For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dashboard
HomeAPI Reference
HomeAPI Reference
  • Get started
    • Welcome
    • Quick Start
  • API basics
    • Authentication
    • Conventions
    • Errors
    • Webhooks
  • Products
    • Digital Identity
    • OCR & Computer Vision
    • E-Contracting
    • OAuth Registration
    • Iframe Integration
  • SDKs
    • Flutter SDK
  • Resources
    • Support
  • Changelog
    • Changelog
Dashboard
LogoLogo
On this page
  • How it works
  • Session types
  • Auth Session
  • Invitation Session
  • Session permissions
  • Loading the iframe
  • When to use each flow
Products

Iframe Integration

Embed the full Vlens flow inside your app without exposing your API key
||View as Markdown|
Was this page helpful?
Edit this page
Previous

OAuth Registration

Next

Flutter SDK

Built with

The Identity User Session API lets you embed the complete Vlens verification and contracting UX inside your own application using an iframe or WebView — without exposing your ApiKey or admin credentials to the client.

How it works

  1. Your server calls Vlens to create a session token for a specific user
  2. Your server passes that token to your client app
  3. The client loads the Vlens iframe using the session token
  4. The user completes registration, KYC, and/or contract signing inside the iframe
  5. Your app listens for completion events

Session types

Auth Session

A standard session that prompts the user through whatever steps are needed based on their current state (registration, KYC, contract signing). The user’s experience is determined by sessionPermissions.

Authentication: Requires only ApiKey — no admin token.

$curl -X POST "https://api.vlenseg.com/api/IdentityUserSession/CreateAuthSession" \
>  -H "ApiKey: YOUR_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "phoneNumber": "+201234567890",
>    "sessionPermissions": {
>      "allowedContractTypeIds": [414],
>      "minimalSignatureFlow": true,
>      "DigitalIdentityOnly": false
>    }
>  }'

Invitation Session

A session with pre-filled form data. Use this when you have already collected the customer’s information and want to minimize the steps the user must complete.

Authentication: Requires admin bearer token + ApiKey.

$curl -X POST "https://api.vlenseg.com/api/IdentityUserSession/CreateInvitation" \
>  -H "ApiKey: YOUR_API_KEY" \
>  -H "Authorization: Bearer ADMIN_ACCESS_TOKEN" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "SessionInput": {
>      "phoneNumber": "+201234567890",
>      "sessionPermissions": {
>        "allowedContractTypeIds": [414],
>        "minimalSignatureFlow": true,
>        "DigitalIdentityOnly": false
>      },
>      "RequestFieldsValues": {
>        "414": {
>          "fullName": "Ahmed Mohamed",
>          "monthlyIncome": "5000"
>        }
>      }
>    }
>  }'

RequestFieldsValues is keyed by contract type ID, then by field key. Get the field keys from GetBusinessRequestTypeTemplateFields.

Session permissions

FieldTypeDescription
allowedContractTypeIdsint[]The contract type IDs the user may create in this session
minimalSignatureFlowbooleanSkip optional steps and use the streamlined signing UX
DigitalIdentityOnlybooleanOnly perform KYC verification — skip the contracting steps

Loading the iframe

Both session endpoints return a session token in data. Pass this token when initializing the Vlens iframe or WebView:

1<iframe
2  src="https://app.vlenseg.com/session?token=SESSION_TOKEN"
3  width="100%"
4  height="700"
5  allow="camera; microphone"
6/>

The allow="camera; microphone" attribute is required for the liveness detection step to function correctly in the browser.

When to use each flow

ScenarioRecommended flow
You control a mobile app and want native ID captureNative API flow
You want to embed Vlens in a web page with minimal integration effortAuth Session (iframe)
You have collected customer data server-side and want to skip the formInvitation Session (iframe)
You want to run KYC without contractingAuth Session with DigitalIdentityOnly: true