Skip to main content

Welcome to UIP API Reference

This section contains the complete technical documentation for integrating UIP’s biometric identity, signature, and messaging services into your application. All endpoints are REST-based with JSON payloads and responses.
New to UIP? Start with the Getting Started Guide to understand core concepts before diving into endpoint details.

Base URL

All API requests use the following base URL: 
https://api.uip.digital/v1
Production only: UIP doesn’t provide a sandbox environment. Use your $5 signup credit for testing with real biometric verification.

Core APIs

UIP provides three primary APIs that work together to deliver complete identity and signature infrastructure:

Identify API

Biometric authentication and identity verification. Request verified user information like name, age, location, and more.$0.01 per identification

Sign API

Quick biometric signatures for lightweight agreements. Perfect for TOS, policies, and attestations. 5-minute signing window.$0.03 per signature

Message API (Text)

Encrypted messaging without attachments. Supports signatures. Perfect for notifications and text agreements.$0.03 per message

Message API (with Attachment)

Document messaging with attachments up to 20MB. Supports signatures. Available up to 3 months.$0.10 per message

Audit API

Retrieve permanent audit trails for all actions. Court-admissible evidence with cryptographic proof.Always Free

Supporting APIs

Invalidate API

Cancel pending signature requests before recipients sign. Only works for unsigned messages.Always Free

Webhook Test

Test your webhook endpoint configuration before going live.Always Free

Authentication

All UIP API endpoints require authentication using Bearer tokens. Include your API key in the Authorization header of every request. Header format: 
Authorization: Bearer YOUR_API_KEY
Keep your API keys secure. Never expose them in client-side code, public repositories, or logs. Treat them like passwords.

Getting API Keys

1

Create UIP Identity

Sign up at business.uip.digital/identify and create your identity with government ID verification
2

Receive $5 Credit

New accounts automatically receive $5 in credits—enough for testing and initial implementation
3

Generate API Key

Create your API key from the dashboard and start making requests

Request & Response Format

All requests and responses use JSON format with UTF-8 encoding. Required headers:
  • Authorization: Bearer YOUR_API_KEY
  • Content-Type: application/json

Webhook Integration

Most UIP APIs work asynchronously using webhooks. Instead of polling for results, UIP sends POST requests to your webhook URL when actions complete.
Setup Required: Configure your webhook URL in the Business Dashboard before using UIP APIs. This is where UIP will send all webhook events.
Every webhook request includes an X-UIP-Signature header containing an HMAC SHA-256 signature. Your webhook secret is a UUID v4 identifier provided when you create your API key.Verify all webhook requests to ensure they’re from UIP and haven’t been tampered with.
Different APIs send different webhook events:
  • Identify API: identify
  • Sign API: sign
  • Message API: message_delivered, message_signed, message_declined
Use the Webhook Test endpoint to verify your webhook handler before going live. It sends a test payload to your URL and reports the response.

QR Code Flow

The Identify and Sign APIs return QR codes for user authentication. Users scan these codes with the UIP mobile app to complete actions. Implementation flow:
1

Request Session

Call the appropriate endpoint (Identify or Sign) with your webhook URL
2

Display QR Code

Show the returned QR code to users (desktop) or provide app deep link (mobile)
3

User Scans & Authenticates

User opens UIP app, scans code, and authenticates with biometric
4

Receive Webhook

UIP sends result to your webhook URL with verified identity or signature proof
Best Practice: Always ask users if they’re on mobile or desktop first. Mobile users can open the UIP app directly without scanning a QR code.

Error Handling

UIP uses standard HTTP status codes and provides detailed error information in the response body. Check HTTP status code first:
  • 2xx: Success
  • 4xx: Client error (fix your request)
  • 5xx: Server error (retry with exponential backoff)
Then examine the error code: 
{
  "error": "The requested resource was not found",
  "code": "resource/not-found"
}
See the Error Handling Guide for complete error code reference.

Rate Limits

No rate limits currently enforced. UIP may add rate limiting in the future to ensure fair usage and system stability. You’ll be notified before any limits are implemented.

Audit Trail

Every UIP action generates a permanent audit record accessible via the Audit API. These records include:
  • Complete action details (authentication, signature, message)
  • Verified identity information
  • Cryptographic proof of action
  • Precise timestamps
  • Tamper-evident storage
Audit queries are always free and unlimited. Store audit IDs from webhook responses to retrieve records anytime.

Getting Started

Getting Started Guide

Step-by-step guide to your first UIP integration

QR Integration Guide

Learn how to implement the QR code authentication flow

API Services Overview

Understand what each API does and when to use it

Error Handling

Complete guide to handling errors effectively

Need Help?

Contact Support

Questions about implementation or integration? We’re here to help.

View Protocol Overview

Learn about UIP’s vision and technical architecture