stile

Identity verification API

One API for KYC, marketplace onboarding, and high-trust signup. Stile verifies the document, the person, and the match in one session, and returns a normalized identity assertion through a signed webhook.

  • Document Capture
  • Liveness
  • Face Match
  • mDL
  • Age Tier
  • Signed Webhook
Read the docsBook a demo
// POST /v1/verification_sessions
{
  "type": "identity",
  "workflow_id": "wf_01HQ9Z2N7K8VRPB",
  "return_url": "https://merchant.example/verified"
}

// Webhook  verification_session.verified
{
  "type": "verification_session.verified",
  "data": {
    "object": {
      "id": "vks_4p9x2m",
      "object": "verification_session",
      "status": "verified",
      "type": "identity",
      "current_method": "document_capture",
      "jurisdiction": "US-NY",
      "verification_result": {
        "method": "document_capture",
        "confidence": 0.97,
        "identity_verified": true,
        "face_match_passed": true
      }
    }
  }
}

Capabilities

One API for identity, KYC, and onboarding

Configure which evidence each flow requires, capture it through the hosted widget, and consume one signed identity assertion server-side.

What is identity verification? Identity verification confirms that a person is tied to a trusted credential and is present for the session. Stile checks document authenticity, liveness, and face match server-side, then returns a normalized signed assertion the application can act on. Identity verification is the broad case; age verification is the narrow configuration that returns only the age tier.

KYC and onboarding

One SDK covers customer KYC, business-representative verification, marketplace seller onboarding, and high-trust signup. The merchant configures which evidence is required per flow without integrating separate document, liveness, and fraud vendors.

Fraud and risk signals

Face match against the document portrait, hologram and tamper checks, device and capture-channel signals, and synthetic-identity detection. Risk signals are scored server-side and folded into the signed identity assertion the merchant receives.

Drop-in across regulated industries

The same session API powers identity flows for fintech onboarding, crypto exchange signup, marketplace seller verification, and lending applications. One signed webhook, one set of retention semantics, no reconciling four vendors when something goes wrong.

Verification inputs

Identity inputs normalized into one signed result

Identity verification varies by use case, but the integration shape stays consistent: request the evidence, let Stile verify it server-side, receive one signed assertion. Below is what Stile checks per input and what the merchant gets back.

Identity inputs normalized into one signed result
InputChecked by StileReturned signalMerchant receives
DocumentOCR · barcode · MRZ · issuer format · hologramdocument.verifiedNormalized assertion, not raw extraction output
SelfiePassive liveness · anti-spoof scoringliveness.passedDecision and audit pointer; no raw biometric
Face matchDocument portrait matched to presenterface_match.matchedMatch result bound to the session ID
Fraud signalsDevice · capture channel · synthetic identityrisk.scoreNumeric score and category, not raw signals
Credential (mDL)ISO/IEC 18013-5 signature verificationcredential.verifiedOnly the attributes the wallet released

How it works

How identity verification works

Three steps. Create a session, collect the configured evidence, receive a signed identity assertion.

1. Capture

Capture

The merchant creates a verification session. The hosted iframe collects the document and presenter evidence in one flow.

http
POST /v1/verification_sessions
{
  "type": "identity",
  "workflow_id": "wf_01HQ9Z2N7K8VRPB"
}

2. Verify

Verify

Document authenticity, passive liveness, and face match run server-side. The user never handles the final decision.

js
// verification_result attached server-side
{
  "current_method": "document_capture",
  "verification_result": {
    "method": "document_capture",
    "confidence": 0.97,
    "identity_verified": true,
    "face_match_passed": true,
    "liveness_score": 0.98
  }
}

3. Signal

Signal

A signed webhook delivers the verification outcome (status, type, current_method, jurisdiction, verification_result). Raw PII stays in Stile and is retrievable via the evidence-bundle API.

json
{
  "type": "verification_session.verified",
  "data": {
    "object": {
      "status": "verified",
      "type": "identity",
      "current_method": "document_capture",
      "jurisdiction": "US-NY"
    }
  }
}
ISO/IEC 18013-5 mDLSOC 2 Type IIGDPR / UK GDPRHMAC-SHA256 webhooksWCAG 2.2 AA

Privacy

Release the minimum identity needed, nothing more

Capture runs in the hosted widget and verification runs server-side. The merchant receives one signed event with the decision, the evidence summary, and an audit pointer rather than reconciling separate document, liveness, and fraud-provider responses.

Identity verification minimizes data: only the attributes the flow needs are returned; raw document and biometric stay server-side.

What the merchant receives

The signed webhook carries the session outcome (status, type, current_method, jurisdiction, verification_result). Raw PII (name, date of birth, document number), document images, and biometric templates never leave Stile in the webhook; an authenticated evidence-bundle API is available when an investigator needs them.

statusreturned
typereturned
current_methodreturned
jurisdictionreturned
verification_resultreturned
raw_piinever
document_imagenever
biometric_templatenever

Audit trail

Proof for the identity decision that was made

HMAC-SHA256-signed webhooks plus a verifiable audit chain. Counsel and compliance can see which evidence was checked, which fraud signals were weighed, what was decided, and when the signed event was delivered.

Identity verification audit trail with signed webhook events, timestamps, and session pointers

What you can hand to compliance

Every completed identity session records the evidence captured, the fraud signals evaluated, the verification result, the timestamp, and the signed event delivered to your system. The audit pointer resolves back to the full session record without exposing raw biometrics.

signed_eventjson
stile-signature: t=1747193410,v1=2b9e7c4f1a... {  "id": "evt_01HR3FK4S2NXQY6",  "type": "verification_session.verified",  "data": { "object": { "id": "vks_4p9x2m" } }}

FAQ

Identity verification, the parts buyers ask about

The compliance platform tracks the regimes that apply to identity verification: FinCEN customer identification rules, GLBA safeguards, BSA program requirements, EU eIDAS, the UK Money Laundering Regulations, and state-level KYC supplements. Stile maps each regime to the evidence requirements it imposes (document plus liveness for most fintech flows; document plus liveness plus address proof for higher-risk regimes) and returns the right verification configuration per session. Coverage changes ship through the same Stile API surface; merchants do not redeploy when a rule changes.

Get started

Stop integrating four identity vendors

Tell us the onboarding flow you're building, the credentials you accept, and the jurisdictions you operate in. Stile will map your KYC or marketplace use case to an identity verification flow your team can integrate and your compliance team can review.

Book demoRead the docs
Identity verification integration options for hosted iframe and direct API flows
Hosted iframe or direct API, same signed result.