REST API Endpoints
Copy for AI agents
Copy a complete REST API integration brief (all endpoints, headers, bodies, flows, and error codes) and paste it into ChatGPT, Cursor, Claude, or any coding agent to start implementation.
Preview copied content
# VerifySpeed REST API — Backend Integration Spec
Use this specification to implement a complete VerifySpeed phone verification integration on the server side.
## Overview
- Base URL: `https://api.verifyspeed.com/v1/`
- Protocol: REST, JSON request/response bodies
- Authentication: `server-key` header (from VerifySpeed dashboard). Never expose the server key in mobile or browser clients.
- Postman collection: https://documenter.getpostman.com/view/17365198/2sBXikpBjZ
## HTTP status codes
- **400** — Missing or invalid input
- **401** — Missing or invalid `server-key`
- **403** — Authorization failure
- **404** — Resource not found (e.g. unknown method name)
Non-success responses (outside 2xx) use [RFC 9457](https://www.rfc-editor.org/rfc/rfc9457) problem details.
## Integration flows
### Message-based flow (WhatsApp Message, Telegram Message)
1. `GET /verifications/initialize` — list available methods for the client IP
2. `POST /verifications/create` — start verification; return `verificationKey` and `deepLink` to the client app
3. User completes verification via deep link / client SDK; client receives encrypted `token`
4. Backend decrypts `token` locally (recommended) OR calls `GET /verifications/result`
### OTP flow (WhatsApp OTP, Telegram OTP, SMS OTP)
1. `GET /verifications/initialize`
2. `POST /verifications/create` with `phoneNumber` (E.164, required for OTP methods)
3. User receives OTP and enters the code in your app
4. **Validate OTP** — choose ONE approach per session:
- **Client SDK (Android / iOS / Flutter / Web):** App calls SDK validateOTP/validateOtp; on success SDK returns `token`; app sends `token` to your backend. Does NOT use `POST /verifications/validate-otp`.
- **Backend REST:** App sends code to your server → `POST /verifications/validate-otp` with `code`, `verificationKey`, and `server-key` (backend only).
5. Backend decrypts `token` (recommended) or calls `GET /verifications/result` for `methodName`, `dateOfVerification`, `phoneNumber`, `verificationKey`
---
## Endpoints
### 1. Initialize verification
`GET https://api.verifyspeed.com/v1/verifications/initialize`
**Headers (required):**
- `server-key`: YOUR_SERVER_KEY
**Response 200:**
```json
{
"availableMethods": [
{ "methodName": "string", "displayName": "string" }
]
}
```
---
### 2. Create verification
`POST https://api.verifyspeed.com/v1/verifications/create`
**Headers (required):**
- `server-key`: YOUR_SERVER_KEY
- `Content-Type`: application/json
**Body:**
| Field | Required | Description |
|---|---|---|
| methodName | Yes | e.g. whatsapp-message, telegram-message, whatsapp-otp, telegram-otp, sms-otp |
| language | No | en (default), ar, ckb |
| phoneNumber | For OTP methods | E.164 e.g. +14255552673. Required for whatsapp-otp, telegram-otp, sms-otp |
**Response 200:**
```json
{
"methodName": "string",
"verificationKey": "string",
"deepLink": "string | null"
}
```
- `deepLink`: URL for message-based methods; `null` for OTP methods.
**OTP create example body:**
```json
{
"methodName": "whatsapp-otp",
"language": "en",
"phoneNumber": "+14255552673"
}
```
---
### 3. Validate OTP (backend REST — alternative to client SDK)
`POST https://api.verifyspeed.com/v1/verifications/validate-otp`
Use this when your backend validates the OTP. Alternatively, use client SDK validateOTP on Android/iOS/Flutter/Web to obtain the token without this endpoint, then send the token to your backend for decryption.
Backend-only. Do NOT call from clients with an exposed server key.
**Headers (required):**
- `server-key`: YOUR_SERVER_KEY (invalid/missing → 401)
- `Content-Type`: application/json
**Body:**
| Field | Required | Description |
|---|---|---|
| code | Yes | User OTP, max 5 characters |
| verificationKey | Yes | From create verification response |
**Response 200 (success):**
```json
{
"succeed": true,
"token": "string",
"phoneNumber": "+14255552673",
"errorMessage": null,
"errorCode": null
}
```
**Response 200 (failure examples):**
```json
{ "succeed": false, "token": null, "phoneNumber": null, "errorMessage": "OTP verification has been expired", "errorCode": "OTP_EXPIRED" }
{ "succeed": false, "token": null, "phoneNumber": null, "errorMessage": "Invalid OTP code provided", "errorCode": "OTP_INVALID" }
{ "succeed": false, "token": null, "phoneNumber": null, "errorMessage": "OTP verification has already been verified", "errorCode": "OTP_ALREADY_VERIFIED" }
```
**Additional fields from token:** Decrypt `token` with server key (recommended) or call GET /verifications/result to obtain `methodName`, `dateOfVerification`, `verificationKey`.
---
### 4. Verification result (alternative to local decryption)
`GET https://api.verifyspeed.com/v1/verifications/result`
**Headers (required):**
- `server-key`: YOUR_SERVER_KEY
- `token`: Verification token from client SDK or validate-otp
**Response 200:**
```json
{
"methodName": "string",
"verificationKey": "string",
"dateOfVerification": "2024-06-24T14:51:02.877Z",
"phoneNumber": "+12223334455",
"firstTimeVerified": true
}
```
- `firstTimeVerified`: Helps detect token reuse (API-only; not available with local decryption alone).
**Recommended:** Decrypt token on your server with official SDKs / EncryptionTool (see verification-result docs). Tokens expire after 5 minutes.
---
## Implementation checklist
- [ ] Store `server-key` in server environment only
- [ ] Proxy endpoint: initialize (return methods to client)
- [ ] Proxy endpoint: create (pass client IP, method, optional phone/language)
- [ ] OTP: validate via client SDK (token to backend) OR backend validate-otp endpoint — not both per session
- [ ] Message-based: return verificationKey + deepLink to client
- [ ] Verify token: local decrypt OR GET result before trusting phone number
- [ ] Handle OTP error codes: OTP_EXPIRED, OTP_INVALID, OTP_ALREADY_VERIFIED
- [ ] Use E.164 for all phone numbers
## Official SDKs (optional)
- PHP: composer require verifyspeed/vs-php (^2.1.0)
- C#: VerifySpeed.VSCSharp (^1.0.27)
- See docs for Node, Go, and client mobile SDKs
---
Generated from VerifySpeed REST API documentation. Implement server-side integration following this spec.
Postman collection
Browse and try every VerifySpeed endpoint in Postman. Includes sample requests, headers, and bodies for initialize, create, validate OTP, and verification result.
Requests and Responses
- Our API is a REST API.
- We use json for all request and response bodies.
- Rate limit applied to all inbound requests. (Soon the detail will be provided)
HTTP Response Codes
When calling VerifySpeed endpoints and facing HTTP errors, the following HTTP response codes may be returned based on errors during request processing:
-
400: Missing or invalid input data.
- Example: Requesting for creating verification with an inactive method.
-
401: Authentication failure.
- Example: Missing or invalid
server-keyin the HTTP request.
- Example: Missing or invalid
-
403: Authorization failure.
- Example: Attempting to access another user's data. Do not try this one.
-
404: Resource not found.
- Example: Using a non-existent method name.
For non-success HTTP responses (e. g., status codes outside 200-299), the response body follows the format defined by RFC 9457.
Possible Error Responses:
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.4",
"title": "Application not found",
"status": 404,
"errors": [
"server-key": ["Invalid server key"]
]
}
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
"title": "Invalid request, please contact support. (error code: VF0001)",
"status": 400,
"errors": []
}
Creating Phone Number Verification
Initialization
Endpoint: GET https://api.verifyspeed.com/v1/verifications/initialize
Request Headers:
server-key: Server key obtained from the [dashboard].
- cURL
- C#
- Go
- Node.js
- PHP
- Python
curl -X GET "https://api.verifyspeed.com/v1/verifications/initialize" \
-H "server-key: YOUR_SERVER_KEY"
using System.Net.Http;
using System.Threading.Tasks;
var client = new HttpClient();
client.DefaultRequestHeaders.Add("server-key", "YOUR_SERVER_KEY");
var response = await client.GetAsync("https://api.verifyspeed.com/v1/verifications/initialize");
var content = await response.Content.ReadAsStringAsync();
package main
import (
"fmt"
"io"
"net/http"
)
func main() {
client := &http.Client{}
req, err := http.NewRequest("GET", "https://api.verifyspeed.com/v1/verifications/initialize", nil)
if err != nil {
panic(err)
}
req.Header.Set("server-key", "YOUR_SERVER_KEY")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(body))
}
const axios = require('axios');
const response = await axios.get('https://api.verifyspeed.com/v1/verifications/initialize', {
headers: {
'server-key': 'YOUR_SERVER_KEY'
}
});
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.verifyspeed.com/v1/verifications/initialize");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"server-key: YOUR_SERVER_KEY"
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
?>
import requests
headers = {
'server-key': 'YOUR_SERVER_KEY'
}
response = requests.get('https://api.verifyspeed.com/v1/verifications/initialize', headers=headers)
Response (200 OK):
{
"availableMethods": [
{
"methodName": "string",
"displayName": "string"
}
]
}
- availableMethods: A list of available verification methods for the client. (See Verification Methods for more details)
- methodName: Identifier for the verification method (e.g.,
whatsapp-messege). - displayName: Display name of the method (e.g., WhatsApp Message).
- methodName: Identifier for the verification method (e.g.,
Creating the Verification
Endpoint: Post https://api.verifyspeed.com/v1/verifications/create
Request Headers:
server-key: Server key obtained from the [dashboard].
- cURL
- C#
- Go
- Node.js
- PHP
- Python
curl -X POST "https://api.verifyspeed.com/v1/verifications/create" \
-H "server-key: YOUR_SERVER_KEY" \
-H "Content-Type: application/json" \
-d '{
"methodName": "whatsapp-message",
"language": "en"
}'
using System.Net.Http;
using System.Text;
using System.Text.Json;
var client = new HttpClient();
client.DefaultRequestHeaders.Add("server-key", "YOUR_SERVER_KEY");
var requestBody = new { methodName = "whatsapp-message", language = "en" };
var json = JsonSerializer.Serialize(requestBody);
var content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await client.PostAsync("https://api.verifyspeed.com/v1/verifications/create", content);
package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
)
func main() {
client := &http.Client{}
requestBody := map[string]string{
"methodName": "whatsapp-message",
"language": "en",
}
jsonData, err := json.Marshal(requestBody)
if err != nil {
panic(err)
}
req, err := http.NewRequest("POST", "https://api.verifyspeed.com/v1/verifications/create", bytes.NewBuffer(jsonData))
if err != nil {
panic(err)
}
req.Header.Set("server-key", "YOUR_SERVER_KEY")
req.Header.Set("Content-Type", "application/json")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(body))
}
const axios = require('axios');
const response = await axios.post('https://api.verifyspeed.com/v1/verifications/create', {
methodName: 'whatsapp-message',
language: 'en'
}, {
headers: {
'server-key': 'YOUR_SERVER_KEY'
}
});
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.verifyspeed.com/v1/verifications/create");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"server-key: YOUR_SERVER_KEY",
"Content-Type: application/json"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
'methodName' => 'whatsapp-message',
'language' => 'en'
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
?>
import requests
import json
headers = {
'server-key': 'YOUR_SERVER_KEY'
}
data = {
'methodName': 'whatsapp-message',
'language': 'en'
}
response = requests.post('https://api.verifyspeed.com/v1/verifications/create',
headers=headers,
json=data)
- methodName: The selected verification method (required) (e.g.,
whatsapp-message,whatsapp-otp). (See Verification Methods for more details) - language: The language to be used (optional) (e.g.,
en). - phoneNumber: The user's phone number in E.164 format (e.g.,
+14255552673). Required whenmethodNameis an OTP method (whatsapp-otp,telegram-otp, orsms-otp). Omit for message-based methods (whatsapp-message,telegram-message).
Notes:
- Supported languages for now:
enfor English (Default)arfor Arabicckbfor Central Kurdish
- OTP methods: When you create a verification with an OTP method, you must include
phoneNumberin the request body. VerifySpeed sends a one-time password to that number via the selected channel (WhatsApp, Telegram, or SMS). Your client app collects the code from the user, then validates it either on the client (SDK) or on your backend (Validating OTP REST endpoint).
Response
{
"methodName": "string",
"verificationKey": "string",
"deepLink": "string"
}
- methodName: Method name of the used verification method.
- verificationKey: The key that identifies the verification.
- deepLink (nullable): URL to complete verification by deep linking. Returned for message-based methods (
whatsapp-message,telegram-message).nullfor OTP methods (whatsapp-otp,telegram-otp,sms-otp).
OTP method example
When creating an OTP verification, include phoneNumber in the request body. VerifySpeed delivers the OTP to that number; your app prompts the user to enter the code.
curl -X POST "https://api.verifyspeed.com/v1/verifications/create" \
-H "server-key: YOUR_SERVER_KEY" \
-H "Content-Type: application/json" \
-d '{
"methodName": "whatsapp-otp",
"language": "en",
"phoneNumber": "+14255552673"
}'
Validating OTP
After creating an OTP verification, you can complete OTP validation in two ways. Both return a verification token on success that your backend decrypts (or resolves via the result API) to obtain full verification details.
| Approach | Where OTP is validated | How you get the token |
|---|---|---|
| Client SDK (recommended for mobile/web apps) | Android, iOS, Flutter, or Web client SDK | SDK validateOTP / validateOtp returns the token in an success callback; the app sends the token to your backend. |
| Backend REST API (this section) | Your server calls VerifySpeed | POST /v1/verifications/validate-otp with server-key; response includes token and phoneNumber. |
Use one approach per verification session—not both. Client SDK docs: Android OTP, iOS OTP, Flutter OTP, Web OTP.
Backend REST API: validate-otp
Call this from your backend when the user's app sends the OTP code to your server (instead of validating via the client SDK). Requests must include your server-key—do not call this endpoint from mobile or web clients with the server key exposed. On success, the response includes a verification token and phoneNumber.
Endpoint: POST https://api.verifyspeed.com/v1/verifications/validate-otp
Request Headers:
server-key(required): Server key obtained from the [dashboard]. Requests without a valid server key receive 401.
- cURL
- C#
- Go
- Node.js
- PHP
- Python
curl -X POST "https://api.verifyspeed.com/v1/verifications/validate-otp" \
-H "server-key: YOUR_SERVER_KEY" \
-H "Content-Type: application/json" \
-d '{
"code": "12345",
"verificationKey": "YOUR_VERIFICATION_KEY"
}'
using System.Net.Http;
using System.Text;
using System.Text.Json;
var client = new HttpClient();
client.DefaultRequestHeaders.Add("server-key", "YOUR_SERVER_KEY");
var requestBody = new { code = "12345", verificationKey = "YOUR_VERIFICATION_KEY" };
var json = JsonSerializer.Serialize(requestBody);
var content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await client.PostAsync("https://api.verifyspeed.com/v1/verifications/validate-otp", content);
package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
)
func main() {
client := &http.Client{}
requestBody := map[string]string{
"code": "12345",
"verificationKey": "YOUR_VERIFICATION_KEY",
}
jsonData, err := json.Marshal(requestBody)
if err != nil {
panic(err)
}
req, err := http.NewRequest("POST", "https://api.verifyspeed.com/v1/verifications/validate-otp", bytes.NewBuffer(jsonData))
if err != nil {
panic(err)
}
req.Header.Set("server-key", "YOUR_SERVER_KEY")
req.Header.Set("Content-Type", "application/json")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(body))
}
const axios = require('axios');
const response = await axios.post('https://api.verifyspeed.com/v1/verifications/validate-otp', {
code: '12345',
verificationKey: 'YOUR_VERIFICATION_KEY'
}, {
headers: {
'server-key': 'YOUR_SERVER_KEY'
}
});
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.verifyspeed.com/v1/verifications/validate-otp");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"server-key: YOUR_SERVER_KEY",
"Content-Type: application/json"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
'code' => '12345',
'verificationKey' => 'YOUR_VERIFICATION_KEY'
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
?>
import requests
headers = {
'server-key': 'YOUR_SERVER_KEY'
}
data = {
'code': '12345',
'verificationKey': 'YOUR_VERIFICATION_KEY'
}
response = requests.post('https://api.verifyspeed.com/v1/verifications/validate-otp',
headers=headers,
json=data)
Request Body:
- code (required): The OTP code entered by the user (max 5 characters).
- verificationKey (required): The
verificationKeyreturned from Creating the Verification for the same OTP session.
Response (200 OK):
{
"succeed": true,
"token": "string",
"phoneNumber": "+14255552673",
"errorMessage": null,
"errorCode": null
}
{
"succeed": false,
"token": null,
"phoneNumber": null,
"errorMessage": "OTP verification has been expired",
"errorCode": "OTP_EXPIRED"
}
{
"succeed": false,
"token": null,
"phoneNumber": null,
"errorMessage": "Invalid OTP code provided",
"errorCode": "OTP_INVALID"
}
{
"succeed": false,
"token": null,
"phoneNumber": null,
"errorMessage": "OTP verification has already been verified",
"errorCode": "OTP_ALREADY_VERIFIED"
}
Response Fields:
- succeed:
truewhen the code is valid for the givenverificationKey; otherwisefalse. - token (nullable): Verification token returned when
succeedistrue. Decrypt it or pass it to the verification result endpoint to read full verification details (see below). - phoneNumber (nullable): Verified phone number in E.164 format (e.g.,
+14255552673). Returned whensucceedistrue. - errorMessage (nullable): Human-readable error description when
succeedisfalse. - errorCode (nullable): Machine-readable error code when
succeedisfalse. Known values:OTP_EXPIRED: The OTP session has expired.OTP_INVALID: The provided code does not match.OTP_ALREADY_VERIFIED: This verification was already completed; validate again only if you started a new OTP session.
