Create Session Review
Append a note to a User Verification (KYC) session’s review / activity feed. This endpoint only records an entry — it never changes the session. The session’s status is left untouched, no status-transition validation runs, and no webhook fires. To actually approve, decline, or re-open a session (which also writes a fully-attributed STATUS_UPDATED entry to this feed), use PATCH /v3/session/{session_id}/update-status/ instead.
Both body fields are optional and an empty JSON object is accepted. new_status is stored purely as a label on the entry and accepts any of the ten session status values (case-sensitive). @email mentions inside comment are stored as plain text only — they trigger no notifications on this endpoint, and the entry’s mentioned_emails stays empty.
Note on attribution: entries created here carry no actor information. In the feed they show actor_display: "Unknown", actor_type: "CONSOLE_USER", and activity_type: "STATUS_UPDATED" (storage defaults), and the 201 body’s user field is "Unknown".
Authorizations
Headers
Set to application/json when sending a JSON body.
"application/json"
Path Parameters
UUID of the User Verification (KYC) session. Must belong to the same application as the API key — cross-application UUIDs, deleted sessions, and Business Verification (KYB) session IDs all return 404.
"8c2f3a14-7e9b-4d23-9e83-3f7d5e8a1c6d"
Body
Optional status label to record on the entry. Accepts any session status value, case-sensitive ("approved" is rejected with 400). Recording a status here does not change the session's actual status — use the update-status endpoint for that.
Not Started, In Progress, Approved, Declined, In Review, Expired, Abandoned, Kyc Expired, Resubmitted, Awaiting User "In Review"
Optional free-text note (no enforced length limit). Stored verbatim; @email mentions are not processed on this endpoint.
"Flagging for manual document re-check."
Response
Entry recorded on the session's audit trail. The session itself is unchanged — its status keeps its previous value and no webhook is sent. The new entry also appears at the top of GET …/reviews/ (with actor_display: "Unknown").
Display name of the entry's author. Always "Unknown" for entries created through this endpoint, because it records no actor attribution.
"Unknown"
The status label recorded on the entry, or null if none was sent. The session's actual status is not affected.
Not Started, In Progress, Approved, Declined, In Review, Expired, Abandoned, Kyc Expired, Resubmitted, Awaiting User "In Review"
The note recorded on the entry, or null if none was sent.
"Flagging for manual document re-check."
When the entry was written, ISO 8601 UTC.
"2026-06-12T00:18:44.466537Z"