Create a unique verification session for a customer. Each session is single-use and expires after 1 hour. Once expired, a new session must be created.

The userId is automatically extracted from the authentication token. You can optionally provide customer information (firstName, lastName, birthDate) for verification purposes.