> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vouchmark.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Verify your first company in five minutes.

This guide gets you from zero to a verified company with a Vouchmark Score. You can do every step in the dashboard or via the API — both paths are shown.

## 1. Create an account

<Steps>
  <Step title="Sign up">
    Call `POST /v1/signup` (or sign up at [vouchmark.com](https://vouchmark.com)). The API emails a six-digit verification code and returns `{ "success": true, "data": { "requiresVerification": true, "userId": "usr_..." } }`. No tokens are issued yet.

    ```bash theme={null}
    curl -X POST https://api.vouchmark.com/v1/signup \
      -H "Content-Type: application/json" \
      -d '{"email":"you@example.com","password":"••••••••","name":"Ada"}'
    ```
  </Step>

  <Step title="Verify your email">
    Submit the code with `POST /v1/verify-email`. You cannot log in until the email is verified — logging in early returns `403` with `data.requiresVerification: true` and re-sends the code.

    ```bash theme={null}
    curl -X POST https://api.vouchmark.com/v1/verify-email \
      -H "Content-Type: application/json" \
      -d '{"email":"you@example.com","code":"123456"}'
    ```
  </Step>

  <Step title="Log in (API only)">
    Call `POST /v1/login`. On success it **sets httpOnly session cookies** (`token`, `refreshToken`, and a non-httpOnly `vm_session`). The JSON body confirms success but contains no tokens. For server-to-server calls, read the `token` cookie value and send it as `Authorization: Bearer <token>` on later requests. The access token lives \~15 minutes; refresh with `POST /v1/refresh-token`.

    ```bash theme={null}
    curl -i -X POST https://api.vouchmark.com/v1/login \
      -H "Content-Type: application/json" \
      -d '{"email":"you@example.com","password":"••••••••"}'
    ```
  </Step>
</Steps>

See [Authentication](/authentication) for the full cookie, Bearer, and refresh flow.

## 2. Claim a company

A "company" in Vouchmark is keyed by **RC number** (or business name registration). Claiming a company links it to your account and lets you run verifications against it.

<CodeGroup>
  ```bash Dashboard theme={null}
  Go to Companies → New → enter your RC number. We auto-fill name, registration date, and directors from CAC.
  ```

  ```bash API theme={null}
  curl -X POST https://api.vouchmark.com/v1/send-claim-otp \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"companyId":"cmp_..."}'
  ```
</CodeGroup>

You'll get an OTP at the registered company contact. Confirm it via `POST /v1/verify-claim-otp` to take ownership.

## 3. Run verifications

Once a company is claimed, kick off the four checks that make up a Vouchmark Score.

<AccordionGroup>
  <Accordion title="CAC — confirms the company exists and is active" icon="building">
    Returns directors, share capital, registration status. See [Company (CAC) Verification](/verifications/company-cac).
  </Accordion>

  <Accordion title="FIRS TIN — confirms tax registration" icon="receipt">
    Looks up the Tax Identification Number via the JTB resolver and matches the taxpayer name. See [Tax (FIRS TIN) Verification](/verifications/tax-firs-tin).
  </Accordion>

  <Accordion title="Bank — confirms the operating account belongs to the company" icon="building-columns">
    Reads transaction history and matches the account name. See [Bank Verification](/verifications/bank).
  </Accordion>

  <Accordion title="Shareholders — verifies ownership" icon="users">
    Confirms each director/shareholder with government ID. See [Shareholders](/verifications/shareholders).
  </Accordion>
</AccordionGroup>

## 4. Read the score

The [Vouchmark Score](/concepts/vouchmark-score) is computed automatically as verifications complete. Pull it from the dashboard or:

```bash theme={null}
curl https://api.vouchmark.com/v1/dashboard/vouchmark \
  -H "Authorization: Bearer $TOKEN"
```

A company at 100 has cleared every check. Below 60 you should treat results as preliminary.

## 5. Publish a Trust Badge

A verified company can mint a public [Trust Badge](/concepts/trust-badge) — a JWT-signed badge you embed on the company website. Anyone can hit `GET /v1/trust-badge/verify?token=...` to confirm it.

## Next

<CardGroup cols={2}>
  <Card title="Set up Smart Sentinel" icon="radar" href="/concepts/smart-sentinel">
    Continuous monitoring after verification.
  </Card>

  <Card title="Browse the API Reference" icon="code" href="/api-reference/introduction">
    Every endpoint, with examples.
  </Card>
</CardGroup>
