# Verify your users’ identity documents

Create sessions and collect identity documents.

This guide explains how to use Stripe Identity to securely collect and verify identity documents.

> To get access to the Identity React Native SDK, visit the [Identity Settings](https://dashboard.stripe.com/settings/identity) page and click **Enable**.

To verify the identity of your users on React Native, present a verification sheet in your application. This guide includes the following steps:

1. Set up Stripe.
1. Add a server endpoint.
1. Present the verification sheet.
1. Handle verification events.

## Before you begin

1. [Set up your Stripe account and verify your business](https://dashboard.stripe.com/account/onboarding).
1. Fill out your [Stripe Identity application](https://dashboard.stripe.com/identity/application).

The steps in this guide are fully implemented in the [example app](https://github.com/stripe/stripe-identity-react-native/tree/main/example) and [example back-end server](https://codesandbox.io/p/devbox/compassionate-violet-gshhgf).

## Set up [Server-side] [Client-side]

### Install the SDK (Client-side)

The [React Native SDK](https://github.com/stripe/stripe-identity-react-native) is open source, [fully documented](https://stripe.dev/stripe-identity-react-native), and compatible with apps supporting iOS 13.0 or Android 5.0 (API level 21) and above. Internally, it uses native [iOS](https://github.com/stripe/stripe-ios/tree/master/StripeIdentity) and [Android](https://github.com/stripe/stripe-android/tree/master/identity) SDKs.

Install the SDK by running:

#### Yarn

```bash
yarn add @stripe/stripe-identity-react-native
```

> For details on the latest SDK release and past versions, see the [Releases](https://github.com/stripe/stripe-identity-react-native/releases) page on GitHub. To receive notifications when a new release is published, [watch releases for the repository](https://help.github.com/en/articles/watching-and-unwatching-releases-for-a-repository#watching-releases-for-a-repository).

For iOS, run `pod install` in the `ios` directory to ensure that you also install the required native dependencies. Android doesn’t require any additional steps.

### Set up camera authorization for iOS (Client-side)

The Stripe Identity iOS SDK requires access to the device’s camera to capture identity documents. To enable your app to request camera permissions:

1. Open your project’s **Info.plist** in Xcode.
1. Add the `NSCameraUsageDescription` key.
1. Add a string value that explains to your users why your app requires camera permissions, something such as:

> This app uses the camera to take a picture of your identity documents.

See [Apple’s documentation](https://developer.apple.com/documentation/avfoundation/cameras_and_media_capture/requesting_authorization_for_media_capture_on_ios) to learn more about requesting camera authorisation.

### Set up material theme for Android (Client-side)

The Stripe Identity Android SDK requires the hosting activity to use [material theme](https://material.io/develop/android/theming/dark). To enable material theme:

1. Open your project’s `app/src/main/AndroidManifest.xml`.
1. Make sure the `android:theme` applied to the `application` is a child of one of the material themes (for example, `Theme.MaterialComponents.DayNight`).

### Install Stripe on your server (Server-side)

First, [register](https://dashboard.stripe.com/register) for a Stripe account.

Then install the libraries for access to the Stripe API from your application:

#### Ruby

```bash
# Available as a gem
sudo gem install stripe
```

```ruby
# If you use bundler, you can add this line to your Gemfile
gem 'stripe'
```

## Add a server endpoint [Server-side]

### Create a VerificationSession

A [VerificationSession](https://docs.stripe.com/api/identity/verification_sessions.md) is the programmatic representation of the verification. It contains details about the type of verification, such as what [check](https://docs.stripe.com/identity/verification-checks.md) to perform. You can [expand](https://docs.stripe.com/api/expanding_objects.md) the [verified outputs](https://docs.stripe.com/api/identity/verification_sessions/object.md#identity_verification_session_object-verified_outputs) field to see details of the data that was verified.

