Skip to main content
VerifyYou confirms that the person on the other end of your app is a real, live, unique human — not a bot, a deepfake, or someone who already came through. You send them through a hosted verification flow; they come back with a result you confirm on your server.

The whole flow in one picture

1

Start a verification

From the browser with the SDK’s vycheck(), or from your server with POST /v3/initialize. Both return a hosted URL and send the user to it.
2

We verify the human

The hosted flow runs a liveness check and a uniqueness check. If they’re on a desktop, we hand them off to their phone for the camera step and bring them back automatically. See Humanness and uniqueness.
3

The user returns to your app

We redirect back to your page with the result on the URL: ?vyt=<token>&vyc=<0|1>. Read it with vyget().
4

Confirm on your backend

Exchange the token for the authoritative result with GET /v3/confirmations/{token}. Gate access on that — never on the URL alone.

Where to go next

Humanness and uniqueness

How we prove someone is live, then prove they’re unique.

Accounts vs guests

Why a stable identity means less friction for returning users.

vyget() and vycheck()

The two browser calls that drive the whole flow.

POST /v3/initialize

Mint a session server-side, with a full parameter breakdown.

Keys

You get two keys, in test and live flavors:
  • Publishable key (pk_test_… / pk_live_…) — safe to ship in the browser. Used by the SDK.
  • Secret key (sk_test_… / sk_live_…) — backend only. Used to confirm tokens and to initialize server-side.
Never put a secret key in client-side code. Confirm verification results on your server with the secret key — the vyc value on the URL is only a UI hint.