Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.descovo.com/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the Descovo API must include your API key. The key travels in different positions depending on the HTTP method: in the JSON body for write operations and as a query parameter for read operations. Descovo validates the key on every call and charges credits against the account it belongs to.

Get an API key

Sign up at descovo.com/sign-up to create an account and generate your first API key. You can create additional keys from your dashboard at any time — for example, to use separate keys for development and production environments.

Pass your key in requests

POST, PATCH, and PUT requests

Include apiKey as a top-level field in the JSON request body: 
{
  "apiKey": "sk_live_xxx",
  "searchParams": {
    "...": "your filters"
  }
}

GET and DELETE requests

Pass apiKey as a query string parameter: 
GET /v1/credits?apiKey=sk_live_xxx
The auth pattern is consistent across all Descovo endpoints. POST bodies always include apiKey as the first field, and GET/DELETE requests always pass it in the query string.

Authentication errors

If your API key is missing, incorrect, or revoked, the API returns a 401 status: 
{
  "error": {
    "code": 401,
    "message": "Invalid API key."
  }
}
Check that you are using the correct key and that it has not been rotated or deleted. If the error persists, generate a new key from your dashboard.

Example: authenticated request body

The following shows a minimal authenticated request to the people search endpoint: 
{
  "apiKey": "sk_live_xxx",
  "searchParams": {
    "jobTitleV2": {
      "included": ["VP Engineering"]
    },
    "country3LetterCode": ["USA"]
  },
  "pageSize": 25,
  "cursor": null
}

Security best practices

Never commit your API key to version control or paste it into public forums. If a key is leaked, rotate it immediately from your dashboard.
  • Store your key in an environment variable such as DESCOVO_API_KEY and read it at runtime.
  • Use separate keys for different environments (development, staging, production) so you can revoke one without affecting others.
  • Rotate keys periodically as part of your security policy.
  • Restrict access to the key to only the services that need it.