The API

One API. Multi-tenant from day one.

Create a verification in one request. Receive results via webhook. Scope everything to the right tenant automatically.

Key concepts

Four primitives. One mental model.

Verification

A single accreditation check for one investor. Created via API, resolved to approved or rejected. Each verification produces a PDF certificate.

Issuer

The entity running the 506(c) raise. Verifications are scoped to an issuer. Partners pass an issuerId to route verifications to the right context.

Parent partner

Your platform. The x-parent-partner-id header identifies your integration. All issuers and verifications under your partner are isolated from other partners.

Webhook

An HTTP POST to your endpoint when a verification state changes. Subscribe to specific events or receive all. Payloads include the full verification object.

Partner API Reference

Version 1.1 · April 2026

IncrediVer provides AI-powered accredited investor verification under SEC Rule 506(c). The Partner API enables platform partners — fund administrators, crowdfunding portals, broker-dealers, transfer agents — to integrate verification directly into their products. A single API key manages verifications across multiple funds (issuers) under your account.

Download PDF

Getting Started

Overview

The Partner API is a RESTful HTTPS API that accepts JSON-encoded request bodies and returns JSON-encoded responses. Each partner account manages multiple issuers (funds) under a single API key, with verifications scoped per issuer and billing pooled at the partner level.

Base URL

text

https://api.incrediver.com

API Versioning

API Version: v1

All Partner API endpoints are versioned via URL path. The current stable version is v1. Full paths look like: https://api.incrediver.com/api/v1/verifications/create-direct

Behavior is guaranteed stable within a major version. Breaking changes will ship under v2 with a deprecation timeline for v1 endpoints. Every response includes an X-IncrediVer-API-Version header identifying the version you hit.

Multi-Tenant Architecture

As a platform partner, you manage multiple funds (issuers) under a single API key. Each issuer is its own isolated entity with verification records, certificates, and webhooks scoped independently. Billing is pooled at the partner level.

text

Your Partner Account (one API key)
 │
 ├── Fund A (issuerId: syn_xxxxxxxx-...)
 ├── Fund B (issuerId: syn_yyyyyyyy-...)
 └── Fund C (issuerId: syn_zzzzzzzz-...)

Each fund has its own issuerId
Verifications are scoped to the issuer they belong to
Billing is pooled at the partner level (one credit pool for all issuers)
Webhooks can be configured per-issuer for routing

Authentication

All API requests require an API key passed in the x-api-key header. Your API key identifies your partner account and determines which issuers you can manage.

text

x-api-key: iv_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keep your API key secure. Do not expose it in client-side code or commit it to source control. Treat it like a password.

Authentication Errors

Status	Error Code	Description
401	missing_api_key	No x-api-key header provided
401	invalid_api_key	API key does not match any account
403	not_a_partner	Key is valid but lacks partner permissions

Issuer Management

Manage the funds (issuers) under your partner account. Create issuers when onboarding new funds, update them as configuration changes, and deactivate them when funds close.

Create Issuer

POST/api/v1/partner/issuers

Field	Type	Required	Description
company	string	Yes	Fund or company name
email	string	Yes	Contact email for this issuer
fullName	string	No	Contact person's full name
phone	string	No	Contact phone number
website	string	No	Issuer's website
webhookUrl	string	No	Webhook URL for this issuer's verification events
webhookSecret	string	No	HMAC secret for webhook signature verification

curl

curl -X POST https://api.incrediver.com/api/v1/partner/issuers \
  -H "Content-Type: application/json" \
  -H "x-api-key: iv_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -d '{
    "company": "Alpha Growth Fund",
    "email": "compliance@alphagrowth.com",
    "fullName": "John Doe",
    "webhookUrl": "https://yourplatform.com/webhooks/alpha-growth"
  }'

json

{
  "issuerId": "syn_f8e7d6c5-b4a3-9281-7654-321fedcba098",
  "company": "Alpha Growth Fund",
  "email": "compliance@alphagrowth.com",
  "createdAt": "2026-04-02T12:00:00.000Z"
}

Save the issuerId. You'll pass it when creating verifications for this fund.

List Issuers

GET/api/v1/partner/issuers

curl

curl https://api.incrediver.com/api/v1/partner/issuers \
  -H "x-api-key: iv_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

json

{
  "issuers": [
    {
      "issuerId": "syn_f8e7d6c5-...",
      "company": "Alpha Growth Fund",
      "email": "compliance@alphagrowth.com",
      "fullName": "John Doe",
      "status": "active",
      "webhookUrl": "https://yourplatform.com/webhooks/alpha-growth",
      "createdAt": "2026-04-02T12:00:00.000Z"
    }
  ],
  "count": 1
}

Get Issuer Details

GET/api/v1/partner/issuers/{issuerId}

Retrieve a single issuer with verification count.

