Introduction
This documentation aims to provide all the information you need to work with our public API.
Authenticating requests
To authenticate requests, include an
Authorization header with the value
"Bearer {YOUR_AUTH_KEY}".
All authenticated endpoints are marked with a
requires authentication badge in the documentation below.
You can retrieve your API Key by visiting Team settings -> API Keys and clicking the Create button.
To generate an access token, make a POST request to the
/oauth/token endpoint with the authentication request.
Example request:
POST /oauth/token
{
"grant_type": "client_credentials",
"client_id": "Team's Client ID",
"client_secret": "Team's API Key",
"scope": "*"
}Public API
GET clients
requires authentication
Example request:
curl --request GET \
--get "https://app.varify.io/clients" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/clients"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (403):
Show headers
cache-control: no-cache, private
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
cross-origin-resource-policy: same-origin
content-security-policy: base-uri 'self';connect-src 'self' varify.io *.varify.io ip.varify.dev api.getkoala.com pixel-config.reddit.com www.redditstatic.com hubspot.com *.hubspot.com clarity.ms *.clarity.ms consentcdn.cookiebot.com www.google.com google.com api.hubapi.com bat.bing.com px.ads.linkedin.com api.storylane.io *.google-analytics.com www.facebook.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com static.hsappstatic.net;default-src 'none';manifest-src 'self';form-action *;img-src * data: blob:;media-src 'self' varify.io *.varify.io static.hsappstatic.net;object-src 'none';frame-src 'self' varify.io *.varify.io consentcdn.cookiebot.com js.stripe.com www.googletagmanager.com app.hubspot.com doubleclick.net *.doubleclick.net js.hsforms.net forms.hsforms.com;frame-ancestors 'self' varify.io *.varify.io;font-src 'self' varify.io *.varify.io fonts.gstatic.com;style-src 'self' 'unsafe-inline' varify.io *.varify.io fonts.googleapis.com static.hsappstatic.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.varify.io varify.io www.googletagmanager.com consent.cookiebot.com js.stripe.com cdnjs.cloudflare.com consentcdn.cookiebot.com stapecdn.com cdn.getkoala.com www.clarity.ms scripts.clarity.ms www.redditstatic.com js.storylane.io js.hs-scripts.com bat.bing.com js.usemessages.com js.hubspot.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.hsforms.net static.hsappstatic.net connect.facebook.net snap.licdn.com doubleclick.net *.doubleclick.net
set-cookie: XSRF-TOKEN=eyJpdiI6IlQ2SmpmdTFhVnU2Q0ZvREVUcFN6ZVE9PSIsInZhbHVlIjoiWXdOTTZSQnluVHREQ2ZiTDlIeUpCc3V5VENwN05sNGdMeEw1aGUxNUZuSHZTU1YwaXpOUURxT0kxcy9tY3ZoZXcwaE1iTWc5bFdTbGVpdVdEMWR3NmxCaHI3cEtSbmZFQ3ZMTzZ3cUxKZXpBdFFsM3M1LzB2SENnNjVaTmhhSXIiLCJtYWMiOiJlODJhNmU3MDY1MTg3MmNmOTM4ZmJiNDk2YjYxNjgyZjgyMTgzNTA2YTVmM2YzYzI1ZjA3NTg3NjJkYmZhMzBjIiwidGFnIjoiIn0%3D; expires=Thu, 18 Sep 2025 08:47:47 GMT; Max-Age=7200; path=/; secure; samesite=lax; laravel_session=eyJpdiI6ImdVY24zaFFMWGZFcmY0SndzNkxUaWc9PSIsInZhbHVlIjoiYjdTZ1pDeTZqUU03VUZHeUE0c3MxNFBEUC9rNm9DR0R1aDNEMW1DbGoxMXVwMVRsNnRKVG91OVVzMGxhS0pONHpRRGdtd21vS2svZkRteFlqZHpQdjlpbGN6cDNrNWl3MDdCSW55dmEzckU3QkkxcnBIWi9xcGFhTDF1d0JGT2EiLCJtYWMiOiJjZDE4NTA4Mjg5ZGM0YzE2NmVjYjhiYjE4OWEyMDMwZGFjYjI3ZDQ0MGVkZThkZDc5YmYxZWUxZWYyYzg2OWI0IiwidGFnIjoiIn0%3D; expires=Thu, 18 Sep 2025 08:47:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
{
"message": "Your email address is not verified."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET experiments
requires authentication
Example request:
curl --request GET \
--get "https://app.varify.io/experiments" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
