openapi: 3.1.0 info: title: Veriff Public API version: '1.0' description: >- Minimal OpenAPI for the Veriff identity verification public API. Covers sessions, media uploads, decisions, attempts, persons, and watchlist screening. x-generated-from: https://devdocs.veriff.com/apidocs x-generated-by: claude-crawl-2026-05-08 servers: - url: https://stationapi.veriff.com/v1 description: Veriff Station API v1 security: - VeriffAuth: [] tags: - name: Sessions - name: Media - name: Decisions - name: Attempts - name: Persons - name: Watchlist paths: /sessions: post: tags: [Sessions] summary: Create a verification session requestBody: required: true content: application/json: schema: type: object responses: '201': description: Session created content: application/json: schema: type: object /sessions/{sessionId}: parameters: - $ref: '#/components/parameters/SessionId' patch: tags: [Sessions] summary: Update session status (e.g. mark as submitted) requestBody: required: true content: application/json: schema: type: object responses: '200': description: Session updated content: application/json: schema: type: object delete: tags: [Sessions] summary: Delete a session (testing only) responses: '204': description: Session deleted /sessions/{sessionId}/collected-data: parameters: - $ref: '#/components/parameters/SessionId' post: tags: [Sessions] summary: Upload supplementary end-user data for a session requestBody: required: true content: application/json: schema: type: object responses: '200': description: Data accepted content: application/json: schema: type: object /sessions/{sessionId}/media: parameters: - $ref: '#/components/parameters/SessionId' post: tags: [Media] summary: Submit identity documents and biometric media to a session requestBody: required: true content: application/json: schema: type: object responses: '200': description: Media accepted content: application/json: schema: type: object get: tags: [Media] summary: List media metadata attached to the session responses: '200': description: Media list content: application/json: schema: type: object /sessions/validate-registry: post: tags: [Sessions] summary: Create session and validate national ID registry data requestBody: required: true content: application/json: schema: type: object responses: '200': description: Registry validation result content: application/json: schema: type: object /sessions/{sessionId}/decision: parameters: - $ref: '#/components/parameters/SessionId' get: tags: [Decisions] summary: Retrieve verification decision for a session responses: '200': description: Decision payload content: application/json: schema: type: object /sessions/{sessionId}/person: parameters: - $ref: '#/components/parameters/SessionId' get: tags: [Persons] summary: Retrieve extracted person data for a session responses: '200': description: Person record content: application/json: schema: type: object /sessions/{sessionId}/watchlist-screening: parameters: - $ref: '#/components/parameters/SessionId' get: tags: [Watchlist] summary: Retrieve PEP and sanctions screening results for a session responses: '200': description: Screening result content: application/json: schema: type: object /sessions/{sessionId}/attempts: parameters: - $ref: '#/components/parameters/SessionId' get: tags: [Attempts] summary: List attempt identifiers for a session responses: '200': description: Attempt list content: application/json: schema: type: object /attempts/{attemptId}/media: parameters: - name: attemptId in: path required: true schema: type: string get: tags: [Attempts] summary: Retrieve media information for a specific attempt responses: '200': description: Attempt media list content: application/json: schema: type: object /media/{mediaId}: parameters: - name: mediaId in: path required: true schema: type: string get: tags: [Media] summary: Download an individual media file responses: '200': description: Media payload content: application/octet-stream: schema: type: string format: binary components: parameters: SessionId: name: sessionId in: path required: true schema: type: string securitySchemes: VeriffAuth: type: apiKey in: header name: X-AUTH-CLIENT description: >- Veriff requires X-AUTH-CLIENT (API key) and X-HMAC-SIGNATURE (HMAC-SHA256 of the request body using the shared secret) headers on every request.