Authentication - API Keys & Security
Real-time email validation for clean data
Secure Bearer Token Implementation
VeriMail enforces stateless authentication using HMAC-SHA256 signed Bearer tokens. Every request to our validation endpoints must include your active key in the `Authorization` header to maintain audit compliance and prevent unauthorized payload injection.
Generate production and staging keys directly from the VeriMail Control Panel under Settings > API Access. Each key is scoped to a specific workspace and carries a default rate limit of 12,000 requests per minute. For enterprise deployments, attach IP allowlists to restrict token resolution to your infrastructure ranges, such as `203.0.113.0/24` or `198.51.100.45`. Tokens are never logged in plain text; our gateway validates cryptographic signatures and returns a `401 Unauthorized` response if the header format deviates from `Bearer vm_live_[32-char-alphanumeric]`.
Manage Keys in DashboardKey Rotation & Access Controls
Maintain strict control over validation traffic by implementing automated rotation schedules, environment isolation, and continuous monitoring of anomalous request patterns.
90-Day Key Rotation
Schedule quarterly credential updates using our webhook trigger system. When you generate a replacement key, the previous token remains valid for a 72-hour grace window to prevent service disruption during deployment pipelines.
Environment Isolation
Never share production tokens with development workflows. VeriMail prefixes live credentials with `vm_live_` and test credentials with `vm_test_`. Our routing layer automatically rejects `vm_test_` tokens against production validation queues to safeguard monthly quota allocations.
Automated Revocation
Integrate key lifecycle management with your CI/CD security scanners. If a token is exposed in a public repository or fails IP allowlist validation for more than 50 consecutive requests, our threat detection engine automatically suspends the credential and alerts your security team via Slack or PagerDuty.