API Reference

Overview

The Nametag API contains several parts:

  • Request - get people’s consent to share data with you, to log in to your site, or to execute a transaction. (based on OAuth 2.0)
  • People - fetch and manage the data that people have shared with you.
  • Configuration - manage the configuration of your organization.

Scopes

Scopes are used to describe the information you want people to share with you. In order to request a scope you must first define it in your environment and provide additional parameters, such as what type of data and how long you need the data. This is done separately for each environment you manage in the developer console.

The following scopes are defined:

Scope enum
nt:name

The person's preferred name

nt:first_name

The person's preferred given (first) name

nt:last_name

The person's preferred family (last) name

nt:phone

Phone number, in E.164 format, e.g +1 202 555-1212

nt:email

Verified email address

nt:address

Verified postal address

nt:legal_name

The person's name from their identity document

nt:legal_first_name

The given name (first name) from their identity document

nt:legal_last_name

The family name (last name) from their identity document

nt:birth_date

The person's date of birth (an RFC 3339 full-date)

nt:govtid_details

Details about the person's identity document, a JSON-encoded GovtidDetailsValue

nt:age_over_21

true if the person is over 21 years old, otherwise false

nt:age_over_18

true if the person is over 18 years old, otherwise false

nt:profile_picture

A URL to the person's preferred profile picture. Nametag checks that the image provided is the same person as pictured on their identity document.

Subject

A subject uniquely identifies a person. We recommend that you store this field in your database when identifying a person. (In fact, this may be the only thing you need to store in your database.)

Subjects are stable within an environment. This means that even if someone revokes access to your environment and then re-grants it, or if they delete and re-install the Nametag app, the subject will remain unchanged.

Because each environment is its own privacy domain, different environments will be issued with different subjects for the same person.

Environments

Each user of the Nametag API creates one or more environments which are the basic unit of privacy separation. This means that anything a person shares with an environment is kept private from another. My default you will have one environment called “Live” for your production use and another called “Sandbox” for development, but you can have as many or as few environments as you like.

Organizations

Organizations are the unit of access control for you and your colleagues. Each Organization contains one or more Environments. Each organization has members (your colleagues) and can be assigned to roles (administrator, or read-only access).

Basics

The Nametag API is located at https://nametag.co. All requests must be made via HTTPS. Unless otherwise noted, all requests and responses are JSON-encoded and use the application/json content type.

Authentication

How you authenticate to the Nametag API varies based on the context. The following authentication methods are available:

API Key

API keys are used to manage organizations and environments. Get an API key from the developer console. Each API key is scoped to either work for some or all of your environments, depending on your needs.

To use an API key provide set the Authorization header:

# list all my environments
$ curl -H "Authorization: Bearer API_KEY" https://nametag.co/api/envs

You can also use HTTP basic authentication with an empty username and the API_KEY as the password:

$ curl -u ":API_KEY" https://nametag.co/api/envs

In come circumstances, you may need to use the token query parameter in lieu of the Authorization header or basic authentication:

$ curl https://nametag.co/api/envs?token=API_KEY

ID Token

An ID token authenticates a particular person, rather than your entire environment. This is returned from the token endpoint. You can use ID tokens to fetch information about a single user only, and you must use the URL /people/me/.... To use an ID token, use HTTP basic authentication with an empty username and the ID_TOKEN as the password.

# get the current user's name
$ curl -u ":ID_TOKEN" https://nametag.co/people/me/nt:name

Response Codes

When a call succeeds the Nametag API responds with HTTP a 2xx status code:

  • 200 Ok - when data is being returned.
  • 204 No Content - when there is no response data.

In the case of errors, the server responds with the following status codes:

  • 400 Bad Request - The request is malformed.
  • 401 Unauthorized - The request lacks the required authentication credentials.
  • 403 Forbidden - The credentials provided do not permit the requested action.
  • 429 Too Many Requests - A rate limit has been exceeded.
  • 500 Internal Server Error - Something went wrong on our end.

Rate limits

Responses from the API contain several headers to provide feedback on our rate limiters. The rate limiter defines a maximum number of requests allowed in a particular time window. The number of requests and the time window may vary according to the particular route and access pattern. Each request will include the following response headers:

  • X-RateLimit-Limit - the total number of requests allowed in the current time window.
  • X-RateLimit-Remaining - the number of requests remaining in the current time window.
  • X-RateLimit-Reset - the time when the current time window will reset, in RFC 3339 full-date format.

If the rate limit is exceeded the Nametag API responds with status code 429 Too Many Requests and the standard Retry-After header which is the number of seconds to wait before retrying the request.

Request API

The request API is how you request proof of identity or personal information from people. This API implements and extends OAuth 2.0, so many standard OAuth 2.0 libraries will work with this interface.

Request authorization

If your user has an active web session, or is active in your mobile app, direct their browser to the /authorize endpoint. (If you do not have a web session or active mobile app at the time you are making a request, use the create request endpoint instead.)

Method: GET

URL: https://nametag.co/authorize

Authentication: none

Query parameters:

Parameter Description
client_id Your environment’s ID, from the developer console.
redirect_uri A URL that you control where the user will be directed when the authorization completes. This must be one of the values listed in the callback_urls list.
scope A space-separated list of the scopes you are requesting
template The name of a pre-configured template to specify additional parameters for this request. (Specify this or scope, but not both)
state (recommended) Arbitrary data that you provide which will be passed back to the REDIRECT-URI.
response_mode (optional) Determines how authorization is passed back to your app. Either query (the default) or fragment. When you pass query to response_mode the code is passed in the URL query string, e.g. https://example.com/callback?code=CODE&state=STATE. With fragment the response is passed after a hash, e.g. https://example.com/callback#code=CODE&state=STATE.
email_hint (optional) The user’s email address, if you already know it.
label (optional) An arbitrary label that will be attached to the Request

Example: (whitespace added for clarity)

https://nametag.co/authorize?
  client_id=obo0jukwhhlbo8&
  scope=nt%3Aemail+nt%3Aname+nt%3Alegal_name&
  state=83f4e159-5cab-4002-ac5a-809f21925a67&
  redirect_uri=https%3A%2F%2Fexample.com%2Fcallback

Authorization requests are valid for 168 hours (7 days) from their creation.

Completing authorization

When the user completes authorization, they will be redirected to your REDIRECT-URI. This URL is invoked with the following query parameters:

Parameter Description
state The arbitrary data you provided to /authorize.
code A code which you can use with the /token endpoint to exchange for information about the person.
error A text description of an error that occurred during the process. Present only if code is not present.

Example: (whitespace added for clarity)

https://example.com/callack?
  state=83f4e159-5cab-4002-ac5a-809f21925a67&
  code=09965885d2d8559d61b520935da550f7

Token endpoint

This endpoint is defined by the OAuth 2.0 specification. It allows you to exchange the code you received at your redirect_uri for an id token and a subject which uniquely identifies the person that has accepted your sharing request.

Method: POST

URL: https://nametag.co/token

Authentication: Either specify ENV-ID and API-KEY in the body of the message, or specify the API key as the password for HTTP basic authentication.

Request: An HTML form with the following parameters

Parameter Description
grant_type must be authorization_code
client_id Your environment’s ENV-ID. (optional if basic authentication is used)
client_secret A global or environment-scoped API-KEY. (optional if basic authentication is used)
redirect_uri The redirect URI passed to /authorize.
code The code you received from the user’s request to your redirect_uri.

Response: A JSON object with the following fields:

Field Meaning
id_token This token identifies the user. It is suitable for use as e.g. a session cookie. Use it to authenticate to the /people/me API to gather information about the specific user indentified in id_token. It is safe to deliver to the user’s browser.
scope A space-separated list of the scopes returned.
expires_in The number of seconds that the authorization is valid for.
subject This value uniquely identifies the person in your environment. This is a good candidate for storing in a database to track a particular user. A subject issued to one environment has no meaning to any other environment.

Example:

$ curl https://nametag.co/token \
   -d grant_type=authorization_code \
   -d client_id=obo0jukwhhlbo8 \
   -d client_secret=ef5f848e265eb423ee358cf12c5aef924c20d19356f7ad5aa07ad1614cfc4411 \
   -d code=09965885d2d8559d61b520935da550f7 \
   -d redirect_uri="https://example.com/callback"
{
  "access_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvYXQiLCJleHAiOjE2MzcyMzg3MjUsImlhdCI6MTYzNzIzNTEyNSwiaXNzIjoibmFtZXRhZy5jbyIsIm5iZiI6MTYzNzIzNTEyNSwic3ViIjoidmtsamlwa2FpbzJhcDY2M2RvNTRyNWZwMmFANWxzcWZnMWx1cXpiOXMubmFtZXRhZy5jbyJ9.U2YAAc0TMnSJD_zKcCs_9Nayhrm5OdlcsjOQwbDSjOrBlAKI5uRCqXOoBB_oGjQjmWNYZhCYMUJShBPzSZfZZQ",
  "refresh_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcnQiLCJleHAiOjIxNDc0ODM2NDcsImlhdCI6MTYzNzIzNTEyNSwiaXNzIjoibmFtZXRhZy5jbyIsIm5iZiI6MTYzNzIzNTEyNSwic3ViIjoidmtsamlwa2FpbzJhcDY2M2RvNTRyNWZwMmFANWxzcWZnMWx1cXpiOXMubmFtZXRhZy5jbyJ9.5D8lexomXYJoGZNDUFmxNB3TnQIhSDleb7kTL89VLHX30bilq95PDyJ5vE3W1IdmWGxziK9IE4puIkXxBEj7LA",
  "id_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvaXQiLCJleHAiOjIxNDc0ODM2NDcsImlhdCI6MTYzNzIzNTEyNSwiaXNzIjoibmFtZXRhZy5jbyIsIm5iZiI6MTYzNzIzNTEyNSwic3ViIjoidmtsamlwa2FpbzJhcDY2M2RvNTRyNWZwMmFANWxzcWZnMWx1cXpiOXMubmFtZXRhZy5jbyJ9.P-elo7PUVC9dIBSV_UgoFbaHc2yATNOj8jumVTF_3izs9QqZ4lslvUsfCnogc1l7oEpowCR9d2j42J6J-5LWjw",
  "scope": "nt:email nt:name nt:legal_name",
  "expires_in": 3600,
  "token_type": "Bearer",
  "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co"
}

Create a request

Creates a new request for information from a person.

