← Back to sign in

Trouble signing in?

The Veil uses magic-link sign-in for the dashboard and API keys for integrations. No passwords. Here is how each works, and what to try if something goes wrong.

How magic-link sign-in works

For dashboard access
  1. Enter your work email on the sign-in page.
  2. We send a one-time link to that email. The link is valid for 15 minutes, single-use.
  3. Click the link on the same device you started from. For browser security, links don't transfer between devices.
  4. You're in. Sessions persist for 30 days; we'll re-ask after that.

How API-key auth works

For SDK and integrations

Generate a key from your account dashboard after signing in. Set it on your requests:

Authorization: Bearer veil_live_8f3a92c1...

Production keys use the veil_live_ prefix. Solo Free developer keys use the dsa_ prefix and authenticate against the gateway control plane. Lost keys can't be recovered — generate a new one and revoke the old.

Magic link not arriving — checklist

99% of cases land here
  • Check spam, promotions, and "other" folders. Sender domain is dsaveil.io.
  • Verify the email — magic links are case-sensitive on the local part. M.Schmidt@ and m.schmidt@ are different mailboxes per RFC 5321. We honor exactly what you typed.
  • Add the sender to your IT allowlist if your company filter is strict. dsaveil.io publishes SPF, DKIM, and DMARC — share that with your IT team.
  • Wait 60 seconds before requesting another link. Generation is rate-limited per address to prevent flooding.
  • Try a different browser. Some old browser extensions intercept the redirect that completes sign-in.
  • Check the Outlook "Focused" tab if you use it — system-generated mail often lands in the "Other" tab.

Common errors — what they mean

For magic links
  • "Link expired"Links live for 15 minutes. Request a new one — same email, same screen, no penalty.
  • "Already used"Magic links are single-use. Request a new link.
  • "Browser blocked it"Strict tracking-prevention can block the redirect that completes sign-in. Disable it for one redirect, then re-enable it.
  • "Email not recognized"No account exists for this address. Create an account instead.

API-key errors — what they mean

For SDK and integration calls
  • 401 UnauthorizedKey revoked, rotated, or expired. Generate a new key from your account dashboard.
  • 403 ForbiddenQuota exceeded, or the tier doesn't include the requested endpoint. Solo Free has a 500 req/month cap and is BYOK; Solo Pro is BYOK with a higher cap (waitlist); Enterprise is contract-scoped. Check usage and tier scope.
  • 429 Too Many RequestsRate limit. The response includes Retry-After. If you need higher limits, talk to us.
  • 5xx Server errorOur problem, not yours. Retry with exponential backoff; if it persists, email [email protected] with the request ID.