# Stile Documentation

> Stile is age and identity verification for the internet — one REST API (`https://api.stile.id/v1/`) plus an embeddable widget. Merchants create a verification session server-side with a secret key (`stile_sk_*`), the hosted widget walks the end user through verification (mobile driver's license, document capture, facial age estimation, and more), and a signed webhook confirms the result. Every session runs inside a dashboard-configured workflow (`workflow_id`) that carries the use case, jurisdictions, and methods.

Key facts for integrators:

- Auth: `Authorization: Bearer stile_sk_...` (secret, server-side) — publishable keys (`stile_pk_...`) are frontend-only. One environment: keys carry no test/live segment.
- Create a session: `POST /v1/verification_sessions` with `{ type, workflow_id }`; pass the returned `client_secret` to the widget
- Confirm results via webhooks signed with HMAC-SHA256 (`Stile-Signature: t=...,v1=...` over `{timestamp}.{raw_body}`)
- Widget: `<script src="https://js.stile.id/v1/stile.js"></script>` registers `<stile-frame>`; npm `@stile/widget` adds `<stile-button>`, `verify()`, `create()`; npm `@stile/node` is the Node.js API client
- Single live environment with a free tier (100 verifications/month, then billed). For testing, enable sandbox mode on an org: `skip_verification: true` mints instantly-verified sessions, unbilled, no webhook required (capped 500/month)

## Getting Started

- [Quickstart](https://docs.stile.id/getting-started/quickstart): Publish a workflow, drop in the widget, and confirm results with a signed webhook — your first verified session in three steps.
- [Integration Guide](https://docs.stile.id/getting-started/integration-guide): Everything you need to build a production-ready integration — session-url architecture, workflows, compliance checks, returning users, VPN detection, and webhook-gated checkout.
- [Authentication](https://docs.stile.id/getting-started/authentication): How Stile API keys work — publishable vs. secret, sandbox mode, rate limits, and zero-downtime key rotation.
- [Build with AI](https://docs.stile.id/getting-started/llms): Feed the Stile docs to your AI assistant or coding agent — llms.txt, a full-corpus file, and the OpenAPI spec.

## Concepts

- [Workflows](https://docs.stile.id/concepts/workflows): A workflow is the dashboard-configured recipe every verification session runs inside — it decides the use case, the methods, the jurisdictions, and the outcome.
- [Verification Methods](https://docs.stile.id/concepts/verification-methods): The full menu of verification methods a workflow can offer — from government digital credentials to age estimation — and how strong each one is.
- [Glossary](https://docs.stile.id/concepts/glossary): The core Stile terms — workflow, session, client secret, VP token, age tier, and the rest — in one place.

## HTTP API

- [Overview](https://docs.stile.id/api-reference/overview): Base URL, authentication, request and response conventions, pagination, the error object, idempotency, and rate limits — everything shared across the Stile HTTP API.
- [Verification Sessions](https://docs.stile.id/api-reference/verification-sessions): Create, retrieve, cancel, and list verification sessions — the core resource of every Stile integration.
- [Compliance](https://docs.stile.id/api-reference/compliance): Look up regulatory rules by product type and jurisdiction — required age tiers, prohibited products, allowed verification methods, and most-restrictive resolution for mixed carts.
- [Verified Person](https://docs.stile.id/api-reference/verified-person): Look up whether a user already holds a verified credential — on your site or across the Stile network — and skip re-verification for returning users.
- [Risk](https://docs.stile.id/api-reference/risk): Score the fraud risk of an IP, email, phone, or device — standalone, before or alongside a verification session.
- [Webhook Endpoints](https://docs.stile.id/api-reference/webhook-endpoints): Register, manage, and debug the HTTPS endpoints that receive Stile's signed event notifications.
- [Events](https://docs.stile.id/api-reference/events): Events record every significant change in your Stile account — the same objects delivered to your webhook endpoints.

## Guides

- [Webhooks](https://docs.stile.id/guides/webhooks): Receive real-time notifications when verification events occur — endpoint setup, signature verification, retries, deduplication, and local testing.
- [Webhook Signature Verification](https://docs.stile.id/guides/webhook-verification): Verify the Stile-Signature header — three lines on Node.js with @stile/node, complete copy-paste handlers for every other stack.
- [Error Handling](https://docs.stile.id/guides/error-handling): Parse Stile's error envelope, branch on stable error codes, and retry safely with exponential backoff and idempotency keys — in any language, no SDK required.
- [Rate Limits](https://docs.stile.id/guides/rate-limits): Per-key request limits, the rate-limit headers on every response, and how to back off cleanly.
- [Testing & Sandbox](https://docs.stile.id/guides/testing): Build against sandbox mode, simulate verified sessions with skip_verification, test webhooks through a tunnel, and run the going-live checklist.
- [Dashboard](https://docs.stile.id/guides/dashboard): A tour of the Stile dashboard — where you build workflows, manage keys, watch sessions, configure webhooks, and handle billing.
- [Security Best Practices](https://docs.stile.id/guides/security): Webhook-first access control, signature verification, key management, rate limits, and anti-fraud measures for production integrations.
- [Data Retention & Privacy](https://docs.stile.id/guides/data-retention): What Stile stores, what gets purged and when, and how the platform minimizes the PII you ever touch.
- [Returning User Verification](https://docs.stile.id/guides/returning-users): Verify once, reuse many times — VP tokens, credential lookup with OTP, and the strength, age-tier, and expiry rules that decide when a user must re-verify.
- [Desktop → Mobile Handoff](https://docs.stile.id/guides/device-handoff): How the widget moves a verification from a desktop to the user's phone when a step needs hardware the desktop doesn't have — automatically.
- [Trust Reuse](https://docs.stile.id/guides/trust-reuse): Accept verifications a user already completed at other Stile operators — verify once, recognized everywhere.

## SDKs

- [SDKs](https://docs.stile.id/sdks/overview): Two official SDKs — a frontend widget and a server-side Node.js client — plus a language-agnostic HTTP API for everything else.
- [Widget SDK](https://docs.stile.id/sdks/widget): Framework-agnostic web components and JavaScript API for embedding verification in any frontend.
- [Node.js SDK](https://docs.stile.id/sdks/node): The typed Node.js and TypeScript client for the Stile API — resource methods, automatic retries, idempotency, and built-in webhook signature verification.

## More

- [Changelog](https://docs.stile.id/changelog): Notable changes to the Stile API, SDKs, and docs.

## Optional

- [Complete documentation in one file](https://docs.stile.id/llms-full.txt): every page concatenated as markdown — paste it into your AI assistant's context
- [OpenAPI 3.1 spec](https://docs.stile.id/openapi.yaml): machine-readable API schema