REST API v1

The Proveium REST API

One API to request, receive, and verify identity proofs — without ever storing the underlying personal data on your servers.

OpenAPI 3.1, versioned endpoints, cryptographic receipts, and webhooks. Sandbox keys in under 60 seconds.

What the API provides

Everything you need to build identity-proofing into your product — nothing superfluous.

REST

Versioned REST API

All endpoints versioned under /api/v1/. Stable contracts — breaking changes only in new major versions, announced 90 days in advance.

OpenAPI 3.1

Fully Documented

Every endpoint, request body, response schema, and error code described in OpenAPI 3.1. Browse interactively or generate typed clients.

OIDC / OAuth2

Standard Auth

API key or OAuth2 client credentials. Use your sandbox API key for quick tests; switch to OAuth2 for production multi-tenant apps.

Receipts

Cryptographic Receipts

Every verification request results in a signed W3C Verifiable Credential receipt. Store the receipt hash — not the identity data.

Multi-jurisdiction

Global Coverage

One API, multiple verification providers. UK, EU, US, and AU checks share the same request/response shape. Switch jurisdiction by policy, not by code.

Webhooks

Real-time Webhook Events

Subscribe to verification.completed, consent.revoked, and other events. HMAC-signed payloads, retry-with-backoff, and a delivery dashboard.

Authentication

Simple to start, secure in production

01

Get your API key

Sign up for a sandbox account and copy your API key from the dashboard.

02

Include the key

Pass Authorization: Bearer {api_key} in every request header.

03

Switch to OAuth2 for production

Exchange client credentials for a short-lived access token. Use the /oauth/token endpoint.

04

Verify HMAC on webhooks

Every webhook payload includes an X-Proveium-Signature header. Verify it with your webhook secret before processing.

Example request
curl -X POST https://api.proveium.io/api/v1/verification-requests \
  -H "Authorization: Bearer sk_sandbox_..." \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "pol_age_18_plus",
    "redirect_uri": "https://yourapp.com/verify/callback",
    "reference": "user_123"
  }'

Core endpoints

A summary of the key endpoints. Full reference in the OpenAPI spec.

POST
/api/v1/verification-requests

Create a new verification request

GET
/api/v1/verification-requests/:id

Poll or retrieve a request by ID

GET
/api/v1/verification-requests/:id/receipt

Download the signed cryptographic receipt

POST
/api/v1/webhooks

Register a webhook endpoint

DELETE
/api/v1/webhooks/:id

Remove a webhook subscription

GET
/api/v1/identity-policies

List your configured identity policies

Start building today

Free sandbox, full API, no rate limits. Email-only signup — no business onboarding required to start testing.

No passport scans storedW3C Verifiable CredentialsWebhook eventsSandbox includedMulti-jurisdiction