/v1/sessions

Post
/v1/sessions

Creates a verification session with the data specified in the request body

The contents of the request body depends on whether you are using the SDK or the API to capture and send the end-user data, and on what product you are using. Minimum request body is empty verification object.

Once you create the verification session, in return you receive a unique session id and a unique sessionToken that are related to the verification session initiated for the specific end-user. 

The response also returns the session URL value (required in the SDK integrations). You can find this in the verification.url parameter. 


You can find the sample implementation for Javascript at https://github.com/Veriff/js-integration-demo[↗]

Note: always ensure that you use the correct API URL to send requests. See the API URL section for more info.


Security
API Key
Header parameter namex-auth-client

Your integration's API key (occasionally referred to the "Token", "API public key" or "Publishable key")

Header parameters
vrf-integration-id
string

Your Integration's ID. Required when the flexible API keys solution is used

Body parameters

Session initialization data

Expand All
object
verification
object Required

Verification object

callback
string

The callback URL to where the end-user is redirected after the verification session is completed. Default is visible in the Veriff Customer Portal > Settings. Changing the value in this request body will overwrite the default callback URL, but it will not change the callback URL that is visible in the Customer Portal.

Examplehttps://example.com/callback
person
object

Data about the person being verified

firstName
string

Person's first name

ExampleJohn
lastName
string

Person's last name

ExampleSmith
idNumber
string

Person's national identification number

Example123456789
phoneNumber
string

Person's phone number

Example8888888888
gender
string

Person's gender

Valid values[ "\"M\"", "\"MALE\"", "\"F\"", "\"FEMALE\"" ]
ExampleM
dateOfBirth
string (YYYY-MM-DD)

Person's date of birth

Example1990-01-01
email
string

Person's email address

Examplejohn.smith@example.com
maritalStatus
string

Person's marital status. Allowed values: single, married, divorced, widowed

Examplesingle
isDeceased
boolean

Person's deceased status. Allowed values: true, false

ExampleFalse
document
object

Data about the document of the person being verified

number
string

Document number, [a-zA-Z0-9] characters only

ExampleB01234567
country
string ( ISO 3166-1 Alpha-2 country code)

Document issuing country

ExampleUS
type
string

Document type

Valid values[ "\"ID_CARD\"", "\"PASSPORT\"", "\"DRIVERS_LICENSE\"", "\"RESIDENCE_PERMIT\"" ]
ExamplePASSPORT
idCardType
string

Document type for the ID card, [a-zA-z] characters only. Only required for Colombia identity verification. One of: CE, CE or TI

ExampleCC
firstIssue
string (YYYY-MM-DD)

Date of the document's first issue

Example2022-01-01
address
object

Data about the address of the person being verified

fullAddress
string

Full address (mandatory only for UK DIATF M1B profile flow)

Example123, Main Street, Your County, Anytown 12345
proofOfAddress
object

Data about the proof of address document of the person being verified

acceptableTypes
Array of object (ProofOfAddressAcceptableTypes)

Accepted types for proof of address document. This parameter should be sent only when using the proof of address solution

object
name
string Required

Name of the accepted proof of address document type

ExampleUTILITY_BILL
vendorData
string

The unique identifier that you created for your end-user. It can be max 1,000 characters long and contain only non-semantic data that can not be resolved or used outside your systems or environments. Veriff returns it unmodified in webhooks and API response payloads, or as null if not provided

Example1234567890
endUserId
string (uuid)

The UUID that you created for your end-user, that can not be resolved or used outside your systems or environments. Veriff returns it unmodified in webhooks and API response payloads, or as null if not provided.

Examplec1de400b-1877-4284-8494-071d37916197
consents
Array of object (CreateSessionConsent)

Array of objects listing the type of consent given. Optional, should be only included for features that require consent

object
type
string

Indicates the feature for which the consent is given

Valid values[ "\"ine\"", "\"bipa\"", "\"aadhaar\"" ]
Exampleine
approved
boolean

If true, indicates that the consent has been given. true is mandatory to start the INE Biometric Database Verification. If false or missing, the session is not created.

ExampleTrue
Responses
200

Created session

Expand All
object
status
string

API request status

Examplesuccess
verification
object

Verification object

id
string

UUID v4 which identifies the verification session

Example123e4567-e89b-12d3-a456-426614174000
url
string

URL of the verification session. The end-user is redirected here to go through the flow. It is a combination of the baseUrl and the sessionToken

Examplehttps://alchemy.veriff.com/v/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
vendorData
string | null

The unique identifier that you created for your end-user. It can be max 1,000 characters long and contain only non-semantic data that can not be resolved or used outside your systems or environments. Veriff returns it unmodified in webhooks and API response payloads, or as null if not provided

Example1234567890
host
string

The base url the sessionToken can be used for

Examplehttps://alchemy.veriff.com
status
string

Verification session status

Examplecreated
sessionToken
string

Session-specific token of the verification

ExampleeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
400

Bad request

object
status
string
Valid values[ "\"fail\"" ]
Examplefail
code
string
Example1101
message
string
ExampleValidation failed
401

Unauthorized

object
status
string
Valid values[ "\"fail\"" ]
Examplefail
code
string
Example1101
message
string
ExampleMandatory X-AUTH-CLIENT header containing the API key is missing from the request.
429

Too many requests

object
status
string
Valid values[ "\"fail\"" ]
Examplefail
code
string
Example1004
message
string
ExampleToo many requests.
500

Internal server error

object
status
string
Valid values[ "\"fail\"" ]
Examplefail
code
string
Example1101
message
string
ExampleSomething went wrong



Document Versioning

Article Versioning

Date

Description

Apr 30, 2025

1. New parameters added to request's verification.person object: email, maritalStatus and isDeceased for registry checks

2. New header vrf-integration-id added to support the new Flexible API keys solution

Apr 22, 2025

proofOfAddress object added to support sending proof of address data over API. This parameter is solution-specific, it is not commonly needed.

Mar 12, 2025

Documentation published