json

{
  "issuerId": "syn_f8e7d6c5-...",
  "company": "Alpha Growth Fund",
  "email": "compliance@alphagrowth.com",
  "fullName": "John Doe",
  "status": "active",
  "webhookUrl": "https://yourplatform.com/webhooks/alpha-growth",
  "createdAt": "2026-04-02T12:00:00.000Z",
  "verificationCount": 47
}

Update Issuer

PATCH/api/v1/partner/issuers/{issuerId}

Update an issuer's configuration. Only the fields you provide will be updated. Updatable fields: company, fullName, email, phone, website, webhookUrl, webhookSecret.

curl

curl -X PATCH https://api.incrediver.com/api/v1/partner/issuers/syn_f8e7d6c5-... \
  -H "Content-Type: application/json" \
  -H "x-api-key: iv_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -d '{
    "webhookUrl": "https://yourplatform.com/webhooks/v2/alpha-growth"
  }'

json

{
  "success": true,
  "issuerId": "syn_f8e7d6c5-...",
  "updated": ["webhookUrl"]
}

Deactivate Issuer

DELETE/api/v1/partner/issuers/{issuerId}

Soft-delete an issuer. Existing verifications remain accessible, but new verifications for this issuer will be rejected.

json

{
  "success": true,
  "issuerId": "syn_f8e7d6c5-..."
}

After deactivation, attempts to create verifications for this issuer return 400 issuer_inactive.

Verifications

Create Verification

POST/api/v1/verifications/create-direct

Creates a new investor verification under a specific issuer (fund) and returns a URL for the investor to complete the process.

Field	Type	Required	Description
issuerId	string	Yes	The issuer (fund) this verification belongs to
firstName	string	Yes	Investor's first name
lastName	string	Yes	Investor's last name
email	string	Yes	Investor's email address
phone	string	No	Investor's phone number
address	string	No	Street address
city	string	No	City
state	string	No	State (2-letter code)
zip	string	No	ZIP/Postal code
externalId	string	No	Your internal reference ID
returnURL	string	No	URL to redirect investor after verification
campaignId	string	No	Campaign identifier for tracking

curl

curl -X POST https://api.incrediver.com/api/v1/verifications/create-direct \
  -H "Content-Type: application/json" \
  -H "x-api-key: iv_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -d '{
    "issuerId": "syn_f8e7d6c5-b4a3-9281-7654-321fedcba098",
    "firstName": "Jane",
    "lastName": "Smith",
    "email": "jane.smith@example.com",
    "externalId": "INV-12345",
    "returnURL": "https://yourplatform.com/verification-complete"
  }'

json

{
  "verificationId": "vfy_1774976353297",
  "verificationUrl": "https://app.incrediver.com/prequal?syndicator=syn_f8e...",
  "status": "awaiting_selection",
  "issuerId": "syn_f8e7d6c5-b4a3-9281-7654-321fedcba098"
}

Error Responses

Status	Error Code	Description
400	missing_fields	Required fields missing (firstName, lastName, email)
400	invalid_email	Email format is invalid
400	invalid_return_url	returnURL is not a valid URL or not HTTPS
400	issuer_inactive	The specified issuer has been deactivated
401	invalid_api_key	API key is not valid
403	issuer_not_owned	The issuerId doesn't belong to your account
403	no_credits	No verification credits remaining
404	issuer_not_found	The specified issuerId doesn't exist
429	rate_limit_exceeded	Too many requests

returnURL Redirect Behavior

When you provide a returnURL, the investor is redirected to your platform after verification completes.

Investor completes verification on IncrediVer
On approval, rejection, or manual review, a Continue button appears
Clicking Continue redirects to your returnURL with status query parameters

text

https://yourplatform.com/verification-complete?status=approved&verificationId=vfy_xxx

Webhooks fire regardless of whether returnURL is set. The returnURL provides a user-facing redirect; webhooks provide server-to-server notification.

Check Verification Status

GET/api/v1/verifications/{verificationId}

Poll this endpoint to check verification progress. No authentication required. Rate limit: 100 requests per 60 seconds.

curl

curl https://api.incrediver.com/api/v1/verifications/vfy_1774976353297

json

{
  "verificationId": "vfy_1774976353297",
  "syndicatorId": "syn_f8e7d6c5-...",
  "status": "Approved",
  "type": "income",
  "createdAt": "2026-04-02T12:00:00.000Z",
  "externalId": "INV-12345",
  "certificateUrl": "https://incrediver-certificates.s3..."
}

Status values from this endpoint are capitalized (Approved, Rejected, Manual Review). Webhook payloads use lowercase (approved, rejected, manual_review).

