Redential API

The Redential API lets staffing agencies, talent marketplaces, ATS tools and AI platforms create verification sessions from their own product. Redential verifies real work: GitHub evidence, a live technical defense against the candidate's own code, and ownership and integrity signals. You get back a credential result you can trust.

Redential is not a marketplace, not an ATS and not an AI interviewer. It is an independent credentialing layer: you keep your own flow, candidates keep a portable credential that belongs to them, and you get independent proof.

API access is currently available for selected partners. Tell us about your product and we'll get you a key.

How it works

01Create a sessionPOST the candidate's email, the role, and the skills you want verified (from their CV). You get back a secure verification link.
02Send the linkDeliver it through your own channel: your app, email, anything. No separate signup: the candidate authenticates with GitHub in one click.
03The candidate proves the workThey pick a real repository, and complete a ~5 minute live walkthrough that Redential validates against their actual code.
04Read the resultPoll the session until it's completed, then fetch the credential result: verified skills, scores, integrity risk, evidence URL and follow-up questions.

Base URL

All API requests go to:

Base URL
https://api.redential.com

All endpoints are versioned under /v1. Responses are JSON. There is a single production environment; test with a candidate you control (for example, yourself).

Authentication

Every request is authenticated with your partner API key in the Authorization header:

Header
Authorization: Bearer rdk_your_api_key

Each partner has its own key. You can view and rotate it from your Redential workspace (topbar → API key), or request one by email. Rotating a key invalidates the previous one immediately. A missing or invalid key returns 401.

Keep the key server-side. Never ship it in client code: anyone holding it can create sessions and read your candidates' results.

Session statuses

StatusMeaning
pendingCreated. The candidate hasn't opened the link yet.
startedThe candidate opened the link. Stays here until the defense completes.
completedDefense done with at least one skill backed. credential_id is set.
expiredThe link expired (14 days after creation) before completion.
failedReserved. Not emitted automatically today; handle it defensively.
needs_reviewReserved for manual integrity review. Not emitted automatically today.

Errors

Errors return a JSON body { "error": "..." } with a conventional status code:

CodeMeaning
400Invalid body, missing required fields, or invalid email. The message says which.
401Missing or invalid API key, or suspended account.
404The session or credential doesn't exist, or belongs to another partner. Deliberately indistinguishable.
409Conflict: for example, the session already completed or expired.
500Something failed on our side. Safe to retry.
POST/v1/verification-sessions

Creates a verification session and returns the secure verification link for the candidate.

Request body

FieldTypeDescription
candidate_email *stringThe candidate's email, as you know it (from the CV or your system).
role *stringThe role you're verifying for. Shown to the candidate and used in the credential title.
client_reference_id *stringYour internal id for this candidate. Echoed back in webhooks so you can reconcile.
candidate_namestringDisplay name, shown on the verification page.
claimed_skillsstring[]The skills to verify, usually from the CV. These become the defense checklist.
repo_urlstringOptional. If provided, Redential uses it as a suggested repo. Otherwise the candidate connects GitHub and selects work during verification.
return_urlstringWhere to send the candidate after completion (a “Return to partner” button).
Request
curl -X POST https://api.redential.com/v1/verification-sessions \
  -H "Authorization: Bearer rdk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "candidate_email": "dev@email.com",
    "candidate_name": "Juan Belmont",
    "role": "AI Backend Engineer",
    "claimed_skills": ["Python", "PostgreSQL", "RAG"],
    "client_reference_id": "candidate_123",
    "return_url": "https://yourapp.com/applications/123"
  }'
Response · 201
{
  "session_id": "ver_abc123",
  "verification_link": "https://www.redential.com/verify/ver_abc123",
  "credential_id": null,
  "status": "pending"
}

Send verification_link to the candidate through your own channel. Links expire 14 days after creation.

GET/v1/verification-sessions/:session_id

Returns the current state of a session. Poll this until status is completed, then fetch the credential. You can only read your own sessions.

Response · 200
{
  "session_id": "ver_abc123",
  "status": "completed",
  "candidate_email": "dev@email.com",
  "role": "AI Backend Engineer",
  "credential_id": "cred_123",
  "verified_identity": {
    "github_username": "jppblue",
    "account_email": "jp@personal.com",
    "email_matches_candidate": false
  },
  "created_at": "2026-07-06T12:00:00.000Z",
  "started_at": "2026-07-06T12:04:11.000Z",
  "completed_at": "2026-07-06T12:19:42.000Z",
  "expires_at": "2026-07-20T12:00:00.000Z"
}

verified_identity is null until the candidate signs in with GitHub. See Verified identity for how to read it.

GET/v1/credentials/:credential_id

The final credential result, built from the candidate's actual defense: which claimed skills the live walkthrough backed against their real code, and the repository's ownership and integrity signals.

Response · 200
{
  "credential_id": "cred_123",
  "status": "verified",
  "title": "AI Backend Engineer L3",
  "role": "AI Backend Engineer",
  "role_fit_score": 87,
  "ownership_score": 91,
  "integrity_risk": "low",
  "verified_skills": ["Python", "PostgreSQL"],
  "supported_skills": ["RAG"],
  "missing_signals": [],
  "unsupported_claims": [],
  "evidence_url": "https://www.redential.com/e/cred_123",
  "public_profile_url": "https://www.redential.com/u/jp",
  "verified_identity": {
    "github_username": "jppblue",
    "account_email": "jp@personal.com",
    "email_matches_candidate": false
  },
  "recommended_followups": [
    "Ask about production evals.",
    "Probe scaling assumptions behind the reviewed code."
  ],
  "last_verified_at": "2026-07-06T12:19:42.000Z"
}

Credential result fields

FieldMeaning
titleRole plus level (L2–L4), derived from role_fit_score.
role_fit_score0–100. Confidence-weighted coverage of the claimed skills in the live defense.
ownership_score0–100. How much of the defended repository is actually the candidate's (commit authorship resolved by GitHub).
integrity_risklow / medium / high. From repository integrity signals: forks, thin or burst history, low ownership.
verified_skillsClaimed skills the defense backed with high confidence.
supported_skillsClaimed skills backed with medium or low confidence.
missing_signalsClaimed skills the defense did not back. Ask about these in your interview.
unsupported_claimsReserved for contradiction detection. Always empty today.
evidence_urlPublic evidence page for this credential. Shareable with your client.
public_profile_urlThe developer's full Redential profile, when public. Their whole record, not just this credential.
recommended_followupsSuggested interview questions based on what the defense did and didn't cover.

Verified identity

verified_identity tells you who actually completed the verification: the GitHub account that signed in through your link.

Read email_matches_candidate: false as a signal, not as fraud. Most developers use a different email on GitHub than on their CV. The reliable cross-check is github_username: compare it against the GitHub on the candidate's CV or application. The strong identity anchor is the combination of the GitHub account that owns the code and the live voice defense.

Evidence page

Every credential has a public evidence page at redential.com/e/<credential_id>: the credential title, scores, skills by tier, integrity risk and who verified. It requires no login (the unguessable id is the access token), so you can link it directly from your product or share it with your client as independent proof.

Webhooks

Webhook delivery is on the near-term roadmap. When a credential completes, Redential will POST this payload to your configured endpoint, signed:

credential.completed
{
  "event": "credential.completed",
  "session_id": "ver_abc123",
  "credential_id": "cred_123",
  "client_reference_id": "candidate_123",
  "status": "verified"
}

Until then, poll Get session status. client_reference_id is echoed back so you can reconcile against your own records.

Questions, or ready to integrate? Request API access

← Platform overview