Introduction
The ICONIC Board Verification API lets employers, insurers, and platform operators verify practitioner credentials in real-time. Search by credential number or practitioner name to confirm active status, tier information, and expiry dates.
How to get your API key
- Register for an employer account at the Employer Verification Portal.
- Upgrade your plan to Professional or Enterprise to unlock API access. Free-tier accounts do not include API keys.
- Generate a key from your employer dashboard under Settings → API Keys. Keys are prefixed with
ik_live_for production andik_test_for sandbox.
ik_test_ keys during development. Test keys return fixture data and do not count against your rate limit.
Authentication
Authenticate every request using your API key. You can send it as a header (recommended) or as a query parameter.
Header authentication (recommended)
X-API-Key: ik_live_your_api_key_here
Query parameter authentication
GET /api/v1/verify?credential_number=HHC-2025-001&api_key=ik_live_your_api_key_here
Base URL
All API requests should be made to the following base URL:
https://iconic-board.polsia.app/api/v1
All endpoints described in this documentation are relative to this base URL. The API accepts and returns JSON exclusively. Set the Accept: application/json header on all requests.
Rate Limits
Rate limits are enforced per API key and reset at midnight UTC. Check the response headers to monitor your current usage.
| Plan | Requests / Day | Requests / Minute |
|---|---|---|
| Professional | 1,000 | 30 |
| Enterprise | 50,000 | 300 |
| Custom | Unlimited | Custom |
X-RateLimit-Limit: 1000 X-RateLimit-Remaining: 994 X-RateLimit-Reset: 1735689600
API Endpoints
The verification API exposes two endpoints: a search endpoint for looking up credentials by name or number, and a direct-lookup endpoint for verifying a specific credential.
Search for credentials by credential number, practitioner name, or both. At least one query parameter is required.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| credential_number Optional* | string | Full or partial credential number to search (e.g., HHC-2025-001) |
| name Optional* | string | Full or partial practitioner name to search (e.g., Jane Smith) |
credential_number or name is required. You can provide both to narrow results.
Example Request
curl -X GET "https://iconic-board.polsia.app/api/v1/verify?credential_number=HHC-2025-001" \ -H "X-API-Key: ik_live_abc123xyz789"
Example Response
{
"success": true,
"found": true,
"results": [
{
"credential_number": "HHC-2025-001",
"status": "active",
"status_display": "Active",
"tier_code": "HHC",
"tier_name": "Holistic Health Counselor",
"practitioner_name": "Jane Smith",
"location": "New York, NY",
"issued_at": "2025-01-15T00:00:00.000Z",
"expires_at": "2026-01-15T00:00:00.000Z",
"verify_url": "/verify/abc123"
}
]
}
Look up a single credential directly by its credential number. Returns the credential details if found, or an empty result if no match exists.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| credentialNumber Required | string | The exact credential number to verify (e.g., HHC-2025-001) |
Example Request
curl -X GET "https://iconic-board.polsia.app/api/v1/verify/HHC-2025-001" \ -H "X-API-Key: ik_live_abc123xyz789"
Example Response (Found)
{
"success": true,
"found": true,
"results": [
{
"credential_number": "HHC-2025-001",
"status": "active",
"status_display": "Active",
"tier_code": "HHC",
"tier_name": "Holistic Health Counselor",
"practitioner_name": "Jane Smith",
"location": "New York, NY",
"issued_at": "2025-01-15T00:00:00.000Z",
"expires_at": "2026-01-15T00:00:00.000Z",
"verify_url": "/verify/abc123"
}
]
}
Example Response (Not Found)
{
"success": true,
"found": false,
"results": []
}
Status Values
The status field in the response indicates the current state of a credential. Use this to determine whether to accept a practitioner's credential.
| Status | Display | Description | Accept? |
|---|---|---|---|
active |
Active | Credential is current and valid | Yes |
grace_period |
Grace Period | Credential is in renewal grace period (still valid for 30 days past expiry) | Yes |
lapsed |
Lapsed | Credential has lapsed but may be renewed by the practitioner | Conditional |
expired |
Expired | Credential has expired and is no longer valid | No |
suspended |
Suspended | Credential has been suspended pending review | No |
revoked |
Revoked | Credential has been permanently revoked | No |
active and grace_period statuses. For lapsed credentials, consider prompting the practitioner to renew before proceeding.
