Create a verification session by POSTing to https://stationapi.veriff.com/v1/sessions with your x-auth-client API key header and a body containing the person's name, callback URL, and a unique vendorData identifier.
Redirect the user to the verification URL returned in the session response; the user completes document capture and selfie on Veriff's hosted interface.
Configure two webhook types in the Veriff environment settings: the event webhook (receives session lifecycle events from started to submitted) and the decision webhook (receives the final approved/declined/resubmission_requested outcome with extracted data).
On receipt of a webhook, verify authenticity by computing HMAC-SHA256 of the raw request body using your webhook shared secret and comparing it to the x-hmac-signature header.
Retrieve full session details via GET /v1/sessions/{sessionId}/decision using the session ID from the original session creation response if webhook delivery fails.
Map the decision codes — approved, declined, and the specific reason codes within declined — to your onboarding policy to determine next steps.
Known gotchas
Veriff sends both event and decision webhooks; the event webhook fires on intermediate state transitions (e.g., submitted) while the decision webhook fires on final verdict — processing only one type will leave gaps in your session lifecycle tracking.
The vendorData field is your correlation key; if omitted, you must rely solely on the Veriff session ID to match webhook payloads back to your internal user records.
Test API keys and production API keys are entirely separate credentials; the test environment returns synthetic decisions and will not process real documents.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp