Docs · For developers

API reference

The complete VirtualID v1 API. Every endpoint is documented with request and response schemas, realistic examples, and success + error cases.

Try it live. The reference below is interactive. Expand any endpoint, hit Try it outExecute, and the request runs against the live API. Request bodies come pre-filled with sensible, ready-to-send values — for most calls you can just click Execute without editing anything. Open the full API console →

Authorizing requests

Most endpoints require a session. Obtain an access_token from a passkey login/finish (or register/finish) call, then click Authorize at the top of the console and paste it. Unauthenticated endpoints (health probes, register/begin, login/begin, username check, public profile lookup) work without any token.

The reference reflects the shipped v1 surface: passkey register/login (begin + finish), username availability check, DPoP-bound token renewal, the cross-device join flow (issue/redeem/approve/deny/finish), profiles + avatars, the field-exposure matrix, share links, contacts/subscribers with private notes and labels, and the public profile tier. OAuth/social login, CardDAV, webhooks, and a server-side field-type catalog are planned but not part of the v1 contract.