set-cookie: XSRF-TOKEN=eyJpdiI6Ind6Q2FtbFMzaDFMMTUzaHhwVGR1bEE9PSIsInZhbHVlIjoiUXhiYUFhdVg3ajRtLzNiRVo1d2dKQWxsbzYxT3ZZTmhjdmhNT2ZtcGhEenpDRnZhRzhmN0ZuSU84K0JjMWhaSUFDOWhBUHVydUE4L3gvR0duY1dSa0lUMU5zNTIwY0N0Z1F5ZkJKTDdsNGZYYWI4QTd6TWJiK2M3VzRJU2RhVm0iLCJtYWMiOiI4ZjM1YjllODQyMmZhNTc0NWEzNWQ4OTUxMzgzY2RlNmY1NjA4OGFiY2Y0MmUwNDdhODFmMjNlNjQzM2Q4ZDA3IiwidGFnIjoiIn0%3D; expires=Thu, 18 Sep 2025 08:47:47 GMT; Max-Age=7200; path=/; secure; samesite=lax; laravel_session=eyJpdiI6Inc0ZEMvcnorcVZqR2t2NWU0TGFJNUE9PSIsInZhbHVlIjoiV2VHeEp3NDVTdWF6NmErejRVcmFlMEgzMWhsNU1DOWVHNHFYR2RVbEdQMGVjQWRVSzhNTk9LUU1ESGxzbzA3dnZvMC9kREwwNlNsdFdzZm40Ulhoa3g5aGdBeW9LbGRBQ3B2SHI5bmFlYmN5d0QyMTd5VkFtNldUaVMzT08rVGoiLCJtYWMiOiIwNDhiZWExNWNmZmU0MmIxOGNmY2RiZjE5MzJlMDNhZDZlZmQ0NTU2NzhjMTU3ZWE2NDkyMjcwMDk1YzdiNDU5IiwidGFnIjoiIn0%3D; expires=Thu, 18 Sep 2025 08:47:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST experiments
requires authentication
Example request:
curl --request POST \
"https://app.varify.io/experiments" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET experiments/{experimentId}
requires authentication
Example request:
curl --request GET \
--get "https://app.varify.io/experiments/564" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments/564"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "GET",
headers,
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
x-ratelimit-limit: 60
x-ratelimit-remaining: 57
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.PATCH experiments/{experimentId}
requires authentication
Example request:
curl --request PATCH \
"https://app.varify.io/experiments/564" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments/564"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "PATCH",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST experiments/{experimentId}/status
requires authentication
Example request:
curl --request POST \
"https://app.varify.io/experiments/564/status" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments/564/status"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST experiments/{experimentId}/duplicate
requires authentication
Example request:
curl --request POST \
"https://app.varify.io/experiments/564/duplicate" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments/564/duplicate"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST experiments/{experimentId}/traffic-allocation
requires authentication
Example request:
curl --request POST \
"https://app.varify.io/experiments/564/traffic-allocation" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments/564/traffic-allocation"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.GET experiments/{experimentId}/report
requires authentication
Example request:
curl --request GET \
--get "https://app.varify.io/experiments/564/report" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--data "{
\"start_date\": \"2025-09-18T06:47:47\",
\"end_date\": \"2025-09-18T06:47:47\",
\"report_type\": \"architecto\",
\"should_exclude_duplicate_user_events\": false
}"
const url = new URL(
"https://app.varify.io/experiments/564/report"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
let body = {
"start_date": "2025-09-18T06:47:47",
"end_date": "2025-09-18T06:47:47",
"report_type": "architecto",
"should_exclude_duplicate_user_events": false
};
fetch(url, {
method: "GET",
headers,
body: JSON.stringify(body),
}).then(response => response.json());Example response (401):
Show headers
cache-control: no-cache, private
content-type: application/json
x-ratelimit-limit: 60
x-ratelimit-remaining: 56
{
"message": "Unauthenticated."
}
Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.POST experiments/{experiment}/toggle-tracking
requires authentication
Example request:
curl --request POST \
"https://app.varify.io/experiments/architecto/toggle-tracking" \
--header "Authorization: Bearer {YOUR_AUTH_KEY}" \
--header "X-Client-Id: 1" \
--header "Content-Type: application/json" \
--header "Accept: application/json"const url = new URL(
"https://app.varify.io/experiments/architecto/toggle-tracking"
);
const headers = {
"Authorization": "Bearer {YOUR_AUTH_KEY}",
"X-Client-Id": "1",
"Content-Type": "application/json",
"Accept": "application/json",
};
fetch(url, {
method: "POST",
headers,
}).then(response => response.json());Received response:
Request failed with error:
Tip: Check that you're properly connected to the network.
If you're a maintainer of ths API, verify that your API is running and you've enabled CORS.
You can check the Dev Tools console for debugging information.