This is useful when requesting information from people over the phone, in-person, or via email. If you are integrating Nametag with a web or mobile app, you may wish to use the OAuth 2.0 authorize endpoint instead.

This API returns an identifier that can be used to track the request. It also returns a link suitable for passing to a user. Clicking this link opens the Nametag app (or app clip on iOS, or instant app on Android) and allow the user to complete the request.

If you include the optional phone parameter, then this link is sent to the user via SMS.

Requests are valid for 168 hours (7 days) from their creation.

Method: POST

URL: https://nametag.co/api/requests

Authentication: API key

Request: A JSON object with the following fields:

CreateRequestRequest struct
envstring

The ID of the environment associated with the request.

scopesList of Scope (optional)

A list of the information (scopes) that the request is asking for.
If you specify template, you must not specify scopes.

templatestring (optional)

The name of a template that customizes how the request is presented to the user.

Because a template contains it's own scope definitions, you must not specify scopes when you specify template.

expires_atRFC 3339 date-time string (optional)

The last time this request will be valid. After this time, the request is expired and the user will no longer be able to complete it. This cannot be used with ttl.

phoneITU E.184 phone number string (optional)

The phone number to which the request link should be sent.

whatsappITU E.184 phone number string (optional)

The Whatsapp phone number to which the request link should be sent.

labelstring (optional)

An internal label for this request. You can use this field to help you track the request in your own systems. Nametag stores this field, but does not process it at

Response: A JSON object with the following fields:

CreateRequestResponse struct
idstring

A unique identifier for the request

statusNumericRequestStatus

The status code for the request. Always "pending" when the request is initially created.

envstring

The ID of the environment associated with the request.

scopesList of Scope

A list of the information (scopes) that the request is asking for.

templatestring (optional)

The name of a template that customizes how the request is presented to the user.

linkstring

An authorization link. Passing this link to the user will prompt them to complete the request.

phonestring (optional)

The phone number to which the request link was sent, in E.184 format.

labelstring (optional)

An internal label for this request. You can use this field to help you track the
request in your own systems. Nametag stores this field, but does not process it at

expires_atRFC 3339 date-time string (optional)

The last time this request will be valid. After this time, the request is expired
and the user will no longer be able to complete it.

Example:

$ curl -u :$APIKEY \
  -X POST \
  https://nametag.co/api/requests \
  -d '{
    "env": "tp7975e07n8sjl",
    "scopes": ["nt:phone", "nt:legal_name"],
    "expires_at": "2024-04-14T06:34:00-07:00"
    "label": "Ref Customer #41471"
}'
{
  "id": "32478070-6fc9-4b26-8f2c-5269f1222c6f",
  "status": 100,
  "scopes": ["nt:phone", "nt:legal_name"],
  "label": "Ref Customer #41471",
  "link": "https://nametag.co/i/utl2ffahuw7lqf"
}

Get a request

Fetch the status of a request.

You can also configure a webhook to receive notification when a request completes.

Method: GET

URL: https://nametag.co/api/requests/REQUEST-ID

Authentication: API key

Response: A JSON object with the following fields:

Request struct
idstring

A unique identifier for this request

created_atRFC 3339 date-time string

Timestamp of when this request was created

updated_atRFC 3339 date-time string

Timestamp of the last time this request was updated

expires_atRFC 3339 date-time string

Timestamp of when this request expires

ticketstring

The request ticket (used to construct the link)

linkURL string

The URL which should be send to the user. This link launches the mobile app and prompts the user to verify their identity.

phonestring (optional)

The phone number that will receive an authorization link via SMS

envstring

The ID of the environment associated with the request

templatestring
labelstring

The label for the request; can be empty

scopesList of Scope
statusRequestStatus

The status of the request, e.g. in_progress or shared.

progressRequestProgress

Indicates the user's progress through the scanning process, e.g. link_opened or id_scanned.

subjectstring (optional)

The subject of the request. Present only when status is shared. Use this as a parameter to the properties endpoint to fetch the data shared.

subject_textstring (optional)

A description of the subject (e.g. their name or email address) suitable for presentation in a user interface.

requesterstring (optional)

The member ID of the user that created this request. This field is absent for requests created via the API.

requester_textstring (optional)

A description of the requester suitable for presentation in a user interface (e.g. their name or email address)

propertiesRequestProperties

The properties that were shared with you.

mobileRequestMobileDevice (optional)

Details of the end-user's mobile device

browserRequestBrowser (optional)

Details of the browser used to pivot to the mobile app (present for only some flows).

is_known_userboolean (optional)

If the user is known as an account

marked_for_deletion_afterRFC 3339 date-time string (optional)

Indicates whether the person associated with this request has asked for their data to be deleted and the earliest time that will occur at.

photostring (optional)

The photo associate with this person

external_idsList of string (optional)

External IDs for accounts if the user is known

RequestStatus

The enumeration RequestStatus can have the following values:

RequestStatus enum
pending

The request has been issued but the user has not yet opened the link.

in_progress

The user has opened the link but has not yet completed the request.

shared

The user has completed the request and authorized the data to be shared with you.

revoked

The user has authorized data sharing but then revoked the authorization.

cancelled

Either you or the user has cancelled the request

person_deleted

The user has deleted their Nametag

expired

The request has expired without the user having completed it

expired_scopes

The user has completed the request and authorized the data to be shared with you, but the sharing authorization has expired

rejected_appealed

The user has attempted to provide data, but the data was rejected and the user has appealed the decision. It is awaiting review by Nametag.

rejected_unusable

The user has attempted to provide data, but the data was rejected because the evidence submitted cannot be used.

rejected_fraud

The user has attempted to provide data, but the data was rejected because the data provided are fraudulent.

RequestProgress

The enumeration RequestProgress can have the following values:

RequestProgress enum
created

The link has been created but not yet opened.

link_opened

The link has been opened in a browser but the app has not yet been launched.

app_opened

The app has been launched.

id_scanned

The user has scanned their ID.

face_scanned

The user has scanned their face.

consent_given

The user has consented to sharing their data with you.

RequestProperties

The type RequestProperties has the following fields:

RequestProperties struct
phoneITU E.184 phone number string (optional)

The person's phone number

legal_namestring (optional)

The person's name from their identity document

legal_first_namestring (optional)

The given name (first name) from their identity document

legal_last_namestring (optional)

The family name (last name) from their identity document

namestring (optional)

The person's preferred name

first_namestring (optional)

The person's preferred given (first) name

last_namestring (optional)

The person's preferred family (last) name

birth_dateRFC 3339 date string (optional)

The person's date of birth

emailRFC 822 email address string (optional)

Verified email address

unverified_emailRFC 822 email address string (optional)

The email address provided by a user but not verified

age_over_18boolean (optional)

true if the person is over 18 years old, otherwise false

age_over_21boolean (optional)

true if the person is over 21 years old, otherwise false

profile_pictureURL string (optional)

A URL to the person's preferred profile picture. Nametag checks that the image provided is the same person as pictured on their identity document.

addressstring (optional)

Verified postal address

govtid_detailsGovtidDetailsValue (optional)

Additional information about the identity document presented by the user

GovtidDetailsValue

The type GovtidDetailsValue has the following fields:

GovtidDetailsValue struct
typeGovtidType

The type of the identity document. Possible values are passport, driver_license, or other

issuerstring (optional)

The issuer of the identity document, an ISO 3166-1 alpha 3 country code optionally followed by a jurisdiction code, e.g. USA.CA or CAN.ON

numberstring (optional)

The unique number of the identity document

expirationRFC 3339 date string (optional)

The date when the identity document expires

GovtidType

The enumeration GovtidType can have the following values:

GovtidType enum
passport

The user presented a passport.

driver_license

The user presented a driver license or similar card-based ID document.

RequestMobileDevice

The type RequestMobileDevice has the following fields:

RequestMobileDevice struct
osstring

The full operating system name and version of the mobile device

versionstring

The version of the Nametag app

iosboolean

true if the device is an iOS device, otherwise false

androidboolean

true if the device is an Android device, otherwise false

full_appboolean

true if the request was completed in the full Nametag app, otherwise false

app_clipboolean

true if the request was completed in the iOS app clip, otherwise false

instant_appboolean

true if the request was completed in the Android instant app, otherwise false

remote_addressstring (optional)

The IP address of the mobile device (This field is null unless the nt:location:ip scope is specified in the request)

remote_address_locationLocation (optional)

The location of the mobile device based on its IP address (This field is null unless the nt:location:ip scope is specified in the request)

Location

The type Location has the following fields:

Location struct
businessboolean (optional)

Whether the location is a business.

citystring (optional)

The city of the location.

countrystring (optional)

The country of the location.

latitudefloating-point number

The latitude of the location.

longitudefloating-point number

The longitude of the location.

po_boxboolean (optional)

Whether the location is a PO box.

residentialboolean (optional)

Whether the location is residential.

subdivisionstring (optional)

The subdivision of the location (e.g. the state or province).

