- The inquiry has expired based on pre-configured expiration settings on the template: You may not want a user to have access to a Persona inquiry for longer than a certain period of time, so you can configure the expiration intervals in the inquiry template itself.
- The user is unable to access their inquiry for security reasons: Persona creates and stores a session token in the user's browser session when they first access an inquiry. If the user closers their browser or app in the midst of the inquiry flow, they will lose that session token and will no longer be able to access the inquiry. Persona requires a session token to be provided in subsequent attempts to complete the inquiry in order to ensure the safe storage of PII.
Persona's Hosted Flow Integration requires sending an inquiry link to the end user. The Hosted Flow takes different parameters, which can affect the user's access to their inquiry. Different parameters may be more appropriate based on your specific use case and requirements.
|Best suited for
|- Inquiries that are prefilled with the user’s PII or other fields
- Data cleanliness (one inquiry per user)
|The given inquiry is loaded when the link is accessed.
In-progress inquiries are inaccessible without a session token. You should have a strategy for resuming the inquiry (see below).
|"Just in time" inquiry / static link
|- Links posted on a website for many people to access
|A new inquiry is created every time the static link is accessed or the SDK is instantiated with the
Static links allow users the ability to access the Persona verification flow more than once, resulting in multiple inquiries being created.
You have embedded Persona into your app and want to ensure that a user can always access their dedicated inquiry until the configured expiration time
If a user has started a flow and then exits for whatever reason, you will need to resume the inquiry for them when they try to regain access to it. Make an API call to resume the inquiry when they try to re-access it, and load both the
session-token parameters into the SDK.
Note: Depending on your business strategy, you may decide to create a new inquiry if the current one is on a previous version. Read more about that here.
Option 1: Send the user a static link but make sure to include an opaque (but unique) token as their reference ID. This will ensure that the user always has access to the link, but that all of their inquiries will be created on the same account.
Option 2: If you have information you need to securely pre-fill into the inquiry, you can create it via API and instruct the user in the email that they must complete the inquiry in one sitting.
In this scenario, we also recommend configuring a long expiration time in the template itself.
Appending a session token to a link
Another option you can utilize is to create a dedicated link and append the session token to it. This will allow you to both prefill values and ensure the user does not lose access. We recommend against doing this because it makes you susceptible to PII leakage. Including the session token in the link grants permanent access to the inquiry (until it expires) to anyone with the link.
You have a B2B2C business model and provide Persona inquiries to your customers to give to their end users.
The above recommendations will also apply in this scenario! The added nuance with a B2B2C model is that your customers will be unable to hit the Persona endpoint themselves to resume inquiries. Your options are:
- Making an API call to get a session token on creation of the inquiry and passing both the inquiry ID and session token to your customer in a secure manner
- Building your own
resumeAPI endpoint for customers to hit whenever they need a new session token. This would call Persona's
resumeendpoint in the backend.
In either implementation, you will want to ensure you're setting a practical inquiry expiration time.
When a dedicated inquiry is created, it's pinned to the latest inquiry version. Having a dedicated inquiry be active for too long (months or more) may mean that users going through these inquiries going through outdated flows and configurations.
Keeping in mind the balance between outdated inquiries and user friction, you will want to work with your team to determine how long you want to keep an inquiry active for.
You can continue to resume the inquiry after its expired to get another session token to present the user, but you will likely want to check how old the inquiry is before you resume it, as a new inquiry version with updated logic may have been published. More information here.
We recommend against always making a call to resume the inquiry every time the user loads your app (instead of saving the session token), as you may run into API and inquiry session limits.
Updated about 1 month ago