/v1/sessions

Updated on Apr 30, 2025

Post

/v1/sessions

Creates a verification session with the data specified in the request body

The contents of the request body depends on whether you are using the SDK or the API to capture and send the end-user data, and on what product you are using. Minimum request body is empty verification object.

Once you create the verification session, in return you receive a unique session id and a unique sessionToken that are related to the verification session initiated for the specific end-user.

The response also returns the session URL value (required in the SDK integrations). You can find this in the verification.url parameter.

You can find the sample implementation for Javascript at https://github.com/Veriff/js-integration-demo[↗]

Note: always ensure that you use the correct API URL to send requests. See the API URL section for more info.

Security

API Key

Header parameter namex-auth-client

Your integration's API key (occasionally referred to the "Token", "API public key" or "Publishable key")

Header parameters

vrf-integration-id

string

Your Integration's ID. Required when the flexible API keys solution is used

Body parameters

Session initialization data

Expand All

object

verification

object Required

Verification object

callback

string

The callback URL to where the end-user is redirected after the verification session is completed. Default is visible in the Veriff Customer Portal > Settings. Changing the value in this request body will overwrite the default callback URL, but it will not change the callback URL that is visible in the Customer Portal.

Examplehttps://example.com/callback

person

object

Data about the person being verified

firstName

string

Person's first name

ExampleJohn

lastName

string

Person's last name

ExampleSmith

idNumber

string

Person's national identification number

Example123456789

phoneNumber

string

Person's phone number

Example8888888888

gender

string

Person's gender

Valid values[ "\"M\"", "\"MALE\"", "\"F\"", "\"FEMALE\"" ]

ExampleM

dateOfBirth

string (YYYY-MM-DD)

Person's date of birth

Example1990-01-01

string

Person's email address

Examplejohn.smith@example.com

maritalStatus

string

Person's marital status. Allowed values: single, married, divorced, widowed

Examplesingle

isDeceased

boolean

Person's deceased status. Allowed values: true, false

ExampleFalse

document

object

Data about the document of the person being verified

number

string

Document number, [a-zA-Z0-9] characters only

ExampleB01234567

country

string ( ISO 3166-1 Alpha-2 country code)

Document issuing country

ExampleUS

type

string

Document type

Valid values[ "\"ID_CARD\"", "\"PASSPORT\"", "\"DRIVERS_LICENSE\"", "\"RESIDENCE_PERMIT\"" ]

ExamplePASSPORT

idCardType

string

Document type for the ID card, [a-zA-z] characters only. Only required for Colombia identity verification. One of: CE, CE or TI

ExampleCC

firstIssue

string (YYYY-MM-DD)

Date of the document's first issue

Example2022-01-01

address

object

Data about the address of the person being verified

fullAddress

string

Full address (mandatory only for UK DIATF M1B profile flow)

Example123, Main Street, Your County, Anytown 12345

proofOfAddress

object

Data about the proof of address document of the person being verified

acceptableTypes

Array of object (ProofOfAddressAcceptableTypes)

Accepted types for proof of address document. This parameter should be sent only when using the proof of address solution

object

name

string Required

Name of the accepted proof of address document type

ExampleUTILITY_BILL

vendorData

string

The unique identifier that you created for your end-user. It can be max 1,000 characters long and contain only non-semantic data that can not be resolved or used outside your systems or environments. Veriff returns it unmodified in webhooks and API response payloads, or as null if not provided

Example1234567890

endUserId

string (uuid)

The UUID that you created for your end-user, that can not be resolved or used outside your systems or environments. Veriff returns it unmodified in webhooks and API response payloads, or as null if not provided.

Examplec1de400b-1877-4284-8494-071d37916197

consents

Array of object (CreateSessionConsent)

Array of objects listing the type of consent given. Optional, should be only included for features that require consent

object

type

string

Indicates the feature for which the consent is given

Valid values[ "\"ine\"", "\"bipa\"", "\"aadhaar\"" ]

Exampleine

approved

boolean

If true, indicates that the consent has been given. true is mandatory to start the INE Biometric Database Verification. If false or missing, the session is not created.

ExampleTrue

Responses

200

Created session

Expand All

object

status

string

API request status

Examplesuccess

verification

object

Verification object

string

UUID v4 which identifies the verification session

Example123e4567-e89b-12d3-a456-426614174000

url

string

URL of the verification session. The end-user is redirected here to go through the flow. It is a combination of the baseUrl and the sessionToken

Examplehttps://alchemy.veriff.com/v/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

vendorData

string | null

Example1234567890

host

string

The base url the sessionToken can be used for

Examplehttps://alchemy.veriff.com

status

string

Verification session status

Examplecreated

sessionToken

string

Session-specific token of the verification

ExampleeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

400

Bad request

object

status

string

Valid values[ "\"fail\"" ]

Examplefail

code

string

Example1101

message

string

ExampleValidation failed

401

Unauthorized

object

status

string

Valid values[ "\"fail\"" ]

Examplefail

code

string

Example1101

message

string

ExampleMandatory X-AUTH-CLIENT header containing the API key is missing from the request.

429

Too many requests

object

status

string

Valid values[ "\"fail\"" ]

Examplefail

code

string

Example1004

message

string

ExampleToo many requests.

500

Internal server error

object

status

string

Valid values[ "\"fail\"" ]

Examplefail

code

string

Example1101

message

string

ExampleSomething went wrong

Document Versioning

Article Versioning

Date	Description
Apr 30, 2025	1. New parameters added to request's `verification.person` object: `email`, `maritalStatus` and `isDeceased` for registry checks 2. New header `vrf-integration-id` added to support the new Flexible API keys solution
Apr 22, 2025	`proofOfAddress` object added to support sending proof of address data over API. This parameter is solution-specific, it is not commonly needed.
Mar 12, 2025	Documentation published

Date

Description

Apr 30, 2025

1. New parameters added to request's verification.person object: email, maritalStatus and isDeceased for registry checks

2. New header vrf-integration-id added to support the new Flexible API keys solution

Apr 22, 2025

proofOfAddress object added to support sending proof of address data over API. This parameter is solution-specific, it is not commonly needed.

Mar 12, 2025

Documentation published

Was this article helpful?