Authenticate by including your Veriff API key in the X-AUTH-CLIENT header on all server-side requests.
Create a session via POST to the sessions endpoint with a verification object containing the callback URL, person details (first name, last name), and the desired document requirement.
Return the session URL from the response to your frontend and redirect the user to it, or embed Veriff's in-page SDK using the session token.
Veriff will POST a decision object to your callback URL when the verification completes; the payload includes a verification.status and a verification.code indicating the outcome.
Verify the X-HMAC-SIGNATURE header on the incoming webhook using your shared secret to confirm authenticity before processing.
Map the decision status ('approved', 'declined', 'resubmission_requested', 'expired', 'abandoned') to your user onboarding workflow and store the full decision payload.
Known gotchas
The HMAC signature validation step is mandatory for PCI/KYC compliance; never skip it in production.
Veriff sessions expire after a configurable period; if a user abandons the flow, create a fresh session rather than resending the old URL.
'Resubmission_requested' is not a final decision; the user must re-enter the flow, so your UI must handle this state explicitly.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp