POST to the Veriff sessions endpoint with your API key in the header and a person object containing first name, last name, and optionally date of birth
Return the verification URL from the response to your frontend to redirect or embed the Veriff flow
Store the session ID returned in the response for later correlation
Configure a webhook URL in the Veriff station; Veriff will POST decision and event notifications to this URL
On decision webhook receipt, compute the HMAC-SHA256 signature over the raw payload using your shared secret and compare against the X-HMAC-Signature header
Extract the verification status field (approved, declined, or resubmission requested) and the person object from the decision payload to update your user record
Known gotchas
Veriff sessions have a configurable expiry time; users who do not complete within that window receive a session expired status rather than a decision
The decision webhook and the event webhooks are separate notification types with different payload shapes; do not conflate them
Resubmission requested is not a final decision; the session remains open for the user to retry document capture
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp