1. Create an account
Sign up
Call
POST /v1/signup (or sign up at vouchmark.com). The API emails a six-digit verification code and returns { "success": true, "data": { "requiresVerification": true, "userId": "usr_..." } }. No tokens are issued yet.Verify your email
Submit the code with
POST /v1/verify-email. You cannot log in until the email is verified — logging in early returns 403 with data.requiresVerification: true and re-sends the code.Log in (API only)
Call
POST /v1/login. On success it sets httpOnly session cookies (token, refreshToken, and a non-httpOnly vm_session). The JSON body confirms success but contains no tokens. For server-to-server calls, read the token cookie value and send it as Authorization: Bearer <token> on later requests. The access token lives ~15 minutes; refresh with POST /v1/refresh-token.2. Claim a company
A “company” in Vouchmark is keyed by RC number (or business name registration). Claiming a company links it to your account and lets you run verifications against it.POST /v1/verify-claim-otp to take ownership.
3. Run verifications
Once a company is claimed, kick off the four checks that make up a Vouchmark Score.CAC — confirms the company exists and is active
CAC — confirms the company exists and is active
Returns directors, share capital, registration status. See Company (CAC) Verification.
FIRS TIN — confirms tax registration
FIRS TIN — confirms tax registration
Looks up the Tax Identification Number via the JTB resolver and matches the taxpayer name. See Tax (FIRS TIN) Verification.
Bank — confirms the operating account belongs to the company
Bank — confirms the operating account belongs to the company
Reads transaction history and matches the account name. See Bank Verification.
Shareholders — verifies ownership
Shareholders — verifies ownership
4. Read the score
The Vouchmark Score is computed automatically as verifications complete. Pull it from the dashboard or:5. Publish a Trust Badge
A verified company can mint a public Trust Badge — a JWT-signed badge you embed on the company website. Anyone can hitGET /v1/trust-badge/verify?token=... to confirm it.
Next
Set up Smart Sentinel
Continuous monitoring after verification.
Browse the API Reference
Every endpoint, with examples.
