ATverify

Authentication

API keys, Bearer tokens, and the difference between test-mode and live-mode keys.

All requests require an API key passed as a Bearer token in the Authorization header.

Key types

PrefixPurposeCounts against quota
vtv_live_Production traffic, real registry callsYes
vtv_test_Testing, CI, local dev (deterministic magic numbers)No, unlimited

Both are issued the same way from your dashboard.

Making an authenticated request

curl "https://api.vatverify.dev/v1/validate?vat_number=DE811569869" \
  -H "Authorization: Bearer vtv_live_xxx..."

Error responses

  • 401 unauthorized: key missing, invalid format, or revoked
  • 402 plan_required: key valid but the endpoint requires a higher plan (e.g., /v1/decide requires Business)

See Error codes for the full list.

Key rotation

Rotate keys from the dashboard. Revoked keys stop working within 60 seconds (our auth cache TTL).

Quickstart

Make your first VAT validation request in under 2 minutes.

Response format

Every field in the success, error, and batch response envelopes.

On this page

Key typesMaking an authenticated requestError responsesKey rotation