cURL Examples

Examples use the v1 verification flow and tenant API key authentication. Base URL: https://api.loomapi.com. Auth: header x-tenant-api-key.

Prerequisites

export LOOM_TENANT_API_KEY="your_tenant_api_key_here"

Start a verification

curl -s -X POST https://api.loomapi.com/verify/start \
  -H "x-tenant-api-key: $LOOM_TENANT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{}'

Example response (201 Created):

{
  "verificationId": "cjld2cjxh0000qzrmn831i7rn",
  "status": "started",
  "provider": "idenfy",
  "sessionUrl": "https://ui.idenfy.com/session/abc123",
  "config": { "pollingIntervalMs": 3000, "tokenType": "jwt" }
}

Send the user to sessionUrl to complete the verification.

Get verification status

curl -s "https://api.loomapi.com/verify/status?verificationId=cjld2cjxh0000qzrmn831i7rn" \
  -H "x-tenant-api-key: $LOOM_TENANT_API_KEY"

Replace the verificationId with the one from the start response. Example response:

{
  "verificationId": "cjld2cjxh0000qzrmn831i7rn",
  "status": "approved",
  "confidence": 0.97,
  "createdAt": "2026-02-12T14:30:00.000Z",
  "completedAt": "2026-02-12T14:31:05.000Z"
}

status is one of pending, started, submitted, approved, denied, resubmission, rejected.

Validate a token

curl -s -X POST https://api.loomapi.com/tokens/validate \
  -H "x-tenant-api-key: $LOOM_TENANT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"token": "YOUR_TOKEN_FROM_SESSION"}'

Example response (200 OK):

{ "valid": true, "over18": true, "reason": "OK" }

If the token is rejected, valid is false and reason is one of TOKEN_EXPIRED, TOKEN_REVOKED, TOKEN_NOT_FOUND, UNDERAGE_OR_UNKNOWN.

Error scenarios

Invalid API key

curl -s -X POST https://api.loomapi.com/verify/start \
  -H "x-tenant-api-key: invalid_key" \
  -H "Content-Type: application/json" \
  -d '{}'

Expected: 401 with error code UNAUTHENTICATED_TENANT. See Errors.

Rate limit exceeded

If you exceed rate limits you get 429. See Rate Limits.

Minimal test script

#!/bin/bash
set -e
API_KEY="${LOOM_TENANT_API_KEY:?Set LOOM_TENANT_API_KEY}"
API_BASE="https://api.loomapi.com"

# Start verification
RESP=$(curl -s -X POST "$API_BASE/verify/start" \
  -H "x-tenant-api-key: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{}')

echo "$RESP" | jq '.'

VERIFICATION_ID=$(echo "$RESP" | jq -r '.verificationId')
if [[ -z "$VERIFICATION_ID" || "$VERIFICATION_ID" == "null" ]]; then
  echo "Failed to get verificationId"
  exit 1
fi

# Poll status
echo "Checking status for $VERIFICATION_ID..."
curl -s "$API_BASE/verify/status?verificationId=$VERIFICATION_ID" \
  -H "x-tenant-api-key: $API_KEY" | jq '.'

More

• Quickstart — full flow in 10 minutes
• Verification — request/response reference
• Node examples — same flow with Node.js