the card above. It will
be an alphanumeric string that begins with the prefix
To revoke an API Key, simply click the "Revoke" button next to the key you wish to revoke. Make sure your key is not in use before revoking it, since any requests using the key will begin returning errors once it is revoked. There is no way to undo revoking an API key.
To create or revoke an API key for the sandbox environment, follow the above instructions on the "API Settings — Sandbox" card.