Verify your users’ identity documents
Create sessions and collect identity documents.
This guide explains how to use Stripe Identity to securely collect and verify identity documents.
Before you begin
- Activate your account.
- Fill out your Stripe Identity application.
- (Optional) Customize your brand settings on the branding settings page.
Note
To get access to the Identity iOS SDK, visit the Identity Settings page and click Enable.
To verify the identity of your users on iOS, present a verification sheet in your application. This guide includes the following steps:
- Set up Stripe.
- Add a server endpoint.
- Present the verification sheet.
- Handle verification events.
The steps in this guide are fully implemented in the example app and example backend server.
Set upServer-sideClient-side
Note
If you intend to use this SDK with Stripe’s Identity service, you must not modify this SDK. Using a modified version of this SDK with Stripe’s Identity service, without Stripe’s written authorisation, is a breach of your agreement with Stripe and might result in your Stripe account being shut down.
Install the SDK Client-side
The Stripe iOS SDK is open source, fully documented, and compatible with apps supporting iOS 13.0 or above.
Note
For details on the latest SDK release and past versions, see the Releases page on GitHub. To receive notifications when a new release is published, watch releases for the repository.
Set up camera authorization Client-side
The Stripe Identity iOS SDK requires access to the device’s camera to capture identity documents. To enable your app to request camera permissions:
- Open your project’s Info.plist in Xcode.
- Add the
NSCameraUsageDescriptionkey. - Add a string value that explains to your users why your app requires camera permissions, something such as:
This app uses the camera to take a picture of your identity documents.
See Apple’s documentation to learn more about requesting camera authorisation.
Install Stripe on your server Server-side
First, register for a Stripe account.
Then install the libraries for access to the Stripe API from your application:
Add a server endpointServer-side
Create a VerificationSession
A VerificationSession is the programmatic representation of the verification. It contains details about the type of verification, such as what check to perform. You can expand the verified outputs field to see details of the data that was verified.
You need a server-side endpoint to create the VerificationSession. Creating the VerificationSession server-side prevents malicious users from overriding verification options and incurring processing charges on your account. Add authentication to this endpoint by including a user reference in the session metadata or storing the session ID in your database.
For security, don’t create a VerificationSession object that’s directly accessible from the mobile client. Instead, your server provides the SDK with an ephemeral key – a short-lived API key with restricted access to the VerificationSession. You can think of an ephemeral key as a session, authorising the SDK to retrieve and update a specific VerificationSession object for the duration of the session.
After successfully creating a VerificationSession and ephemeral key, send the VerificationSession ID and ephemeral key secret to the client to show the document upload sheet.
Note
You can find a running implementation of this endpoint available on Glitch for quick testing.
Caution
The ephemeral key secret is bound to the VerificationSession and lets your app collect sensitive verification information such as document and selfie image files. It’s single-use and expires after 1 hour. Don’t store it, log it, embed it in a URL, or expose it to anyone other than the user. Make sure that you have TLS enabled on any endpoint that returns the ephemeral key secret. Send only the ephemeral key secret to your app to avoid exposing verification configuration or results.
Test your endpoint by starting your web server (for example, localhost:4242) and sending a POST request with curl to create a VerificationSession:
curl -X POST -is "http://localhost:4242/create-verification-session" -d ""
The response in your terminal looks like this:
HTTP/1.1 200 OK Content-Type: application/json { id: "vs_QdfQQ6xfGNJR7ogV6", ephemeral_key_secret: "ek_YWNjdF8xRm..." }
Present the verification sheetClient-side
Set up a button to present a verification sheet. After tapping the button, your user can capture and upload a picture of their passport, driver’s license, or national ID.
Before getting started, your verification page should:
- Explain to the user why they need to verify their identity.
- Include a verify identity button to present Stripe’s UI.
Add a button
Start by creating a view controller with a button that has a tap action and a loading indicator:
import UIKit class VerifyViewController: UIViewController { @IBOutlet weak var verifyButton: UIButton! @IBOutlet weak var activityIndicator: UIActivityIndicatorView! }
Import the StripeIdentity SDK
Import StripeIdentity to your view controller:
import UIKit import StripeIdentity class VerifyViewController: UIViewController { @IBOutlet weak var verifyButton: UIButton! @IBOutlet weak var activityIndicator: UIActivityIndicatorView! }
Add an action to the Verify button
Now that you have a button and an endpoint to create a VerificationSession, modify the button so that it presents the document upload sheet when tapped the document upload sheet when tapped.
