Xaqiiji
API ReferenceVerify Citizen
API v1OpenAPI ready

Verify Citizen

Verify Somali citizens using National ID. These endpoints are live today.

Purpose

Verify Somali citizens using National ID. These endpoints are live today.

Endpoint group cards

POST/api/v1/verify/citizen

Verify citizen

Verify a Somali citizen identity using 11-digit National ID.

GET/api/v1/verifications

List verifications

List previous verification requests for your business.

GET/api/v1/docs/openapi.json

OpenAPI specification

Machine-readable contract for SDK generation and validation.

Detailed endpoint

POST/api/v1/verify/citizen

Verify citizen

Verify a Somali citizen identity using National ID.

Real-time

Under 2 seconds

Requires API Key

Bearer token

Rate Limit

60 req/min

Credits

1 credit per request

Overview

Verify a Somali citizen identity using National ID. This endpoint is designed for secure server-to-server integrations and returns structured JSON suitable for enterprise audit, reporting, and ERP reconciliation.

Requires API key authentication

Send requests from a trusted backend using Authorization: Bearer <api_key>. Never expose live API keys in frontend code.

Rate limit: 60 requests per minute

Use idempotency keys and exponential backoff. Retry only after the reset window or the Retry-After header.

Request

ParameterTypeRequiredDescriptionExample
nationalIdstringrequired11-digit Somali National ID.12345678901
purposestringoptionalBusiness purpose for audit logs.pre_employment
Idempotency-KeyheaderrecommendedUnique key (8–128 chars) for safe retries.verify-2026-06-02-001
AuthorizationheaderrequiredBearer API key (xq_test_* or xq_live_*).Bearer xq_test_xxxxxxxxxxxxxx
application/json
{  "nationalId": "12345678901",  "purpose": "pre_employment"}

Response

application/json
{  "message": "Verification completed",  "cached": false,  "creditDeducted": true,  "data": {    "id": "uuid",    "result": "verified",    "purpose": "pre_employment",    "channel": "api",    "creditsUsed": 1  },  "citizen": {    "fullName": "Example Citizen",    "dateOfBirth": "1990-01-01"  }}

Code Examples

cURL
curl -X POST "http://localhost:8080/api/v1/verify/citizen" \  -H "Authorization: Bearer xq_test_xxxxxxxxxxxxxx" \  -H "Content-Type: application/json" \  -H "Idempotency-Key: verify-2026-06-02-001" \  -d '{  "nationalId": "12345678901",  "purpose": "pre_employment"}'

Errors

application/json
{  "status": "failed",  "code": "BAD_REQUEST",  "message": "Validation failed",  "errors": [    {      "field": "nationalId",      "message": "National ID must be exactly 11 digits"    }  ]}
HTTP statusError codeDescription
400BAD_REQUESTMalformed request or validation failure.
401UNAUTHORIZEDMissing, invalid, revoked, or expired API key.
403FORBIDDENBusiness inactive or not on an enterprise plan.
404NOT_FOUNDResource not found.
409CONFLICTIdempotency-Key reused with a different payload.
429RATE_LIMITEDToo many requests — retry with backoff.
500INTERNAL_ERRORUnexpected server error.

Rate Limits

Rate limit: 60 requests per minute

Use idempotency keys and exponential backoff. Retry only after the reset window or the Retry-After header.

Best Practices

Production guidance

Send requests only from trusted backend services
Use Authorization and Idempotency-Key headers
Do not log National IDs, API keys, or biometric payloads
Store secrets in an encrypted vault
Monitor requestId and referenceId values for audit workflows
Use webhook signatures for event ingestion

Next steps

Next steps

Test the endpoint in sandbox using a test API key.
Add idempotency, error handling, and request logging.
Validate authorization, rate limits, and production approval before going live.
Previous

API Overview

Next

List Verifications

Edit this page
Was this page helpful?