Sessions

Sessions are the core of FaceSign's identity verification platform. A session represents a single identity verification flow powered by FaceSign's node-based flow system, guiding users through custom verification steps like conversational AI interactions, biometric checks, document scanning, and multi-factor authentication.

How FaceSign Sessions Work

FaceSign sessions work similarly to how Stripe handles payments. When you integrate FaceSign:

Create a session using the FaceSign API and get a session object + client secret
Save the session to your own database for tracking
Provide the client secret to the FaceSign frontend (web or mobile)
Listen for webhooks that inform you about session progress and completion
Update your database when webhooks arrive with the latest session status
Build your app logic using the session data stored in your database

This approach gives you several benefits:

Faster performance - No need to call external APIs repeatedly
Better reliability - Your app doesn't depend on external API availability
Enhanced control - All verification data is available in your database for queries and business logic
Audit trail - Complete history of verification attempts and results

Create a session

POST/v1/sessions

Create a new verification session with specified modules or custom flow

Create a verification session by providing configuration settings. You can use either a custom flow (recommended) or legacy modules for simple use cases, but not both.

const session = await client.sessions.create({
  clientReferenceId: 'user-123',
  metadata: { userId: '123', source: 'web' },
  modules: [
    { type: 'identityVerification' },
    { type: 'documentAuthentication' }
  ],
  customization: {
    branding: {
      primaryColor: '#007bff',
      logoUrl: 'https://your-domain.com/logo.png'
    }
  }
})

Response Examples

201Session created successfully

{
  "id": "vs_1a2b3c4d5e6f",
  "clientSecret": "vs_1a2b3c4d5e6f_secret_abc123def456",
  "createdAt": 1640995200,
  "status": "requiresInput",
  "settings": {
    "clientReferenceId": "user-123",
    "metadata": {
      "userId": "123",
      "source": "web"
    },
    "modules": [
      {
        "type": "identityVerification"
      },
      {
        "type": "documentAuthentication"
      }
    ]
  },
  "version": "2024-12-18"
}

Try it yourself

Test the session creation API with our interactive playground:

API Key

Request Body

The session model

The session model contains all the information about a verification session, including its configuration, status, and results.

Properties

Name
id
Type
string
Description
Unique identifier for the session.
Name
createdAt
Type
number
Description
Unix timestamp when the session was created.
Name
startedAt
Type
number
Description
Unix timestamp when the user began the verification flow.
Name
finishedAt
Type
number
Description
Unix timestamp when the session was completed or cancelled.
Name
status
Type
string
Description
Current status: requiresInput, processing, complete, or canceled.
Name
settings
Type
object
Description
Configuration object containing modules, customization, and flow settings.
Name
version
Type
string
Description
API version used for this session.
Name
report
Type
object
Description
Results of the verification including AI analysis, extracted data, and verification status.

Session Settings

Name
clientReferenceId
Type
string
Description
Your internal reference ID to link this session to your user.
Name
metadata
Type
object
Description
Key-value pairs for storing additional information about the session.
Name
initialPhrase
Type
string
Description
Optional custom greeting message for the AI avatar.
Name
finalPhrase
Type
string
Description
Optional custom closing message for the AI avatar.
Name
providedData
Type
object
Description
Pre-filled data to pass to the verification flow.
Name
avatarId
Type
string
Description
ID of the AI avatar to use for conversational interactions.
Name
langs
Type
array
Description
Array of supported language codes for this session.
Name
defaultLang
Type
string
Description
Default language code if user's preference isn't available.
Name
zone
Type
string
Description
Geographic zone: es (United States) or eu (European Union).
Name
modules
Type
array
Description
Array of legacy verification modules to include in this session (use flow instead for new implementations).
Name
flow
Type
object
Description
Custom node-based flow definition (recommended for new implementations).
Name
customization
Type
object
Description
UI customization options including colors, fonts, and branding.

