Turnkey age verification for high-risk platforms.
Veriff-powered ID checks, signed age tokens (JWT), and webhooks with retries. Rate limits and quotas included. No ID storage; just verification results and tokens.
No ID storage · JWT age tokens · Dashboard & API
How it works in 3 steps
One endpoint: POST /v1/verify. Get a result synchronously or via webhook, then gate access with signed tokens.
Send document to POST /v1/verify
Send document type and base64 image (or use Veriff flow). Authenticate with your API key.
Get result (sync or via webhook)
Receive verified age and status in the response, or configure a webhook URL for async results with automatic retries.
Use the signed token for access
Use the signed age token (JWT) for access control. No ID images are stored; only verification metadata and tokens.
Call POST /v1/verify with document_type, document_data, and optional webhook_url. Response includes status, verified_age, and signed token for access control.
Key features
Everything you need for compliant age verification with Loom API v1.
Turnkey Veriff-powered verification
Age verification powered by Veriff. Send document type and image; get verified age and result. No need to integrate Veriff directly.
Signed age tokens (JWT)
Receive JWTs that encode verification outcome (e.g. verified age, status). Use them for access control without storing ID documents.
Webhooks and retries
Configure a webhook URL; get notified when verification completes. We retry failed deliveries on a schedule so you don't miss events.
Rate limiting and quotas
Clear rate limits per API key and quotas per plan. Use headers to stay within limits; 429 with retry-after when exceeded.
Zero ID storage
We don't store ID document images or biometric data. Only verification metadata and short-lived tokens.
Audit-friendly records
Request IDs, timestamps, and status so you can show compliance to processors and auditors.
Security & data handling
We don't store ID documents or biometrics. Verification is powered by Veriff; results are returned as signed tokens and via webhooks. Data in transit is encrypted; we apply rate limits and quotas. For full details, see our Security and Data Processing pages.
Zero ID storage
We don't store ID document images or biometrics. Only verification metadata and short-lived tokens.
Veriff-powered verification
Age verification is powered by Veriff. Results are returned as signed tokens and via webhooks.
Short-lived signed tokens (JWT)
Signed age tokens for access control. Tamper-evident, no raw PII stored.
Webhooks with signature & retries
Webhook payloads are signed; we retry failed deliveries on a schedule so you don't miss events.
Rate limiting & quotas
Clear rate limits per API key and quotas per plan. 429 with retry-after when exceeded.
Encryption in transit
Data in transit is encrypted. We apply rate limits and quotas to protect the service.
GDPR-friendly
Minimal data retention, no biometric templates stored.
Stripe & processor-aware
Built to reduce "high-risk" flags, not trigger them. Audit-friendly records without raw PII.
Why it keeps Stripe & processors calmer
Payment processors and acquirers want to see clear compliance discipline. LoomAPI gives you the logs, tokens, and structure they expect.
Not legal advice. We emphasize risk discipline and audit-ready records.
Clear verification story
Processors see a consistent, explainable approach to age gating instead of dozens of ad-hoc checks.
Never a grey zone again
Either a user has a valid token or they don't. No ambiguous flows that scare risk teams.
Separation of concerns
Your billing keeps billing. LoomAPI handles 18+ and high-risk gates at the API layer.
No storage of risky data
We don't store ID documents or biometric data that would trigger Stripe reviewer concerns. Only tokens and metadata.
Who it's for
Built for developers running high-risk platforms who need compliance without the complexity.
Adult / NSFW content platforms
We help you not get banned and stay compliant. Age-gate adult content, creator platforms, and NSFW sites with clear verification logs that keep payment processors comfortable.
Dating & chat apps
We help you not get banned and stay compliant. Verify age for dating platforms, chat apps, and social networks with 18+ content using simple token-based access control.
UGC platforms with 18+ areas
We help you not get banned and stay compliant. User-generated content sites with age-restricted sections can verify users before they access mature content or features.
High-risk SaaS / gambling
We help you not get banned and stay compliant. Gambling operators, gaming platforms, and high-risk SaaS tools get age verification without full KYC infrastructure.
AI companions & chatbots
We help you not get banned and stay compliant. Ensure adult-flagged conversations are properly age-gated without storing transcripts or ID docs.
Start your free trial in minutes.
Get an API key from the dashboard, then call POST /verify/start with your API key in the x-tenant-api-key header.
Example: POST /verify/start
curl -X POST https://api.loomapi.com/verify/start \
-H "x-tenant-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{}'Base URL uses NEXT_PUBLIC_LOOM_API_BASE_URL. See the docs for complete flow, webhooks, and response fields.
Built for compliance and privacy
Factual trust signals — no PII, hashed keys, and certified verification
Zero PII storage
We never store personally identifiable information. Verification results are tokenized; you validate tokens without handling user PII.
Hashed API keys
API keys are stored as one-way hashes. Raw keys are shown only once at creation; you store them securely on your side.
UK & EU aligned
Designed for UK GDPR and EU data protection. Token-based flows keep you out of the PII chain while meeting age-verification requirements.
Veriff partnership
Age and identity verification powered by Veriff’s certified document and liveness checks, with results delivered via tokens.
Integrated with Veriff for document and liveness checks. Billing via Stripe.