DEVICEBOUND

Developer Documentation

DeviceBound Verification API · v1 preview

API access is currently in private beta for enterprise partners. To request credentials, contact support@devicebound.us.

Authentication

Authenticate every request with your secret API key in the Authorization header. Keys are issued per environment and can be revoked at any time. Keep keys server-side; never ship them in client code.

Authorization: Bearer db_live_xxxxxxxxxxxxxxxx

Create Verification

Creates a DeviceBound Live verification request and returns the one-time link to deliver to the recipient.

POST https://devicebound.us/api/v1/verifications

{
  "recipient_phone": "+15551234567",
  "requester_name": "Acme Security",   // optional, shown to the recipient
  "delivery": "sms"                    // "sms" | "none" (deliver the link yourself)
}

Sample response:

201 Created

{
  "live_id": "DBL-2026-00000042",
  "status": "pending",
  "verify_url": "https://devicebound.us/live/<one-time-token>",
  "expires_at": "2026-07-10T18:30:00Z"
}

Verify Status

Poll the current state of a verification.

GET https://devicebound.us/api/v1/verifications/DBL-2026-00000042
200 OK

{
  "live_id": "DBL-2026-00000042",
  "status": "verified",              // pending | verified | expired | failed
  "verified_at": "2026-07-10T18:04:12Z",
  "recipient_phone_masked": "•••• ••4567"
}

Webhooks

Register a webhook URL and DeviceBound will POST verification events as they happen, signed with your webhook secret.

POST <your-webhook-url>
X-DeviceBound-Signature: sha256=...

{
  "event": "verification.verified",   // verification.created | .verified | .expired
  "live_id": "DBL-2026-00000042",
  "occurred_at": "2026-07-10T18:04:12Z"
}

Verify the signature by computing an HMAC-SHA256 of the raw body with your webhook secret and comparing it to the header value.

Error Codes

StatusCodeMeaning
400invalid_requestMissing or malformed parameters (e.g. bad phone number).
401unauthorizedMissing or invalid API key.
402payment_requiredThe request is not covered by an active plan or payment.
404not_foundUnknown verification ID.
410expiredThe verification link has expired or was already used.
429rate_limitedToo many requests; retry with backoff.

Sample Request (cURL)

curl -X POST https://devicebound.us/api/v1/verifications \
  -H "Authorization: Bearer db_live_xxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "recipient_phone": "+15551234567",
    "requester_name": "Acme Security",
    "delivery": "sms"
  }'

Powered by DEVICEBOUND™