Age verification built for adult platforms.

Adult, dating, gambling, UGC, AI companions — Verqan is built for the verticals general-purpose KYC providers won't underwrite. iDenfy-powered, JWT access tokens, $1.99 per verification, audit logs your Stripe rep already understands.

UK OSA Ready

Age-Verification Compliant

GDPR-Safe

Start free trial

No credit card required. API keys in 2 minutes.

# Start a verification in ~150ms
curl -X POST https://api.verqan.com/verify/start \
-H "x-tenant-api-key: vq_live_..."

bash

# Start verification — takes ~150ms

curl -X POST \

https://api.verqan.com/verify/start \

-H "x-tenant-api-key: vq_live_..." \

-d '{}'

# → 200 OK

{

"sessionId": "ses_01jx...",

"redirectUrl": "https://verify.verqan.com/...",

"expiresAt": "2026-05-23T12:05:00Z"

}

# Webhook fires on completion

{

"event": "verification.completed",

"ageToken": "eyJhbGciOiJSUzI1NiJ9...",

"verified": true

}

How it works in 3 steps

Start a session, let the user verify, then gate access with a signed age token.

Start a verification

Call POST /verify/start with your tenant API key. You receive a verificationId and a sessionUrl.

The user verifies

Send the user to the sessionUrl. They complete document and biometric checks in the secure, iDenfy-hosted session.

Gate access with the token

Read the outcome from GET /verify/status or a verification.completed webhook, then validate the signed token (returns over18). No ID images are stored.

Call POST /verify/start, send the user to the returned sessionUrl, then read the result from GET /verify/status or a webhook. Validate the signed token to confirm over18 — no ID images are ever stored.

Full API reference, webhooks, and rate limits

Key features

Everything you need for compliant age verification with Verqan API v1.

Turnkey iDenfy-powered verification

Age verification powered by iDenfy. Send document type and image; get verified age and result. No need to integrate iDenfy directly.

Signed age tokens (JWT)

Receive JWTs that encode verification outcome (e.g. verified age, status). Use them for access control without storing ID documents.

Webhooks and retries

Configure a webhook URL; get notified when verification completes. We retry failed deliveries on a schedule so you don't miss events.

Rate limiting and quotas

Clear rate limits per API key and quotas per plan. Use headers to stay within limits; 429 with retry-after when exceeded.

Zero ID storage

We don't store ID document images or biometric data. Only verification metadata and short-lived tokens.

Audit-friendly records

Request IDs, timestamps, and status so you can show compliance to processors and auditors.

Security & data handling

We don't store ID documents or biometrics. Verification is powered by iDenfy; results are returned as signed tokens and via webhooks. Data in transit is encrypted; we apply rate limits and quotas. For full details, see our Security and Data Processing pages.

Zero ID storage

We don't store ID document images or biometrics. Only verification metadata and short-lived tokens.

iDenfy-powered verification

Age verification is powered by iDenfy. Results are returned as signed tokens and via webhooks.

Short-lived signed tokens (JWT)

Signed age tokens for access control. Tamper-evident, no raw PII stored.

Webhooks with signature & retries

Webhook payloads are signed; we retry failed deliveries on a schedule so you don't miss events.

Rate limiting & quotas

Clear rate limits per API key and quotas per plan. 429 with retry-after when exceeded.

Encryption in transit

Data in transit is encrypted. We apply rate limits and quotas to protect the service.

GDPR-friendly

Minimal data retention, no biometric templates stored.

Stripe & processor-aware

Built to reduce "high-risk" flags, not trigger them. Audit-friendly records without raw PII.

Why it keeps Stripe & processors calmer

Payment processors and acquirers want to see clear compliance discipline. Verqan gives you the logs, tokens, and structure they expect.

Not legal advice. We emphasize risk discipline and audit-ready records.

Clear verification story

Processors see a consistent, explainable approach to age gating instead of dozens of ad-hoc checks.

Never a grey zone again

Either a user has a valid token or they don't. No ambiguous flows that scare risk teams.

Separation of concerns

Your billing keeps billing. Verqan handles 18+ and high-risk gates at the API layer.

No storage of risky data

We don't store ID documents or biometric data that would trigger Stripe reviewer concerns. Only tokens and metadata.

Who it's for

Built for developers running high-risk platforms who need compliance without the complexity.

Adult / NSFW content platforms

Your processor is watching. They want to see verifiable age gating before they renew underwriting — and they want to see it without you becoming a controller of ID images. Verqan gives you the audit trail and signed access tokens without storing what could put you in the news.

Dating & chat apps

Tinder-style 18+ requirements without rolling your own KYC. Verify once at signup, validate the JWT on every login, re-verify when fraud signals fire. Webhooks tell your moderation team the moment a verification fails — before a bad actor messages a minor.

UGC platforms with 18+ areas

Verify only the users entering age-restricted sections — not every signup. Reduce verification cost by 90% vs upfront gating, while still satisfying regulators that you have age-gated controls in place. Signed tokens expire after 24 hours so re-verification kicks in on schedule.

Gambling operators

Age and identity in one API. Built for UK Gambling Commission, German GlüNeuRStV, and the growing US state requirements (Texas, Louisiana, Virginia, Utah, more coming). Sub-second token validation on every bet placement, no KYC infrastructure to maintain.

AI companions and adult chatbots

The newest regulated category, and the one with the least competition for verification. Verify before adult-flagged conversations start. JWT tokens encode age verification without storing transcripts — built around the workflows of Replika-shaped and Character.AI-shaped platforms.

From $1.99 per successful verification.

Usage-based, no seat licences.

Start your free trial in minutes.

Get an API key from the dashboard, then call POST /verify/start with your API key in the x-tenant-api-key header.

Example: POST /verify/start

bash

curl -X POST https://api.verqan.com/verify/start \
  -H "x-tenant-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{}'

Base URL uses NEXT_PUBLIC_VERQAN_API_BASE_URL. See the docs for complete flow, webhooks, and response fields.

Start free trial

Built for compliance and privacy

Factual trust signals — no PII, hashed keys, and certified verification

Zero PII storage

We never store personally identifiable information. Verification results are tokenized; you validate tokens without handling user PII.

Hashed API keys

API keys are stored as one-way hashes. Raw keys are shown only once at creation; you store them securely on your side.

UK & EU aligned

Designed for UK GDPR and EU data protection. Token-based flows keep you out of the PII chain while meeting age-verification requirements.

iDenfy partnership

Age and identity verification powered by iDenfy’s certified document and liveness checks, with results delivered via tokens.

Integrated with iDenfy for document and liveness checks. Billing via Stripe.