// API Reference

Authentication

Authenticate every API request with your Enterprise API key.

API keys

All requests to the Osapher API must be authenticated using an API key. Keys are managed in the Enterprise portal at enterprise.osapher.com/api-keys.

Each key is scoped to your organisation and tied to your plan tier. Keys start with vnt_ent_live_ for production keys.

Bearer token

Pass your API key as a Bearer token in the Authorization header of every request:

header
Authorization: Bearer vnt_ent_live_your_key_here

Full example:

shell
curl -X POST https://app.osapher.com/api/enterprise/verify \
  -H "Authorization: Bearer vnt_ent_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{"queryValue": "YOUR_ABN_HERE", "jurisdiction": "AU"}'

Key scopes

ScopeDescription
verifyRun entity verifications
certificatesRead certificate records
webhooksManage webhook endpoints
bulkAccess bulk verification pipeline

All keys currently have full scope access. Granular scopes are coming in a future release.

Rotating keys

To rotate a key: create a new key in the portal, update your application to use the new key, then revoke the old key. Revoking a key is immediate and cannot be undone.

Security

  • Never expose API keys in client-side code or browser environments
  • Store keys as environment variables, never hardcoded in source code
  • Rotate keys immediately if you suspect they have been compromised
  • All API traffic is encrypted in transit via TLS 1.2+
  • API keys are hashed before storage — Osapher cannot recover your key if lost
QuickstartVerify Entity