Skip to main content
The UIP API is a small REST surface. You call it server-to-server with your API key to create and manage sessions; users complete those sessions on UIP’s hosted page; results arrive at your webhook.

Base URL

https://api.uip.digital/v1

Authentication

Authenticate every request with your API key as a bearer token. Get your key from the dashboard at uip.digital. 
Authorization: Bearer uip_live_xxxxxxxxxxxxxxxxxxxxxxxx
API keys are secrets — use them only from your backend, never in browser or mobile code. A key is scoped to the business that created it.

What you call vs. what the page calls

The endpoints documented here are the business API — the ones your server calls. The hosted session page has its own internal transport endpoints (opening, fetching the wallet request, submitting the response); those are not part of the public API and you never call them directly.
You call (this reference)Purpose
POST /v1/sessionsCreate a verification session
GET /v1/sessions/{id}Read session status & progress
POST /v1/sessions/{id}/continueResume a gated session
POST /v1/sessions/{id}/stopEnd a gated session
GET /v1/audits/{id}Retrieve the redacted audit proof (and the result already delivered)
GET /v1/catalogWallets & primitives the platform supports (authed, free)
GET /v1/walletsWallet × primitive capability matrix (public, no auth)

Content types

JSON for most requests. The sign primitive carries files, so a session that includes a sign step is created as multipart/form-data — see Create a session.

Idempotency

Pass an Idempotency-Key header on POST /v1/sessions to make retries safe: a repeat create with the same key returns the original session instead of a duplicate. 
Idempotency-Key: 7c2e1f9a-...

Results, not polling

GET /v1/sessions/{id} returns status and progress only — verified claims and signatures are delivered exclusively by webhook. A webhook URL is required before you can create a session.

Errors

Error format and status codes.