Identities | Verifa

An identity is a persistent record of a verified person. When a session completes with an external_ref, Verifa creates or updates an identity that aggregates all verification sessions for that person.

Why identities matter

Sessions are ephemeral — they represent a single verification attempt. Identities are persistent — they represent a person across all their interactions with your organization:

Reverification — See a person’s full verification history without re-running checks.
Duplicate detection — Detect when the same person verifies under different references.
Continuous monitoring — AML screening is tied to identities, not sessions, enabling ongoing watchlist monitoring.
GDPR deletion — Delete all data for a person in one API call.

Identity lifecycle

Status	Description
`pending`	Identity created but no completed verification yet.
`approved`	Latest verification was approved.
`failed`	Latest verification failed.
`rejected`	Latest verification was rejected by a reviewer.
`redacted`	All PII has been permanently deleted (GDPR erasure).

Identities are upserted — if a session completes with an external_ref that already exists, the identity is updated with the latest verification data rather than creating a duplicate.

Creating identities

Identities are created automatically when a session completes with an external_ref. You can also create stub identities via the API:

$ curl -X POST https://api.withverifa.com/api/v1/identities \
>   -H "X-API-Key: vk_live_your_key_here" \
>   -H "Content-Type: application/json" \
>   -d '{
>     "external_ref": "user_abc123"
>   }'

Listing identities

$ curl "https://api.withverifa.com/api/v1/identities?status=approved&limit=25" \
>   -H "X-API-Key: vk_live_your_key_here"

Filters

Parameter	Type	Description
`status`	string	Filter by identity status.
`q`	string	Search by external reference.
`limit`	integer	Max results (default: 25, max: 100).
`offset`	integer	Items to skip.

The identity list supports both offset-based and cursor-based pagination. Use cursor-based for large datasets:

$ curl "https://api.withverifa.com/api/v1/identities?page[after]=identity_abc123&limit=25" \
>   -H "X-API-Key: vk_live_your_key_here"

1 {
2   "data": [...],
3   "pagination": {
4     "next_cursor": "identity_def456",
5     "prev_cursor": "identity_abc123",
6     "has_next": true,
7     "has_prev": true
8   }
9 }

Retrieving an identity

Fetch by ID or external reference:

$ curl https://api.withverifa.com/api/v1/identities/identity_abc123 \
>   -H "X-API-Key: vk_live_your_key_here"

Returns decrypted PII, verification history, screening status, and tags:

1 {
2   "id": "identity_abc123",
3   "external_ref": "user_abc123",
4   "status": "approved",
5   "screening_status": "clear",
6   "monitoring_enabled": true,
7   "session_count": 2,
8   "face_match_passed": true,
9   "age_check_passed": true,
10   "extracted_age": 28,
11   "is_sandbox": false,
12   "tags": ["vip"],
13   "extracted_data": {
14     "first_name": "Jane",
15     "last_name": "Doe",
16     "date_of_birth": "1997-06-15",
17     "document_type": "drivers_license",
18     "country": "US"
19   },
20   "first_verified_at": "2026-01-15T10:00:00Z",
21   "last_verified_at": "2026-02-01T12:05:00Z",
22   "created_at": "2026-01-15T10:00:00Z",
23   "updated_at": "2026-02-01T12:05:00Z"
24 }

Identity sessions

List all verification sessions for an identity:

$ curl https://api.withverifa.com/api/v1/identities/identity_abc123/sessions \
>   -H "X-API-Key: vk_live_your_key_here"

Updating an identity

$ curl -X PATCH https://api.withverifa.com/api/v1/identities/identity_abc123 \
>   -H "X-API-Key: vk_live_your_key_here" \
>   -H "Content-Type: application/json" \
>   -d '{
>     "external_ref": "updated_user_id"
>   }'

Archiving and restoring

Soft-archive an identity (excludes from list queries but preserves data):

$ curl -X POST https://api.withverifa.com/api/v1/identities/identity_abc123/archive \
>   -H "X-API-Key: vk_live_your_key_here"

Restore an archived identity:

$ curl -X POST https://api.withverifa.com/api/v1/identities/identity_abc123/restore \
>   -H "X-API-Key: vk_live_your_key_here"

Permanently delete all PII for an identity (right to erasure, Article 17):

$ curl -X DELETE https://api.withverifa.com/api/v1/identities/identity_abc123/data \
>   -H "X-API-Key: vk_live_your_key_here"

This:

Nulls all encrypted PII fields and search hashes
Sets the identity status to redacted
Fires an identity.updated webhook
The identity record itself is preserved for audit purposes (ID, status, timestamps)

Screening status

Each identity tracks its aggregate screening status:

Status	Description
`null`	No screening has been run.
`clear`	Latest screening found no matches.
`hit`	Latest screening found one or more matches.
`pending`	Screening is in progress.

When monitoring_enabled is true, Verifa automatically re-screens the identity on a regular schedule and when watchlists are updated. See Screening & Reports for details.

Webhooks

Event	When
`identity.created`	A new identity record was created.
`identity.updated`	Identity data was updated (new session, PII change, status change).
`identity.archived`	Identity was archived.
`identity.restored`	Identity was restored from archive.
`identity.tag-added`	A tag was added to the identity.
`identity.tag-removed`	A tag was removed from the identity.

Sessions — How sessions create and update identities
Screening & Reports — Continuous monitoring for identities
Data Retention — Automatic data lifecycle management