Additional verification details from the token
The validate-otp response gives you phoneNumber immediately on success. For other fields—such as the verification method used (methodName), when the user was verified (dateOfVerification), and verificationKey—decrypt the returned token on your server or call the result API. Both approaches are documented under Verification Result:
- Local token decryption (recommended) — Decrypt the
tokenwith your server key on your backend. No extra VerifySpeed API call. See Verification Result Documentation for package and language examples. - Verification result API — Send the
tokentoGET /v1/verifications/resultwith yourserver-key. Returns the same data plusfirstTimeVerifiedfor reuse detection. See Alternative: API Endpoint below.
Example fields available after decrypting the token or calling the result endpoint:
| Field | Description |
|---|---|
phoneNumber | Verified number in E.164 format. |
dateOfVerification | UTC timestamp when verification completed. |
methodName | Verification method used (e.g., whatsapp-otp, sms-otp). |
verificationKey | Key that identifies this verification session. |
Verification Result
Recommended Approach: Client-side Token Decryption
Instead of calling the verification result endpoint, we recommend that your server decrypts the verification token directly using your server key. This approach is more efficient, secure, and eliminates the need for an additional API call.
How It Works:
- Client receives encrypted token after completing verification
- Client sends token to your server (not to VerifySpeed)
- Your server decrypts the token using your server key
- Extract verification details directly from the decrypted token
Benefits:
- Faster: No additional API calls to VerifySpeed
- More Secure: Token decryption happens on your server
- Cost Effective: Reduces API usage
- Real-time: Immediate access to verification data
Implementation:
For detailed implementation examples, see Verification Result Documentation which includes:
- Official Packages: Ready-to-use decryption tools for each language
- Manual Implementation: Complete code examples for custom implementations
- Security Best Practices: Token expiry validation and error handling
- Multi-language Support: C#, Node.js, PHP, Python, and Go examples
Alternative: API Endpoint
If you still need to use the API endpoint, here's the implementation:
Endpoint: GET https://api.verifyspeed.com/v1/verifications/result
Request Headers:
server-key: Server key obtained from the [dashboard].token: The verification token received from the client.
- cURL
- C#
- Go
- Node.js
- PHP
- Python
curl -X GET "https://api.verifyspeed.com/v1/verifications/result" \
-H "server-key: YOUR_SERVER_KEY" \
-H "token: YOUR_VERIFICATION_TOKEN"
using System.Net.Http;
using System.Threading.Tasks;
var client = new HttpClient();
client.DefaultRequestHeaders.Add("server-key", "YOUR_SERVER_KEY");
client.DefaultRequestHeaders.Add("token", "YOUR_VERIFICATION_TOKEN");
var response = await client.GetAsync("https://api.verifyspeed.com/v1/verifications/result");
var content = await response.Content.ReadAsStringAsync();
package main
import (
"fmt"
"io"
"net/http"
)
func main() {
client := &http.Client{}
req, err := http.NewRequest("GET", "https://api.verifyspeed.com/v1/verifications/result", nil)
if err != nil {
panic(err)
}
req.Header.Set("server-key", "YOUR_SERVER_KEY")
req.Header.Set("token", "YOUR_VERIFICATION_TOKEN")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(body))
}
const axios = require('axios');
const response = await axios.get('https://api.verifyspeed.com/v1/verifications/result', {
headers: {
'server-key': 'YOUR_SERVER_KEY',
'token': 'YOUR_VERIFICATION_TOKEN'
}
});
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.verifyspeed.com/v1/verifications/result");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"server-key: YOUR_SERVER_KEY",
"token": "YOUR_VERIFICATION_TOKEN"
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
?>
import requests
headers = {
'server-key': 'YOUR_SERVER_KEY',
'token': 'YOUR_VERIFICATION_TOKEN'
}
response = requests.get('https://api.verifyspeed.com/v1/verifications/result', headers=headers)
Response (200 OK):
{
"methodName": "string",
"verificationKey": "string",
"dateOfVerification": "2024-06-24T14:51:02.877Z",
"phoneNumber": "+12223334455",
"firstTimeVerified": true
}
Response Fields:
- methodName: The method name (e.g.,
whatsapp-messege) of the verification method used to verify the phone number. - verificationKey: The key that identifies the verification.
- dateOfVerification: The date and time (in UTC) when the phone number was verified.
- phoneNumber: The verified phone number in E.164 format (e.g. +14255552673 (1 is country code)).
- firstTimeVerified: Indicates whether this token has been verified for the first time or not by VerifySpeed API. Can be used for security reasons to prevent token reuse.