You can use verification flows for re-usable configuration, which is passed to the [verification_flow](https://docs.stripe.com/api/identity/verification_sessions/create.md#create_identity_verification_session-verification_flow) parameter. Read more in the [Verification flows guide](https://docs.stripe.com/identity/verification-flows.md).

You need a server-side endpoint to [create the VerificationSession](https://docs.stripe.com/api/identity/verification_sessions/create.md). Creating the `VerificationSession` server-side prevents malicious users from overriding verification options and incurring processing charges on your account. Add authentication to this endpoint by including a user reference in the session metadata or storing the session ID in your database.

For security, don’t create a `VerificationSession` object that’s directly accessible from the mobile client. Instead, your server provides the SDK with an ephemeral key – a short-lived API key with restricted access to the [VerificationSession](https://docs.stripe.com/api/identity/verification_sessions.md). You can think of an ephemeral key as a session, authorising the SDK to retrieve and update a specific `VerificationSession` object for the duration of the session.

After successfully creating a `VerificationSession` and ephemeral key, send the `VerificationSession` [ID](https://docs.stripe.com/api/identity/verification_sessions/object.md#identity_verification_session_object-id) and ephemeral key secret to the client to show the document upload sheet.

> You can find a running implementation of this endpoint [here](https://codesandbox.io/p/devbox/compassionate-violet-gshhgf) for quick testing.

#### Node.js

```javascript

// Don't put any keys in code. See https://docs.stripe.com/keys-best-practices.
// Find your keys at https://dashboard.stripe.com/apikeys.
const stripe = require('stripe')('<<YOUR_SECRET_KEY>>');

// In the route handler for /create-verification-session:
// Authenticate your user.

// Create the session.
const verificationSession = await stripe.identity.verificationSessions.create({
  type: 'document',
  provided_details: {
    email: 'user@example.com',
  },
  metadata: {
    user_id: '{{USER_ID}}',
  },
});

// Create an ephemeral key for the VerificationSession
const ephemeralKey = await stripe.ephemeralKeys.create(
  {verification_session: verificationSession.id},
  {apiVersion: '2026-05-27.dahlia'}
);

// Return only the ID and ephemeral key secret to the frontend.
const verificationSessionId = verificationSession.id;
const ephemeralKeySecret = ephemeralKey.secret;
```

> The ephemeral key secret is bound to the `VerificationSession` and lets your app collect sensitive verification information such as document and selfie image files. It’s single-use and expires after 1 hour. Don’t store it, log it, embed it in a URL, or expose it to anyone other than the user. Make sure that you have TLS enabled on any endpoint that returns the ephemeral key secret. Send only the ephemeral key secret to your app to avoid exposing verification configuration or results.

Test your endpoint by starting your web server (for example, `localhost:4242`) and sending a POST request with curl to create a VerificationSession:

```bash
curl -X POST -is "http://localhost:4242/create-verification-session" -d ""
```

The response in your terminal looks like this:

```bash
HTTP/1.1 200 OK
Content-Type: application/json

{ id: "vs_QdfQQ6xfGNJR7ogV6", ephemeral_key_secret: "ek_YWNjdF8xRm..." }
```

## Present the verification sheet [Client-side]

Set up a button to present a verification sheet. After tapping the button, your user can capture and upload a picture of their passport, driver’s license, or national ID.

Before getting started, your verification page should:

- Explain to the user why they need to verify their identity.
- Include a verify identity button to present Stripe’s UI.

### Add a button

Start by creating a Button component:

```javascript
import React from 'react';
import {
  View,
  Button,
} from 'react-native';

function VerifyScreen() {
  return (
    <View>
      <Button
        title='Verify'
      />
    </View>
  );
}
```

### Import the Stripe Identity SDK

Import the `useStripeIdentity` hook:

```javascript
import React from 'react';
import {
  View,
  Button,
} from 'react-native';import { useStripeIdentity } from "@stripe/stripe-identity-react-native";

function VerifyScreen() {
  return (
    <View>
      <Button
        title='Verify'
      />
    </View>
  );
}
```

### Add an event handler to the Verify button

Now that you have a button and an endpoint to create a VerificationSession, modify the button so that it presents the document upload sheet when tapped.

Add a call to:

- Fetch the `VerificationSession` ID and ephemeral key secret from your endpoint.
- Instantiate the `useStripeIdentity` hook by passing `fetchOptions` with your brand logo and presenting it to the user.
- Handle the `status` to know if the user completed the verification flow.

```javascript
import React from 'react';
import {
  View,
  Button,Text,
  Image
} from 'react-native';
import { useStripeIdentity } from "@stripe/stripe-identity-react-native";
// A square logo for your brand
import logo from './assets/{{YOUR_BRAND_LOGO}}.png';

function VerifyScreen() {const fetchVerificationSessionParams = async () => {
    try {
      const data = await fetch(`${YOUR_SERVER_BASE_URL}/create-verification-session`, {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
        },
      });
      const json = await data.json();
      return json;
    } catch (e) {
      return {};
    }
  };

  const fetchOptions = async () => {
    const response = await fetchVerificationSessionParams();
    return {
      sessionId: response.id,
      ephemeralKeySecret: response.ephemeral_key_secret,
      brandLogo: Image.resolveAssetSource(logo),
    };
  };

  const { status, present, loading } = useStripeIdentity(fetchOptions);

  const handlePress = React.useCallback(() => {
    present();
  }, [present]);

  return (
    <View>
      <Button
        title='Verify'disabled={loading}
        onPress={handlePress}
      /><Text>Status: {status}</Text>
    </View>
  );
}
```

### Test the verification sheet

Test that the verify button presents a document upload sheet:

- Tap the **Verify Identity** button.
- Ensure no error messages are shown.

If your integration isn’t working:

1. Put a breakpoint where you fetch the `VerificationSession` ID and ephemeral key secret.
1. Verify that no network errors exist and that the endpoint is returning a `VerificationSession` ID and ephemeral key secret.

## Handle verification events

[Document checks](https://docs.stripe.com/identity/verification-checks.md#document-availability) are typically completed as soon as the user redirects back to your site and you can retrieve the result from the API immediately. In some rare cases, the document verification isn’t ready yet and must continue asynchronously. In these cases, you’re notified through webhooks when the verification result is ready. After the processing completes, the VerificationSession status changes from `processing` to `verified`.

Stripe sends the following events when the session status changes:

| Event name                                                                                                                                           | Description                                                                                                                                                 | Next steps                                                                                              |
| ---------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- |
| [identity.verification_session.verified](https://docs.stripe.com/api/events/types.md#event_types-identity.verification_session.verified)             | Processing of all the [verification checks](https://docs.stripe.com/identity/verification-checks.md) have completed, and they’re all successfully verified. | Trigger relevant actions in your application.                                                           |
| [identity.verification_session.requires_input](https://docs.stripe.com/api/events/types.md#event_types-identity.verification_session.requires_input) | Processing of all the [verification checks](https://docs.stripe.com/identity/verification-checks.md) have completed, and at least one of the checks failed. | Trigger relevant actions in your application and potentially allow your user to retry the verification. |

Use a [webhook handler](https://docs.stripe.com/identity/handle-verification-outcomes.md) to receive these events and automate actions such as sending a confirmation email, updating the verification results in your database, or completing an onboarding step. You can also view [verification events in the Dashboard](https://dashboard.stripe.com/events?type=identity.%2A).

## Receive events and run business actions

### With code

Build a webhook handler to listen for events and build custom asynchronous verification flows. Test and debug your webhook integration locally with the Stripe CLI.

[Build a custom webhook](https://docs.stripe.com/identity/handle-verification-outcomes.md)

### Without code

Use the Dashboard to view all your verifications, inspect collected data, and understand verification failures.

[View your test verifications in the Dashboard](https://dashboard.stripe.com/test/identity/verification-sessions)