Verification session

Creating a Verification Session in VOVE ID

Overview

The verification session in VOVE ID is initiated by the client's backend through a specific API call. This process is crucial for setting up the user's verification flow and involves creating or updating the user's information in the VOVE ID database.

Endpoint and Request

  • Endpoint: POST /v2/sessions

  • Payload: The request payload should include:

    • User Information: Details provided by the user in the client's application. This information is optional for the IDV flow but mandatory for other verification flows.

    • externalDbId: This is the user's ID in the client's database. It's a mandatory field used to retrieve the user's verification status from VOVE ID's backend in the future. For users not registered in the client's system (non-registered users), the client should generate a UUID and include it in the request. It's the client's responsibility to store this ID for future reference.

Creating/Updating User and Session

  • When the POST /v2/sessions endpoint is called with the required payload, it either creates a new user or updates an existing user in VOVE ID’s database.

  • A verification session is created for the user, and an access token is generated and returned in the response.

Handling the Access Token

  • The Returned access_token should be securely passed to the frontend SDK to initiate the verification flow.

  • The token is valid for 30 minutes. If it expires, the client can request a new one by making another POST /v2/sessions call.

  • Security Note: This part of the verification session creation should be handled on the client's backend to ensure the secure use of the API key.

Example Request

POST /v2/sessions
Content-Type: application/json
x-api-key: API_KEY

{
    "refId": "3eb8c91c-c866-4fcb-9805-67e8b45c7883", // mendatory
    "flowId": "d77bb134-dd51-4a30-97b0-9638f4f2edb1", // optional
    "user": {// optional
        "firstName": "Travis",
        "lastName": "Greenholt",
        "gender": "male",
        "dateOfBirth": "01-10-2000",
    }
}

Response

  • On successful execution, the API will return access_token along with other relevant session information.

  • In case of an error, appropriate error messages and codes will be returned for troubleshooting.

Usage of Access Token

  • The access_token is to be used in the frontend SDK to run the actual verification flow.

  • It should be securely transmitted to the front end and not exposed in any publicly accessible areas.

Conclusion

Creating a verification session is a critical step in VOVE ID's verification process. By following these guidelines, clients can ensure a smooth and secure verification experience for their users.

PreviousAuthorizationNextGet User Verification

Last updated