Create a verification session

POST

https://devapi.withverifa.com/api/v1/sessions

Creates a new verification session and returns a capture_url that you redirect (or embed) for the end user to complete identity verification.

Required scope: sessions:create or sessions:write

Create a verification session

POST

https://devapi.withverifa.com/api/v1/sessions

Creates a new verification session and returns a capture_url that you redirect (or embed) for the end user to complete identity verification.

Required scope: sessions:create or sessions:write

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Request

This endpoint expects an object.

external_refstringOptional<=255 characters

Your internal reference for this user or transaction.

metadatamap from strings to anyOptional

Arbitrary key-value metadata attached to the session. Up to 50 keys; each individual value is capped at 16 KB of UTF-8 when serialized. Requests exceeding either bound return 422.

countrystringOptional=2 characters

ISO 3166-1 alpha-2 country code for document expectations.

checkslist of stringsOptional

Per-session check overrides. If omitted, the workflow’s default checks are used.

workflow_idstringOptional<=64 characters

Workflow to use for this session.

redirect_urlstringOptionalformat: "uri"<=2048 characters

URL to redirect the user to after capture is complete.

send_emailbooleanOptionalDefaults to false

Send an email invitation to the applicant with a link to complete verification. Requires applicant_email to be set (either at the top level or under metadata.applicant_email).

applicant_emailstringOptionalformat: "email"

Email address to send the verification invitation to. Only used when send_email is true. Falls back to metadata.applicant_email if not provided at the top level.

applicant_namestringOptional<=100 characters

Display name for the applicant. Used to personalize the opener of the invitation email (“Jane Doe, please click…”). Only used when send_email is true.

display_namestringOptional<=100 characters

Override the brand name shown in the invitation email’s subject line and body for this session only. Defaults to your organization’s configured email display name, or your organization name. Useful when sending under a sub-brand. Only used when send_email is true.

support_urlstringOptionalformat: "uri"<=500 characters

Override the support link shown in the invitation email’s recovery sentence (“contact support to have a new link sent”) for this session only. Defaults to your organization’s configured verification support URL. Must be an http or https URL. Only used when send_email is true.

expires_inintegerOptional10-4320

Session expiration in minutes. Determines how long the capture URL remains valid. Minimum 10 minutes, maximum 4320 (72 hours). Defaults to 1440 (24 hours) if not specified.

fieldsobjectOptional

Optional pre-fill values written into session capture data on create. Values are stored encrypted at rest. Pre-filling does not auto-complete capture steps — the user still walks through the capture flow. Each field accepts both the canonical snake_case name and the kebab-case alias shown in parentheses.

Response headers

X-RateLimit-Limitinteger

Maximum requests allowed in the current window.

X-RateLimit-Remaininginteger

Requests remaining in the current window.

X-RateLimit-Resetinteger

Unix timestamp when the rate limit window resets.

Response

Session created.

idstring

Session ID.

statusenum

capture_urlstringformat: "uri"

URL to redirect the end user for identity capture.

is_sandboxboolean

Whether this is a sandbox session.

created_atdatetime

expires_atdatetime

external_refstring or null

qr_code_data_urlstring or null

Base64-encoded QR code PNG pointing to the capture URL.

tagslist of strings

Free-form tags attached to this session.

Errors

400

Bad Request Error

401

Unauthorized Error

422

Unprocessable Entity Error

429

Too Many Requests Error

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Request

This endpoint expects an object.

external_refstringOptional<=255 characters

Your internal reference for this user or transaction.

metadatamap from strings to anyOptional

Arbitrary key-value metadata attached to the session. Up to 50 keys; each individual value is capped at 16 KB of UTF-8 when serialized. Requests exceeding either bound return 422.

countrystringOptional=2 characters

ISO 3166-1 alpha-2 country code for document expectations.

checkslist of stringsOptional

Per-session check overrides. If omitted, the workflow’s default checks are used.

workflow_idstringOptional<=64 characters

Workflow to use for this session.

redirect_urlstringOptionalformat: "uri"<=2048 characters

URL to redirect the user to after capture is complete.

send_emailbooleanOptionalDefaults to false

Send an email invitation to the applicant with a link to complete verification. Requires applicant_email to be set (either at the top level or under metadata.applicant_email).

applicant_emailstringOptionalformat: "email"

Email address to send the verification invitation to. Only used when send_email is true. Falls back to metadata.applicant_email if not provided at the top level.

applicant_namestringOptional<=100 characters

Display name for the applicant. Used to personalize the opener of the invitation email (“Jane Doe, please click…”). Only used when send_email is true.

display_namestringOptional<=100 characters

support_urlstringOptionalformat: "uri"<=500 characters

expires_inintegerOptional10-4320

Session expiration in minutes. Determines how long the capture URL remains valid. Minimum 10 minutes, maximum 4320 (72 hours). Defaults to 1440 (24 hours) if not specified.

fieldsobjectOptional

Response headers

X-RateLimit-Limitinteger

Maximum requests allowed in the current window.

X-RateLimit-Remaininginteger

Requests remaining in the current window.

X-RateLimit-Resetinteger

Unix timestamp when the rate limit window resets.

Response

Session created.

idstring

Session ID.

statusenum

capture_urlstringformat: "uri"

URL to redirect the end user for identity capture.

is_sandboxboolean

Whether this is a sandbox session.

created_atdatetime

expires_atdatetime

external_refstring or null

qr_code_data_urlstring or null

Base64-encoded QR code PNG pointing to the capture URL.

tagslist of strings

Free-form tags attached to this session.

Errors

400

Bad Request Error

401

Unauthorized Error

422

Unprocessable Entity Error

429

Too Many Requests Error

$	curl -X POST https://devapi.withverifa.com/api/v1/sessions \
>	-H "X-API-Key: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{}'

1	{
2	"id": "ses_abc123",
3	"status": "pending",
4	"capture_url": "string",
5	"is_sandbox": true,
6	"created_at": "2024-01-15T09:30:00Z",
7	"expires_at": "2024-01-15T09:30:00Z",
8	"external_ref": "user_abc123",
9	"qr_code_data_url": "string",
10	"tags": [
11	"string"
12	]
13	}

$	curl -X POST https://devapi.withverifa.com/api/v1/sessions \
>	-H "X-API-Key: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{}'

1	{
2	"id": "ses_abc123",
3	"status": "pending",
4	"capture_url": "string",
5	"is_sandbox": true,
6	"created_at": "2024-01-15T09:30:00Z",
7	"expires_at": "2024-01-15T09:30:00Z",
8	"external_ref": "user_abc123",
9	"qr_code_data_url": "string",
10	"tags": [
11	"string"
12	]
13	}

Create a verification session

Create a verification session

Authentication

Headers

Request

Response headers

Response

Errors

Authentication

Headers

Request

Response headers

Response

Errors