Generate a one-time verification link

Creates a single-use verification URL for the session. Any previously active link is automatically revoked. The returned `capture_url` can be sent to the end-user via email, SMS, or embedded in your application. Once visited, the link is consumed and cannot be reused. Generate a new link if the user needs another attempt. Sessions that are `completed`, `failed`, or redacted cannot have links generated.

Creates a single-use verification URL for the session. Any previously active link is automatically revoked.

The returned capture_url can be sent to the end-user via email, SMS, or embedded in your application. Once visited, the link is consumed and cannot be reused. Generate a new link if the user needs another attempt.

Sessions that are completed, failed, or redacted cannot have links generated.

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Path parameters

session_idstringRequired

Session ID (ses_*).

Request

This endpoint expects an object.

expires_in_minutesinteger or nullOptional

Custom expiry in minutes. Defaults to the platform session expiry.

Response

One-time link created.

idstring

Public ID of the session link.

session_idstring

Public ID of the parent session.

capture_urlstringformat: "uri"

One-time verification URL to send to the end-user.

statusenum

Current status of the link.

Allowed values:

expires_atdatetime

When this link expires.

created_atdatetime

When this link was created.

qr_code_data_urlstring or null

Base64-encoded QR code image pointing to the capture URL.

Errors

400

Bad Request Error

401

Unauthorized Error

404

Not Found Error

422

Unprocessable Entity Error

Creates a single-use verification URL for the session. Any previously active link is automatically revoked.

Sessions that are completed, failed, or redacted cannot have links generated.

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Session ID (ses_*).

API version date string (e.g. 2026-02-01). If omitted, the version pinned to your API key is used.

Response key casing. Defaults to snake.

Unique key for idempotent requests. Cached for 24 hours. Sending the same key with different parameters returns 422.

This endpoint expects an object.

Custom expiry in minutes. Defaults to the platform session expiry.

One-time link created.

Public ID of the session link.

Public ID of the parent session.

One-time verification URL to send to the end-user.

Current status of the link.

When this link expires.

When this link was created.

Base64-encoded QR code image pointing to the capture URL.

$	curl -X POST https://devapi.withverifa.com/api/v1/sessions/session_id/generate-one-time-link \
>	-H "X-API-Key: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{}'

1	{
2	"id": "slk_abc123",
3	"session_id": "ses_abc123",
4	"capture_url": "string",
5	"status": "pending",
6	"expires_at": "2024-01-15T09:30:00Z",
7	"created_at": "2024-01-15T09:30:00Z",
8	"qr_code_data_url": "string"
9	}

$	curl -X POST https://devapi.withverifa.com/api/v1/sessions/session_id/generate-one-time-link \
>	-H "X-API-Key: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d '{}'

1	{
2	"id": "slk_abc123",
3	"session_id": "ses_abc123",
4	"capture_url": "string",
5	"status": "pending",
6	"expires_at": "2024-01-15T09:30:00Z",
7	"created_at": "2024-01-15T09:30:00Z",
8	"qr_code_data_url": "string"
9	}

Generate a one-time verification link

Authentication

Path parameters

Headers

Request

Response

Errors

Authentication

Path parameters

Headers

Request

Response

Errors