Session Report

When a session is completed, the report object contains detailed verification results:

Name
transcript
Type
array
Description
Conversation transcript between user and AI avatar.
Name
aiAnalysis
Type
object
Description
AI-powered analysis including age estimation, gender detection, and authenticity assessment.
Name
location
Type
object
Description
User's location information (if available and consented).
Name
device
Type
object
Description
Device information and browser details.
Name
livenessDetected
Type
boolean
Description
Whether liveness was detected during biometric verification.
Name
lang
Type
string
Description
Language used during the verification session.
Name
extractedData
Type
object
Description
Data extracted from documents or user input during verification.
Name
screenshots
Type
array
Description
Array of screenshot URLs captured during verification.
Name
videos
Type
object
Description
URLs for avatar and user video recordings.
Name
isVerified
Type
boolean
Description
Overall verification result - true if verification was successful.

POST/sessions

Create a session

Creates a new verification session. The response includes both the session object and a client secret for frontend integration.

Required attributes

Name
clientReferenceId
Type
string
Description
Your internal reference ID to link this session to your user.
Name
modules
Type
array
Description
Array of verification modules to include. Each module has a type and configuration options.

Optional attributes

Name
metadata
Type
object
Description
Key-value pairs for storing additional information about the session.
Name
initialPhrase
Type
string
Description
Custom greeting message for the AI avatar.
Name
finalPhrase
Type
string
Description
Custom closing message for the AI avatar.
Name
providedData
Type
object
Description
Pre-filled data to pass to the verification flow.
Name
avatarId
Type
string
Description
ID of the AI avatar to use. Get available avatars from /avatars endpoint.
Name
langs
Type
array
Description
Array of supported language codes. Get available languages from /langs endpoint.
Name
defaultLang
Type
string
Description
Default language code (defaults to 'en').
Name
zone
Type
string
Description
Geographic zone: es or eu (defaults to 'es').
Name
flow
Type
object
Description
Custom node-based flow definition for advanced use cases.
Name
customization
Type
object
Description
UI customization options including colors and branding.

Request

POST

/sessions

curl https://api.facesign.ai/sessions \
  -H "Authorization: Bearer fs_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "clientReferenceId": "user_123",
    "metadata": {
      "user_id": "usr_abc123",
      "verification_type": "onboarding"
    },
    "modules": [
      {
        "type": "identityVerification"
      },
      {
        "type": "emailVerification",
        "email": "user@example.com"
      }
    ]
  }'

Response

{
  "session": {
    "id": "fs_session_abc123",
    "createdAt": 1706284800,
    "status": "requiresInput",
    "settings": {
      "clientReferenceId": "user_123",
      "metadata": {
        "user_id": "usr_abc123",
        "verification_type": "onboarding"
      },
      "modules": [
        { "type": "identityVerification" },
        { 
          "type": "emailVerification",
          "email": "user@example.com"
        }
      ],
      "defaultLang": "en",
      "zone": "es"
    }
  },
  "clientSecret": {
    "secret": "fs_client_secret_xyz789",
    "createdAt": 1706284800,
    "expireAt": 1706288400,
    "url": "https://verify.facesign.ai/?client_secret=fs_client_secret_xyz789"
  }
}

GET/sessions/:id

Retrieve a session

Retrieves the details of an existing session, including any verification results if the session has been completed.

Request

GET

/sessions/fs_session_abc123

curl https://api.facesign.ai/sessions/fs_session_abc123 \
  -H "Authorization: Bearer fs_live_..."

Response

{
  "session": {
    "id": "fs_session_abc123",
    "createdAt": 1706284800,
    "startedAt": 1706284850,
    "finishedAt": 1706285200,
    "status": "complete",
    "settings": { /* session settings */ },
    "report": {
      "isVerified": true,
      "livenessDetected": true,
      "extractedData": {
        "firstName": "John",
        "lastName": "Doe",
        "email": "user@example.com"
      },
      "aiAnalysis": {
        "ageMin": 25,
        "ageMax": 30,
        "sex": "male",
        "realPersonOrVirtual": "real",
        "overallSummary": "Verification successful with high confidence"
      }
    }
  },
  "clientSecret": {
    "secret": "fs_client_secret_xyz789",
    "createdAt": 1706284800,
    "expireAt": 1706288400,
    "url": "https://verify.facesign.ai/?client_secret=fs_client_secret_xyz789"
  }
}

GET/sessions/:id/refresh

Refresh client secret

Generates a new client secret for an existing session. This is useful if the original client secret has expired or been compromised. Note that old client secrets are immediately invalidated when a new one is generated.

