Getting Started

Account & API Keys

Create your organisation, manage API keys, and understand the authentication model that keeps your agents secure.

On this page
Creating an Organisation API Keys Rotating Your API Key Authentication Model Logging In

Creating an Organisation

Every VerifiedProxy account starts with an organization. Your org is the top-level entity that owns agents and their credentials.

Sign Up via Web

Visit the signup page and fill in your details:

url 
https://app.verifiedproxy.com/signup
Field Requirements
Organization Name Required. Your company or team name.
Email Required. Must be unique across all organizations.
Password Required. Minimum 8 characters.

After signup, you're redirected to your dashboard where your API key is displayed.

API Keys

Your organization API key is used to register agents. It follows this format:

format 
vp_sk_live_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6
Prefix Meaning
vp_sk_live_ VerifiedProxy secret key, live environment
🔒
Your API key is shown only once. Copy it immediately after signup or after rotating. It's hashed server-side using SHA-256 and cannot be retrieved later.

Using Your API Key

Include the API key in the Authorization header when calling protected endpoints (like agent registration):

curl 
curl -X POST https://app.verifiedproxy.com/api/agents/register \
  -H "Authorization: Bearer vp_sk_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name": "My Agent", "scopes": ["browse"]}'

Rotating Your API Key

If your API key is compromised or you want to rotate it for security, use the dashboard:

  1. Log in at app.verifiedproxy.com/login
  2. Navigate to your dashboard
  3. Click the Rotate API Key button
  4. Confirm the action (this invalidates the old key immediately)
  5. Copy and store the new key
⚠️
Rotating your API key immediately invalidates the previous key. Any scripts or CI/CD pipelines using the old key will fail. Existing agents and their secrets are not affected by key rotation.

Authentication Model

VerifiedProxy uses a two-tier authentication system:

Credential Used For Who Has It
Org API Key Registering new agents Organization admin
Agent Secret Creating sessions (via proxy) Agent's local machine only

Key Security Principles

  • Secrets stay local. Agent secrets are only used by the local proxy to authenticate with the VerifiedProxy API. They are never sent to target websites.
  • Hashed at rest. Both API keys and agent secrets are hashed (SHA-256) before storage. The plaintext is never persisted.
  • Passwords use bcrypt. User passwords are hashed with bcrypt for additional protection against brute-force attacks.
  • Public verification. The verify endpoint requires no authentication, enabling any website to check agent identity without shared credentials.

Logging In

Use your email and password to access the dashboard:

url 
https://app.verifiedproxy.com/login

After login, you can view your agents, stats (agent count, total sessions), and manage your account.

Previous ← Quick Start