All Verso API requests require authentication using a Bearer token. This guide explains how to obtain and use your API credentials.
API Key Authentication
Verso uses API key-based authentication. Your API key acts as a Bearer token that must be included in every request.
Header Format
Include your API key in the Authorization header:
Authorization Header
Example Request
Authenticated Request
Partner API Keys
Your API key is associated with your Partner account and grants access to all tenants you manage.
How It Works
- Partner Account: Verso creates a partner account for your organization (e.g., Partner ID
5) - API Key Creation: Verso generates an API key linked to your Partner ID
- Tenant Registration: You register tenants for each client you serve
- Scoped Access: Every API call requires both
partnerIdandtenantIdin the URL
Partner ID Validation
The partnerId in the URL must match the Partner ID associated with your API key. If there's a mismatch, you'll receive a 403 Forbidden error.
Example:
Code
Obtaining API Keys
Development Environment
To access the development environment:
- Contact your account manager at Verso to create your Partner account
- Receive your credentials:
- Partner ID (e.g.,
5) - API Key (Bearer token linked to your Partner ID)
- Division ID (default for your tenants)
- Payroll ID (default payroll configuration)
- Partner ID (e.g.,
- Use the base URL:
https://api.versohq.io
Your API key is automatically scoped to your Partner ID. You don't need to manually specify the Partner ID in headers - it's validated from the API key metadata.
Production Environment
For production access:
- Complete your integration testing
- Request production credentials from your account manager
- Use the production base URL:
https://api.verso.io
Never share your API keys or commit them to version control. Use environment variables to store credentials securely.
Security Best Practices
Store Keys Securely
Environment Variable
Using Environment Variable
Key Rotation
- Rotate API keys periodically
- Immediately revoke compromised keys by contacting support
- Use separate keys for development and production
Network Security
- Always use HTTPS (TLS 1.2+)
- Implement IP allowlisting when possible
- Monitor API usage for anomalies
API Routes
All Verso API endpoints follow the partner route pattern:
Code
Example:
Code
Route Parameters
| Parameter | Description | Example |
|---|---|---|
partnerId | Your partner identifier (must match your API key) | 5 |
tenantId | The tenant (client) you're accessing | 10 |
resource | The API resource (users, employees, payrolls, etc.) | employees |
Access Control
Partner Validation:
- The
partnerIdin the URL must match your API key's Partner ID - Mismatch results in
403 Forbidden
Tenant Validation:
- You can only access tenants registered to your partner account
- Register tenants using:
POST /partners/{partnerId}/tenants
Multi-Tenant Isolation:
- Each tenant's data is completely isolated
- Your API key grants access to all your registered tenants
- Cross-tenant access is not possible
Error Responses
401 Unauthorized
Code
Causes:
- Missing
Authorizationheader - Invalid API key
- Expired API key
403 Forbidden
Code
Common Causes:
-
Partner ID mismatch
- Problem:
partnerIdin URL doesn't match your API key - Solution: Verify your Partner ID with your account manager
- Problem:
-
No tenant access
- Problem: Partner lacks access to the requested tenant
- Solution: Register the tenant using
POST /partners/{partnerId}/tenants
-
Insufficient permissions
- Problem: Operation requires admin role
- Solution: Contact Verso support to verify your API key permissions
-
Tenant not registered
- Problem: Tenant was unregistered or never registered to your partner account
- Solution: Register the tenant again or contact support
Next Steps
- Quickstart - Run your first payroll
- Error Handling - Understanding API errors
- API Reference - Explore all endpoints