API Integration Guide
Partner API Integration Guide (Browser Sessions)
Overview
The Partner API provides endpoints for creating and managing browser-based verification sessions. This API allows partners to embed CR3DENTIALS verification directly in their applications using an iframe-based approach with isolated, secure browser sessions.
Key Features:
Embedded iframe experience — Users verify accounts directly in your app
zkTLS verification — Cryptographically proven data without storing credentials
Real-time webhooks — Instant notifications when verification completes
Secure isolation — Each session runs in a completely isolated browser environment
Authentication
The Partner API uses API Key authentication for all endpoints.
Headers
x-api-key
Your partner API key (required for all endpoints)
Content-Type
application/json
Example
Endpoints
List Browser Platforms
Returns a list of all active browser platforms available for verification sessions. Use this endpoint to display platform options to users.
Authentication: API Key required
Response
Response Fields
id
number
Platform ID (use this when creating sessions)
name
string
Unique platform identifier
displayName
string
Human-readable platform name
description
string
Platform description
icon
string
Platform logo URL
loginUrl
string
Default login URL
allowCustomUrl
boolean
Whether custom URLs are allowed
isActive
boolean
Platform availability status
createdAt
string
Creation timestamp
updatedAt
string
Last update timestamp
Create Browser Session
Creates a new browser verification session. Returns an embed URL for iframe integration.
Authentication: API Key required
Request Body
Request Parameters
platformId
number
Yes
Platform ID (must match a configured BrowserPlatform)
receiverData
object
No
External receiver data (name, email, phone, etc.)
expiresInHours
number
No
Session expiration in hours (1-24, default: 1)
webhookUrl
string
No
HTTPS webhook URL for status updates
externalReferenceId
string
No
Your tracking ID (included in responses/webhooks)
Response
Get Browser Session Details
Retrieves the current status and details of a browser session. Use this to poll for session completion or retrieve verification results.
Authentication: API Key required
Parameters
id
string (path)
Session ID (UUID)
Response
Response Fields
sessionId
string
Unique session identifier
status
string
Current session status (see Session Statuses)
progress
number
Verification progress (0-100)
embedUrl
string
URL for iframe embedding
streamUrl
string
WebRTC stream URL (when connected)
platformId
number
Platform ID
platform
object
Platform details (name, logo)
expiresAt
string
Session expiration timestamp
createdAt
string
Session creation timestamp
completedAt
string
Completion timestamp (if completed)
errorMessage
string
Error description (if failed)
errorCode
string
Error code (if failed)
hasAttestation
boolean
Whether attestation is available
extractedData
object
Verified data (if completed)
List Browser Sessions
Returns a paginated list of browser sessions created by your partner account.
Authentication: API Key required
Query Parameters
status
string
—
Filter by session status
limit
number
20
Results per page (max: 100)
offset
number
0
Pagination offset
Response
Session Statuses
Active States
CREATED
Session created, awaiting user connection
INITIALIZING
Browser pod spinning up
READY
Pod ready, waiting for user
CONNECTED
User connected via iframe
LOADING_TREE
Loading verification flow
RUNNING
Executing verification steps
AWAITING_USER
Waiting for user action (login, 2FA)
COLLECTING_DATA
Collecting data from user's account
VERIFYING
Generating attestation
Terminal States (Immutable)
COMPLETED
Verification successful, attestation available
TERMINATED
Session manually terminated
ERROR
Verification failed
CANCELLED
User cancelled the session
Webhook Integration
When you provide a webhookUrl during session creation, we'll POST updates to your endpoint when the session reaches a terminal state.
Webhook Payload
Webhook Requirements
URL must be HTTPS with a valid TLD
Respond with 2xx status code within 30 seconds
We retry failed deliveries (3 attempts with exponential backoff)
Typical Workflow
1. Get Available Platforms
2. Create a Browser Session
Use the platformId from the platforms list:
3. Embed the Iframe
4. Receive Results
Via webhook or polling GET /partner/browser-session/:id
4. Receive Results
Option A: Webhook (Recommended)
Your webhook endpoint receives the verification result automatically when complete.
Option B: Polling
Poll the session status endpoint until status is a terminal state:
Error Handling
Error Response Format
Common Error Codes
400
Bad Request — Invalid parameters
401
Unauthorized — Invalid or missing API key
404
Not Found — Session not found or not owned by you
500
Internal Server Error
Rate Limiting
Session creation is rate-limited per API key
Limits are configurable per partner agreement
Exceeded limits return 429 Too Many Requests
Quick Reference
GET
/partner/browser-platforms
API Key
List available platforms
POST
/partner/browser-session
API Key
Create browser session
GET
/partner/browser-session/:id
API Key
Get session details
GET
/partner/browser-sessions
API Key
List sessions
Security Features
Session Isolation — Each verification runs in a completely isolated browser environment
Token-Based Access — Embed URLs include cryptographically secure access tokens
Token Invalidation — Access tokens are invalidated when sessions reach terminal state
zkTLS Proofs — Cryptographic proof that data came from the claimed platform
No Credential Storage — User credentials are never transmitted to our backend
Support
For API support or integration questions, contact your partner integration manager or email [email protected].
Last updated