Skip to main content
POST
/
v1
/
user
/
{user_id}
/
verification
Verify existing user
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: JSON.stringify({
    workflow_key: 'business_verification_default',
    reference_id: 'reverify_12345',
    metadata: {reason: 'annual_review'}
  })
};

fetch('https://api.getpalm.com/v1/user/{user_id}/verification', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
{
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "verification_id": "660f9511-f30c-52e5-b827-557766551111",
  "status": "completed",
  "risk": {
    "level": "low",
    "reasons": [
      "SSN first seen recently in bureau data",
      "Address mismatch detected",
      "High velocity on phone number (5 applications in 24 hours)",
      "Device fingerprint associated with known fraud",
      "Synthetic identity indicators detected with 85% confidence"
    ]
  },
  "match": {
    "first_name": "match",
    "last_name": "match",
    "middle_name": "match",
    "date_of_birth": "match",
    "ssn": "match",
    "email": "match",
    "phone_number": "match",
    "address_line_1": "match",
    "address_line_2": "match",
    "city": "match",
    "region": "match",
    "postal_code": "match"
  },
  "created_at": "2025-10-24T10:30:00Z",
  "reference_id": "user_12345",
  "synthetic": {
    "is_synthetic": false,
    "confidence_score": 15,
    "indicators": [
      "SSN issued after applicant date of birth",
      "Credit file recently established"
    ]
  },
  "velocity": {
    "email": 1,
    "phone": 2,
    "ssn": 1,
    "address": 3
  },
  "device": {
    "risk_score": 10,
    "is_emulator": false,
    "is_vpn": false,
    "is_proxy": false
  },
  "watchlist": {
    "status": "clear",
    "matches": [
      {
        "type": "sanctions",
        "name": "ofac_sdn",
        "confidence_score": 85
      }
    ]
  },
  "updated_at": "2025-10-24T10:35:00Z"
}

Authorizations

Authorization
string
header
required

Enter your API key in the format: sk_test_xxxxx or sk_live_xxxxx

Path Parameters

user_id
string
required

Body

application/json
workflow_key
string

Workflow key to use for verification. If not provided, uses organization default.

Example:

"business_verification_default"

reference_id
string

Your reference ID for tracking this verification

Example:

"reverify_12345"

metadata
object

Additional metadata to attach to this verification

Example:
{ "reason": "annual_review" }

Response

201 - application/json
user_id
string<uuid>
required

ID of the user entity created or verified

Example:

"550e8400-e29b-41d4-a716-446655440000"

verification_id
string<uuid>
required

Unique verification ID

Example:

"660f9511-f30c-52e5-b827-557766551111"

status
enum<string>
required

Current status of the verification

Available options:
pending,
in_progress,
completed,
failed
Example:

"completed"

risk
object
required

Risk assessment with level and detailed reasons

match
object
required

Field-level match results (only fields included in verification request)

created_at
string<date-time>
required

ISO 8601 timestamp of when the verification was created

Example:

"2025-10-24T10:30:00Z"

reference_id
string

Your reference ID (if provided in request)

Example:

"user_12345"

synthetic
object

Synthetic identity detection results

velocity
object

Velocity checks showing frequency of identity attributes across recent requests

device
object

Device intelligence (available for session-based verifications)

watchlist
object

Watchlist screening results (sanctions, PEP, adverse media)

updated_at
string<date-time>

ISO 8601 timestamp of when the verification was last updated

Example:

"2025-10-24T10:35:00Z"