Start verification for a customer
Creates a hosted verification session for a customer scoped to the calling
integration. The returned hosted_url is the hosted verification link that
the merchant must surface to their customer to complete verification.
Path
customer_id— required. Thecust_…external id of an existing, non-default customer that belongs to the calling integration.
Body
tier— optional. One oftier_1,tier_2. Defaults to the next tier above the customer’s current tier (tier_0→tier_1;tier_1→tier_2).tier_0is never a valid requested tier.redirect_url— optional. HTTPS URL the merchant wants the customer redirected to after the verification flow completes. Stored verbatim and echoed back on the response.
Replay & link refresh
If a pending session already exists for the same (customer_id, tier_requested) and its hosted_url_expires_at is in the future, this
endpoint returns that existing session unchanged — no second upstream call.
Clients can safely retry POSTs without an Idempotency-Key header.
If that pending session exists but its hosted_url has expired, this
endpoint mints a fresh hosted link and refreshes the same session in place,
returning it with a new hosted_url / hosted_url_expires_at. Call this
endpoint again to regenerate an expired verification link.
Example
POST /v1/customers/cust_01HXYZ/verifications
{
"tier": "tier_1",
"redirect_url": "https://merchant.com/onboarding/complete"
}
Authorizations
API key issued during merchant onboarding.
Headers
Optional client-supplied key. Identical key + identical body within 24h replays the original response. Identical key + different body returns 409 idempotency_conflict. The hash is over raw bytes — clients retrying must send the byte-identical body; a re-serialised JSON payload will produce a different hash and a 409. Strongly recommended for retry-safe clients.
^[A-Za-z0-9_\-]{8,255}$Body
CreateVerifyDto