Loading API Documentation...

VerifyNow API overview

The VerifyNow REST API lets South African businesses run identity verification, AML/PEP screening, CIPC checks, bank account verification, face match, and vehicle lookup from their own application. Authentication is via a Bearer API key; responses are JSON; pricing is per verification in credits.

Endpoints

Identity verification

POST /verify
Home Affairs SA ID verification with photo matching.
POST /verify-document
ID document authentication with OCR and fraud signals.
POST /face-match
Selfie-to-ID biometric match with confidence score.

Compliance screening

POST /aml-pep
AML/PEP/sanctions screening across 190+ countries.
POST /consumer-trace
Address, contact, and employment trace on an SA ID.
POST /consumer-trace-lite
Quick consumer contact and address lookup.

Business verification

POST /cipc/company
CIPC company registration and status check.
POST /cipc/director
Director search — all directorships for an SA ID.

Payments

POST /bank-account-verification
Real-time bank account ownership and validity.

Vehicle

POST /number-plate
Vehicle specs by registration number (57+ countries).
POST /vin-decode
Decode a 17-character VIN to vehicle specifications.

Developer FAQs

How do I authenticate requests to the VerifyNow API?
Every request must include an API key via the Authorization header as Bearer <YOUR_API_KEY>. API keys are scoped per account and can be rotated from the dashboard. Production requests should also include an Idempotency-Key header for safe retries.
What response format does the API use?
All endpoints return JSON. Successful responses use HTTP 200 with a consistent envelope containing a data object and a meta object (request id, credits spent, latency). Errors return a 4xx/5xx status with a structured error.code and error.message.
Are there rate limits?
Yes. Default rate limits are 60 requests per minute per API key, burstable to 120 per minute. Enterprise accounts can request higher limits. Exceeding the limit returns HTTP 429 with a Retry-After header.
How does webhook delivery work?
Long-running verifications (e.g. document authentication, liveness) can optionally deliver a webhook callback when they complete. Webhook endpoints must use HTTPS and cannot point to private, local, or cloud metadata addresses. Webhook payloads are signed with an HMAC-SHA256 signature in the X-VerifyNow-Signature header so you can verify authenticity.
Is there a sandbox environment?
Yes. Sandbox keys are available in the dashboard and hit the same endpoints with a sandbox. prefix. Sandbox requests do not consume credits and return deterministic fixture data for a documented set of SA ID numbers.
What data does the API store?
Request and response metadata (status, credits spent, latency, compliance audit trail) are stored for seven years as required by FICA Section 23. Personal payload data is stored per your account data-retention policy. All data is hosted in South Africa.