Verification API
Alpha
DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.
Verification endpoints are workflow controls inside DSAR. They are not a general-purpose login system for subject portals or dashboards. In production, the host application authenticates the end user first, then DSAR uses these verification routes only when policy or risk requires extra proof.
POST /requests/:id/verification/request
Create a verification case. Pauses the legal clock per policy.
Response (202):
POST /requests/:id/verification/evidence
Submit verification evidence.
existing_auth means "the host app has already authenticated this person" as a
verification method inside the DSAR workflow. It does not mean DSAR owns the
upstream session or browser login.
Request body:
level(string): "reasonable" | "enhanced"evidenceArtifacts(array): Evidence file referencesmethodsAllowed(array): Allowed verification methodsreasonForDoubt(string, optional)
Response (202):
POST /requests/:id/verification/evidence/upload
Upload a binary evidence artifact for the active verification case.
Request headers:
x-evidence-filename(string, optional): URL-encoded original filenamex-evidence-content-type(string, optional): MIME type of the uploaded filex-evidence-level(string, optional): evidence assurance level to associate with the upload
Request body: Raw binary file content
Response (202):
If you use @dsar/node-sdk, verificationEvidenceUpload() sets the upload
headers for you from the file name, content type, and optional level.
POST /requests/:id/verification/approve
Approve verification and resume the legal clock.
Response (202):
POST /requests/:id/verification/reject
Reject verification.
Response (202):
GET /requests/:id/verification-case
Read the current verification case.
Response (200):