API Keys

Generate and use API keys to authenticate SecureSign REST API requests and product integrations.

Create API Key

New to SecureSign? Submit an onboarding request or use the Get API Access button in the header to register your organization first.

Sign in to the SecureSign Admin Console at https://console.securesign.toolsbots.com
Navigate to Developers → API Keys
Click Create API Key and choose Test or Live mode
Copy the key immediately — it is shown only once

Prefix	Environment	Use
ss_test_	Sandbox	Development, staging, localhost with test domains
ss_live_	Production	Live government portals and production apps

Using API Keys

Include your API key in every REST API request and pass it in deep links / Desktop Software API calls using either header:

Authorization: Bearer ss_live_abc123xyz
X-SecureSign-Api-Key: ss_live_abc123xyz

Validate Key

Verify your key and domain before initiating a signing session:

curl -X POST https://api.securesign.toolsbots.com/v1/auth/validate \
  -H "Authorization: Bearer ss_live_abc123xyz" \
  -H "Content-Type: application/json" \
  -d '{"origin":"https://portal.example.gov.in","platform":"web"}'

const res = await fetch('https://api.securesign.toolsbots.com/v1/auth/validate', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ss_live_abc123xyz',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ origin: 'https://portal.example.gov.in', platform: 'web' })
});
const data = await res.json();

$ch = curl_init('https://api.securesign.toolsbots.com/v1/auth/validate');
curl_setopt_array($ch, [
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => ['Authorization: Bearer ss_live_abc123xyz', 'Content-Type: application/json'],
  CURLOPT_POSTFIELDS => json_encode(['origin' => 'https://portal.example.gov.in', 'platform' => 'web']),
  CURLOPT_RETURNTRANSFER => true
]);
$response = json_decode(curl_exec($ch), true);

Response:

{"success":true,"tenantId":"org_9f2a","allowed":true,"rateLimit":{"rpm":120}}