The Verto APIs implement JSON Web Token (JWT) to allow users to log in to applications without exposing their credentials. You have the flexibility to generate as many keys as necessary for your usage.

You need to provide a Client ID and anAPI key to get the JWT access token. You can view and manage your Client ID and API key in the Verto application. Refer to Access your Client ID and API key.

Security

VertoFX is built on a robust and secure communication protocol. VertoFX API is a set of instructions submitted with the standard HTTPS Post requests. At the server end, we use a certificate delivered by Verisign. The SSL encryption guarantees that it is our servers you are communicating with and that your data is transmitted in encrypted form.

When we receive a request, we check the level of encryption. Directly TLSv1.2 version and the next version are supported.

🚧
Warning
Non-encrypted HTTP connections are not accepted. Do not connect to our API with unencrypted HTTP, as this will transmit your access token in plaintext over the network.

🚧
Warning
Do not proceed with a connection when you receive a certificate validation error from VertoFX. Make sure that all parts of your application are using encryption and HTTPS, and failing only when certificate validation fails.

Types of Authentication Supported

The two methods for accessing the Login API described here are based on different approaches for authentication: