Auth API
Self-serve account creation · email verification · login · application keys.
Workflows
The 5 built-in verification recipes plus your custom workflows.
Sessions
One verification run per user. Idempotent on
vendor_data.Compliance Lookup
Free on-chain read · “is this agent verified?”
Identity & Documents
Standalone primitives — ID verification, PoA, AML, face match.
Webhook Destinations
Multi-destination webhook config with HMAC signing.
Billing
Credit balance + Stripe-powered top-up.
KYC Catalog
Country × document-type matrix (free).
Errors & rate limits
Status codes, retry semantics, 429 handling.
Base URLs
| Surface | Host |
|---|---|
| Identity API (verification + management) | https://identity.contra.id |
| Auth API (account + applications) | https://auth.contra.id |
Authentication summary
| Surface | Header |
|---|---|
| Register / Verify Email / Login | (unauthenticated) |
| Get Credentials / Create Application | Authorization: Bearer <access_token> |
Everything else (/v1/*) | x-api-key: <api_key> |
Rate limits
| Endpoint family | Limit |
|---|---|
| Auth API | 5 register / IP / hour |
| Workflows / Sessions | 300 req / min |
| Session creation | 600 req / min |
| Compliance Lookup (free) | 1000 req / min |
| Webhook Destinations | 60 req / min |
Retry-After header — back off exponentially.