RequestBrowser

The type RequestBrowser has the following fields:

RequestBrowser struct
user_agentstring

The browser's user agent

remote_addressstring (optional)

The IP address of the browser (This field is null unless the nt:location:ip scope is specified in the request)

remote_address_locationLocation (optional)

The location of the browser based on its IP address (This field is null unless the nt:location:ip scope is specified in the request)

RequestDetails

The documentation for this type is available to customers with an NDA in place. Please contact help@nametag.co for more information.

Example: When the request is complete

$ curl -u :$APIKEY \
  -X GET \
  https://nametag.co/api/requests/32478070-6fc9-4b26-8f2c-5269f1222c6f
{
  "id": "32478070-6fc9-4b26-8f2c-5269f1222c6f",
  "status": "shared",
  "scopes": ["nt:phone", "nt:legal_name"],
  "label": "Ref Customer #41471",
  "link": "https://nametag.co/i/utl2ffahuw7lqf"
  "subject": "ewyzkwmoor5xg5ead2zjswudjq@5lsqfg1luqzb9s.nametag.co"
}

Update a request

Method: PATCH

URL: https://nametag.co/api/requests/REQUEST-ID

Authentication: API key

Request: A JSON object with the following fields:

UpdateRequestRequest struct
labelstring (optional)

An internal label for this request. You can use this field to help you track the request in your own systems. Nametag stores this field, but does not process it.

Response: none

Example:

$ curl -u :$APIKEY \
  -X PATCH \
  https://nametag.co/api/requests \
  -d '{
    "label": "updated label text"
}'

Cancel a request

Abort a request, invalidating the link for this request that was returned or sent via SMS when it was created. If the user has opened the request on their mobile device, it will close with a message that the request was canceled. A request is valid for 168 hours (7 days) from its creation unless it is canceled.

Method: DELETE

URL: https://nametag.co/api/requests/REQUEST-ID

Authentication: API key

Example:

When the request is complete:

$ curl -u :$APIKEY \
  -X DELETE \
  https://nametag.co/api/requests/32478070-6fc9-4b26-8f2c-5269f1222c6f

Response:

On success the response will be the HTTP code 204 (No content) with an empty body.

People API

The People API allows you to fetch and manage the data that people have shared with you.

Get properties

Method: GET

URL: https://nametag.co/people/SUBJECT/properties/SCOPES

Authentication: API key for any subject, or an ID token is if SUBJECT is special value me.

Parameters:

  • SUBJECT - The subject you got back from the token endpoint which uniquely identifies the person. You can use the special value me with ID token authentication to fetch information about the person for whom the ID token was issued.

  • SCOPES - A comma-separated list of the scopes you want to fetch.

Response:

{
  "subject": "SUBJECT",
  "properties": [ PROPERTY, ... ]
  "requests": [ REQUEST, ... ]
}

The response contains the following fields:

PropertiesResponse struct
subjectstring

The subject of the request. This is the person whose properties are being requested.

requestsList of PropertyResponseRequest

The requests that were made to get the properties.

propertiesList of PropertyResponse

Properties of the person.

The response contains a list of properties that you requested. Each PROPERTY has the following fields:

PropertyResponse struct
expiresRFC 3339 date-time string (optional)

When your access to this data expires

scopeScope

The Scope you requested.

valuestring (optional)

The value of the property. The type of this field varies depending on the scope. See this table.

statusinteger

A value that tells you the disposition of the property. The value 200 means the data was shared. The value 403 means the data has not been shared, the person has revoked your access, or 410 meaning the request has expired.

Each request describes a single request for information. The REQUEST has the following fields:

PropertyResponseRequest struct
idstring

A unique identifier for the request.

created_atRFC 3339 date-time string

The time that the request was initiated

statusinteger

The status of the request, 200 means accepted, 403 means rejected or canceled.

scopesList of Scope

The scopes requested

Errors:

  • 400 Bad Request - The one or more of the scopes provided are invalid or not registered.

Example:

$ SUBJECT="vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co"
$ curl -u ":$API_KEY" \
  "https://nametag.co/people/$SUBJECT/properties/nt:email,nt:legal_name"
{
  "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
  "properties": [
    {
      "expires": 1637321520,
      "scope": "nt:email",
      "value": "ross@nametag.co",
      "status": 200
    },
    {
      "expires": 1637321520,
      "scope": "nt:legal_name",
      "value": "Ross Kinder",
      "status": 200
    }
  ],
  "requests": [
    {
      "created_at": "2022-12-18T19:15:42.315853Z",
      "id": "f5cb153e-b96a-42c6-a1c0-f5a27d065fea",
      "scopes": [
        "nt:email",
        "nt:legal_name"
      ],
      "status": 200
    }
  ]
}

Example: using the ID token

$ ID_TOKEN="eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvaXQiLCJleHAiOjIxNDc0ODM2NDcsImlhdCI6MTYzNzIzNTEyNSwiaXNzIjoibmFtZXRhZy5jbyIsIm5iZiI6MTYzNzIzNTEyNSwic3ViIjoidmtsamlwa2FpbzJhcDY2M2RvNTRyNWZwMmFANWxzcWZnMWx1cXpiOXMubmFtZXRhZy5jbyJ9.P-elo7PUVC9dIBSV_UgoFbaHc2yATNOj8jumVTF_3izs9QqZ4lslvUsfCnogc1l7oEpowCR9d2j42J6J-5LWjw"
$ curl -u ":$ID_TOKEN" \
  "https://nametag.co/people/$SUBJECT/properties/nt:email,nt:legal_name"
{
  "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
  "properties": [
    {
      "expires": 1637321520,
      "scope": "nt:email",
      "value": "ross@nametag.co",
      "status": 200
    },
    {
      "expires": 1637321520,
      "scope": "nt:legal_name",
      "value": "Ross Kinder",
      "status": 200
    }
  ]
}

Delete properties

A person may revoke your access to a scope at any time. Less commonly, you can also remove a user’s access, for example if a user deletes their account or requests that their data be unshared via your app.

Method: DELETE

URL: https://nametag.co/people/SUBJECT/properties/SCOPES

Authentication: API key for any subject. ID token is if the subject is special value me.

Parameters:

  • SUBJECT - The subject you got back from the /token endpoint which uniquely identifies the person. You can use the special value me with ID token authentication to revoke a scope on behalf of a person to whom the ID token was issued.
  • SCOPES - A comma-separated list of the scopes you want to revoke.

Request: none

Response: none

Example:

CLIENT_ID=obo0jukwhhlbo8
CLIENT_SECRET=ed1227ffbd35ff2b83bc8bd2c6af6473e596be875f094ef08da6a3c041d584f0
SUBJECT=vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co
curl -u "$CLIENT_ID:$CLIENT_SECRET" \
  -X DELETE \
  "https://nametag.co/people/$SUBJECT/properties/nt:email,nt:legal_name"

Get properties in bulk

This endpoint returns properties for multiple people at a time. For each person, specify the subject and the scopes you are requesting. The response will contain an object for each of the subjects you provided.

Note: We recommend a batch size of around 512 people per request. The Nametag API does not strictly limit the number of items that you request, but the requests that are too large may fail due to timeouts or size restrictions on the response.

Method: POST

URL: https://nametag.co/people/bulk

Authentication: API key

Request:

BulkRequest struct
requestsList of BulkRequestItem

A list of property requests, one for each person about whom you are requesting information.

Each item in requests is an object consisting of the following fields:

BulkRequestItem struct
subjectstring

The subject of the request. This is the person whose properties are being requested.

scopesList of Scope

Which scopes you are requesting for this person.

Response:

The response will contain one entry corresponding to item in the requests list.

BulkResponse struct
dataList of PropertiesResponse

A list of responses for each person requested.

Example:

$ curl -u ":$API_KEY" https://nametag.co/people/bulk \
  -d '{
  "requests": [
    {
      "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
      "scopes": [
        "nt:email",
        "nt:legal_name"
      ]
    }
  ]
}'
{
  "data": [
    {
      "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
      "properties": [
        {
          "expires": 1637321520,
          "scope": "nt:email",
          "value": "alice@example.com",
          "status": 200
        },
        {
          "expires": 1637321520,
          "scope": "nt:legal_name",
          "value": "Alice Smith",
          "status": 200
        }
      ]
    }
  ]
}

Compare values

This endpoint compares a set of expected values of a scope for a subject and returns a confidence score that tells you if the subject matches what you expect.

This is useful if your user already has an account with your service and you need to connect them to a Nametag subject.

Note: For now, the only supported scope is nt:legal_name.

Method: POST

URL: https://nametag.co/people/:subject/compare

Authentication: API key

Request body:

SubjectComparisonRequest struct
expectationsList of Expectation

A list of expectations to compare against the person's properties.


Expectation struct
scopeScope

The scope you are comparing against.

valuestring

The value you expect the person to have for this scope.

Response:

The response will contain one entry corresponding to each item in the expectations array. The scope and value from the request will be echoed back as scope and expected, respectively. The value is the actual value of the scope (as would be returned from the get properties endpoint. The confidence that the expected data matches the actual value of the scope is returned as a float in the range 0.0-1.0 as match_confidence.

ComparisonResult struct
confidencefloating-point number

A number between 0 and 1 that represents Nametag's confidence that the value matches the expected value. A value of 1 means Nametag is very confident that the values match, while 0 means that the values do not match at all.

comparisonsList of Comparison

A list of comparisons between the expected and actual values.


Comparison struct
scopeScope

The scope being compared.

expectedstring

The expected value for this scope.

actualstring

The actual value for this scope.

matchboolean

True if the match_confidence exceeds Nametag's recommended threshold for a match, false otherwise.

match_confidencefloating-point number

A number between 0 and 1 that represents Nametag's confidence that the values match. A value of 1 means Nametag is very confident that the values match, while 0 means that the values do not match at all.

Example:

$ curl -u :$APIKEY \
  -X POST \
  https://nametag.co/people/$SUBJECT/compare \
  -d '{
  "expectations": [
    {
      "scope": "nt:legal_name",
      "value": "Alice Smith",
    }
  ]
}'

{
  "confidence": 0.9,
  "comparisons": [
    {
      "scope": "nt:legal_name",
      "expected": "Alice Smith",
      "value": "Alice Catherine Smith",
      "match_confidence": 0.96,
      "match": true
    }
  ]
}

Compare selfie

This is useful if your want to tell if a photo of a user matches the photo on their government ID.

This endpoint compares a photo you upload to the subject’s validated selfie photo provided as part of scanning their government ID. The user must have successfully validated at least one selfie photo against their government ID for this endpoint to return a result. The user must have authorized the nt:profile_picture scope.

For the best results, please upload a photo that is within these parameters:

  • the photo has only one face in it
  • the overall scene in the photo is not too dark or too bright
  • the image file size should not exceed 5MB
  • the image file dimensions should be at least 100x100 pixels per side on the image but no larger than 10,000 pixels per side
  • for images that are larger than 100 by 100 pixels, the face should occupy at least 100x100 pixels

Note: Although the nt:profile_picture scope is required, this endpoint does not compare the uploaded photo against the profile picture. Instead, it compares the actual selfie(s) provided by the subject.

Method: POST

URL: https://nametag.co/people/:subject/compare/selfie

Authentication: API key

Request body: JPEG image data (Content-Type: image/jpeg)

Response:

CompareSelfieResult struct
matchboolean

True if the match_confidence exceeds Nametag's recommended threshold for a match, false otherwise.

confidencefloating-point number

A number between 0 and 1 that represents Nametag's confidence that the values match. A value of 1 means Nametag is very confident that the values match, while 0 means that the values do not match at all.

Webhooks

Webhooks allow you to handle events initiated by Nametag. When events of interest occur, our service will make an HTTPS request to your service. Webhooks are configured on a per-environment basis in the developer console.

Authentication: Your service should verify that the requests to your webhook endpoint actually originate from Nametag. Each request to your service includes a header X-Nametag-Signature whose value is the hex-encoded HMAC-SHA256 of the body of the request using the webhook’s SHARED-SECRET as the key. The shared secret can be found in the developer console.

Note: You must validate the raw bytes of the request body before you parse the JSON content. Any minor changes to whitespace, field order, or new fields will cause the signature validation to fail.

Example: Verifying the signature on the command line.

WEBHOOK_SHARED_SECRET="webhook-683fb6598c7faa4f05e4e693d3686f5faa6b9cd7bb646c5254edd3cb880f4225"
X_NAMETAG_SIGNATURE="e51e995e66aabc85f5f15f3c9dcdf859757aa117fd7ab13ccb61c54057d744f3"
ACTUAL_SIGNATURE=$(echo -n '{"event_type":"share",'\
    '"subject":"vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",'\
	'"request":"f9cbc40a-5da2-4f1c-84a6-f8e097fca03c",'\
    '"scopes":["nt:email","nt:name","nt:legal_name"]}' |\
  openssl dgst -sha256 -hmac "$WEBHOOK_SHARED_SECRET" |\
  awk '{print $2}')
if [ "$ACTUAL_SIGNATURE" = "$X_NAMETAG_SIGNATURE" ]; then
  echo "Signature matched, process request"
else
  echo "Signature did not match, reject request"
fi

Retries: If your service returns an error status code (>= 400), or if we cannot connect due to a network or certificate error, then Nametag will retry the request up to five times at 30 second intervals. You can see a history of our attempts to deliver webhooks in the developer console.

Note: Your service must present a valid, publicly trusted SSL/TLS certificate. For development, we recommend ngrok. For production use we recommend Let’s Encrypt

Share event

This event is emitted whenever a person shares information with you, or when they update information they have previously shared.

Event type: share

Request body:

WebhookPayloadShare struct
event_typestring

Always "share" for this event type

subjectstring

The subject that shared the data

requeststring (optional)

The ID of the most recent request which was returned by the create a request API, if used. This field may be omitted when the user changes shared data outside the context of a pending request, such as by using the "Vault" tab in the Nametag app.

org_namestring (optional)

The currently configured name of the environment that generated the webhook

env_namestring (optional)

The currently configured name of the organization in which the environment is configured

scopesList of Scope

The list of currently shared scopes

Example: (whitespace has been added to the response for clarity)

POST https://example.com/webhook HTTP/1.1
Date: Thu, 18 Nov 2021 11:55:09 GMT
Content-type: application/json
User-agent: Nametag-Webhooks/20211116T214921.7e635fd.ci
X-Nametag-ID: 925dfd28-5213-42d9-9320-f1f6d0c8de09
X-Nametag-Signature: c47c087cef9d7816fd625a4383c73ee67de833cbf4376f45aa8a9ef1277c7c81

{
  "event_type": "share",
  "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
  "request": "f9cbc40a-5da2-4f1c-84a6-f8e097fca03c",
  "env_name": "Live",
  "org_name": "My Company",
  "scopes": [
    "nt:email",
    "nt:legal_name",
    "nt:name"
  ]
}

Revoke event

This event is emitted when a person revokes access to information they’ve previously shared with you.

Event type: revoke

Request body:

WebhookPayloadReject struct
event_typestring

Always "revoke" for this event type

subjectstring

The Subject that initially shared the data

requeststring (optional)

The ID of the most recent request which was returned by the create a request API, if used. This field may be omitted when the user changes shared data outside the context of a pending request, such as by using the "Vault" tab in the Nametag app.

org_namestring (optional)

The currently configured name of the organization in which the environment is configured

env_namestring (optional)

The currently configured name of the environment that generated the webhook

scopesList of Scope

The list of revoked scopes

Example: (whitespace has been added to the response for clarity)

POST https://trynametag.com/webhook HTTP/1.1
Date: Thu, 18 Nov 2021 11:55:23 GMT
Content-type: application/json
User-agent: Nametag-Webhooks/20211116T214921.7e635fd.ci
X-Nametag-ID: 4f94f7a0-5bdf-409b-ae84-2aff8c95eab0
X-Nametag-Signature: b7aad74f36f50e7b15112bea178b25001c45726715cf19a4328e5b22f89a9b7f

{
  "event_type": "reject",
  "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
  "env_name": "Live",
  "org_name": "My Company",
  "scopes": [
    "nt:email",
    "nt:legal_name",
    "nt:name"
  ]
}

Recover event

This event is emitted just before a person recovers an account using a connected directory service such as Entra ID or Okta.

Event type: recover

Request body:

WebhookPayloadRecover struct
event_typestring

Always "recover" for this event type

subjectstring

The Nametag identifier of the person who recovered an account

languagestring

The language preferences of the user, as reported by their browser's Accept-Language header

directorystring

The ID of the directory service that was used to recover the account

external_idstring

The ID of the user in the directory.

actionRecoveryKind

The type of recovery that occurred, either reset-password, reset-mfa, or unlock

org_namestring

The currently configured name of the organization in which the environment is configured

env_namestring

The currently configured name of the environment that generated the webhook

dateRFC 3339 date-time string

The time when the recovery completed.

Response body: (optional)

WebhookResponseRecover struct
deny_user_messagestring (optional)

Specified then the recovery operation is not allowed and the user is presented with the specified message. Use language to determine the language of the end user and translate appropriately, if necessary.
The format of the message is markdown.

Example: (whitespace has been added to the response for clarity)

POST https://example.com/webhook HTTP/1.1
Date: Thu, 18 Nov 2021 11:55:09 GMT
Content-type: application/json
User-agent: Nametag-Webhooks/20211116T214921.7e635fd.ci
X-Nametag-ID: 2744d75e-0eb9-448d-8b70-cd59ee5a8471
X-Nametag-Signature: a83e8857e70bcbd923d7180582b5877123e732d25fefc4af170f83a94c250c09

{
  "event_type": "recover",
  "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
  "language": "en-US,en;q=0.9",
  "directory": "132bf0fb-55dd-4b19-ad54-e43a85c8bd50",
  "external_id": "alice@example.com",
  "action": "reset-password",
  "env_name": "My Environment",
  "org_name": "My Company"
}

Rejecting a recovery operation

Unlike the other webhooks, Nametag can optionally process the response your server sends to from the webhook. This allows you implement logic to prevent us from performing a recovery operation. This process looks like this:

Synchronous recover webhook process

To reject the recovery operation your webhook handler must:

  • Respond with an HTTP status code of 200
  • Set the Content-type response header to application/json
  • The response body must contain a valid JSON document like:

The deny_user_message field is a user-facing message that will be displayed to the user. If this field is absent or null, then Nametag assumes that you want to allow the recovery to continue. If you serve users in multiple languages, use the language field of the request to determine how deny_user_message should be translated.

Request event (beta)

This event is emitted whenever a request changes status. It contains the same information as the get request endpoint.

Event type: request

Request body:

WebhookPayloadRequest struct
event_typestring

Always "request" for this event type

eventRequestEventType

The reason this event was emitted.
This field is provided for transparency about why the webhook is being emitted. The possible values of may change over time and are not part of the API contract. We recommend that you use the status information in the request.progress and request.status fields to determine the current state of a request. Different user flows may result in certain events not being emitted, for example if the user has already scanned their ID the scan_* events are not emitted. The request.status field is your best source of truth.

requestRequest

Information about the request

The event_type field will have one of the following values:

RequestEventType enum
request_created

A new request has been initiated and recorded in the system.

request_accepted

The request was completed.

request_rejected

The request was rejected because the evidence presented was insufficient or invalid.

request_canceled

The request has been canceled by the user or system before completion.

request_app_opened

The user opened the Nametag app.

request_email_selected

The user selected which email address they will share.

request_link_opened

The request link was opened in the browser.

request_selfie_verified

The user's selfie has been successfully verified against their ID and the selfie chain.

request_label_changed

The request label was updated.

request_data_deletion_status_changed

An OAuth authorization code has been issued as part of the request.

request_oauth_code_issued

An OAuth access token has been issued following successful authentication.

request_oauth_token_issued

The request has exceeded the allowed time limit and is no longer valid.

request_expired

The user started scanning their ID.

scan_started

The user uploaded an image of the front of their ID.

scan_front_image_added

The user uploaded an image of the back of their ID.

scan_back_image_added

The user uploaded an image of their selfie.

scan_selfie_image_added

The user uploaded an image of their second selfie (in PAD mode only)

scan_selfie_smile_added

Aadhaar details have been added to the scan request.

scan_aadhaar_added

The user finished scanning their ID.

scan_aadhaar_otp_added

The user canceled the ID scan before they finished.

scan_finished

Nametag rejected the user's ID and the user has appealed.

scan_aborted

A Nametag reviewer has reviewed the user's appeal and accepted it.

scan_appealed

A Nametag reviewer has reviewed the user's appeal and rejected it.

scan_appeal_accepted

The user's scanned ID is valid.

scan_appeal_rejected

The user's scanned ID is invalid.

scan_accepted

The end user has provided consent for biometric data collection.

scan_rejected

The end user has revoked consent or authorization for the request.

biometric_consent

You (the requestor) have revoked authorization for the request.

end_user_revoke

A phone number has been added to the user's vault.

vendor_revoke

The added phone number has been successfully verified.

vault_phone_added

A verification request for the phone number has been resent.

vault_phone_verified

The phone number has been removed from the user's vault.

vault_phone_resent

An email address has been added to the user's vault.

vault_phone_deleted

The added email address has been successfully verified.

vault_email_added

A verification request for the email address has been resent.

vault_email_verified

The email address has been removed from the user's vault.

vault_email_resent

A profile picture has been added to the user's vault.

vault_email_deleted

The profile picture has been removed from the user's vault.

vault_profile_picture_added

The user's preferred name has been set in the vault.

vault_profile_picture_removed

The profile picture has been reviewed and accepted.

vault_preferred_name_set

The profile picture has been reviewed and rejected.

profile_picture_accepted

The user's vault and all associated data have been deleted.

profile_picture_rejected
vault_deleted

Accounts API

An account represents a user entry in a directory. Accounts are created from the directory synchronization process, which runs automatically every hour, or when you press the “Sync Now” button in the console.

List Accounts

Method: GET

URL: https://nametag.co/api/accounts

Authentication: API key

Response:

AccountsList struct
accountsList of Account

The list of accounts

Each item in accounts is an object consisting of:

Account struct
idstring

The Nametag identifier for the account.

directory_identifiersList of string

The identifiers for the account used by the directory (typically an email address, username)

directory_immutable_identifierstring

The unchanging identifier for the account used by the directory. Most directories have an UUID or other opaque identifier that doesn't change even when directory_identifiers changes.

namestring

The person's name, according to the directory

subjectstring (optional)

The Nametag Subject for this person, if the account has been bound to a subject. Null otherwise.

have_birth_dateboolean (optional)

true if the person's expected birth date has been set for the directory.

photoAccountPhoto (optional)

A verified photo of the person that you provide. If this field is set prior to being bound to a subject, then the selfie must match this photo.

An AccountPhoto is an object with the following fields:

AccountPhoto struct
sha256string

The SHA256 hash of the uploaded image.

created_atRFC 3339 date-time string

The time when the image was added.

Get an account

Fetches a single account. The ACCOUNT-ID can be either the id, one of the directory_identifiers or directory_immutable_identifier for the account.

Method: GET

URL: https://nametag.co/api/accounts/ACCOUNT-ID

Authentication: API key

Response: Account

{
  "id": "f3a579f8-bf03-4d1d-a582-b9ff801d0ab5",
  "directory_identifiers": ["alice@example.com"],
  "directory_immutable_identifier": "1904df08-b3b2-41b3-80d9-52cea873f62a",
  "name": "Alice Smith",
  "subject": "vkljipkaio2ap663do54r5fp2a@5lsqfg1luqzb9s.nametag.co",
  "birth_date": "1989-12-13",
  "photo": {
    "sha256": "324a68d4a6185dd91a77c13950eb93853c9b00752ad072c248f96643b1289f4e",
    "created_at": "2023-07-10T14:03:13Z"
  }
}

Update an account

Updates an account. The ACCOUNT-ID can be either the id, one of the directory_identifiers or directory_immutable_identifier for the account.

Method: PATCH

URL: https://nametag.co/api/accounts/ACCOUNT-ID

Authentication: API key

Request:

All fields of the request are optional. If you omit a field, it will not be changed. The request may contain the following fields:

AccountUpdateRequest struct
birth_datestring (optional)

The subject's date of birth. If this is set prior to the account being bound to a subject, then the birth date on their ID must match this date.
You can also specify the hash or HMAC of the person's birth date. See Birth date hashes for details.

subjectstring (optional)

The subject for this person. Set this to an empty string to remove the binding for this person.

Response: none

Add a photo

Adds a photo to an account. The ACCOUNT-ID can be either the id, one of the directory_identifiers or directory_immutable_identifier for the account.

Method: PUT

URL: https://nametag.co/api/accounts/ACCOUNT-ID/photo

Authentication: API key

Request: JPEG image

This request will fail if the account is already bound to a subject and that person’s provided selfie does not match the photo you upload. It will also fail if the photo is not a valid JPEG image, or does not contain exactly one legible face.

Note: Photos must not be larger than 7MB

Bulk update accounts

Method: PATCH

URL: https://nametag.co/api/accounts

Authentication: API key

Request:

AccountBulkUpdateRequest struct
accountsList of AccountBulkUpdateRequestItem

A list of account update operations

An AccountBulkUpdateRequestItem is an object with the following fields:

AccountBulkUpdateRequestItem struct
birth_datestring (optional)

The subject's date of birth. If this is set prior to the account being bound to a subject, then the birth date on their ID must match this date. You can also specify the hash or HMAC of the person's birth date. See Birth date hashes for details.

idstring

The unique identifier of the account. This can be the Nametag ID
for the account, the immutable ID of the account (e.g. the GUID in
Azure AD), or one of the identifiers associated with the account,
(e.g. the email address, username, or UPN).

subjectstring (optional)

The subject for this person. Set this to an empty string to remove the binding for this person.

Response:

AccountBulkUpdateResponse struct
resultsList of AccountBulkUpdateResponseItem

An AccountBulkUpdateResponseItem is an object with the following fields:

AccountBulkUpdateResponseItem struct
statusAccountBulkUpdateStatus
idstring

The account identifier provided in the request

errorstring (optional)

A description of the error that occurred.

A AccountBulkUpdateStatus is one of the following values:

AccountBulkUpdateStatus enum
204

The account was updated

400

One of the fields to be updated is malformed, e.g. the subject is not valid or not for the environment of the account.

404

An account matching the specified ID could not be found

409

Multiple accounts with the specified identifier were found

Bulk photo upload

Adds multiple photo to an account.

Method: POST

URL: https://nametag.co/api/account/photos

Authentication: API key

Query parameters:

Parameter Description
directory Required The ID of the directory to associate photos with.

Request: Zip archive containing JPEG or PNG images

You must provide a zip archive. Each file in the zip archive should be named as ACCOUNT-ID.jpeg or ACCOUNT-ID.png. The ACCOUNT-ID can be either the id, one of the directory_identifiers or directory_immutable_identifier for the account. Each image will be associated with an existing account in the same manner as the Add photo endpoint above.

Note: The uploaded file may not be larger than 500MB. Split your bulk imports into parts and call this API repeatedly if you need to upload more than 500MB worth of images.

