Authorization
Authenticate every Verify and Signals request with bearer API keys.
All requests to https://api.fideo.ai require a valid API key supplied via the HTTP Authorization header. Keys are managed inside ReadMe (Settings → API Keys) and can also be issued by your Fideo support team if you need dedicated test/prod credentials.
curl -X POST https://api.fideo.ai/verify \
-H "Authorization: Bearer ${FIDEO_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"emails": ["[email protected]"],
"phones": ["+13035550123"]
}'Key management best practices
- Create separate keys per environment and workflow. Use one key for production traffic, another for staging, and additional keys for backend services vs. internal tooling so rotation is painless.
- Never embed keys in client-side code. Calls should originate from a secure backend you control. If you need to expose Signals or Verify to web or mobile clients, proxy the call through your infrastructure.
- Rotate regularly. Keys can be revoked in ReadMe at any time. Keep at least two keys active per environment so you can phase out the old one without downtime.
- Use short-lived secrets when possible. Store the static key in your secret manager (Vault, AWS Secrets Manager, etc.) and inject it into the runtime via environment variables.
Required headers
| Header | Value | Notes |
|---|---|---|
Authorization | Bearer {API_KEY} | Required on every request. Keys are scoped per workspace and inherit your contracted rate limits. |
Content-Type | application/json | All Verify and Signals endpoints expect JSON payloads encoded in UTF-8. |
Accept | application/json | Optional but recommended to guard against future content-type changes. |
Response handling
| Scenario | HTTP status | What it means |
|---|---|---|
| Missing/invalid key | 401 Unauthorized | The header is absent or the key was revoked. Verify the token value and environment. |
| Key lacks product access | 403 Forbidden | The key exists but isn't enabled for Verify or Signals. Contact support to adjust entitlements. |
| Rate limit exceeded | 429 Too Many Requests | Back off and retry with exponential delay. Limits apply per key and per endpoint. |
Product-specific docs (Verify checks, Signal bundles, Signal Patterns) document their own business-level error codes, so we avoid duplicating them here. This page is only concerned with authenticating your calls successfully.
Updated about 4 hours ago