#john_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1334947690265706637

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi, what you use is up to you. Both the url: https://docs.stripe.com/api/identity/verification_sessions/object#identity_verification_session_object-url and the client_secret have an expiry: https://docs.stripe.com/api/identity/verification_sessions/object#identity_verification_session_object-client_secret

@twilit chasm
how can we check if the session is expired?

basically, how do we determine that the url or clientSecret is expired? and if it is expired, we then need to create a new VerificationStatus, right?

Yes, you would need to create a new one. We document this here: https://docs.stripe.com/identity/verify-identity-documents

The client secret lets your frontend collect sensitive verification information. It’s single-use and expires after 24 hours. Don’t store it, log it, embed it in a URL, or expose it to anyone other than the user. Make sure that you have TLS enabled on any page that includes the client secret. Send only the client secret to your frontend to avoid exposing verification configuration or results.