Skip to main content

What is a hosted KYC session?

A hosted session is a short‑lived record that gives you a verificationUrl to send users through a secure identity verification flow. You create the session with your public API key and optionally include a redirectUrl and metadata to track your users.
1

Create a session

POST /v1/kyc/sessions with your Bearer public API key. Response includes sessionId and verificationUrl.
2

Send user to verificationUrl

The hosted UI collects document and facial biometrics securely.
3

Retrieve the session

GET /v1/kyc/sessions/{sessionId} to check ownership and status.
4

Handle results

The hosted UI triggers a server action to produce a verdict. Store outcomes in your backend if needed.

Authentication

Use your public API key in the Authorization header. Public keys map to workspaces in Firestore under workspaces.apiPublicKey. 
Authorization: Bearer pb-YourPublicKey

Hosts and security

Requests are served only on allowed hosts: api.verisecid.com, localhost, 127.0.0.1. Override with API_ALLOWED_HOSTS (comma‑separated). Disallowed hosts return 404 with { "error": "invalid_host" }.

Endpoints

  • Create session: POST /v1/kyc/sessions
  • Get session: GET /v1/kyc/sessions/{sessionId}

Quickstart

Understand the flow and see concrete examples.

Development

Hosts, auth, environment variables, and lifecycle.

API reference

Endpoint docs and examples.