GET /v3/confirmations/{token}

When a user returns from the hosted flow, they carry a vyt token on the URL. GET /v3/confirmations/{token} exchanges that token for the authoritative result. This is the check that matters — run it on your backend with your secret key before you grant access. The vyc value on the URL is only a UI hint.

GET https://trust.verifyyou.com/v3/confirmations/{token}
Authorization: Bearer sk_…

Secret key only. Never confirm from the browser — that would expose your secret key.

This page is the guided walkthrough. To see every endpoint and try it out against the live API, use the API Reference — it’s generated from the same spec, so it never drifts.

Path parameter

token

string

required

The vyt confirmation token the user returned with after verifying. Read it off the URL with vyget().

Response

verified

boolean

Authoritative result — true only if the person passed the liveness and uniqueness checks and the confirmation isn’t locked. Gate access on this field.

external_id

string | null

The external_id attached to the session at initialize, if any.

verification

object

A reference to the verification this confirmation belongs to.

Show verification

external_id

string | null

Your external id for the verification, if one was set.

external_tenant_id

string | null

Your external tenant id for the verification, if one was set.

Response

{
  "verified": true,
  "external_id": "user_123",
  "verification": {
    "external_id": "signup-flow",
    "external_tenant_id": null
  }
}

Example

curl https://trust.verifyyou.com/v3/confirmations/<token> \
  -H "Authorization: Bearer sk_test_…"
# => { "verified": true, "external_id": null, "verification": { ... } }

Lock a confirmation (optional)

For one-time flows where the user won’t return — a single collection form, a one-time gate, where you’re not tracking identities and don’t want a second submission — lock the confirmation once you’ve accepted it. The token then becomes invalid for that verification: a subsequent GET /v3/confirmations/{token} returns verified: false.

POST https://trust.verifyyou.com/v3/confirmations/{token}/lock
Authorization: Bearer sk_…

locked

boolean

true once the confirmation is locked. A locked confirmation can’t be confirmed again.

Response

{ "locked": true }

Locking is single-use enforcement at the confirmation level. To bar the same human across devices and accounts, rely on uniqueness instead.

​Path parameter

​Response

​Example

​Lock a confirmation (optional)

Path parameter

Response

Example

Lock a confirmation (optional)