Authorization

The Authorize Endpoint is used to obtain a server token that allows a client’s server to create a verification request or fetch verification results securely. Since identity verification data is sensitive, authentication is required to ensure that only authorized servers can access it.

To generate a server token, Incode will provide following credentials:

• API Key – Unique identifier for the client.
• Integration ID – Identifies the specific integration setup for the client.
• Secret – A confidential key used to authenticate API requests.

The server token is valid for 15 minutes, after which a new authorization request must be made. This ensures security while maintaining seamless integration for verification workflows.

Endpoint

POST /v1/integration/authorize/server

Headers

Request Parameters

cURL Example

Demo server URL: https://demo-api-incode-id.incodesmile.com

Production server URL: https://api-incode-id.incodesmile.com

curl --location 'https://{server-url}/v1/integration/authorize/server' \
--header 'x-api-key: 4115e33314e12c0effe540c74bac55937b65a448' \
--header 'Content-Type: application/json' \
--data '{
    "integrationId": "621cda6e-c7de-4ebd-9219-a137a84a5211",
    "secret": "s3cureS3cr3tValue"
}'

Response

Status Code: 200 OK

Success Response

{
    "token": "eyJhbGciOiJIUzI1NiJ9..."
}

The response contains a token, which is required for requesting verification and fetching verification data.

Token Validity

• Validity Period: The token is valid for 15 minutes.
• Multi-use: The token can be used for multiple result fetch requests within the validity period.