Response:

BulkUploadAccountPhotosResponse struct
filesList of BulkUploadAccountPhotosResponseItem

A list of responses, each corresponding to a file in the uploaded archive.


BulkUploadAccountPhotosResponseItem struct
filenamestring

The name of the file

account_idstring (optional)

The Nametag identifier for the account that matched this file. If this field is absent, then the file was not matched to an existing account.

directory_identifiersList of string (optional)

The identifiers for the account used by the directory (typically an email address, username)

directory_immutable_identifierstring (optional)

The unchanging identifier for the account used by the directory. Most directories have an UUID or other opaque identifier that doesn't change even when directory_identifiers changes.

statusinteger

This field is 200 if adding the photo was successful, 404 if an account could not be found, 400 if the image is invalid, or 422 if the image contains multiple faces, doesn't match the existing selfie, or no face at all.

errorstring (optional)

A human readable error message describing the reason a file could not be processed.

Example:

$ ls bulk
alice@example.com.jpg
bob@example.com.jpg
charlotte@example.com.jpg
danielle@example.com.jpg
ed@example.com.jpg

$ zip -r bulk.zip bulk

$ curl -u :$APIKEY \
  https://nametag.co/api/account/photos?directory=b8e62529-a26f-4f2e-b4c4-b78ef85e75d6 \
  --upload-file bulk.zip
{
  "files": [
    {
      "filename": "bulk/alice@example.com.jpg",
      "account_id": "6572dcdd-c3e4-4e7b-b59a-a4ef25a613cb",
      "directory_identifiers": [
        "alice@example.com"
      ],
      "directory_immutable_identifier": "ffbb4ab9-c5ae-47c2-916b-35212115285b",
      "status": 200
    },
    {
      "filename": "bulk/bob@example.com.jpg",
      "account_id": "48b6f6fa-1ad8-4d53-861a-cdfd5c0e3376",
      "directory_identifiers": [
        "bob@example.com"
      ],
      "directory_immutable_identifier": "8eca86c8-cee7-4eda-98e2-c89cbef25f6c",
      "status": 200
    },
    {
      "filename": "bulk/charlotte@example.com.jpg",
      "account_id": "086b62c8-05cc-4895-a58b-caada9d10074",
      "directory_identifiers": [
        "charlotte@example.com",
        "charlotte@example.net",
      ],
      "directory_immutable_identifier": "27c97d75-01ce-4fd0-ad66-743c87574725",
      "status": 200
    },
    {
      "filename": "bulk/danielle@example.com.jpg",
      "status": 404,
      "error": "account not found"
    },
    {
      "filename": "bulk/ed@example.com.jpg",
      "account_id": "ef5deae7-1f2c-48a7-b1f1-70d8ddda75c7",
      "directory_identifiers": [
        "ed@example.com"
      ],
      "directory_immutable_identifier": "17937a5a-484f-488d-935b-67b919b8cc29",
      "status": 200
    }
  ]
}

Configuration API

Use the configuration API to manage the configuration of your organizations and environments. All requests to the configuration API are authenticated with API keys.

Organization

An organization is a singleton that represents global state about your relationship to Nametag.

Get

Get the organization.

Method: GET

URL: https://nametag.co/api/org

Authentication: API key

Response:

Org struct
namestring

The name of the organization, typically the name of your company

roleRole

Your role in the organization.

envsList of string

A list of the environment IDs that you have access to.

Example:

$ curl -u :$APIKEY https://nametag.co/api/org
{
  "name": "Acme Corp",
  "role": "admin",
  "envs": [
    "cfln7ldhawwlen",
    "nwixcd2qkbth7h"
  ]
}

List members

Returns a list of the members of your organization

Method: GET

URL: https://nametag.co/api/org/members

Authentication: API key

Request: none

Response:

ListOrgMembersResponse struct
membersList of OrgMember

A list of each member of the organization

Each ORG-MEMBER is an object consisting of:

OrgMember struct
member_idstring

A unique identifier of the member.

roleRole

The person's role on the organization. One of reader, admin, or owner

envsList of string

The list of environments the member has access to. If the list contains *, the member has access to all environments.

namestring

The name of the member.

emailstring

The email address of the member.

profile_pictureURL string

The URL of the profile picture of the member.

invite_pendingboolean

True if the member has been invited to the organization but has not yet signed in.

requests_countinteger (optional)

The number of request the member has sent.

The Role enumeration has one of the following values:

Role enum
limited

A limited user can make requests and see responses to their request, but they cannot see responses to other people's requests.

limited_plus

Like limited but can see request details

user

A normal member of the organization. Can manage requests but not environments or members.

admin

An administrator of the organization. Admins can invite new members, update member roles, and remove members.

owner

The owner of the organization. The owner has full control over the organization, including the ability to delete it.

Invite a person to your organization

Invites a new person to join your organization. This API sends an email to the address specified. When the person accepts the invitation, they will have joined the organization. The person must use the Nametag app to authenticate prior to joining the organization.

Method: POST

URL: https://nametag.co/api/org/members

Authentication: API key

Request:

InviteOrgMemberRequest struct
emailRFC 822 email address string

The email address of the person you want to invite.

envsList of string

The list of environments the member will have access to. If the list contains *, the member will have access to all environments.

roleRole

The role to be assigned to the new member.

Response: none

Remove an organization member

Removes a person from an organization.

Method: DELETE

URL: https://nametag.co/api/org/members/MEMBER-ID

Authentication: API key

Request: none

Response: none

Set a member’s role

Assign a role to a member

Method: PATCH

URL: https://nametag.co/api/org/members/MEMBER-ID

Request:

UpdateOrgMemberRequest struct
envsList of string (optional)

The list of environments the member will have access to. If the list contains *, the member will have access
to all environments.

roleRole (optional)

The role to be assigned to the member.

The role must be one of reader, or admin. You must have at least one active member marked as admin.

Response: none

Environment

An environment is the unit of privacy isolation in Nametag. The Environment object contains the following fields:

Env struct
idstring

The identifier for this environment

namestring

The internal name for this environment

public_namestring

The name of the environment that is shared with people

logo_urlURL string

A URL to your logo, which is displayed in the Nametag mobile app.

terms_of_service_urlURL string

The URL of the terms of service.

Formerly, this URL was provided to end-users in the Nametag mobile app, but it
is no longer used.

callback_urlsList of URL string

A list of valid URLs for use as OAuth 2.0 callback URLs.

webhooksList of WebhookDefinition

A list of webhooks.

templatesList of Template

A list of request templates.

storageEnvStorage (optional)

The type WebhookDefinition defines a webhook. It contains the following fields:

WebhookDefinition struct
idstring

A unique identifier for the webhook definition.

urlstring

The URL in your service that should be called, e.g. https://example.com/__callback

enabledboolean

If true, then calls to this webhook should be made.

eventsList of WebhookEventType

The names of the events that should be sent.


WebhookEventType enum
share

Send Share events to this webhook

reject

Send Reject events to this webhook

recover

Send Recover events to this webhook

request

Send Request events to this webhook

The type EnvStorage defines the configuration of enterprise data custody. It contains the following fields:

EnvStorage struct
s3_bucket_usstring (optional)

The S3 bucket for data stored in the United States. Must be in the us-east-2 AWS region.

s3_bucket_eustring (optional)

The S3 bucket for data stored in Europe. Must be in the eu-west-1 AWS region.

s3_bucket_instring (optional)

The S3 bucket for data stored in India. Must be in the ap-south-1 AWS region.

aws_role_arnstring (optional)

The role Nametag should use to access the S3 buckets.

azure_blob_usstring (optional)

Azure Blob Storage presigned (SAS) URL. Should be in the eastus region.

azure_blob_eustring (optional)

Azure Blob Storage presigned (SAS) URL. Should be in the northeurope region.

azure_blob_instring (optional)

Azure Blob Storage presigned (SAS) URL. Should be in the centralindia region.

Template

The type Template defines a request template. A request template provides greater control over your request than is possible with the create a request endpoint.

It contains the following fields:

Template struct
idstring

A unique identifier for the template

created_atRFC 3339 date-time string

When the template was created

namestring

A descriptive name of the template

headlinestring

The text that appears at the top of the mobile app when showing the request

qr_headlinestring

The text that appears above the QR code when directing the user from desktop to mobile.

expiration_textstring

The text that describes when the request expires. This should include {{.TTL}} which is a placeholder for the expiration of the data sharing authorization in human readable form, e.g. "3 hours"

accept_textstring

The text on the accept button in the mobile app.

accepted_textstring

The text that appears on the confirmation view after a request has been accepted.

install_message_smsstring

The contents of the SMS message sent to users to direct them to the mobile app. This must contain the {{.Link}} which is a placeholder for the actual link.

is_defaultboolean

If true then this is the default template used when a template is not explicitly specified. There must be exactly one default template.

scope_definitionsList of TemplateScopeDefinition

A list of scopes that are requested when requests are created with this template.

scopes_expire_ininteger

How long the data sharing authorization should last, in seconds.

enabledboolean

If true, then this template is enabled for requests. The default template must be enabled.

require_selfie_reverificationboolean

If true, existing users must provide a new selfie to validate their identity.

TemplateScopeDefinition

The type TemplateScopeDefinition defines a scope that is requested when a request is created with a template. It contains the following fields:

TemplateScopeDefinition struct
scopeScope

The name of the scope that is requested

restrict_email_domainsList of string (optional)

If the scope definition is for nt:email or similar, require that the email domain match one of the provided values. If the scope definition is not for email, or if the list is empty, then emails from any domain are allowed.