Add a call to:
- Fetch the
VerificationSessionID and ephemeral key secret from your endpoint. - Instantiate an
IdentityVerificationSheetwith your brand logo and present it to the user. - Handle the
VerificationResultto know if the user completed the verification flow.
import UIKit import StripeIdentity class VerifyViewController: UIViewController { @IBOutlet weak var verifyButton: UIButton! @IBOutlet weak var activityIndicator: UIActivityIndicatorView! override func viewDidLoad() { super.viewDidLoad() verifyButton.addTarget(self, action: #selector(didTapVerifyButton), for: .touchUpInside) } @objc func didTapVerifyButton() { // Disable the button while the request is made verifyButton.isEnabled = false activityIndicator.startAnimating() // Make request to your verification endpoint var urlRequest = URLRequest(url: URL(string: "https://{{YOUR_SERVER_BASE_URL}}/create-verification-session")!) urlRequest.httpMethod = "POST" let task = URLSession.shared.dataTask(with: urlRequest) { [weak self] data, response, error in DispatchQueue.main.async { [weak self] in // Re-enable button self?.verifyButton.isEnabled = true self?.activityIndicator.stopAnimating() guard error == nil, let data = data, let responseJson = try? JSONDecoder().decode([String: String].self, from: data), let verificationSessionId = responseJson["id"], let ephemeralKeySecret = responseJson["ephemeral_key_secret"] else { // Handle error print(error as Any) return } self?.presentVerificationSheet(verificationSessionId: verificationSessionId, ephemeralKeySecret: ephemeralKeySecret) } } task.resume() } func presentVerificationSheet(verificationSessionId: String, ephemeralKeySecret: String) { // Configure a square brand logo. Recommended image size is 32 x 32 points. let configuration = IdentityVerificationSheet.Configuration( brandLogo: UIImage(named: "{{YOUR_BRAND_LOGO}}")! ) // Instantiate and present the sheet let verificationSheet = IdentityVerificationSheet( verificationSessionId: verificationSessionId, ephemeralKeySecret: ephemeralKeySecret, configuration: configuration ) verificationSheet.present(from: self, completion: { result in switch result { case .flowCompleted: // The user has completed uploading their documents. // Let them know that the verification is processing. print("Verification Completed!") case .flowCanceled: // The user did not complete uploading their documents. // You should allow them to try again. print("Verification Canceled!") case .flowFailed(let error): // If the flow fails, you should display the localized error // message to your user using error.localizedDescription print("Verification Failed!") print(error.localizedDescription) } }) } }
Test the verification sheet
Test that the verify button presents a document upload sheet:
- Tap the Verify Identity button.
- Ensure no error messages are shown.
If your integration isn’t working:
- Put a breakpoint where you fetch the
VerificationSessionID and ephemeral key secret. - Verify that no network errors exist and that the endpoint is returning a
VerificationSessionID and ephemeral key secret.
Handle verification events
Document checks are typically completed as soon as the user redirects back to your site and you can retrieve the result from the API immediately. In some rare cases, the document verification isn’t ready yet and must continue asynchronously. In these cases, you’re notified through webhooks when the verification result is ready. After the processing completes, the VerificationSession status changes from processing to verified.
Stripe sends the following events when the session status changes:
| Event name | Description | Next steps |
|---|---|---|
| identity.verification_session.verified | Processing of all the verification checks have completed, and they’re all successfully verified. | Trigger relevant actions in your application. |
| identity.verification_session.requires_input | Processing of all the verification checks have completed, and at least one of the checks failed. | Trigger relevant actions in your application and potentially allow your user to retry the verification. |
Use a webhook handler to receive these events and automate actions such as sending a confirmation email, updating the verification results in your database, or completing an onboarding step. You can also view verification events in the Dashboard.
Receive events and run business actions
With code
Build a webhook handler to listen for events and build custom asynchronous verification flows. Test and debug your webhook integration locally with the Stripe CLI.
Without code
Use the Dashboard to view all your verifications, inspect collected data, and understand verification failures.