{
  "info": {
    "_postman_id": "b3e20a7b-6b68-4f7e-9d57-6b1f7e5b4a01",
    "name": "Verihop API",
    "description": "Minimal Verihop API collection for backend integration testing. Import this collection, set the apiKey collection variable from your Verihop portal, then call Create Session. The callbackUrl host must be in your Verihop callback allowlist. In test mode, ask the Verihop backoffice/admin to add it to callback_allowlist; after go-live approval, approved callback domains become the enforced allowlist. After a successful app callback, paste the callback result_token into the resultToken variable before calling Get Session Result.",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
  },
  "auth": {
    "type": "bearer",
    "bearer": [
      {
        "key": "token",
        "value": "{{apiKey}}",
        "type": "string"
      }
    ]
  },
  "variable": [
    {
      "key": "baseUrl",
      "value": "https://api.verihop.com",
      "type": "string"
    },
    {
      "key": "apiKey",
      "value": "replace-with-your-api-key",
      "type": "string"
    },
    {
      "key": "callbackUrl",
      "value": "https://www.verihop.com/example-movie-success.html",
      "type": "string"
    },
    {
      "key": "idempotencyKey",
      "value": "",
      "type": "string"
    },
    {
      "key": "sessionId",
      "value": "",
      "type": "string"
    },
    {
      "key": "deepLink",
      "value": "",
      "type": "string"
    },
    {
      "key": "resultToken",
      "value": "",
      "type": "string"
    }
  ],
  "item": [
    {
      "name": "Public JWKS",
      "request": {
        "auth": {
          "type": "noauth"
        },
        "method": "GET",
        "header": [],
        "url": {
          "raw": "{{baseUrl}}/.well-known/jwks.json",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            ".well-known",
            "jwks.json"
          ]
        },
        "description": "Public signing keyset for verifying callback_jwt on your backend when callback JWTs are enabled."
      },
      "response": []
    },
    {
      "name": "Create Session",
      "event": [
        {
          "listen": "prerequest",
          "script": {
            "type": "text/javascript",
            "exec": [
              "function uuidv4() {",
              "  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (char) {",
              "    var random = Math.random() * 16 | 0;",
              "    var value = char === 'x' ? random : (random & 0x3 | 0x8);",
              "    return value.toString(16);",
              "  });",
              "}",
              "",
              "pm.collectionVariables.set('idempotencyKey', uuidv4());"
            ]
          }
        },
        {
          "listen": "test",
          "script": {
            "type": "text/javascript",
            "exec": [
              "pm.test('response is 201 Created or idempotent 200 OK', function () {",
              "  pm.expect([200, 201]).to.include(pm.response.code);",
              "});",
              "",
              "var body = {};",
              "try {",
              "  body = pm.response.json();",
              "} catch (error) {",
              "  body = {};",
              "}",
              "",
              "if (body.session_id) {",
              "  pm.collectionVariables.set('sessionId', body.session_id);",
              "}",
              "",
              "if (body.deep_link) {",
              "  pm.collectionVariables.set('deepLink', body.deep_link);",
              "}"
            ]
          }
        }
      ],
      "request": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Idempotency-Key",
            "value": "{{idempotencyKey}}"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"app\": \"RideNow\",\n  \"header\": \"Age check\",\n  \"fields\": [\n    \"legalName\",\n    \"over18\",\n    \"documentNumber\"\n  ],\n  \"callback\": \"{{callbackUrl}}\"\n}"
        },
        "url": {
          "raw": "{{baseUrl}}/v1/sessions",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "v1",
            "sessions"
          ]
        },
        "description": "Creates a verification session. The callbackUrl host must be configured in the customer callback_allowlist or the API returns callback_allowlist_required/callback_host_not_allowed. The response includes session_id, jwt, expires_at, and deep_link. Open the deep_link in your app/client or encode it as a QR for desktop-start flows."
      },
      "response": []
    },
    {
      "name": "Get Session Status",
      "request": {
        "method": "GET",
        "header": [],
        "url": {
          "raw": "{{baseUrl}}/v1/sessions/{{sessionId}}",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "v1",
            "sessions",
            "{{sessionId}}"
          ]
        },
        "description": "Fetches non-PII session status. The Create Session request stores sessionId automatically when it succeeds."
      },
      "response": []
    },
    {
      "name": "Get Session Result",
      "request": {
        "method": "GET",
        "header": [
          {
            "key": "X-Result-Token",
            "value": "{{resultToken}}"
          }
        ],
        "url": {
          "raw": "{{baseUrl}}/v1/sessions/{{sessionId}}/result",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "v1",
            "sessions",
            "{{sessionId}}",
            "result"
          ]
        },
        "description": "Fetches verified result payload after your callback receives result_token. Paste that callback result_token into the resultToken collection variable before sending this request. The result token is short-lived and single-use."
      },
      "response": []
    }
  ]
}