API Keys

The API Keys module manages service users and access tokens for non-interactive integrator authentication. VKYC, Document Service, and other source systems use these credentials for ingest and search API calls.

Overview

Machine-to-machine authentication is separate from human portal login. Service users authenticate with minted bearer tokens displayed in the Upload integration panel.

Key Features

Service user creation: Register integrator identities per source system (e.g. vkyc, doc_service, branch_scan).
Token minting: Generate bearer tokens on the Token tab for cURL and application use.
Upload panel integration: Tokens auto-populate in Upload cURL examples.
Auditable machine access: Every API call attributes to a service user in Audit.

Implementation

Step 1: Create a service user

Open API keys from the sidebar.
Navigate to the service user creation section.
Enter a name and source system identifier.
Save the service user record.

Step 2: Mint an access token

Select the service user on the Token tab.
Generate a new access token.
Copy the token immediately; it is used as the bearer credential in API calls.

Step 3: Use in integrations

Reference the token in ingest requests:

curl -X POST '/api/v1/ingest' \
  -H 'Authorization: Bearer <access_token>' \
  -H 'X-Approver-Department: retail' \
  -F 'file=@./document.pdf' \
  -F 'metadata={"source_tag":"vkyc","external_id":"session-123","document_category":"kyc_vkyc","department":"retail"}'

Benefits

Authenticated machine push: Every integrator call is tied to a known service identity.
Token rotation: Mint new tokens without changing service user configuration.
Developer self-service: Copy-paste cURL from Upload reduces integration friction.

Next Steps

Upload: cURL examples that consume API keys
Integration APIs: full REST endpoint reference
Audit: trace API actions by service user
Login: human authentication (separate from API keys)

API Keys

On this page