> ## Documentation Index > Fetch the complete documentation index at: https://docs.nxos.io/llms.txt > Use this file to discover all available pages before exploring further. # Start verification > Start (or refresh) a verification session for the in-scope organization. Returns a Sumsub-hosted URL plus a short-lived access token for embedding the WebSDK in your own UI. Idempotent w.r.t. the org's verification record: the provider keys the applicant by `externalUserId = organizationId`, so repeated calls return new tokens for the same applicant rather than starting over. Use this to re-issue an expired token (~30 min TTL) or to resume after `RESUBMISSION_REQUIRED`. See [Verification](https://docs.nxos.io/guides/verification) for the delivery options (hosted URL vs. embedded WebSDK). ## OpenAPI ````yaml POST /v1/organizations/verification openapi: 3.0.0 info: title: nxos API version: 1.0.0 contact: name: nxos url: https://nxos.io description: |- The nxos platform API provides programmatic access to accounts, balances, quotes, and trades. All endpoints require API key authentication. servers: - url: https://api.nxos.io description: Production variables: {} - url: https://api.sandbox.nxos.io description: Sandbox variables: {} security: [] tags: - name: Accounts - name: Quotes - name: Beneficiaries - name: Fiat Payouts - name: Crypto Payouts - name: Nxosnet - name: Fees - name: Funding Methods - name: Transactions - name: Organizations - name: Authorizations - name: Webhooks description: >- Register an HTTPS endpoint to receive events (organization verification and transaction status changes) instead of polling. Deliveries are signed; verify the `svix-signature` header before acting on an event. See the [Webhooks guide](https://docs.nxos.io/core-concepts/webhooks) for the delivery format, signature verification, retries, and broker behavior. Payload shapes are documented in the `…Event` models below. paths: /v1/organizations/verification: post: tags: - Organizations description: |- Start (or refresh) a verification session for the in-scope organization. Returns a Sumsub-hosted URL plus a short-lived access token for embedding the WebSDK in your own UI. Idempotent w.r.t. the org's verification record: the provider keys the applicant by `externalUserId = organizationId`, so repeated calls return new tokens for the same applicant rather than starting over. Use this to re-issue an expired token (~30 min TTL) or to resume after `RESUBMISSION_REQUIRED`. See [Verification](https://docs.nxos.io/guides/verification) for the delivery options (hosted URL vs. embedded WebSDK). operationId: Organizations_startVerification parameters: - $ref: '#/components/parameters/ApiKeyAuth' - $ref: '#/components/parameters/IdempotencyKey' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/VerificationSession' '401': description: Access is unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error401' '403': description: Access is forbidden. content: application/json: schema: $ref: '#/components/schemas/Error403' '404': description: The server cannot find the requested resource. content: application/json: schema: $ref: '#/components/schemas/Error404' '409': description: The request conflicts with the current state of the server. content: application/json: schema: $ref: '#/components/schemas/Error409' '429': description: Client error content: application/json: schema: $ref: '#/components/schemas/Error429' '500': description: Server error content: application/json: schema: $ref: '#/components/schemas/Error500' components: parameters: ApiKeyAuth: name: Authorization in: header required: true description: 'Bearer token. Format: `Bearer `' schema: type: string IdempotencyKey: name: Idempotency-Key in: header required: false description: >- Unique key per logical operation. UUID v4 recommended. Max 255 characters. schema: type: string schemas: VerificationSession: type: object required: - object - url - accessToken properties: object: type: string enum: - verification_session description: Object type. Always `verification_session`. url: type: string description: >- Customer-facing URL that hosts the full verification flow on the provider's site. Share this with the applicant by email, redirect, or in-app link. accessToken: type: string description: >- Short-lived (~30 min) access token. Pass to the Sumsub WebSDK if you'd rather embed the flow in your own UI. Refresh by calling `POST /v1/organizations/verification` again for the same org. description: >- Session credentials for handing off to the provider-hosted (Sumsub) verification flow. Returned by `POST /v1/organizations/verification`. example: object: verification_session url: https://in.sumsub.com/idensic/l/#/sbx_token_placeholder accessToken: _act-sbx-jwt-token-placeholder Error401: type: object required: - error properties: error: $ref: '#/components/schemas/ErrorBody' description: Standard error response returned by all endpoints on failure. example: error: code: missing_api_key message: No Authorization header provided. requestId: req_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4 Error403: type: object required: - error properties: error: $ref: '#/components/schemas/ErrorBody' description: Standard error response returned by all endpoints on failure. example: error: code: forbidden message: Your organization is not enabled for this action. requestId: req_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4 Error404: type: object required: - error properties: error: $ref: '#/components/schemas/ErrorBody' description: Standard error response returned by all endpoints on failure. example: error: code: not_found message: The requested resource was not found. requestId: req_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4 Error409: type: object required: - error properties: error: $ref: '#/components/schemas/ErrorBody' description: Standard error response returned by all endpoints on failure. example: error: code: quote_expired message: The quote has expired. requestId: req_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4 Error429: type: object required: - error properties: error: $ref: '#/components/schemas/ErrorBody' description: Standard error response returned by all endpoints on failure. example: error: code: rate_limited message: 'Rate limit exceeded: 1000 requests per minute. Retry in 23 seconds.' requestId: req_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4 Error500: type: object required: - error properties: error: $ref: '#/components/schemas/ErrorBody' description: Standard error response returned by all endpoints on failure. example: error: code: internal_error message: An unexpected server error occurred. requestId: req_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4 ErrorBody: type: object required: - code - message - requestId properties: code: allOf: - $ref: '#/components/schemas/ErrorCode' description: Machine-readable error code. message: type: string description: Human-readable error message. requestId: type: string description: Unique identifier for this request, useful for debugging. ErrorCode: type: string enum: - missing_api_key - authentication_failed - invalid_api_key - forbidden - not_found - organization_not_found - account_not_found - quote_not_found - beneficiary_not_found - transaction_not_found - funding_method_not_found - authorization_not_found - nxosnet_handle_not_found - quote_expired - quote_already_used - beneficiary_already_archived - beneficiary_not_archived - beneficiary_blocked - nxosnet_not_enabled - nxosnet_handle_taken - chain_send_failed - idempotency_key_in_use - idempotency_request_in_flight - invalid_request - insufficient_funds - validation_error - share_token_invalid - verification_import_unsupported - rate_limited - webhooks_unavailable - internal_error description: All possible error codes returned by the API. ````