Delete session

  • Updated on Mar 9, 2026
  • Published on Mar 8, 2026
Prev Next
Delete
/v1/sessions/{id}

Requests the deletion of a session

When to use this endpoint

  • Use this endpoint to when you need to delete a session, for example you used the session to test your integration
  • The endpoint is not available by default, contact your Solutions Engingeer or Veriff Customer Support to enable it for your integration

Session deletion logic

  • Sessions can only be deleted when they are in a final state:

    • created: session has been created
    • started: the end-user has entered the session flow
    • approved: verification was successful
    • declined: verification was declined due to some reason
    • resubmission_requested: additional attempt needed
    • expired: session expired before completion
    • abandoned: session started but never completed

  • Attempting to delete the session in other statuses will respond with the Session is not in a completed status. error message

  • If session status is one of created, started or resubmission_requested, a decision webhook with expired/abandoned status will be sent

  • After successful request, session will immediately become unavailable in Veriff Customer Portal and via public API endpoints. Data will be deleted within 12 hours

Rate limiting

  • This endpoint is rate limited: 10 sessions per 24 hours and 5 sessions per 1 hour

Implementation notes

  • This endpoint is not available by default, contact your Solutions Engingeer or Veriff Customer Support to enable it for your integration
  • This endpoint requires session-level HMAC signature authentication
  • Always ensure that you use the correct API URL to send requests. See the API URL section for more info.
  • The order of parameters in the real API response can differ from the order you see in this documentation. This is expected and part of the Backwards compatible changes requirements.
Header parameters
x-auth-client
stringRequired

Your integration's API key (occasionally referred to as the "Token", "API public key" or "Publishable key"). Required for all API requests.

You can find your API key in the Veriff Customer Portal > Settings > API keys.

Exampleyour_api_key
x-hmac-signature
stringRequired

Session id signed with the shared secret key. Required to authenticate the request sender.

Examplegenerated_hmac_signature_value
Path parameters
id
string (uuid) Required

Verification session ID.

Example123e4567-e89b-12d3-a456-426614174000
Responses
200

Session successfully deleted.

Headers
Content-Type
string
Response content type.
Exampleapplication/json
x-auth-client
string
API key echoed back in response.
Exampleyour_api_key
x-hmac-signature
string
Response body signed with the shared secret key. Required to authenticate the response sender.
Examplegenerated_hmac_signature_value
successful_deletion

Session and all associated data permanently deleted.

{
  "status": "success",
  "verification": {
    "id": "123e4567-e89b-12d3-a456-426614174000"
  }
}
Expand All
object

Confirmation response after successful session deletion.

status
string

API request status

Examplesuccess
verification
object

Verification object containing deleted session ID.

id
string (uuid)

UUID v4 which identifies the verification session that was deleted.

Example123e4567-e89b-12d3-a456-426614174000
400

Bad request - session cannot be deleted

Headers
Content-Type
string
Response content type.
Exampleapplication/json
session_not_completed

Session must be in a completed state (approved, declined, expired, abandoned) before deletion

{
  "status": "400",
  "code": "1305",
  "message": "Session is not in a completed status."
}
session_in_progress

Cannot delete session while end-user is actively completing verification

{
  "status": "400",
  "code": "1306",
  "message": "Session in progress."
}
OneOf
DeleteSessionNotCompletedBadRequestErrorResponse
object (DeleteSessionNotCompletedBadRequestErrorResponse)
status
number

HTTP status code.

Example400.0
code
string

Veriff-specific error code for session not completed.

Example1305
message
string

Error message explaining the session must be in a final state before deletion.

ExampleSession is not in a completed status.
DeleteSessionInProgressBadRequestErrorResponse
object (DeleteSessionInProgressBadRequestErrorResponse)
status
number

HTTP status code.

Example400
code
string

Veriff-specific error code for session in progress.

Example1306
message
string

Error message indicating session is currently being completed by end-user.

ExampleSession in progress.
401

Unauthorized - authentication failed

Headers
Content-Type
string
Response content type.
Exampleapplication/json
missing_api_key
{
  "status": "fail",
  "code": "1101",
  "message": "Mandatory X-AUTH-CLIENT header containing the API key is missing from the request."
}
invalid_hmac

Invalid HMAC signature

{
  "status": "fail",
  "code": "1812",
  "message": "Signature verification failed."
}
object
status
string
Valid values[ "fail" ]
Examplefail
code
string
Example1101
message
string
ExampleMandatory X-AUTH-CLIENT header containing the API key is missing from the request.
404

Session not found

Headers
Content-Type
string
Response content type.
Exampleapplication/json
x-auth-client
string
API key echoed back in response.
Exampleyour_api_key
x-hmac-signature
string
Response body signed with the shared secret key. Required to authenticate the response sender.
Examplegenerated_hmac_signature_value
session_not_found

No session found with the provided ID or session was already deleted

{
  "status": "fail",
  "code": "1101",
  "message": "Resource not found"
}
object
status
string
Valid values[ "fail" ]
Examplefail
code
string
Example1101
message
string
ExampleResource not found
429

Too many requests - rate limit exceeded

Headers
Content-Type
string
Response content type.
Exampleapplication/json
x-auth-client
string
API key echoed back in response.
Exampleyour_api_key
x-hmac-signature
string
Response body signed with the shared secret key. Required to authenticate the response sender.
Examplegenerated_hmac_signature_value
rate_limit_exceeded

Too many deletion requests sent in a short period

{
  "status": "fail",
  "code": "1004",
  "message": "Too many requests."
}
object
status
string
Valid values[ "fail" ]
Examplefail
code
string
Example1004
message
string
ExampleToo many requests.
500

Internal server error

Headers
Content-Type
string
Response content type.
Exampleapplication/json
x-auth-client
string
API key echoed back in response.
Exampleyour_api_key
x-hmac-signature
string
Response body signed with the shared secret key. Required to authenticate the response sender.
Examplegenerated_hmac_signature_value
server_error
{
  "status": "fail",
  "code": "1101",
  "message": "Something went wrong"
}
object
status
string
Valid values[ "fail" ]
Examplefail
code
string
Example1101
message
string
ExampleSomething went wrong



Document Versioning

Changelog

Date

Description

Mar 9, 2026

Documentation updated: parent categories rearranged, intro section expanded, request and response examples added

Oct 2, 2025

vrf- headers removed from response headers

Aug 6, 2025

Response headers added

Mar 12, 2025

Documentation published