Skip to main content

Authentication

Every API request requires two headers: an API key for authentication and a tenant ID for authorization.

Required headers

HeaderDescriptionExample
AuthorizationBearer token with your API keyBearer live_sk_abc123...
X-Tenant-IDUUID identifying your tenant account550e8400-e29b-41d4-a716-446655440000
curl https://api.korastratum.com/api/v1/idv/verifications \
  -H "Authorization: Bearer live_sk_abc123..." \
  -H "X-Tenant-ID: 550e8400-e29b-41d4-a716-446655440000"

API key formats

Kora IDV uses key prefixes to determine the environment automatically:

PrefixEnvironmentUse case
live_ProductionReal verifications with live document processing
test_SandboxDevelopment and testing — no real processing
kora_sandbox_SDK SandboxMobile SDK testing with fixture responses
warning

Never expose production API keys in client-side code. API keys should only be used server-side. The mobile SDKs use sandbox keys for testing and receive verification IDs from your server in production.

Environments

EnvironmentBase URL
Productionhttps://api.korastratum.com/api/v1/idv
Sandboxhttps://api.korastratum.com/api/v1/idv
info

Both environments use the same base URL. Your API key prefix determines the environment.

The API automatically routes requests to the correct environment based on your API key prefix. You don't need to change the base URL — a test_ key always hits sandbox, and a live_ key always hits production.

Rate limit headers

Every response includes rate limit information:

HeaderDescription
X-RateLimit-LimitMaximum requests allowed per minute
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the rate limit resets

When you exceed your rate limit, you'll receive a 429 Too Many Requests response. See Rate Limits for per-tier limits.

Tenant ID

Your tenant ID is a UUID assigned when your account is created. Find it in your dashboard settings. The tenant ID scopes all resources (verifications, images, webhooks) to your account.