Prepare an environment

Last updated: October 28, 2024

This topic describes how to prepare an environment before implementing the iProov REST API.

Select an iProov tentant

The iProov platform is available in the following geographical regions, select the most appropriate to ensure minimum latency and the best user experience:

Platform	API Base URL	SDK URL `Android 8.xiOS 10.xWeb 4.x`
Multi-tenant EU	`https://eu.rp.secure.iproov.me/api/v2`	`wss://eu.rp.secure.iproov.me/ws`
Multi-tenant USA	`https://us.rp.secure.iproov.me/api/v2`	`wss://us.rp.secure.iproov.me/ws`
Multi-tenant Singapore	`https://sg.rp.secure.iproov.me/api/v2`	`wss://sg.rp.secure.iproov.me/ws`
Multi-tenant Australia	`https://au.rp.secure.iproov.me/api/v2`	`wss://au.rp.secure.iproov.me/ws`
Muti-tenant Jakarta	`https://jkt.rp.secure.iproov.me/api/v2`	`wss://jkt.rp.secure.iproov.me/ws`
Multi-tenant LATAM	`https://latam.rp.secure.iproov.me/api/v2`	`wss://latam.rp.secure.iproov.me/ws`

Important

The platform you select must match the one specified in the service provider configuration and the client SDK streaming URL. A miss match will result in a HTTP 401 error code with this response message:

{
"error": "invalid_key",
"error_description": "Invalid Public and/or Private Key"
}

Obtain API authentication credentials

The iProov REST API has two groups, each with a different authentication mechanism. API and OAuth 2.0 credentials can be obtained when creating a service provider:

Service API
Management API

Endpoint group Authentication mechanism

Endpoint group	Authentication mechanism
`POST /claim/enrol/token` `POST /claim/enrol/image` `POST /claim/enrol/validate` `POST /claim/verify/token` `POST /claim/verify/validate`	API key and secret
`POST /{api_key}/access_token`	OAuth 2.0 user name and password
`POST /users/{user_id}/activate` `POST /users/{user_id}/suspend` `GET /users/{existing_user_id}` `PUT /users/{existing_user_id}` `DELETE /users/{existing_user_id}` `POST /claim/{token}/invalidate`	OAuth access token

POST /claim/enrol/token

POST /claim/enrol/image

POST /claim/enrol/validate

POST /claim/verify/token

POST /claim/verify/validate

API key and secret

POST /{api_key}/access_token

OAuth 2.0 user name and password

POST /users/{user_id}/activate

POST /users/{user_id}/suspend

GET /users/{existing_user_id}

PUT /users/{existing_user_id}

DELETE /users/{existing_user_id}

POST /claim/{token}/invalidate

OAuth access token

Generate user IDs

A generated user_id is required to interact with the API. This ID should be unique for each user and stored as part of your user record for:

Future reference
Result validation
Authentication (Verifier use cases) when applicable

Important

user_id must conform to this regex: [a-zA-Z0-9'\+_@\.-]{1,256}
Do not use any identifiable information such as email addresses.

Store tokens and results

iProov strongly recommends persisting all of the following data elements:

Value	Source	Persistence type	Description
`token` (enroll and verify)	`POST /claim/enrol/token` `POST /claim/verify/token`	Audit logging Transient storage for client SDK and validate operations.	The token provided is used to launch the client SDK.
`user_id`	Generated by your system.	Store with user record.	The token provided is used to launch the client SDK.
Retry count	iProov recommends a maximum of 3 retry attempts. This may be different depending on your contract.	Audit logging Transient for operation.	The number of permitted Genuine Presence Assurance® (GPA) and Liveness Assurance™ (LA) user attempts.
Validated result	`POST /claim/enrol/validate` `POST /claim/verify/validate`	Store with the user record. Audit logging	The verified transaction outcome. For GPA and LA the validate requests are one time transactions and the results must be stored.

Next step

API endpoints