List environments

Returns a list of all environments that you have access to.

Method: GET

URL: https://nametag.co/api/envs

Authentication: API key

Response:

ListEnvsResponse struct
envsList of Env

A list of all your environments.

Example:

$ curl -u :$APIKEY https://nametag.co/api/envs
{
  "envs": [
    {
      "id": "5lsqfg1luqzb9s",
      "name": "Sidecar Production",
      "public_name": "Sidecar",
      "description": "Like Uber, but for rides in motorcycle sidecars.",
      "logo_url": "https://nametagusercontent.com/app-icons/fa21/f7d7/fa21f7d7e4d2eacec7331de48df71e29cfe5fca2d8c629634e9e69a2042c26b9",
      "terms_of_service_url": "https://example.nametag.co/terms",
      "callback_urls": [
        "https://trynametag.com/callback"
      ],
      "webhook_shared_secret": "webhook-683fb6598c7faa4f05e4e693d3686f5faa6b9cd7bb646c5254edd3cb880f4225",
      "webhooks": [
        {
          "url": "https://trynametag.com/webhook",
          "enabled": true,
          "events": [
            "share",
            "reject"
          ]
        }
      ]
    }
  ]
}

Create

Creates a new environment

Method: POST

URL: https://nametag.co/api/envs

Authentication: API key

Request: empty

Response:

CreateEnvResponse struct
idstring

The unique identifier of the environment

Example:

$ curl -u :$APIKEY \
    -X POST \
    https://nametag.co/api/envs
{
  "id": "x0n8vfkfcmh3ks"
}

Get

Fetch the settings for an environment.

Method: GET

URL: https://nametag.co/api/envs/ENV-ID

Authentication: API key

Response: an Env object

Example:

$ curl -u :$APIKEY https://nametag.co/api/envs/x0n8vfkfcmh3ks
{
  "id": "5lsqfg1luqzb9s",
  "name": "Sidecar Production",
  "public_name": "Sidecar",
  "description": "Like Uber, but for rides in motorcycle sidecars.",
  "logo_url": "https://nametagusercontent.com/app-icons/fa21/f7d7/fa21f7d7e4d2eacec7331de48df71e29cfe5fca2d8c629634e9e69a2042c26b9",
  "terms_of_service_url": "https://example.nametag.co/terms",
  "callback_urls": [
    "https://trynametag.com/callback"
  ],
  "webhook_shared_secret": "webhook-683fb6598c7faa4f05e4e693d3686f5faa6b9cd7bb646c5254edd3cb880f4225",
  "webhooks": [
    {
      "url": "https://example.com/webhook",
      "enabled": true,
      "events": [
        "share",
        "reject"
      ]
    }
  ]
}

Update

Change settings for an environment. All the request fields are optional, and only fields that are provided will be changed.

Method: PATCH

URL: https://nametag.co/api/envs/ENV-ID

Authentication: API key

Request:

Each field of the request is optional. Refer to the Environment object for descriptions of each field.

EnvUpdateRequest struct
namestring (optional)

Update the name of the environment, for internal use.

public_namestring (optional)

Update the public-facing name for your environment, typically your company or brand name.

callback_urlsList of URL string (optional)

Set the list of allowed OAuth 2.0 callback URLs

terms_of_service_urlstring (optional)

Update the terms of service URL.

remove_webhooksList of string (optional)

Remove webhooks from the environment (IDs of the webhooks to remove)

add_webhooksList of WebhookDefinition (optional)

Add webhooks to the environment

update_webhookWebhookDefinitionUpdate (optional)
storageEnvStorage (optional)

To modify a webhook, include both the remove_* and add_* in the same request. For example, to replace an webhook, include both remove_webhooks and add_webhooks in your request.

Example:

$ curl -u :$APIKEY https://nametag.co/api/envs/x0n8vfkfcmh3ks -X PATCH -d '{
  "name": "Example app",
  "remove_webhook": ["https://example.com/webhook"],
  "add_webhook": [
    {
      "url": "https://example.com/webhook2",
      "enabled": true,
      "events": ["share", "reject"]
    }
  ]
}'

Method: POST

URL: https://nametag.co/api/envs/ENV-ID/logo

Authentication: API key

Request: A PNG, SVG, or JPEG of your service’s logo. Set the Content-type request header to one of image/png, or image/svg+xml, or image/jpeg.

Response: none

Example:

$ curl -u :$APIKEY \
    -X POST \
    -H "Content-type: image/png" \
    -T "logo512.png" \
    https://nametag.co/api/envs/x0n8vfkfcmh3ks/logo

# check the environment
$ curl -u :$APIKEY https://nametag.co/api/envs/x0n8vfkfcmh3ks | jq -r .logo_url
https://nametagusercontent.com/app-icons/fa21/f7d7/fa21f7d7e4d2eacec7331de48df71e29cfe5fca2d8c629634e9e69a2042c26b9

Remove

Remove an environment.

Method: DELETE

URL: https://nametag.co/api/envs/ENV-ID

Request: none

Response: none

$ curl -u :$APIKEY \
    -X DELETE \
    https://nametag.co/api/envs/x0n8vfkfcmh3ks

Templates

A template defines certain parameters for a request. A request can be created with the template query parameter to /authorize to pre-fill the request with the parameters defined in the template.

Note: there are no APIs for listing or fetching templates. Instead, they are returned as part of the GET /env/:env API.

You must always have exactly one template that is the default. The default template is used when a request is created without specifying a template.

Create a template

Creates a new template.

All fields in the request body are optional, if not provided they will have their default values.

Method: POST

URL: https://nametag.co/api/envs/ENV-ID/templates

Request:

CreateTemplateRequest struct
namestring

A descriptive name of the template

headlinestring (optional)

The text that appears at the top of the mobile app when showing the request

qr_headlinestring (optional)

The text that appears above the QR code when directing the user from desktop to mobile.

expiration_textstring (optional)

The text that describes when the request expires. This should include {{.TTL}} which is a placeholder for the expiration of the data sharing authorization in human readable form, e.g. "3 hours"

accept_textstring (optional)

The text on the accept button in the mobile app.

accepted_textstring (optional)

The text that appears on the confirmation view after a request has been accepted.

install_message_smsstring (optional)

The contents of the SMS message sent to users to direct them to the mobile app. This must contain the {{.Link}} which is a placeholder for the actual link.

is_defaultboolean (optional)

If true then this is the default template used when a template is not explicitly specified. There must be exactly one default template.

scope_definitionsList of TemplateScopeDefinition (optional)

A list of scopes that are requested when requests are created with this template.

scopes_expire_ininteger (optional)

How long the data sharing authorization should last, in seconds.

enabledboolean (optional)

If true, then this template is enabled for requests. The default template must be enabled.

require_selfie_reverificationboolean (optional)

If true, existing users must provide a new selfie to validate their identity.

Response:

CreateTemplateResponse struct
idstring

The unique identifier of the template

Example:

$ curl -u :$APIKEY \
  -X POST \
  https://nametag.co/api/envs/x0n8vfkfcmh3ks/templates \
  -d '{"name": "Transaction Authorization"}'
{"id": "a7da6fc2-ba44-44df-a863-3ac9f58b5ba6"}

Modify a template

Updates a template. The request body may contain any of the fields from the Template object. Fields that are omitted remain unchanged.

Method: PATCH

URL: https://nametag.co/api/envs/ENV-ID/templates/TEMPLATE-ID

Request:

UpdateTemplateRequest struct
namestring (optional)

A descriptive name of the template

headlinestring (optional)

The text that appears at the top of the mobile app when showing the request

qr_headlinestring (optional)

The text that appears above the QR code when directing the user from desktop to mobile.

expiration_textstring (optional)

The text that describes when the request expires. This should include {{.TTL}} which is a placeholder for the expiration of the data sharing authorization in human readable form, e.g. "3 hours"

accept_textstring (optional)

The text on the accept button in the mobile app.

accepted_textstring (optional)

The text that appears on the confirmation view after a request has been accepted.

install_message_smsstring (optional)

The contents of the SMS message sent to users to direct them to the mobile app. This must contain the {{.Link}} which is a placeholder for the actual link.

is_defaultboolean (optional)

If true then this is the default template used when a template is not explicitly specified. There must be exactly one default template.

scope_definitionsList of TemplateScopeDefinition (optional)

A list of scopes that are requested when requests are created with this template.

scopes_expire_ininteger (optional)

How long the data sharing authorization should last, in seconds.

enabledboolean (optional)

If true, then this template is enabled for requests. The default template must be enabled.

require_selfie_reverificationboolean (optional)

If true, existing users must provide a new selfie to validate their identity.

Response: none

Example:

Update the headline for a template:

$ curl -u :$APIKEY \
  -X PATCH \
  https://nametag.co/api/envs/x0n8vfkfcmh3ks/templates/a7da6fc2-ba44-44df-a863-3ac9f58b5ba6
{
  "headline": "ACME needs to know who you are"
}

Delete a template

Removes a template.

Method: DELETE

URL: https://nametag.co/api/envs/ENV-ID/templates/TEMPLATE-ID

Request: none

Response: none

Example:

Update the headline for a template:

$ curl -u :$APIKEY \
  -X DELETE \
  https://nametag.co/api/envs/x0n8vfkfcmh3ks/templates/a7da6fc2-ba44-44df-a863-3ac9f58b5ba6

Directories

A directory represents a connection to an external directory, which enables self-service account recovery and/or validating the identity of users in the directory.

