API Reference
Solidus exposes four API surfaces. Three are REST services and one is a JSON-RPC endpoint for direct blockchain access.
Services
| Service | Base URL | Purpose |
|---|---|---|
| Verify | https://verify.solidus.network/v1 | KYC verification — document upload, OCR, face matching, credential issuance |
| Identity | https://identity.solidus.network/v1 | DID wallet — credentials, sharing, linked accounts, public profiles |
| Auth OIDC | https://auth.solidus.network | OpenID Connect provider with DID-based identity |
| JSON-RPC | https://rpc.solidus.network | Blockchain node — blocks, transactions, DID resolution |
All REST endpoints return JSON. The JSON-RPC endpoint follows the JSON-RPC 2.0 specification.
Authentication Methods
Solidus APIs use three authentication methods depending on the context.
JWT Bearer Tokens
Obtained by logging in through /auth/login or completing an OAuth flow. Pass them in the Authorization header.
curl https://verify.solidus.network/v1/auth/me \
-H "Authorization: Bearer eyJhbGciOiJFZERTQSIs..."API Keys
Generated from the Verify dashboard. Pass them in the x-api-key header. Each key is scoped to either live or sandbox mode.
curl https://verify.solidus.network/v1/verifications \
-H "x-api-key: sk_live_abc123def456..."Session Tokens
Used in the hosted verification flow. The token is embedded in the session URL and identifies a single verification session. No header is needed — the token is part of the URL path.
https://verify.solidus.network/v/s/sess_tok_7Hk3mRtQZv...Base URLs
| Environment | Verify | Identity | Auth | RPC |
|---|---|---|---|---|
| Testnet | https://verify.solidus.network/v1 | https://identity.solidus.network/v1 | https://auth.solidus.network | https://rpc.solidus.network |
| Mainnet | Not yet available | Not yet available | Not yet available | Not yet available |
All current endpoints operate on the testnet. Mainnet URLs will follow the same structure when launched.
Error Format
All REST APIs return errors in a consistent format.
\{
"error": "Unauthorized",
"message": "Invalid or expired token",
"statusCode": 401
\}Common status codes:
| Code | Meaning |
|---|---|
400 | Bad request — invalid or missing parameters |
401 | Unauthorized — missing or invalid authentication |
403 | Forbidden — valid auth but insufficient permissions |
404 | Not found — resource does not exist |
409 | Conflict — resource already exists (e.g., duplicate email) |
422 | Unprocessable — validation failed |
429 | Rate limited |
500 | Internal server error |
Rate Limits
The testnet currently has no rate limits. Production rate limits will be enforced at mainnet launch and documented here.
API Sections
- Verify API — KYC verification sessions, document upload, liveness, webhooks
- Identity API — DID wallet, credentials, sharing, inbox
- Auth OIDC — OpenID Connect authorization, tokens, userinfo
- JSON-RPC — Blockchain queries, DID resolution, transactions