Skip to content
SSHVerify Docs

Projects and API Keys

Projects are the main boundary in SSHVerify. Sessions, API keys, and project settings belong to one project.

Projects

Section titled “Projects”

Use separate projects when data or API access should be separated. Common patterns include:

  • one project per environment, such as staging and production;
  • one project per product or application;
  • one project per customer or tenant.

API keys

Section titled “API keys”

API keys are created from project settings in the web app. Each key is scoped to the project where it was created and can manage SSH key collection and verification sessions inside that project.

API keys are sent in the x-api-key header:

x-api-key: <api-key>

Use /api/v1/auth/info/ to verify which project a key belongs to:

Terminal window
curl https://sshverify.com/api/v1/auth/info/ \
  -H "x-api-key: <api-key>"

The response includes the API key ID, name, creation time, optional expiration time, and project_id.

Security

Section titled “Security”

Treat API keys like credentials. Store them in a secret manager, avoid committing them to source control, and rotate keys when access is no longer needed.