Skip to main content
To exchange data with Helium Id, you’ll use your API Keys.

API Key types

There are two types of keys: test keys and live keys.

Test Keys

You use test keys for development. Verification sessions completed in test integrations do not count towards your paid usage. Helium Id does not provide automatic decisions for sessions created in a test integration. You need to trigger the decisions yourself for testing purposes.
Stress testing without prior agreement with Helium Id is not allowed.

Live Keys

You use a live keys for production. It requires a working webhook URL. Verification sessions completed with live keys count towards your paid usage. Helium Id provides decisions for these live sessions.

Create an API Key

You create API Keys in your workspace.
  1. Log in to your workspace.
  2. Navigate to the Developers on the left hand menu.
  3. Click the Add API Key button.
  4. Create a suitable name for your key.
  5. Choose the type of the key (Test or Live).

Find your integration

You can locate your existing integrations in the Customer Portal.
  1. Log in to the Customer Portal.
  2. Navigate to All integrations on the left hand menu.
  3. Find the integration from the list and click on it to view its details and API keys.

Testing guide

If you have an active account with Helium ID, you will have one test integration pre-created for you in the Customer Portal. You use this test integration to test the communication between your system and Helium ID. This helps you see how to handle our responses. You can create more test integrations if needed. We do not bill you for verification sessions generated using test integrations.

Test checklists

Use the following checklist to ensure your integration works correctly.
  • A new session link is generated.
  • Session data is saved with your record.
  • The end-user is granted access to your platform after receiving an approved decision.
  • The end-user is notified about a verification failure after receiving a declined decision.
  • The end-user is prompted to try again after receiving a resubmission decision.
  • At the end of verification, the callback URL redirects back to the correct place in your platform.

Test security

  • Your server should reject a webhook with the wrong API key.
  • Your server should reject a webhook with a mismatched signature.
  • Your server should not break or crash when receiving a webhook with invalid JSON.