Verification Statuses

Status	Description
awaiting_selection	Investor needs to select verification type
Pending	Documents uploaded, awaiting processing
Processing	AI is analyzing documents
Approved	Investor verified as accredited
Rejected	Investor did not meet accreditation criteria
Manual Review	Requires human review

Webhooks

Webhooks notify your system in real-time when verifications complete. Configure a webhookUrl per-issuer when creating the issuer, or update it later via the PATCH endpoint. Webhook events fire on every final decision: approved, rejected, and manual_review.

Payload Structure

json

{
  "event": "verification.completed",
  "timestamp": "2026-04-02T15:30:00.000Z",
  "data": {
    "verificationId": "vfy_1774976353297",
    "externalId": "INV-12345",
    "status": "approved",
    "reason": "Verification approved based on submitted income documentation.",
    "investorEmail": "jane.smith@example.com",
    "investorName": "Jane Smith",
    "verificationType": "income",
    "completedAt": "2026-04-02T15:30:00.000Z",
    "issuerId": "syn_f8e7d6c5-...",
    "issuerName": "Alpha Growth Fund",
    "parentPartnerId": "syn_a1b2c3d4-..."
  }
}

Payload Fields

Field	Type	When	Description
verificationId	string	Always	IncrediVer's unique verification identifier
externalId	string	If set	Your internal reference ID from creation
status	string	Always	approved, rejected, or manual_review
reason	string	Always	Plain-language explanation of the decision
investorEmail	string	Always	The investor's email address
investorName	string	Always	The investor's full name
verificationType	string	Always	income or networth
completedAt	string	Always	ISO 8601 timestamp of the decision
issuerId	string	Partner only	Which fund this verification belongs to
issuerName	string	Partner only	The fund name from issuer creation
parentPartnerId	string	Partner only	Your partner account ID

Signature Verification

If you configure a webhookSecret on your issuer, IncrediVer signs every payload with HMAC-SHA256.

text

X-IncrediVer-Signature: sha256=<hex_digest>

javascript

const crypto = require('crypto');

function verifyWebhook(rawBody, signatureHeader, secret) {
  const expected = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(rawBody)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signatureHeader),
    Buffer.from(expected)
  );
}

Additional Headers

X-IncrediVer-Event: verification.completed
X-IncrediVer-Delivery: <verificationId>
User-Agent: IncrediVer-Webhook/1.0

Delivery Behavior

Single delivery attempt with a 10-second timeout
If your endpoint is unreachable, the webhook is not retried — use the status polling endpoint as a fallback
Webhooks fire on every final decision (approved, rejected, manual_review)

Certificates

Every approved verification produces a signed PDF certificate accessible via the certificateUrl field returned by the Check Status endpoint. Certificates include the investor's name, verification type, issuer, timestamp, and IncrediVer's signature. Attach them to your subscription documents or retain them for compliance records.

Dashboard

Every verification also appears in real-time on the IncrediVer dashboard — a web app where fund managers can view verification status, review results, and download certificates. Dashboard access is included with API integration; schedule a call to set up your account.

Rate Limits

Endpoint	With API Key	Without Key
Create verification	Unlimited	10 / 15 min
Issuer management	Unlimited	50 / 15 min
Check status	100 / 60s	100 / 60s

Production partner keys are typically configured for unlimited verification creation. Contact us if you anticipate high volume.

Best Practices

Store the verificationId — link it to your internal investor record for tracking
Use externalId — pass your internal reference ID to correlate IncrediVer records with your system
Always pass issuerId — route each verification to the correct fund
Server-side calls only — never expose your API key in browser JavaScript
Handle errors gracefully — check response status codes and display appropriate messages
Use returnURL — redirect investors back to your portal after verification completes
Configure webhooks per-issuer — receive real-time notifications routed to the correct fund
Implement webhook signature verification — confirm webhook authenticity using HMAC-SHA256

Integration Flow

1Onboarding: IncrediVer provides your API key and partner account
2Create issuers: POST /api/v1/partner/issuers for each fund you manage
3Investor signs up on your platform
4Your server calls POST /api/v1/verifications/create-direct with issuerId and returnURL
5Redirect the investor to the verificationUrl in the response
6Investor completes verification (selects type, uploads documents)
7AI processes documents and returns a decision (approximately 2 minutes)
8Investor clicks Continue and is redirected to your returnURL
9Your server receives a webhook with the verification result and issuerId for routing

Onboarding & Support

Self-serve API keys are in development — targeting Q2 2026. To begin integration today, schedule a call. You'll receive your API key and partner account credentials via secure delivery, and we'll help you through the first integration.

Trial Limits

New partner accounts begin with a small trial verification quota. Trial limits are pooled across all of your issuers — the count is account-wide, not per-issuer. Contact us to discuss volume pricing before running production verifications.

Billing

Verification credits are pooled at the partner account level. All issuer verifications draw from the same balance, regardless of which fund they belong to. The verificationCount returned in the Get Issuer endpoint shows per-issuer usage for reporting purposes.