Title
Create new category
Edit page index title
Edit category
Edit link
If you have a verified email address for a user, you can ask us to check if the email address is likely to be associated with someone aged 18+ based on usage. We check the email source, if it is linked to an employer, and for any financial transactions tied to it, such as mortgages, credit cards, educational history, or consumer behavior. Yoti does not store the email address, require additional personal information, or ask the user to perform any additional interactions. This method is good for a low friction verification.
If you wish to enable the Email Address service, please see below:
Create a session
To use email verification, you will first need to create a session with the email method enabled.
Endpoint
xxxxxxxxxxPOST https://age.yoti.com/api/v1/sessions| Header | Description |
|---|---|
| Authorization | API Key to call the Yoti Age API. Should be sent as a Bearer {{API_TOKEN}} |
| Content-Type | application/json |
| Yoti-SDK-Id | Your unique Yoti-Sdk-Id (uuid) |
The age verification API uses an HTTP authentication scheme called ‘bearer authentication’. This involves security tokens called ‘bearer tokens’. They are the predominant type of access token used with OAuth 2.0. A resource should interpret a bearer token as "Give the bearer of this token access". The client must send this token in the Authorization header when making requests to protected resources.
It is important that your API Key remains strictly confidential. It must be stored securely. We advise that you never commit any code containing your API Key, and never share it beyond the authorised party.
If you believe your API key has been compromised, please generate new API keys in the hub as soon as possible.
Request Body
xxxxxxxxxx{ "type": "OVER", "age_estimation": { "allowed": true, "threshold": 21, "level": "PASSIVE" }, "email": { "allowed": true }, "ttl": 900, "reference_id": "over_18_example", "callback": { "auto": true, "url": "https://www.yoti.com" }, "notification_url": "https://yourdomain.example/webhook", "cancel_url": "https://www.yoti.com", "synchronous_checks": true, "resume_enabled": true}Response
xxxxxxxxxx{ "id": "uuid", "status": "PENDING", "expires_at": "2025-08-08T23:41:39Z"}Trigger verification
The generated session ID can then be used to send an email off for verification. The following endpoint is used alongside an email and a country code in the request body.
Endpoint
xxxxxxxxxxPOST https://age.yoti.com/api/v1/sessions/{sessionId}/verified-email| Header | Description |
|---|---|
| Authorization | API Key to call the Yoti Age API. Should be sent as a Bearer {{API_TOKEN}} |
| Content-Type | application/json |
| Yoti-SDK-Id | Your unique Yoti-Sdk-Id (uuid) |
Request Body
xxxxxxxxxx{ "email": "melissa.peterson@yoti.com", "country_code": "GB"}| Parameter | Type | Value | Description |
|---|---|---|---|
| string | e.g. melissa.peterson@yoti.com | The email address to verify. | |
| country_code | string | e.g. GB | The ISO 3166-1 alpha-2 country code associated with the email address. |
Response
You will receive an immediate response to your request indicating the status of the verification. A successful verification will display the status "COMPLETE," whereas an unsuccessful verification will show the status as either "ERROR" or "FAIL."
In the case of an error or a fail, you can launch the Yoti age verification user interface, enabling the user to try an alternative method for verification. Launch the user view
xxxxxxxxxx{ "status": "COMPLETE", "attempts_remaining": 1, "retries_depleted": false}| Field | Description |
|---|---|
| status | COMPLETE - The email address has been associated with an Over 18 individual. ERROR - The check has been performed, but there are adversarial signals. FAIL - The email address has been associated with an Under 18 individual. |
| attempts_remaining | The number of remaining verification attempts for this session. |
| retries_depleted | Whether all retries have been used. |
Got a question? Contact us here.