Create

Create a directory.

Method: POST

URL: https://nametag.co/api/directories

Request:

CreateDirectoryRequest struct
envstring

The ID of the environment to create this directory for

kindDirectoryKind

The type of directory to create

credentialsCredentials (optional)

Credentials to access the directory.

Provide credentials for directories that require it
("okta", "duo", "onelogin"). Omit for "azure-ad".


DirectoryKind enum
azure-ad

An Entra ID (formerly Azure Active Directory) directory

okta

An Okta directory

duo

An Duo Security directory

onelogin

An OneLogin directory


Credentials struct
accountstring (optional)
  • For Duo, the integration key
  • For Okta, this field should be blank
  • For Onelogin, the client ID, e.g. 98ea6e4f216f2fb4b69fff9b3a44842c38686ca685f3f55dc48c5d3fb1107be4
partitionstring
  • For Duo, the API hostname, e.g. api-33091yc9.duosecurity.com.
  • For Okta, the service hostname, e.g. your-company.okta.com.
  • For Onelogin, the subdomain, e.g. example.onelogin.com.
secretstring
  • For Duo, the secret key, e.g. cv9wJSC10XDFRGY5L9DcgHuNtR76vM8kuB1sDCpc
  • For Okta, the API token, e.g. 21lgux-M8uJC4w-9kN_PL0ivV5tM81AvSd7l0IuAS3
  • For Onelogin, the client secret, e.g. f3d4bd80d4d4007be3455453819d3359f8a5eb2eb66fdbc7bae5e44083605118

Response:

CreateDirectoryResponse struct
idstring

The unique identifier for the directory.

redirect_urlstring (optional)

The OAuth 2.0 redirect URL to authorize the directory.

If the directory uses OAuth 2.0 for authorization (e.g. "azure-ad"), then
this field contains the URL to redirect the user to authorize the directory.

List

Fetches information about each directory

Method: GET

URL: https://nametag.co/api/directories

Response:

  • The count field is the number of entries in the directory, as of the most recent synchronization.

GetDirectoriesResponse struct
directoriesList of Directory

A list of all directories.


Directory struct
idstring

The unique identifier for the directory.

envstring

The environment this directory belongs to.

kindDirectoryKind

The kind of directory this is

namestring

The internal name of the directory.
This field is derived from inspecting the directory itself, for example for Entra ID this field is the primary domain name. This field is used to you identify the directory.

mfa_policyRecoveryPolicyRules

The policy governing MFA reset

password_policyRecoveryPolicyRules

The policy governing password reset

unlock_policyRecoveryPolicyRules

The policy governing account unlock

temporary_access_pass_policyRecoveryPolicyRules

The policy governing generating a temporary access pass.

temporary_access_pass_lifetime_minutesinteger (optional)

The validity period of a temporary access pass in minutes.
For Entra ID, this value must be between 10 and 43200 (equivalent to 30 days). If not specified, the defaultLifetimeInMinutes setting in the Temporary Access Pass authentication method policy is applied.

temporary_access_pass_reusableboolean (optional)

True if temporary access passes can be used more than once. If unspecified, temporary access passes are usable only once.

credentialsPartialCredentials (optional)

The directory credentials used, not including any secret values.

last_sync_started_atRFC 3339 date-time string (optional)

When the last sync started.

last_sync_completed_atRFC 3339 date-time string (optional)

When the last sync completed

last_sync_errorstring (optional)

An error describing the failure of the last sync, or null if the last sync was successful.

countinteger (optional)

The number of accounts in the directory.

needs_reconnectboolean (optional)

If the directory needs to reconnect.

sync_runningboolean

true if the directory sync is currently running

birth_date_hmac_secret_existsboolean

true if a shared secret for birth date HMACs has been set


PartialCredentials struct
accountstring
  • For Duo, the integration key
  • For Okta, this field should be blank
  • For Onelogin, the client ID, e.g. 98ea6e4f216f2fb4b69fff9b3a44842c38686ca685f3f55dc48c5d3fb1107be4
partitionstring
  • For Duo, the API hostname, e.g. api-33091yc9.duosecurity.com.
  • For Okta, the service hostname, e.g. your-company.okta.com.
  • For Onelogin, the subdomain, e.g. example.onelogin.com.

RecoveryPolicyRules struct
groupsList of GroupRecoveryPolicy

A list of policies to apply based on an Account's group membership.
When Nametag evaluates policy, the first entry in this list that matches will be applied. If no group matches, then the default policy is applied.

defaultRecoveryPolicy

The default policy when the account is not a member of any of the groups in the groups field.


GroupRecoveryPolicy struct
groupDirectoryGroup

The group to which this policy applies.

policyRecoveryPolicy

The policy to apply when the account is a member of the group.


DirectoryGroup struct
directory_immutable_identifierstring

The unique identifier for the group.

namestring

The display name of the group.


RecoveryPolicy enum
name_match

The operation can proceed if the name on the account matches the person's legal name. If the Account is augmented with a birth date, then the birth date must match. If the account is augmented with a photo, then only the photo must match.

name_and_birth_date

The operation can proceed if both the name and birth date match between the Account and the person's ID. If the account is augmented with a photo, then only the photo must match.

photo

The operation can only proceed if the account is augmented with a photo and the photo matches the person's ID.

disabled

The operation is disabled.

Delete

Deletes a directory

Method: DELETE

URL: https://nametag.co/api/directories/DIRECTORY-ID

Request: none

Response: none

Synchronize

Trigger synchronization of the directory.

Note: Synchronization happens automatically once per hour.

Method: POST

URL: https://nametag.co/api/directories/DIRECTORY-ID/sync

Request: none

Response: none

Authorize

Return a URL, which when visited in a browser, will initiate or refresh the connection between Nametag and the directory. Completing this flow will replace any existing authorization, if present.

Method: GET

URL: https://nametag.co/api/directories/DIRECTORY-ID/authorize

Request: none

Response:

OAuth2AuthorizeResponse struct
redirect_urlstring

The URL to redirect the user to authorize the directory.

API Keys

As mentioned in Authentication above, API keys are used to authenticate request to the Nametag API. An API key may be global (meaning it applies to all Environments), or it may be local (it applies only to one environment).

List

List the API Keys that you have access to.

Method: GET

URL: https://nametag.co/api/apikeys

Authentication: API key

Response:

ListAPIKeysResponse struct
apikeysList of APIKey

A list of API keys

Each item of apikeys is an object that contains the following fields:

APIKey struct
idstring

The unique identifier for the API key

namestring

A descriptive name for the API key

created_atRFC 3339 date-time string

When the API key was created

enabledboolean
envsList of string

The unique identifier for the environments this API key belongs to, or ["*"] if the key applies to all environments.

roleRole

The role assigned to the API key. The role determines what actions the API key can perform.

Example:

$ curl -u :$APIKEY https://nametag.co/api/apikeys
{
  "apikeys": [
    {
      "id": "06c6a11a-c78e-488f-9b58-f73362309ea0",
      "envs": ["*"],
      "name": "Staging API Key",
      "created_at": "2022-03-15T22:39:59Z",
      "role": "admin",
      "enabled": true
    }
  ]
}

Create

Create a new API key. This request takes an optional name for the API key to create and returns the newly created API key secret string that must be stored for future usage.

Note: The full API key secret is not stored by Nametag, so be sure to copy the response somewhere safe.

Method: POST

URL: https://nametag.co/api/apikeys

Authentication: API key

Request:

CreateAPIKeyRequest struct
namestring (optional)

A descriptive name for the API key

enabledboolean (optional)

true if the API key is enabled, or false if it cannot be used.

envsList of string

The unique identifier for the environments this API key belongs to, or ["*"] if the key applies to all environments.

roleRole (optional)

The role to be associated with the API key. The role determines what actions the API key can perform.

Response:

CreateAPIKeyResponse struct
idstring

The unique identifier for the API key

keystring

The full secret API key

Example: Creating a global API key

curl -u :$APIKEY \
  -X POST \
  https://nametag.co/api/apikeys \
  -d '{
  "name": "Staging API Key",
  "role": "admin",
  "enabled": true
}'
{
  "id": "3p0wjj3b7vyia5",
  "key": "3p0wjj3b7vyia5V2JCNoO3TqHpjT"
}

Example: Creating an environment-scoped API key

curl -u :$APIKEY \
  -X POST \
  https://nametag.co/api/apikeys \
  -d '{
  "name": "Staging API Key",
  "envs": ["obo0jukwhhlbo8"],
  "role": "user",
  "enabled": true
}'
{
  "id": "3p0wjj3b7vyia5",
  "key": "3p0wjj3b7vyia5V2JCNoO3TqHpjT"
}

Get

Fetch information about an API key

Method: GET

URL: https://nametag.co/api/apikeys/API-KEY-ID

Authentication: API key

Request: none

Response: an APIKey object

curl -u :$APIKEY \
  https://nametag.co/api/apikeys/3p0wjj3b7vyia5
{
  "id": "3p0wjj3b7vyia5",
  "envs": ["obo0jukwhhlbo8"],
  "name": "Staging API Key",
  "created_at": "2022-03-15T22:39:59Z",
  "role": "user",
  "enabled": true
}