Introduction to Identity Verification

Explore API

Plaid Identity Verification lets you verify the identity of your customers and seamlessly stitches together verification methods. Using Identity Verification, you can verify identification documents, phone numbers, name, date of birth, ID numbers, addresses, and more. Identity Verification also integrates directly with Monitor for an end-to-end verification and KYC solution.

Plaid Identity Verification can also be used together with Plaid Identity in a single workflow to provide full identity verification and fraud reduction. Identity Verification is used to verify that the user of your app is the person they claim to be, while Identity is used to confirm that the ownership information on their linked bank or credit card account matches this verified identity.

Identity Verification can be used to verify end users in any country. To integrate with Identity Verification, your company must be based in the US or Canada (support for additional countries coming soon).

Plaid offers a variety of verification checks to choose from. You can combine multiple verification checks within a single Identity Verification template via the Workflow Management editor, and even run certain checks conditionally, such as only running a particular verification if another verification fails, or running different checks based on your user's country of origin.

Lightning Verification verifies a user's name, address, date of birth, phone number, and ID number (such as SSN) against available records. You can configure the level of matching required for each field in your template’s Identity Rules. The results of this check will be summarized in the kyc_check object in the API.

Document Verification prompts the user to upload an image of an identity document. Plaid will use anti-fraud checks to verify that the document appears to be legitimate and is unexpired. Plaid will also verify the date of birth and name on the document against the data provided by the user. You can review and configure which document types are supported for each country.

When Selfie Check is enabled, the user will be asked to take a selfie as part of the verification process. Plaid will verify that the selfie submitted is a live video of a real human. If Document Verification is enabled, Selfie Check will also verify that the selfie matches the photo in the document.

SMS Verification will verify a user's phone number by asking them to enter a code sent via SMS.

If you're also using Monitor, AML Screening allows you to screen a user against government watchlists during an IDV session by incorporating one of your Monitor screening programs into an IDV template.

Plaid automatically runs anti-fraud checks in the background of a user’s verification session and summarizes the results into several categories. The data collected in each category is analyzed and assigned a risk level. Whether the overall risk check passes or fails is determined by the template’s Risk Rules, which you can configure.

The steps below explain how to set up the standard Identity Verification flow. For details on other flow options, including the backend-only flow and hosted UI flow, see Integration options for Identity Verification.

Note that unlike other Plaid products, which are configured primarily via the API, most options for Identity Verification are configured on the web, via the Template Editor within the Identity Verification Dashboard. Detailed documentation on configuring Identity Verification templates is available via in-app help within the Template Editor. To request access to the Template Editor and Identity Verification Dashboard, contact your Plaid Account Manager, or file a Product Access request.

1. Visit the Plaid dashboard and, in the upper-left corner, select Identity Verification and Monitor from the team selection drop-down list. If you don't see this option, you may need to talk to your Plaid Account Manager and ask them to enable this product for you, or file a Product access request.
2. Under Identity Verification, select or create the template you want to use, click the Integration button, and copy the template_id.
   • (Optional) If you plan to integrate with Monitor, enable the Screening Program option and select the appropriate Monitor program.
3. (Optional) Call /identity_verification/create if you already have information about your user that you can fill out on their behalf. See pre-populating user information for more details.
4. Call /link/token/create. In addition to the required parameters, you will need to provide the following:
   • For identity_verification.template_id, use the template_id you copied in step 2.
   • For products, use ["identity_verification"]. Identity Verification is mutually exclusive with other products.
   • Provide user.client_user_id and optionally user.email_address. See below for details on these fields.
5. On your web or mobile client, create an instance of Link using the link_token returned by /link/token/create; for more details, see the Link documentation.
6. When the user has successfully completed the client-side Link flow, you will receive an onSuccess callback and be able to review the session in the dashboard.
7. To retrieve the status of your user's verification attempt, make a call to /identity_verification/get, passing in the verification session ID. You can retrieve this session ID from the metadata in the Link callbacks, from the /identity_verification/create response, or from the Identity Verification webhooks that Plaid sends during the process.
8. You can retrieve a list of all of your user's verification attempts by making a call to /identity_verification/list, passing in the client_user_id and the template_id.

You can optionally track the progress of users through the Link flow via client-side callbacks and events. For more information, see Link callbacks.

Identity Verification is fully supported by Plaid's mobile SDKs. Because the end user may need to use the camera during the Identity Verification flow, your app must request certain permissions in order to fully support Identity Verification flows on mobile. For more details, see the documentation for the Android and iOS SDKs.

The mandatory client_user_id field should be a unique and persistent identifier for your customer, such as the id field on your users table.

Identity Verification intelligently handles sessions being started with the same client_user_id multiple times. If your customer starts a Link session, closes it, reopens it, and reopens your Link integration, their session will resume from where they left off. Likewise, if your customer has completed their Link session in the past (by either failing verification or passing), Plaid will not serve them another session unless you've manually authorized another attempt from the dashboard or made a call to /identity_verification/retry.

Plaid indexes the client_user_id you provide, allowing you to look up users using your internal id.

If you do not want to expose your internal id to Plaid directly, you can symmetrically encrypt the identifier with a secret key that only your servers know.

During /link/token/create, Identity Verification accepts email_address as an optional additional parameter. While the field is optional, we highly recommend providing it. Identity Verification will include the user's email in the Link session and perform a number of anti-fraud related checks, including analyzing social networks, abusive emails, and email address trustworthiness.

Identity Verification offers several options for streamlined flows.

If you already know some information about your user (such as their name, phone number, or address), you can simplify the verification process by making a call to /identity_verification/create, passing in any information you know about your user, including their client_user_id. When you open up a Link session against this same client_user_id, Identity Verification can make use of the information that you passed in. Any fields or screens requesting information you already provided will be skipped (not shown) in the UI. For data format specifications, see Hybrid Input Validation.

If you have already obtained a user's information and their consent to share it with Plaid, and do not need interactive capabilities such as Document Check, Selfie Check, or SMS verification, you can bypass the Identity Verification UI entirely and run an entirely programmatic verification:

1. Create a template that requires only Lightning (KYC) check and does not use SMS verification.
2. Call /identity_verification/create with all the user data required by this template and gave_consent: true.
3. Call /identity_verification/get with the id returned by /identity_verification/create to retrieve the status of the verification.

Identity Verification offers the option to generate Plaid-hosted verification links. These links can be used in scenarios where your user signed up for your service outside of an app or website -- for example if a user is opening a bank account or applying for a loan in person at a brick-and-mortar retail location. To generate a verification link, click Create verification from the Identity Verification template view in the dashboard. Alternatively, you can call /identity_verification/create with is_shareable: true; a verification link will be returned in the shareable_url field of the response. Once you have shared the verification link, the user can open the link and complete the verification on their phone or other device.

When auto-fill is enabled, Plaid will use the user's phone number and date of birth to attempt to auto-fill other fields. The user will be asked to confirm their auto-filled information is accurate before submitting. Auto-fill can only be enabled when using SMS Verification and Lightning Verification and is only available for US verifications.

Identity Verification currently supports flows in English, French, Spanish, and Japanese. Link will attempt to auto-detect the correct language based on the user's browser settings. Users can also manually change the language of their session through a dropdown in the Link UI. Unlike other Plaid products, Identity Verification does not use the language setting in /link/token/create.

For more information about testing Identity Verification in Sandbox, see Testing Identity Verification.

To learn more about building with Identity Verification, see the Identity Verification API Reference.

If you're ready to launch to Production, see the Launch checklist.