Skip to main content
POST
/
verifications
Create Verification
curl --request POST \
  --url https://{defaultHost}/verifications \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "restart": true,
  "tax_identification_number": "<string>",
  "first_name": "<string>",
  "last_name": "<string>",
  "date_of_birth": "<string>",
  "business_name": "<string>",
  "business_structure": "<string>",
  "place_of_incorporation": "<string>",
  "phone": "<string>",
  "country": "<string>",
  "address": {}
}
'
{
  "id": "<string>",
  "first_name": "<string>",
  "last_name": "<string>",
  "date_of_birth": "<string>",
  "business_name": "<string>",
  "business_structure": "<string>",
  "country": "<string>",
  "address": {},
  "session_url": "<string>",
  "rfis": [
    {
      "id": "<string>",
      "type": "<string>",
      "description": "<string>",
      "error_message": "<string>",
      "requested_files": [
        {
          "category": "<string>",
          "kind": "<string>",
          "is_optional": true
        }
      ],
      "created_at": "<string>"
    }
  ],
  "created_at": "<string>",
  "updated_at": "<string>"
}

Authorizations

Authorization
string
header
required

An account API key, account scoped JWT, app API key, or user OAuth token.

Headers

Api-Version-Date
string<date>

Pins the request to a dated API version. When omitted, the request uses the original (2025-01-01) request/response shapes, so existing unversioned callers are never broken. Generated SDKs always send the latest version they were built against. An unrecognized value is rejected with a 400. The schemas documented here always describe the latest version.

Example:

"2026-06-09"

Query Parameters

account_id
string
required

The account ID to verify (biz_ tag).

Body

application/json
kind
enum<string>

The verification type. Defaults to individual.

Available options:
individual,
business
restart
boolean

Whether to restart an in-flight verification.

tax_identification_number
string

Tax identification number — SSN for individuals, EIN for businesses. Required for business; recommended for individuals. Tokenized in transit, never stored raw, and pre-fills the payout account's tax-id requirement so no RFI is raised for it.

first_name
string

First name. Required for individuals when this request sets up the payout account.

last_name
string

Last name. Required for individuals when this request sets up the payout account.

date_of_birth
string

Date of birth. Required for individuals when this request sets up the payout account.

business_name
string

Business name. Required for businesses.

business_structure
string

Business structure (e.g. llc, corporation).

place_of_incorporation
string

Place of incorporation (state/region). Required for businesses; maps to the address state.

phone
string

Pre-fill the phone number.

country
string

Country code. Required. For businesses this is the country of incorporation.

address
object

Address (line1, city, state, postal_code). line1, city and postal_code are required for individuals when this request sets up the payout account; not required for businesses.

Response

verification created

id
string

The verification ID, e.g. idpf_*

kind
enum<string>
Available options:
individual,
business
status
enum<string>
Available options:
not_started,
pending,
approved,
rejected,
action_required
first_name
string | null
last_name
string | null
date_of_birth
string | null
business_name
string | null
business_structure
string | null
country
string | null
address
object
session_url
string | null
rfis
object[]
created_at
string
updated_at
string