List verifications for an account
Pass the account’s biz_ tag as the account_id query parameter to get all verifications for that account. An account has at most two — one individual (KYC) and one business (KYB).
curl "https://api.whop.com/api/v1/verifications?account_id=biz_xxxxxxxxxxxxx" \
-H "Authorization: Bearer $WHOP_API_KEY"
{
"data": [
{
"id": "idpf_xxxxxxxxxxxxx",
"kind": "individual",
"status": "approved",
"first_name": "Jane",
"last_name": "Doe",
"date_of_birth": "1995-01-15",
"country": "US",
"address": {
"line1": "123 Main St",
"city": "San Francisco",
"state": "CA",
"postal_code": "94105"
},
"rfis": [],
"created_at": "2026-06-03T22:15:00Z",
"updated_at": "2026-06-04T10:00:00Z"
}
]
}
Retrieve a single verification
Pass an idpf_ tag in the path to read one profile directly.
curl https://api.whop.com/api/v1/verifications/idpf_xxxxxxxxxxxxx \
-H "Authorization: Bearer $WHOP_API_KEY"
data array).
Statuses
| Status | What it means | What to do |
|---|
pending | User hasn’t completed KYC yet | Send them to session_url |
approved | Identity verified | User can transact |
rejected | KYC declined | Create a new verification with restart: true |
action_required | A provider needs more info | Check rfis array — see Handle RFIs |
not_started | Profile exists, no session started | Call create to start |
session_url only appears when status is pending — it means the user still needs to complete KYC. Once approved or rejected, the URL is gone.
Response fields
Fields depend on kind. Individual verifications return personal fields, business verifications return company fields.
Individual (kind: "individual")
| Field | Type | Description |
|---|
first_name | string | Verified legal first name |
last_name | string | Verified legal last name |
date_of_birth | string | ISO date (e.g. 1995-01-15) |
country | string | ISO country code |
address | object | Verified residential address |
Business (kind: "business")
| Field | Type | Description |
|---|
business_name | string | Verified legal entity name |
business_structure | string | llc, corp, sole_proprietorship, etc. |
country | string | ISO country code |
address | object | Registered business address |
Authentication
Requires a Company API key with the identity:read scope.
Errors
| Status | Message | When |
|---|
400 | account_id is required | No biz_ tag provided |
401 | — | Missing or invalid API key |
403 | — | API key lacks identity:read scope |
404 | Account not found | The biz_ tag doesn’t exist or you don’t have access |
