Redential API
The Redential API lets staffing agencies, talent marketplaces, ATS tools and AI platforms create verification sessions from their own product. Redential verifies real work: GitHub evidence, a live technical defense against the candidate's own code, and ownership and integrity signals. You get back a credential result you can trust.
Redential is not a marketplace, not an ATS and not an AI interviewer. It is an independent credentialing layer: you keep your own flow, candidates keep a portable credential that belongs to them, and you get independent proof.
How it works
Base URL
All API requests go to:
https://api.redential.com
All endpoints are versioned under /v1. Responses are JSON. There is a single production environment; test with a candidate you control (for example, yourself).
Authentication
Every request is authenticated with your partner API key in the Authorization header:
Authorization: Bearer rdk_your_api_key
Each partner has its own key. You can view and rotate it from your Redential workspace (topbar → API key), or request one by email. Rotating a key invalidates the previous one immediately. A missing or invalid key returns 401.
Session statuses
| Status | Meaning |
|---|---|
| pending | Created. The candidate hasn't opened the link yet. |
| started | The candidate opened the link. Stays here until the defense completes. |
| completed | Defense done with at least one skill backed. credential_id is set. |
| expired | The link expired (14 days after creation) before completion. |
| failed | Reserved. Not emitted automatically today; handle it defensively. |
| needs_review | Reserved for manual integrity review. Not emitted automatically today. |
Errors
Errors return a JSON body { "error": "..." } with a conventional status code:
| Code | Meaning |
|---|---|
| 400 | Invalid body, missing required fields, or invalid email. The message says which. |
| 401 | Missing or invalid API key, or suspended account. |
| 404 | The session or credential doesn't exist, or belongs to another partner. Deliberately indistinguishable. |
| 409 | Conflict: for example, the session already completed or expired. |
| 500 | Something failed on our side. Safe to retry. |
Creates a verification session and returns the secure verification link for the candidate.
Request body
| Field | Type | Description |
|---|---|---|
| candidate_email * | string | The candidate's email, as you know it (from the CV or your system). |
| role * | string | The role you're verifying for. Shown to the candidate and used in the credential title. |
| client_reference_id * | string | Your internal id for this candidate. Echoed back in webhooks so you can reconcile. |
| candidate_name | string | Display name, shown on the verification page. |
| claimed_skills | string[] | The skills to verify, usually from the CV. These become the defense checklist. |
| repo_url | string | Optional. If provided, Redential uses it as a suggested repo. Otherwise the candidate connects GitHub and selects work during verification. |
| return_url | string | Where to send the candidate after completion (a “Return to partner” button). |
curl -X POST https://api.redential.com/v1/verification-sessions \
-H "Authorization: Bearer rdk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"candidate_email": "dev@email.com",
"candidate_name": "Juan Belmont",
"role": "AI Backend Engineer",
"claimed_skills": ["Python", "PostgreSQL", "RAG"],
"client_reference_id": "candidate_123",
"return_url": "https://yourapp.com/applications/123"
}'{
"session_id": "ver_abc123",
"verification_link": "https://www.redential.com/verify/ver_abc123",
"credential_id": null,
"status": "pending"
}Send verification_link to the candidate through your own channel. Links expire 14 days after creation.
Returns the current state of a session. Poll this until status is completed, then fetch the credential. You can only read your own sessions.
{
"session_id": "ver_abc123",
"status": "completed",
"candidate_email": "dev@email.com",
"role": "AI Backend Engineer",
"credential_id": "cred_123",
"verified_identity": {
"github_username": "jppblue",
"account_email": "jp@personal.com",
"email_matches_candidate": false
},
"created_at": "2026-07-06T12:00:00.000Z",
"started_at": "2026-07-06T12:04:11.000Z",
"completed_at": "2026-07-06T12:19:42.000Z",
"expires_at": "2026-07-20T12:00:00.000Z"
}verified_identity is null until the candidate signs in with GitHub. See Verified identity for how to read it.
The final credential result, built from the candidate's actual defense: which claimed skills the live walkthrough backed against their real code, and the repository's ownership and integrity signals.
{
"credential_id": "cred_123",
"status": "verified",
"title": "AI Backend Engineer L3",
"role": "AI Backend Engineer",
"role_fit_score": 87,
"ownership_score": 91,
"integrity_risk": "low",
"verified_skills": ["Python", "PostgreSQL"],
"supported_skills": ["RAG"],
"missing_signals": [],
"unsupported_claims": [],
"evidence_url": "https://www.redential.com/e/cred_123",
"public_profile_url": "https://www.redential.com/u/jp",
"verified_identity": {
"github_username": "jppblue",
"account_email": "jp@personal.com",
"email_matches_candidate": false
},
"recommended_followups": [
"Ask about production evals.",
"Probe scaling assumptions behind the reviewed code."
],
"last_verified_at": "2026-07-06T12:19:42.000Z"
}The verification link
The link opens a Redential-hosted page where the candidate completes the whole verification. No separate signup: they authenticate with GitHub in one click, which is also the source of the evidence.
When the defense backs at least one claimed skill, the session completes automatically and the credential is created. If nothing is backed, the session stays started and the candidate can retry.
Credential result fields
| Field | Meaning |
|---|---|
| title | Role plus level (L2–L4), derived from role_fit_score. |
| role_fit_score | 0–100. Confidence-weighted coverage of the claimed skills in the live defense. |
| ownership_score | 0–100. How much of the defended repository is actually the candidate's (commit authorship resolved by GitHub). |
| integrity_risk | low / medium / high. From repository integrity signals: forks, thin or burst history, low ownership. |
| verified_skills | Claimed skills the defense backed with high confidence. |
| supported_skills | Claimed skills backed with medium or low confidence. |
| missing_signals | Claimed skills the defense did not back. Ask about these in your interview. |
| unsupported_claims | Reserved for contradiction detection. Always empty today. |
| evidence_url | Public evidence page for this credential. Shareable with your client. |
| public_profile_url | The developer's full Redential profile, when public. Their whole record, not just this credential. |
| recommended_followups | Suggested interview questions based on what the defense did and didn't cover. |
Verified identity
verified_identity tells you who actually completed the verification: the GitHub account that signed in through your link.
Read email_matches_candidate: false as a signal, not as fraud. Most developers use a different email on GitHub than on their CV. The reliable cross-check is github_username: compare it against the GitHub on the candidate's CV or application. The strong identity anchor is the combination of the GitHub account that owns the code and the live voice defense.
Evidence page
Every credential has a public evidence page at redential.com/e/<credential_id>: the credential title, scores, skills by tier, integrity risk and who verified. It requires no login (the unguessable id is the access token), so you can link it directly from your product or share it with your client as independent proof.
Webhooks
Webhook delivery is on the near-term roadmap. When a credential completes, Redential will POST this payload to your configured endpoint, signed:
{
"event": "credential.completed",
"session_id": "ver_abc123",
"credential_id": "cred_123",
"client_reference_id": "candidate_123",
"status": "verified"
}Until then, poll Get session status. client_reference_id is echoed back so you can reconcile against your own records.
Questions, or ready to integrate? Request API access
← Platform overview