Creating Verification Providers

Verification providers prove ownership of packages and repositories so you can link SDKs to your tool. You can create providers at the organization level or scope them to a specific tool.

​

Global vs. tool-scoped providers

​

Access scope

When creating a global verification provider, choose one of these scopes:

• All tools: The provider is available to every tool in the organization.
• Selected tools: The provider is available only to the tools you assign.

Use All tools when the same scope or organization is shared broadly. Use Selected tools when access should stay limited.

​

Create a verification provider

1. Go to Dashboard → Verification Providers.
2. Click Add provider and choose npm, PyPI, or GitHub.
3. Complete the verification flow.
4. Set the access scope.
5. If needed, select the tools that can use the provider.

You can also create providers from a tool’s APIs & SDKs page in the Verification Providers tab.

​

Link providers to SDKs

When adding an SDK manually or importing one from a registry:

1. Open your tool and go to APIs & SDKs.
2. Add or import the SDK.
3. Choose the appropriate verification provider.

For Go modules, use a GitHub verification provider to verify repository ownership. For npm, PyPI, Maven, and NuGet, the provider verifies scope or namespace ownership during import.

​

Provider labels

On the tool’s APIs & SDKs → Verification Providers tab, each provider shows a label:

• Global: Provider created at the organization level
• This tool: Provider created specifically for that tool

​

Best practices

• Create global providers when multiple tools share the same npm scope, PyPI namespace, or GitHub org.
• Use Selected tools to avoid exposing providers unnecessarily.
• Keep tokens and API keys secure.
• Verify providers before adding SDKs so import and verification succeed cleanly.