stile

Age Verification API

One API for regulated eCommerce. Stile monitors US state rules and returns the right verification requirement for every session.

  • Document Capture
  • Liveness
  • Face Match
  • mDL
  • Age Tier
  • Signed Webhook
Read the docsBook a demo
# POST /v1/verification_sessions
session = {
  "type": "age",
  "workflow_id": "wf_01HQ9Z2N7K8VRPB",
  "jurisdiction": "US-CA",
  "return_url": "https://acme.com/verified",
}

Capabilities

One API for regulated age checks

Create a session, pass the merchant context, and let Stile apply the required rule before returning a signed result.

What is age verification compliance? Age verification compliance is the process of confirming a user meets the minimum age required by the applicable rule, without exposing unnecessary identity data. Stile checks accepted evidence and returns a signed age decision through a webhook. Stile verifies age against a credential-backed record; it does not estimate age from appearance.

Document scan

OCR plus barcode cross-reference for IDs across 200+ jurisdictions. Returns a normalized age tier matched to the merchant's ruleset.

200+ jurisdictionsPDF417 / MRZ

Liveness + face match

Passive liveness with anti-spoof scoring, paired against the document portrait. Sub-second; defeats injection, replay, and printed-photo attacks.

verifiedspoofed<1s

mDL + digital wallets

ISO/IEC 18013-5 mobile driver's licences. The wallet releases the age tier only; the merchant never sees the document.

ISO 18013-5Apple · Google

US jurisdictions

State age verification laws, resolved per session

Stile's compliance platform monitors US state requirements, including LA Act 440, TX HB 1181, UT SB 287, VA SB 1515, MS HB 1126, FL HB 3, and regulated alcohol, tobacco, and cannabis rules. Seven representative states shown; the full coverage map lives on /compliance/us.

State age verification laws, resolved per session
StateMinimum ageRule sourceAccepted documentsPII retained
US-CA21+NMDAA · ABC ActDriver's license · Passport · mDL0 days
US-TX18+HB 1181 Driver's license · Passport · mDL0 days
US-LA18+Act 440 Driver's license · Passport0 days
US-FL18+HB 3 Driver's license · State ID0 days
US-UT18+SB 287 Driver's license · Passport0 days
US-VA18+SB 1515 Driver's license · Passport0 days
US-MS18+HB 1126 Driver's license · Passport0 days

How it works

How age verification works

Three steps. Create a session, collect evidence, receive a signed decision.

1. Capture

Capture

The merchant creates a verification session via POST. The user is redirected to the hosted iframe that handles document or wallet capture.

http
POST /v1/verification_sessions
{
  "type": "age",
  "workflow_id": "wf_01HQ9Z2N7K8VRPB"
}

2. Verify

Verify

OCR plus barcode cross-reference for documents, ISO 18013-5 signature check for mDL, plus liveness scoring and document-portrait match. All server-side.

js
// verification_result attached server-side
{
  "current_method": "document_capture",
  "age_tier": "min_age_21",
  "jurisdiction": "US-CA",
  "verification_result": {
    "method": "document_capture",
    "confidence": 0.96,
    "age_verified": true,
    "face_match_passed": true,
    "liveness_score": 0.98
  }
}

3. Signal

Signal

A signed webhook delivers the eligibility decision, jurisdiction, session ID, and audit pointer. HMAC-SHA256 signature; verify before acting on the result.

json
{
  "type": "verification_session.verified",
  "data": {
    "object": {
      "status": "verified",
      "type": "age",
      "current_method": "document_capture",
      "age_tier": "min_age_21",
      "jurisdiction": "US-CA"
    }
  }
}
ISO/IEC 18013-5 mDLSOC 2 Type IIGDPR / UK GDPRHMAC-SHA256 webhooksWCAG 2.2 AA

Privacy

The merchant gets the answer, not the document

The default flow returns only what the merchant needs to enforce access: eligible or not eligible.

The wallet releases only the age token. The document, biometric, and date of birth never leave Stile.

What the merchant receives

In the default configuration, the signed webhook returns only the eligibility decision and configured age threshold. The document image, biometric template, and date of birth never leave Stile.

age_tierreturned
statusreturned
jurisdictionreturned
document_imagenever
date_of_birthnever
biometric_templatenever

Audit trail

Proof for the rule that applied

HMAC-SHA256-signed webhooks plus a verifiable audit chain. Counsel can see what was decided, when, which evidence was checked, and which rule was applied.

Age verification audit trail with signed webhook events, timestamps, and session pointers

What you can hand to counsel

Every completed session records the rule Stile applied, the jurisdiction used, the verification result, the timestamp, and the signed event delivered to your system.

signed_eventjson
stile-signature: t=1747193410,v1=8c3d4f1a... {  "id": "evt_01HR3FK4S2NXQY6",  "type": "verification_session.verified",  "data": { "object": { "id": "vks_4p9x2m" } }}

FAQ

Age verification, the parts buyers ask about

Government-issued documents from 200+ jurisdictions — passports, driver's licenses, national IDs, residence permits — and ISO/IEC 18013-5 mobile driver's licenses from Apple Wallet and Google Wallet for the US states that issue them. The flow auto-routes to whichever credential the user presents; the merchant configures which credential types are acceptable for their ruleset.

Get started

Stop carrying state-by-state age rules

Tell us what you sell, where you sell it, and which checkout paths need verification. Stile will map the regulated-eCommerce use case to an age verification flow your team can integrate and your compliance team can review.

Book demoRead the docs
Age verification integration options for hosted iframe and direct API flows
Hosted iframe or direct API, same signed result.