API Key-Based

⚠️
Deprecation Notice
API key-based authentication will be deprecated in a future release. While this method remains available for existing integrations and sandbox testing, new implementations should use Certificate-Based Authentication.

Use your Client ID and API Key to request a bearer token from the merged login service when you need API key-based authentication.

✅ Before you start

Complete these steps first:

Generate your Client ID and API Key in Access Your Credentials.
Confirm you are working in sandbox or on an existing integration that still uses API key-based auth.
Prepare to move to Certificate-Based Authentication for new production implementations.
Store the returned companyId because company-scoped services such as Wallet require it in the request path.

Prerequisites

Use a sandbox Verto account while testing this flow. Start with Quickstart if you have not created credentials yet.

Step 1 - Get your API credentials

ℹ️
Get your credentials
You'll need your Client ID and API Key to authenticate. Follow the detailed guide to generate your credentials from the Verto portal.
View API Keys guide →

Step 2 - Make an authenticated request

Send clientId, apiKey, and mode: "apiKey" to the merged company login endpoint to obtain a bearer token and companyId.

The request body contains:

clientId: The identifier for the client application, which is required for authentication.
apiKey: The key that provides permission to access the API, serving as a password.
mode: Set this to apiKey so Verto uses the legacy API key authentication flow.

curl --request POST \
  --url https://api-company-sandbox.vertofx.com/users/login \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --data '
{
  "clientId": "ACYKBA0FSA4E2YN0BHBEXBJP20NF",
  "apiKey": "3E4X2CW5B5A4BX7M7Q10MJJDWFXEFNB2MX77CW9XBGSF3XC5K1GHCP0",
  "mode": "apiKey"
}'

Store the returned bearer token securely and send it in the Authorization: Bearer <token> header for subsequent protected API requests. Tokens are valid for 60 minutes.

Store the returned companyId for company-scoped routes, such as GET https://api-wallet-sandbox.vertofx.com/{companyId}/wallets.

New integrations should use the merged company login route above instead of legacy api-v3-sandbox.vertofx.com/users/login or older unified auth paths.

Use the token with merged services

After authentication, send the bearer token to protected APIs on the service-specific sandbox hosts.

Service	Sandbox host	Example reference
Wallet	`https://api-wallet-sandbox.vertofx.com`	Get all Wallets
Beneficiary	`https://api-beneficiary-sandbox.vertofx.com`	Fetch user beneficiaries
Exchange	`https://api-exchange-now-sandbox.vertofx.com`	Get FX rate
Onboarding	`https://api-onboarding-sandbox.vertofx.com`	Add Onboarding Data

Use Environments for the full service-host list.

When to use this method

Use API key-based authentication only if:

you are maintaining an existing integration that still depends on it, or
you are testing API key-based authentication in sandbox.

For new production work, use Certificate-Based Authentication.

Next steps

Previous	Next
← Authentication	Environments →

Talk to Verto

Get help with authentication, receive flows, wallets, FX conversion, payouts, or Atlas platform setup.

Plan your go-live

Review the requirements you need before moving your integration into production.