Request

GET

/sessions/fs_session_abc123/refresh

curl https://api.facesign.ai/sessions/fs_session_abc123/refresh \
  -H "Authorization: Bearer fs_live_..."

Response

{
  "clientSecret": {
    "secret": "fs_client_secret_new456",
    "createdAt": 1706285000,
    "expireAt": 1706288600,
    "url": "https://verify.facesign.ai/?client_secret=fs_client_secret_new456"
  }
}

Session lifecycle

Understanding the session lifecycle helps you build a robust integration. Here's how sessions progress through their states:

graph LR
    A[Create Session] --> B[requiresInput]
    B --> C[User Starts Flow]
    C --> D[processing]
    D --> E{Verification}
    E -->|Success| F[complete]
    E -->|Failure| G[complete]
    E -->|User Exits| H[canceled]

Session statuses

requiresInput - Session created, waiting for user to begin verification
processing - User is actively going through the verification flow
complete - Verification finished (check report.isVerified for success/failure)
canceled - Session was cancelled by user or expired

Handling results with webhooks

The recommended approach is to use webhooks to get real-time updates about session status changes:

Webhook handler

app.post('/webhooks/facesign', async (req, res) => {
  const { type, data } = req.body;
  
  if (type === 'session.completed') {
    const session = data.session;
    
    // Update your database
    await db.verifications.update({
      where: { sessionId: session.id },
      data: {
        status: session.status,
        finishedAt: new Date(session.finishedAt * 1000),
        isVerified: session.report?.isVerified || false,
        extractedData: session.report?.extractedData || {}
      }
    });
    
    // Trigger your business logic
    if (session.report?.isVerified) {
      await approveUserAccount(session.settings.clientReferenceId);
      await sendWelcomeEmail(session.settings.clientReferenceId);
    } else {
      await flagUserForReview(session.settings.clientReferenceId);
    }
  }
  
  res.status(200).send('OK');
});

Integration best practices

1. Database-First Approach

Store session data in your database immediately after creation:

// Create session and store in your DB
const { session, clientSecret } = await client.sessions.create(config);

await db.verifications.create({
  id: generateId(),
  sessionId: session.id,
  userId: userId,
  status: session.status,
  clientReferenceId: session.settings.clientReferenceId,
  createdAt: new Date(session.createdAt * 1000),
  metadata: session.settings.metadata
});

// Return client secret to frontend
return { clientSecret: clientSecret.secret };

2. Use Webhooks for Real-Time Updates

Don't poll the API for session updates. Use webhooks instead:

// ❌ Don't do this - polling is slow and inefficient
setInterval(async () => {
  const { session } = await client.sessions.retrieve(sessionId);
  updateDatabase(session);
}, 5000);

// ✅ Do this - use webhooks for real-time updates
app.post('/webhooks/facesign', handleWebhook);

3. Handle Client Secret Expiration

Client secrets expire after 1 hour. Handle expiration gracefully:

async function getValidClientSecret(sessionId: string) {
  const session = await db.verifications.findUnique({
    where: { sessionId }
  });
  
  if (!session.clientSecret || isExpired(session.clientSecretExpiry)) {
    const { clientSecret } = await client.sessions.refreshSecret(sessionId);
    
    await db.verifications.update({
      where: { sessionId },
      data: {
        clientSecret: clientSecret.secret,
        clientSecretExpiry: new Date(clientSecret.expireAt * 1000)
      }
    });
    
    return clientSecret.secret;
  }
  
  return session.clientSecret;
}

4. Link Sessions to Your Users

Always use clientReferenceId to link sessions to your users:

const { session, clientSecret } = await client.sessions.create({
  clientReferenceId: user.id, // Your internal user ID
  metadata: {
    email: user.email,
    signupDate: user.createdAt.toISOString(),
    source: 'web_signup'
  },
  modules: [{ type: 'identityVerification' }]
});

5. Build Logic on Your Database

Query your own database for verification status, don't call the API repeatedly:

// ✅ Query your database
async function getUserVerificationStatus(userId: string) {
  return await db.verifications.findFirst({
    where: { 
      userId,
      status: 'complete'
    },
    orderBy: { createdAt: 'desc' }
  });
}

// Use in your application logic
const verification = await getUserVerificationStatus(userId);
if (verification?.isVerified) {
  // Allow access to premium features
}