Unilinks are generated automatically upon creating the verification level and are unique for each level; you can share the link with multiple applicants. To pass verification, applicants must verify their email first. Each email can be used to create only one applicant per level.

How unilinks work

A unilink guides your applicants through the following verification journey:

1. Applicant scans the QR code or opens the provided unilink, which directs them to the configured verification level.
2. Applicant verifies their email address. The verified email helps identify the applicant in the Dashboard.
3. After the email is verified, the system starts the WebSDK verification flow according to the level’s configuration and customization settings.

📘

Note

• If applicants complete email verification but do not complete document verification and re-open the same link on the same device and in the same browser, email verification will be skipped.
• If the applicants’ session expires (currently 30 min) after completing email verification, the applicant will have to repeat email verification.
• If applicants start the session using a link and then create a personal mobile link that expires, they will be taken back to the email verification step.
• If applicants successfully complete verification via a unilink and the session expires (after 30 minutes), they can start another verification with the same unilink only by using a different email address. If they use the same email, they will be redirected to the previous verification result screen instead of starting a new flow.

Create unilink in Dasboard

To create a unilink:

1. In the Dashboard, set up a verification level to be used when your applicants open the link.
2. Open the level, go to Verification links, and click Additional link options to customize unilink settings for this verification level, if needed.
3. Choose Copy or use the QR code to access the verification link.
4. Share the link with your applicants to verify their identity without additional integration.

Under the QR-code section, you can see how many times the link was used to verify applicants. This number is calculated based on the number of email addresses used for verification via a specific link.

You can generate a new unilink at any time by clicking Generate new.

❗️

Warning

When you generate a new link, the previous one becomes invalid and cannot be used for verification.

📘

Note

A new unilink is automatically generated each time you create a new level — both in sandbox and production modes.
Updating an existing level does not affect its unilink. The link continues to work as before and does not need to be regenerated.

Configure additional unilink settings

The following steps describe how to configure additional unilink settings. These settings are optional and can be enabled depending on your business needs and workflow configuration.

Step 1: Enable applicant identification by email

Select the Use email as an applicant identifier checkbox to join applicant profiles from different levels if they share the same email address. When enabled, the system checks whether the email entered during the unilink verification already exists. If it does, the existing applicant profile is updated with verification data from another level instead of creating a separate one. The system also compares the verification steps between the two levels and skips any checks that were already completed.

📘

Note

• Applicant profiles with the same email are merged only if both profiles were created via unilinks with the Use email as an applicant identifier checkbox enabled.
• Both verifications must be completed via unilinks. Profiles created outside of unilinks (for example, via permalinks) cannot be joined with profiles created via unilinks.

Step 2: Select webhook source key

From the Source key for webhooks dropdown list, choose a source key for webhooks to receive notifications about events related to applicants who used a particular unilink. If you need a new one, create a webhook and assign a source key to it.

🚧

Important

If certain source keys are restricted for a user role, only the allowed source keys will be available during unilink configuration. You can manage which source keys are available for each user role in the Dashboard, on the Roles page by opening the role and navigating to the Source keys from client section.

Step 3: Configure secret key for JWT verification

Create your own secret key for this unilink. It is used to sign and verify JWTs (JSON Web Tokens) with applicant data using the HS256 algorithm. This key can be used for the following purpose:

• Redirect applicants with a signed JWT
• Skip the email confirmation step with a signed JWT

Redirect applicants with signed JWT

If a redirect URL is configured, a signed JWT is appended as a jwt query parameter to the URL, securely confirming the verification result. This allows you to assign unique secret keys to different unilinks and redirect URLs for added flexibility and security.

📘

Note

1. You can configure only one secret key in the WebSDK settings and use it for all unilinks.
2. If the Secret key field in a unilink is empty, the key from the WebSDK settings will be used.
3. If both the WebSDK and unilink settings contain a secret key, the unilink setting takes priority.

The following table describes the fields of the jwt query parameter payload.

Payload example:

{
  "iat": 1762172820,
  "exp": 1762173420,
  "sub": "unil-b6931ef0e393aae10cad4940648e5b01a81b48a7",
  "aud": "example_id",
  "status": "approved"
}

Skip email confirmation step with signed JWT

You can skip the email confirmation step by providing a unilink with a query parameter that contains either the applicant’s email or externalUserId.

🚧

Important

Only one identifier can be included — either email or externalUserId.

• Email. You can include the applicant’s email address in the unilink query parameter. The email can be new or already associated with an existing applicant, regardless of how the applicant was created (API, SDK, permalink, or unilink). If the Use email as an applicant identifier setting is enabled, the provided email can be used to join applicant profiles.
• externalUserId. You can include an existing externalUserId in the unilink query parameter. If the provided externalUserId exists, the applicant is identified, and the email confirmation step is skipped. If the existing externalUserId belongs to an applicant created via unilink, the applicant profile data is joined automatically — no additional settings are required. In this case, the Use email as an applicant identifier setting is ignored, as the system uses externalUserId to join profiles.

Transfer applicant data via JWT

To transfer the applicant’s email or externalUserId via JWT, complete the following steps:

1. Create a secret key and use it to sign a JWT (JSON Web Token) with the HS256 algorithm.
2. Save this secret key in the unilink settings.

🚧

Important

Using a universal secret key from the WebSDK settings does not work for this case.

3. Add a payload to the JWT that includes either the email or externalUserId parameter.
4. Add an ids query parameter to the unilink that contains the signed JWT.

Step 4: Set up success redirect URL

In the Success redirect URL field, you can provide a custom URL to which applicants are redirected after successful verification. When used with the secret key setting, a jwt query parameter with signed JWT is appended to this URL to securely confirm the verification result.

📘

Note

You can configure only one redirect URL in the WebSDK settings, and it will be used for all unilinks unless a specific unilink has its own redirect URL. In that case, the unilink setting takes priority. For more information about WebSDK settings, see this article.

Step 5: Apply applicant tags

Add Applicant tags to a unilink to automatically apply them to all profiles created through it. For more information about applicant tags, refer to this article.