All posts
Tutorial 15 February 2026 · 10 min read

From Zero to First Verification in 10 Minutes

A complete walkthrough — from creating your FaceVault account to verifying your first identity document. By the end of this guide, you'll have a working verification session with real results.

What We're Building

FaceVault is an identity verification API. You send us an ID document and a selfie, and we tell you whether the face on the document matches the person in the selfie — in under 30 seconds.

Here's the full flow we'll walk through:

01

Register & verify your email

Create a developer account on the FaceVault dashboard.

02

Generate an API key

Get your fv_live_ key from the dashboard.

03

Create a session → upload photos → verify

Three API calls. That's all it takes.

04

Check the results

Face match score, document data extraction, pass/fail verdict.

The free tier includes 100 verifications per month. No credit card required.

Step 1: Create Your Account

Head to the FaceVault Dashboard and create an account. You'll need an email address and a password (minimum 8 characters).

Or register via the API:

curl
curl -X POST https://api.facevault.id/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your-secure-password"
  }'

You'll receive a verification email. Click the link in the email — your API keys won't work until your email is verified. If using the dashboard, you'll see a banner reminding you to check your inbox.

Didn't get the email? Check your spam folder. The sender is noreply@facevault.id. If you still can't find it, log in to the dashboard and request a new verification email.

Step 2: Generate an API Key

Once your email is verified, open the dashboard and click Create API Key. Give it a name (e.g. "Development") and hit create.

You'll see your full API key exactly once. It looks like this: 

fv_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0...

Copy it somewhere safe. We hash the key server-side — there's no way to retrieve it later. If you lose it, just create a new one and deactivate the old one.

Security note: Never expose your API key in client-side code (JavaScript, mobile apps). Always call the FaceVault API from your backend server. The key goes in the X-API-Key header.

Step 3: Create a Verification Session

A session represents one verification attempt. Create one for each user you want to verify:

curl
curl -X POST https://api.facevault.id/api/v1/sessions \
  -H "X-API-Key: fv_live_YOUR_KEY_HERE"
response
{
  "session_id": "a1b2c3d4e5f6...",
  "steps": ["id", "straight"]
}

The response tells you the session_id and the required steps: id (upload an ID document) and straight (upload a selfie).

Here's the same call in Python and Node.js:

Python
import requests

API_KEY = "fv_live_YOUR_KEY_HERE"
BASE = "https://api.facevault.id/api/v1"

# Create session
resp = requests.post(f"{BASE}/sessions",
    headers={"X-API-Key": API_KEY})
session = resp.json()
session_id = session["session_id"]
print(f"Session: {session_id}")
Node.js
const API_KEY = "fv_live_YOUR_KEY_HERE";
const BASE = "https://api.facevault.id/api/v1";

// Create session
const resp = await fetch(`${BASE}/sessions`, {
  method: "POST",
  headers: { "X-API-Key": API_KEY },
});
const session = await resp.json();
console.log("Session:", session.session_id);

Step 4: Upload Photos

Upload two photos to the session: the ID document and a selfie. Both must be JPEG images under 5MB.

Upload the ID document

curl
curl -X POST "https://api.facevault.id/api/v1/sessions/$SESSION_ID/upload" \
  -H "X-API-Key: fv_live_YOUR_KEY_HERE" \
  -F "step=id" \
  -F "file=@/path/to/id-document.jpg"
response
{ "valid": true, "error": "" }

The API validates the image immediately: checks brightness, readability, and runs face detection. If the photo is too dark, blurry, or doesn't contain a detectable face, you'll get "valid": false with a specific error message.

Upload the selfie

curl
curl -X POST "https://api.facevault.id/api/v1/sessions/$SESSION_ID/upload" \
  -H "X-API-Key: fv_live_YOUR_KEY_HERE" \
  -F "step=straight" \
  -F "file=@/path/to/selfie.jpg"
Python (both uploads)
# Upload ID document
requests.post(f"{BASE}/sessions/{session_id}/upload",
    headers={"X-API-Key": API_KEY},
    files={"file": open("id-document.jpg", "rb")},
    data={"step": "id"})

# Upload selfie
requests.post(f"{BASE}/sessions/{session_id}/upload",
    headers={"X-API-Key": API_KEY},
    files={"file": open("selfie.jpg", "rb")},
    data={"step": "straight"})
Tip: While the selfie uploads, the API is already extracting data from the ID document in the background (MRZ reading, OCR). This parallelism means the /complete call will be faster.

Step 5: Run the Verification

Once both photos are uploaded, trigger the verification. This is a blocking call that runs the full AI pipeline: face detection, ArcFace embedding comparison, and liveness checks. It typically takes 10–30 seconds.

curl
curl -X POST "https://api.facevault.id/api/v1/sessions/$SESSION_ID/complete" \
  -H "X-API-Key: fv_live_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "confirmed_data": {
      "full_name": "John Smith",
      "date_of_birth": "15/03/1990",
      "nationality": "British"
    }
  }'

The confirmed_data field is optional but recommended. It lets you pass in the details your user provided (e.g. from a form) so FaceVault can cross-reference them against the data extracted from the document.

response (pass)
{
  "passed": true,
  "error": "",
  "document_check": {
    "name_match": true,
    "dob_match": true,
    "nationality_match": true
  }
}
response (fail)
{
  "passed": false,
  "error": "Face match failed.",
  "document_check": null
}

That's it. Three API calls: create → upload → complete. You now have a verified identity.

Step 6: Check the Results

You can fetch the full session details at any time:

curl
curl "https://api.facevault.id/api/v1/sessions/$SESSION_ID" \
  -H "X-API-Key: fv_live_YOUR_KEY_HERE"
response
{
  "session_id": "a1b2c3d4e5f6...",
  "status": "passed",
  "steps": {
    "id": "completed",
    "straight": "completed"
  },
  "face_match_passed": true,
  "error": "",
  "created_at": "2026-02-15T14:30:00Z",
  "completed_at": "2026-02-15T14:30:22Z"
}

The status field will be one of:

in_progress Waiting for photo uploads
analyzing AI pipeline is running
passed Face match confirmed — verification successful
failed Face mismatch or validation error
Data retention: Session photos are automatically deleted after 72 hours. Metadata (pass/fail, timestamps) is retained for 30 days. You can extend storage for specific sessions via the dashboard if needed.

What's Next

Set up webhooks

Instead of polling for results, configure a webhook URL in your dashboard. FaceVault will POST the verification result to your server the moment it completes.

Enable 2FA on your account

Protect your developer account with TOTP two-factor authentication. Set it up from the dashboard under account settings.

Explore the API reference

The interactive Swagger UI at api.facevault.id/docs documents every endpoint, every field, and every error code.

Download the Postman collection

Import our pre-built Postman collection to test every endpoint without writing code.

Ready to Go

You've created an account, generated an API key, and run your first verification. The free tier gives you 100 checks per month to build and test your integration. When you're ready for production, upgrade from the dashboard.

If something doesn't work as expected, check the error reference or hit us up — we respond fast.

Full API Docs Open Dashboard