Veriff Identity Verification API
Provides video/selfie-based biometric identity verification and document verification for KYC (Know Your Customer) compliance. Agents initiate a verification session via REST API, redirect the user to a hosted Veriff verification flow, then receive a decision via webhook or polling. Returns structured decision objects (approved/declined/resubmission required) with reason codes and extracted document data.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
HMAC-SHA256 request signing provides strong authentication — significantly more secure than bare API keys. Webhook payloads are signed for integrity verification. GDPR compliance is core to the product. ISO 27001 and SOC2 certified. Handles extremely sensitive PII — data retention policies must be carefully implemented by integrators.
⚡ Reliability
Best When
You need regulated KYC/AML compliance with biometric liveness detection and document verification, and your workflow can accommodate an asynchronous user-facing verification step.
Avoid When
You need instant identity verification or your users cannot complete a selfie/video verification flow on their device.
Use Cases
- • Initiate KYC verification sessions for new user onboarding in fintech or crypto exchange applications
- • Trigger identity re-verification for high-risk transactions detected by a fraud detection agent
- • Poll or receive webhooks for verification decisions and update user account status accordingly
- • Extract verified personal data (name, DOB, document number) from approved sessions to pre-fill application forms
- • Build compliance workflows where agent orchestrates document collection, verification, and approval gating
Not For
- • Real-time identity checks with sub-second latency — verification decisions can take minutes to hours
- • Non-KYC authentication use cases (use OAuth/passkeys instead)
- • Self-service identity verification without a human in the loop on the end-user side — Veriff requires real users to complete the flow
Interface
Authentication
REST API authenticated with API key and secret via HMAC-SHA256 request signing. Each request requires a generated X-AUTH-CLIENT header and a signature digest. Webhook payloads are signed with HMAC-SHA256 for payload verification. Auth setup is more complex than simple bearer tokens — agents must implement the signing scheme correctly.
Pricing
Pricing is contract-based and not published publicly. Sales engagement required to get production access. A sandbox environment is provided for integration testing without production contract.
Agent Metadata
Known Gotchas
- ⚠ Webhook delivery is not guaranteed to be in order — verification decisions can arrive out of sequence; agents must handle idempotent webhook processing and check session status via polling if a webhook is missed
- ⚠ HMAC request signing requires precise timestamp handling — requests are rejected if the timestamp drift exceeds a few minutes; agents must use NTP-synced clocks
- ⚠ Sessions expire after a configurable window (default 7 days) — agents must track session expiry and re-initiate verification if the user does not complete the flow in time
- ⚠ PII data from verified documents (name, DOB, address) is only available for a limited retention window after decision — agents must fetch and store data promptly or it will be purged per GDPR policies
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Veriff Identity Verification API.
Scores are editorial opinions as of 2026-03-06.