Get verification result

code

GET /api/kyc/verifications/:id

Returns the full result of a verification, including the extracted biodata, ID number, and facial-match score. This is the backend counterpart to the minimal status endpoint.

Authentication: Authorization: Bearer sk_… — a secret key only. Calling this with a publishable (pk_) key returns 403 secret_key_required. The verification is scoped to the key's organization and environment (a staging secret key cannot read a production verification).

Never call this from client code. Identity data must only be fetched from your backend with a secret key.

Request

shell

curl "https://identity.myaza.app/api/kyc/verifications/ver_01j9..." \
  -H "Authorization: Bearer $MYAZA_SECRET_KEY"

Responses

Every response includes verificationId, status, country, idType, and createdAt.

`verified`

json

{
  "verificationId": "ver_01j9...",
  "status": "verified",
  "country": "NG",
  "idType": "bvn",
  "createdAt": "2026-04-27T12:00:00.000Z",
  "completedAt": "2026-04-27T12:00:05.000Z",
  "result": {
    "idNumber": "12345678901",
    "idNumberMasked": "1234•••901",
    "firstName": "JOHN",
    "lastName": "DOE",
    "middleName": "A",
    "dateOfBirth": "1990-01-01",
    "gender": "Male",
    "dataMatch": true,
    "facialMatch": { "match": true, "confidence": 85 }
  }
}

facialMatch is null when no liveness/selfie check was part of the flow.

`failed` / `error` / `not_found`

Carries the human-readable reason and stable reasonCode (same values as the status endpoint and webhooks).

json

{
  "verificationId": "ver_01j9...",
  "status": "failed",
  "country": "NG",
  "idType": "bvn",
  "createdAt": "2026-04-27T12:00:00.000Z",
  "completedAt": "2026-04-27T12:00:05.000Z",
  "reason": "The user's selfie does not match the photo on file with the government database (match confidence 48%, minimum 70% required).",
  "reasonCode": "selfie_mismatch"
}

Result fields

Field	Type	Description
`result.idNumber`	string \| null	The plaintext ID number.
`result.idNumberMasked`	string	The ID number, masked (e.g. `1234•••901`).
`result.firstName`	string \| null	Given name from the source record.
`result.lastName`	string \| null	Family name from the source record.
`result.middleName`	string \| null	Middle name, if available.
`result.dateOfBirth`	string \| null	Date of birth (`YYYY-MM-DD`).
`result.gender`	string \| null	Gender from the source record.
`result.dataMatch`	boolean \| null	Whether submitted biodata matched the source record.
`result.facialMatch`	object \| null	`{ match: boolean, confidence: number }`, or `null` if no facial check ran.

Captured media

The images and videos captured during the flow are fetched per-kind from GET /api/kyc/verifications/:id/media/:kind (selfie, document-front, document-back, liveness-video, document-front-video, document-back-video) — also secret key only. These same URLs are delivered in the media object of verification webhooks.

Errors

Status	Body	Cause
`403`	`{ "error": "secret_key_required" }`	A publishable (`pk_`) key was used. Use a secret key.
`404`	`{ "error": "Verification not found" }`	Unknown ID, wrong environment, or another organization's verification.
`401`	`{ "error": "Invalid API key" }`	Auth failed.