Authentication

All API endpoints (except /api/v1/demo) require an API key sent as a Bearer token in the Authorization header.

Get an API key

  1. Sign up for a free account (25 trial credits, no credit card).
  2. After verifying your email, go to Dashboard → API keys.
  3. Click Create new key, give it a name, copy it.

API keys look like:

pvs_live_5f3a8b1c4e9d7f2a6b8c0d1e3f4a5b6c

Each key starts with the prefix pvs_live_ followed by 32 hex characters. Keep it secret — anyone with the key can spend your credits.

Sending the key

Pass the key in the Authorization header on every request:

Authorization: Bearer pvs_live_5f3a8b1c4e9d7f2a6b8c0d1e3f4a5b6c

curl

curl https://phonevalidationapi.com/api/v1/validate \
  -H "Authorization: Bearer pvs_live_..." \
  -H "Content-Type: application/json" \
  -d '{"phone":"+33612345678"}'

Python (requests)

import requests

r = requests.post(
    "https://phonevalidationapi.com/api/v1/validate",
    headers={"Authorization": "Bearer pvs_live_..."},
    json={"phone": "+33612345678"},
)
print(r.json())

Node.js (fetch)

const res = await fetch('https://phonevalidationapi.com/api/v1/validate', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer pvs_live_...',
    'Content-Type':  'application/json',
  },
  body: JSON.stringify({ phone: '+33612345678' }),
});
console.log(await res.json());

Reveal an existing key

We store a copy of your key so you can re-display it later. Go to Dashboard → API keys and click the eye icon next to a key to reveal it. Never share keys via email or chat tools — pass them through your secrets manager or environment variables.

Revoking a key

Click Revoke on the API keys page. Revocation is immediate; subsequent calls with that key will return 401 Unauthorized.

Rotating a key

Best practice: create the new key, deploy it, verify everything works, then revoke the old one. There's no limit on the number of active keys per account.

Security tips

  • Store keys in environment variables (never commit them to git).
  • Use a separate key per integration / environment.
  • Revoke immediately if compromised — credits already spent before revocation can't be refunded.