Veriff

Veriff Sessions API

Creates and manages verification sessions. POST /sessions starts a verification and returns a session URL the end user opens via the SDK or hosted page. GET and PATCH endpoints retrieve the session, mark it as submitted (signal that all media has been uploaded), and cancel sessions. The session is the parent resource for media, decisions, attempts, and persons.

GitHub OpenAPI

Documentation

📖
Documentation
https://devdocs.veriff.com/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/veriff/refs/heads/main/openapi/veriff-openapi.yml

OpenAPI Specification

veriff-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Veriff Public API
  version: '1.0'
  description: >-
    Minimal OpenAPI for the Veriff identity verification public API. Covers
    sessions, media uploads, decisions, attempts, persons, and watchlist
    screening.
  x-generated-from: https://devdocs.veriff.com/apidocs
  x-generated-by: claude-crawl-2026-05-08
servers:
  - url: https://stationapi.veriff.com/v1
    description: Veriff Station API v1
security:
  - VeriffAuth: []
tags:
  - name: Sessions
  - name: Media
  - name: Decisions
  - name: Attempts
  - name: Persons
  - name: Watchlist
paths:
  /sessions:
    post:
      tags: [Sessions]
      summary: Create a verification session
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '201':
          description: Session created
          content:
            application/json:
              schema:
                type: object
  /sessions/{sessionId}:
    parameters:
      - $ref: '#/components/parameters/SessionId'
    patch:
      tags: [Sessions]
      summary: Update session status (e.g. mark as submitted)
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '200':
          description: Session updated
          content:
            application/json:
              schema:
                type: object
    delete:
      tags: [Sessions]
      summary: Delete a session (testing only)
      responses:
        '204':
          description: Session deleted
  /sessions/{sessionId}/collected-data:
    parameters:
      - $ref: '#/components/parameters/SessionId'
    post:
      tags: [Sessions]
      summary: Upload supplementary end-user data for a session
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '200':
          description: Data accepted
          content:
            application/json:
              schema:
                type: object
  /sessions/{sessionId}/media:
    parameters:
      - $ref: '#/components/parameters/SessionId'
    post:
      tags: [Media]
      summary: Submit identity documents and biometric media to a session
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '200':
          description: Media accepted
          content:
            application/json:
              schema:
                type: object
    get:
      tags: [Media]
      summary: List media metadata attached to the session
      responses:
        '200':
          description: Media list
          content:
            application/json:
              schema:
                type: object
  /sessions/validate-registry:
    post:
      tags: [Sessions]
      summary: Create session and validate national ID registry data
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
      responses:
        '200':
          description: Registry validation result
          content:
            application/json:
              schema:
                type: object
  /sessions/{sessionId}/decision:
    parameters:
      - $ref: '#/components/parameters/SessionId'
    get:
      tags: [Decisions]
      summary: Retrieve verification decision for a session
      responses:
        '200':
          description: Decision payload
          content:
            application/json:
              schema:
                type: object
  /sessions/{sessionId}/person:
    parameters:
      - $ref: '#/components/parameters/SessionId'
    get:
      tags: [Persons]
      summary: Retrieve extracted person data for a session
      responses:
        '200':
          description: Person record
          content:
            application/json:
              schema:
                type: object
  /sessions/{sessionId}/watchlist-screening:
    parameters:
      - $ref: '#/components/parameters/SessionId'
    get:
      tags: [Watchlist]
      summary: Retrieve PEP and sanctions screening results for a session
      responses:
        '200':
          description: Screening result
          content:
            application/json:
              schema:
                type: object
  /sessions/{sessionId}/attempts:
    parameters:
      - $ref: '#/components/parameters/SessionId'
    get:
      tags: [Attempts]
      summary: List attempt identifiers for a session
      responses:
        '200':
          description: Attempt list
          content:
            application/json:
              schema:
                type: object
  /attempts/{attemptId}/media:
    parameters:
      - name: attemptId
        in: path
        required: true
        schema:
          type: string
    get:
      tags: [Attempts]
      summary: Retrieve media information for a specific attempt
      responses:
        '200':
          description: Attempt media list
          content:
            application/json:
              schema:
                type: object
  /media/{mediaId}:
    parameters:
      - name: mediaId
        in: path
        required: true
        schema:
          type: string
    get:
      tags: [Media]
      summary: Download an individual media file
      responses:
        '200':
          description: Media payload
          content:
            application/octet-stream:
              schema:
                type: string
                format: binary
components:
  parameters:
    SessionId:
      name: sessionId
      in: path
      required: true
      schema:
        type: string
  securitySchemes:
    VeriffAuth:
      type: apiKey
      in: header
      name: X-AUTH-CLIENT
      description: >-
        Veriff requires X-AUTH-CLIENT (API key) and X-HMAC-SIGNATURE
        (HMAC-SHA256 of the request body using the shared secret) headers
        on every request.