# Authentication

All API requests require a VeriMails API key in the `Authorization` header.

```http
Authorization: Bearer YOUR_API_KEY
```

Keep API keys server-side. Do not expose them in browser JavaScript, public repositories, or client-side mobile apps.

## Example

```bash
curl -X POST https://verimails.com/api/verify/single \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email":"person@example.com"}'
```

## Errors
- `401` means the key is missing or invalid.
- `403` means the key or account cannot access the requested resource.