Error Responses
When an error occurs, the API returns a JSON object with success: false and a descriptive message field.
| Status | Error | Description |
|---|---|---|
| 400 | Bad Request | Missing required query parameters. Provide at least credential_number or name. |
| 401 | Unauthorized | Invalid or missing API key. Check that your X-API-Key header is correct. |
| 403 | Forbidden | Your plan does not include API access. Upgrade to Professional or Enterprise. |
| 429 | Rate Limit Exceeded | Too many requests. Check X-RateLimit-Reset header for when your limit resets. |
| 500 | Internal Server Error | Something went wrong on our end. If this persists, contact support@iconic-board.org. |
Error response format
{
"success": false,
"message": "Invalid or missing API key",
"code": "UNAUTHORIZED"
}
Code Examples
Copy-paste these examples to quickly integrate the verification API into your application.
// Verify a credential by number const verifyCredential = async (credentialNumber) => { const response = await fetch( `https://iconic-board.polsia.app/api/v1/verify/${credentialNumber}`, { method: 'GET', headers: { 'X-API-Key': process.env.ICONIC_API_KEY, 'Accept': 'application/json', }, } ); if (!response.ok) { throw new Error(`API error: ${response.status}`); } const data = await response.json(); if (data.found && data.results[0].status === 'active') { console.log('Credential is valid!'); } return data; }; // Search by practitioner name const searchByName = async (name) => { const params = new URLSearchParams({ name }); const response = await fetch( `https://iconic-board.polsia.app/api/v1/verify?${params}`, { headers: { 'X-API-Key': process.env.ICONIC_API_KEY, }, } ); return response.json(); };
import requests import os API_KEY = os.environ["ICONIC_API_KEY"] BASE_URL = "https://iconic-board.polsia.app/api/v1" def verify_credential(credential_number): """Verify a single credential by its number.""" response = requests.get( f"{BASE_URL}/verify/{credential_number}", headers={"X-API-Key": API_KEY}, ) response.raise_for_status() return response.json() def search_by_name(name): """Search for credentials by practitioner name.""" response = requests.get( f"{BASE_URL}/verify", headers={"X-API-Key": API_KEY}, params={"name": name}, ) response.raise_for_status() return response.json() # Example usage result = verify_credential("HHC-2025-001") if result["found"]: cred = result["results"][0] print(f"{cred['practitioner_name']} - {cred['status_display']}") else: print("Credential not found")
# Verify by credential number (direct lookup) curl -s -X GET \ "https://iconic-board.polsia.app/api/v1/verify/HHC-2025-001" \ -H "X-API-Key: ik_live_abc123xyz789" \ -H "Accept: application/json" | jq '.' # Search by practitioner name curl -s -X GET \ "https://iconic-board.polsia.app/api/v1/verify?name=Jane%20Smith" \ -H "X-API-Key: ik_live_abc123xyz789" | jq '.' # Search by credential number (partial match) curl -s -X GET \ "https://iconic-board.polsia.app/api/v1/verify?credential_number=HHC-2025" \ -H "X-API-Key: ik_live_abc123xyz789" | jq '.' # Using query parameter authentication curl -s -X GET \ "https://iconic-board.polsia.app/api/v1/verify/HHC-2025-001?api_key=ik_live_abc123xyz789" | jq '.'
Webhooks
Get notified in real-time when a practitioner's credential status changes. Webhooks are available exclusively on Enterprise plans and deliver a POST request to your configured endpoint whenever a status transition occurs.
Webhook events
| Event | Description |
|---|---|
| credential.status_changed | Fires when a credential transitions between statuses (e.g., active → grace_period) |
| credential.renewed | Fires when a credential is successfully renewed |
| credential.revoked | Fires when a credential is permanently revoked |
Webhook payload format
{
"event": "credential.status_changed",
"timestamp": "2025-06-15T14:30:00.000Z",
"data": {
"credential_number": "HHC-2025-001",
"practitioner_name": "Jane Smith",
"previous_status": "active",
"new_status": "grace_period",
"changed_at": "2025-06-15T14:30:00.000Z",
"verify_url": "/verify/abc123"
}
}
Webhooks include a X-Iconic-Signature header for payload verification. Compute an HMAC-SHA256 of the raw request body using your webhook secret and compare it to the header value.
Pricing & Plans
Choose the plan that fits your verification needs. All plans include access to the verification search UI. API access requires Professional or higher.
- Unlimited manual lookups
- Credential status checks
- PDF verification letters
- Email support
- Everything in Free
- REST API access
- 1,000 API calls / day
- Sandbox environment
- Priority support
- Everything in Professional
- 50,000+ API calls / day
- Webhook notifications
- Dedicated account manager
- 99.9% uptime SLA