VeraFi API Protocols and Headers

All interactions with the VeraFi Backend API follow a secure and structured communication model designed to ensure consistency, reliability, and protection of sensitive information. The API operates exclusively over HTTPS, requiring all requests and responses to be transmitted through encrypted channels. This ensures that sensitive data such as personal information, verification details, and configuration parameters remain protected during transit. Requests made to the API use standard HTTP verbs and follow RESTful principles, allowing integrations to interact with the system using predictable and well-established patterns..

Every endpoint within the VeraFi API expects payloads to be encoded using the application/json content type. Regardless of the operation, whether performing authentication, updating verification settings, uploading documents for analysis, or accessing subscription information, the request body must be structured in valid JSON. By enforcing this uniform content type, the API maintains consistent behavior across all modules and ensures predictable parsing and validation of incoming requests.

Header usage varies depending on the endpoint, but several conventions appear throughout the platform. Endpoints that rely on token-based authorization may require the authentication token to be passed through the Authorization header using the bearer format. In such cases, clients must supply the header alongside every request that interacts with protected resources. Other endpoints accept the token as a query parameter, and the documentation specifies which pattern applies to each operation. This dual approach ensures compatibility with different integration environments and offers flexibility when interfacing with downstream systems or third-party services.

Rate-limiting behavior in the API is also enforced at the protocol level. Authentication-related endpoints allow a limited number of requests per minute from a single IP address, while general API endpoints enforce their own limits based on the token used. These policies contribute to the overall stability of the system and prevent misuse, ensuring that performance remains consistent even when handling large numbers of tenants or verification requests.

Together, these protocol and header requirements form the foundation of how clients interact with the VeraFi API. By adhering to secure HTTPS communication, using JSON payloads consistently, and correctly passing authentication tokens through the designated header or query parameter, developers can ensure seamless integration with the platform while maintaining compliance with the system’s security and performance expectations.