Skip to main content

Identity Verification

Identity verification is not yet available in production. This page documents how the system works so you can plan your integration ahead of time. We’ll announce when it goes live.
Identity verification lets your users prove their real-world identity through a document scan and selfie. Verified users unlock significantly higher instant deposit limits, which means faster access to their balance after depositing skins.

Why Verification Matters

Without verification, instant credit per deposit is capped at a relatively low amount (around $50 by default). This is a risk control. With verification, that cap jumps to around $1,000 per deposit, because we can tie the account to a real identity and enforce consequences across all accounts owned by the same person.
Verification LevelInstant Credit CapCollateral Floor
Level 0 (none)~$50/depositBaseline
Level 1 (PictureID)~$1,000/depositHigher guaranteed minimum
The exact numbers depend on the active risk policy, but the difference is substantial.

The Verification Flow

1

Start verification

Your frontend calls POST /client/verification/start with the user’s client token. Optionally include an email address (needed for multi-account linking later). You receive back a captureUrl.
2

User completes capture

Open the captureUrl in a browser or webview. The user scans their ID document and takes a selfie. The capture process is handled entirely by the verification provider.
3

Processing

After capture, the provider processes the document and liveness check. This typically takes a few seconds to a minute.
4

Result

A webhook notifies AssetPay of the result. If accepted, the user’s verificationLevel is updated to 1 and higher deposit limits take effect immediately.

Starting Verification

POST https://api.assetpay.co/client/verification/start
Content-Type: application/json
Authorization: CLIENT_TOKEN

{
  "email": "user@example.com"
}
The email field is optional but recommended. It’s used for multi-account linking (see below). Response: 
{
  "requestId": "...",
  "success": true,
  "data": {
    "captureUrl": "https://capture.signicat.com/...",
    "dossierId": "dossier-uuid"
  }
}
Open captureUrl in the user’s browser. After they complete the capture, they’ll be redirected back to your site.
Only one verification process can be active at a time per user. If a process was started within the last 30 minutes, you’ll get a VERIFICATION_IN_PROGRESS error. Wait for it to complete or expire before starting a new one.

Checking Status

Poll the status endpoint to update your UI: 
GET https://api.assetpay.co/client/verification/status
Authorization: CLIENT_TOKEN
Response: 
{
  "requestId": "...",
  "success": true,
  "data": {
    "verificationLevel": 1,
    "email": "user@example.com",
    "latestProcess": {
      "dossierId": "dossier-uuid",
      "processId": "process-uuid",
      "captureUrl": "https://capture.signicat.com/...",
      "status": "ACCEPTED",
      "createdAt": "2026-03-04T14:30:00Z",
      "completedAt": "2026-03-04T14:35:00Z"
    },
    "linkedIdentity": {
      "id": "identity-uuid",
      "firstName": "John",
      "lastName": "Doe",
      "documentCountry": "NOR",
      "linkedAt": "2026-03-04T14:35:00Z"
    }
  }
}

Process Statuses

StatusMeaning
CREATEDVerification started, capture URL generated
CAPTURE_PENDINGUser is in the capture flow
PROCESSINGDocument and selfie are being analyzed
ACCEPTEDVerification successful, user is now level 1
REJECTEDDocument or selfie failed validation
ERRORSomething went wrong during processing
EXPIREDProcess was not completed within 30 minutes
Once verificationLevel is 1, the user’s instant credit cap is raised immediately. No further action needed on your side.

Multi-Account Linking

Some users have multiple Steam accounts. Identity verification supports linking multiple accounts to the same real-world identity, so they don’t need to verify each account separately.

How It Works

  1. User verifies on their primary account (document + selfie)
  2. On a second account, you call POST /client/verification/start with the same email address
  3. Then call POST /client/verification/link to link the second account to the existing verified identity
POST https://api.assetpay.co/client/verification/link
Authorization: CLIENT_TOKEN
If the email matches a previously verified identity, the account is linked and its verificationLevel is set to 1. No second document scan is required.

Limits

Each identity has a maximum number of linked accounts (default: 10). If a user tries to link more accounts than the cap allows, they’ll get a VERIFICATION_ACCOUNT_CAP_REACHED error.

Security: Trust Cascade

Identity linking is not just a convenience feature. It’s also a security mechanism. When accounts are linked to the same identity, trust penalties cascade across all of them. If one linked account gets a deposit reversal (fraud, chargeback, or cancelled trade), the trust factor is destroyed on every account tied to that identity. This means:
  • A user can’t create multiple Steam accounts to bypass trust penalties
  • One bad trade affects all of their accounts
  • Recovery requires rebuilding trust from near-zero on all accounts
This is by design. It’s the tradeoff that makes higher instant credit limits safe for verified users.

What Gets Stored

AssetPay takes privacy seriously in the verification flow:
  • National ID numbers are never stored. They’re hashed with BLAKE3 on receipt. Only the hash is persisted, used for identity matching across accounts.
  • Basic identity fields (first name, last name, document country) are stored to help with admin lookups.
  • Full verification responses from the provider are stored for audit purposes.

Errors

CodeKeyWhen
1500VERIFICATION_NOT_AVAILABLEVerification is not enabled yet
1501VERIFICATION_ALREADY_VERIFIEDAccount is already at level 1
1502VERIFICATION_IN_PROGRESSActive process exists (wait 30 min or complete it)
1504VERIFICATION_BANNED_IDENTITYThis identity has been banned
1505VERIFICATION_ACCOUNT_CAP_REACHEDToo many accounts linked to this identity
1506VERIFICATION_ALREADY_LINKEDAccount is already linked to an identity
1507VERIFICATION_LINK_FAILEDNo matching identity found for email
1510VERIFICATION_EMAIL_REQUIREDEmail is needed for linking (pass it in /start)

Integration Checklist

When verification goes live, here’s what you’ll need:
  1. Add a “Verify Identity” button in your UI that calls POST /client/verification/start and opens the returned captureUrl
  2. Poll /client/verification/status to update the UI when verification completes
  3. Show verification status on the user’s profile so they know their current level
  4. Display the higher collateral from the inventory response for verified users, so they see the benefit
  5. Handle the VERIFICATION_IN_PROGRESS error gracefully (show “verification pending” instead of an error)
  6. (Optional) Support multi-account linking by collecting an email and calling /client/verification/link for secondary accounts