Records end-user consent for specific verification features that require explicit consent
When to use this endpoint
- Use this endpoint to record end-user consent when verification features require it.
- In case you upload multiple consents for a single session (as per
sessionId), only latest will be considered binding. - Common use cases include:
- Recording consent for INE Biometric Database Verification (Mexican identity verification)
- Recording consent for Biometric Information Privacy Act (BIPA) compliance (Illinois, USA)
- Recording consent for Aadhaar verification (India)
Request body content
The request body must contain:
type: The verification feature requiring consent (ine, bipa, or aadhaar)approved: Boolean indicating whether end-user approved or declined consenttext: The exact consent text shown to the end-user in their language
The
textfield must contain the complete consent statement exactly as displayed to the end-user, including any legal language or disclosure requirements.
Implementation notes
- Consent must be recorded before submitting the verification session for features that require it.
- For INE Biometric Database Verification,
approved: trueis mandatory. Sessions cannot proceed withapproved: false. - The consent text should match what was displayed to the end-user to ensure legal compliance.
- Always ensure that you use the correct API URL to send requests. See the API URL section for more info.
- The order of parameters in the real API response can differ from the order you see in this documentation. This is expected and part of the Backwards compatible changes requirements.
Your integration's API key (occasionally referred to as the "Token", "API public key" or "Publishable key"). Required for all API requests.
You can find your API key in the Veriff Customer Portal > Settings > API keys.
Request body signed with the shared secret key. Required to authenticate the request sender.
Media type of the request body
Verification session ID.
INE biometric verification consent (Mexico)
{
"type": "ine",
"approved": true,
"text": "Autorizo a Veriff a realizar la verificación de mis datos biométricos con el INE"
}BIPA compliance consent (Illinois, USA)
{
"type": "bipa",
"approved": true,
"text": "I consent to the collection and use of my biometric information for identity verification purposes"
}Aadhaar verification consent (India)
{
"type": "aadhaar",
"approved": true,
"text": "I consent to verification of my Aadhaar details for identity verification"
}Consent type.
Indicates if the consent has been approved by the end-user or not.
Consent text exactly (same language) as shown to the end-user.
Consent recorded successfully
INE consent recorded
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"context": "consent",
"sessionId": "d69a07cf-4434-4d36-be6c-d22af7dc01fb"
}BIPA consent recorded
{
"id": "987e6543-e21b-10c9-b876-543210987654",
"context": "consent",
"sessionId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}UUID v4 identifying the consent.
Context representing the type of consent.
UUID v4 of the session the consent belongs to.
Bad request
{
"status": "fail",
"code": "1101",
"message": "Validation failed"
}Unauthorized
{
"status": "fail",
"code": "1101",
"message": "Mandatory X-AUTH-CLIENT header containing the API key is missing from the request."
}Session not found
{
"status": "fail",
"code": "1101",
"message": "Resource not found"
}Internal server error
{
"status": "fail",
"code": "1101",
"message": "Something went wrong"
}Changelog
Date | Description |
|---|---|
Mar 8, 2026 | Documentation updated: parent categories rearranged, intro section expanded, request and response examples added |
Oct 2, 2025 |
|
Aug 6, 2025 | Response headers added |
Mar 12, 2025 | Documentation published |