Skip to main content

Access

Everything that Smart Access has to offer but on the API level, giving the flexibility to code a custom solution based on your company needs.

Overview​

The Access API provides programmatic access to all SmartAccess functionality, allowing you to build custom authentication flows that integrate seamlessly with your existing systems. This solution is perfect for businesses that need more control over the user experience or want to integrate authentication into their existing applications.

Quick Start Guide​

Let's start by saying that the optimal path is: Set everything up in our web app (using our UI to save everything that is related to the setup since there is no need to save everything via API). If you still want to follow everything via API I will list all the endpoints that need to be called in order to set it up manually or change the information via API as well.

Setup Steps​

1. Create a Project

Start by creating a new project in the Verifik platform to organize your authentication flows.

Create Project

2. Create a Project Flow

Define the authentication flow with type = "login" for your project.

Create Flow

3. Setup Login Methods

Configure the authentication methods you want to support.

Setup Methods

4. Database Connection

Connect your existing user database to the authentication system.

Connect DB

5. Setup Webhooks

Configure webhooks to receive real-time notifications for authentication events.

Setup Webhooks

Authentication Methods​

Choose from three powerful authentication methods, each with comprehensive API support:

πŸ“§ Email Access

Send and verify OTP codes via email for secure authentication.

View Example

πŸ“± Phone Access

Send and verify OTP codes via SMS and WhatsApp.

View Example

πŸ‘€ Biometric Access

Face recognition and liveness detection for secure authentication.

View Example

API Reference​

Authentication​

All API requests require a valid JWT token. Include the token in the Authorization header:

Authorization: Bearer <your_jwt_token>

Base URL​

https://api.verifik.co/v2/access

Email Access Example​

Configuration​

If you haven't created a project and a projectFlow with the property type = login, then here are the links for that:

Let's Get Started​

The flow mainly starts with the creation of the email validation then we proceed with the validation of that email validation that has a condition of time and also entering the one-time password that belongs to that email validation.

Step 1: Create Email Validation​

POST /email/send-otp
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "email": "user@example.com",
  "project_id": "your_project_id"
}

Step 2: Validate Email OTP​

POST /email/verify-otp
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "email": "user@example.com",
  "otp": "123456",
  "validation_id": "validation_id_from_step_1"
}

Tutorial Video​

API Endpoints​

Phone Access Example​

Configuration​

If you haven't created a project and a projectFlow with the property type = login, then here are the links for that:

Let's Get Started​

The flow mainly starts with the creation of the phone validation then we proceed with the validation of that phone validation that has a condition of time and also entering the one-time password that belongs to that phone validation.

Step 1: Create Phone Validation (SMS)​

POST /phone/send-sms
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "phone": "+1234567890",
  "project_id": "your_project_id"
}

Step 2: Create Phone Validation (WhatsApp)​

POST /phone/send-whatsapp
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "phone": "+1234567890",
  "project_id": "your_project_id"
}

Step 3: Validate Phone OTP​

POST /phone/verify-otp
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "phone": "+1234567890",
  "otp": "123456",
  "validation_id": "validation_id_from_step_1_or_2"
}

Tutorial Video​

API Endpoints​

Biometric Access Example​

Configuration​

If you haven't created a project and a projectFlow with the property type = login, then here are the links for that:

Let's Get Started​

The flow mainly starts with the creation of the biometric validation then we proceed with the validation of that biometric validation that has a condition of time and also entering the JWT token into the headers > Authorization once the biometric Validation is created to authorize the validation.

Step 1: Register Face​

POST /biometric/register-face
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "user_id": "user123",
  "project_id": "your_project_id",
  "face_image": "base64_encoded_image"
}

Step 2: Verify Face​

POST /biometric/verify-face
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "user_id": "user123",
  "face_image": "base64_encoded_image",
  "validation_id": "validation_id_from_step_1"
}

Step 3: Liveness Check​

POST /biometric/liveness-check
Content-Type: application/json
Authorization: Bearer <your_jwt_token>

{
  "face_image": "base64_encoded_image",
  "validation_id": "validation_id_from_step_1"
}

Tutorial Video​

API Endpoints​

Response Format​

All API responses follow a consistent format:

Success Response​

{
  "success": true,
  "data": {
    "validation_id": "val_123456789",
    "expires_at": "2024-01-01T12:00:00Z",
    "status": "pending"
  },
  "message": "Operation completed successfully"
}

Error Response​

{
  "success": false,
  "error": "Invalid OTP code",
  "code": "INVALID_OTP",
  "details": {
    "attempts_remaining": 2
  }
}

Rate Limits​

  • Email OTP: 5 requests per minute per email
  • Phone OTP: 3 requests per minute per phone number
  • Biometric: 10 requests per minute per user

Security Features​

  • JWT Token Authentication: Secure API access with time-limited tokens
  • Rate Limiting: Protection against brute force attacks
  • OTP Expiration: Time-limited one-time passwords
  • Liveness Detection: Prevents spoofing attacks in biometric authentication
  • Webhook Notifications: Real-time security event monitoring

Best Practices​

  1. Always validate responses: Check the success field before processing data
  2. Handle errors gracefully: Implement proper error handling for all API calls
  3. Store tokens securely: Never expose JWT tokens in client-side code
  4. Implement retry logic: Handle temporary failures with exponential backoff
  5. Monitor rate limits: Track API usage to avoid hitting rate limits

Support​

For technical support and API documentation, contact our support team or visit our developer portal.

Pro Tip

Start with the web app setup for the fastest implementation, then use the API for custom integrations and advanced features.

Security Notice

Always use HTTPS in production and never expose sensitive credentials in client-side code.