VeriPets Authentication

About API Security

VeriPets Auth uses secure authentication to protect your data and API access. When you sign in, you receive a Bearer token (idToken) that must be included in API requests. This token ensures only authorized users can access protected endpoints.

Bearer Token: Acts as a digital key for API access. Never share your token publicly.
HTTPS Only: All API traffic is encrypted using HTTPS to prevent eavesdropping.
Token Expiry: Tokens are valid for a limited time and must be refreshed after expiration.
Least Privilege: Each token grants only the permissions needed for your session.
Logging Out: Always sign out after use to invalidate your session and token.

For best security, keep your credentials private and never expose tokens in client-side code or public repositories.

—

EOA address (signer)

—

Smart-account address (Safe v1.4.1)

—

idToken (Bearer) — expires —

—

appPubKey (for backend SSV)

—

curl example

—