Skip to main content
Version: v2.0 (latest)

Photo enrol API

Photo enrol requires two sequential processes to enrol new users from trusted photo ID documents:

  1. Enrol an existing trusted photo or an image captured from a document.
  2. Complete a face verification using iProov's Genuine Presence Assurance® (GPA) or Liveness Assurance™ (LA).

Implementation sequence

Photo enrol requires the following implementation sequence:

  1. Generate a photo enrol token.
  2. Enrol the trusted image.
  3. Generate a verification token.
  4. Launch the client SDK with the token.
  5. Validate the token once the user journey has been completed.
  • The generated user_id must be stored for validation, audit trail, and future verification.
  • iProov recommends storing tokens with user records to help investigate and troubleshoot problems.

Image requirements

Photo enrol has the following image requirements:

Image source options

Capture typeImage source optionDescription
Electronic IDeidThe image is obtained from a Near-field communication (NFC) enabled document chip, for example, ICAO 9303 Machine Readable Travel Documents (MTRDs) such as passports.
Optical IDoidThe image is obtained from an Optical Character Recognition (OCR) process that captures the photo present on government issued ID documents.
Face or liveness verificationselfieAn existing trusted image that you have for the user.

Implement the API calls

Use this sequence of API calls to implement photo enrol:

  1. Generate and store a user_id that conforms to this regex: [a-zA-Z0-9'\\+_@\\.-]{1,256}
  2. Obtain a trusted photo of the user's cropped photo image from one of the following verified sources:
    • OCR procedure
    • NFC chip, for example, Data Group 2 in a passport.
    • Existing trusted photo or face/liveness verification, see image requirements
  3. Generate a photo enrol token: POST /claim/enrol/token
  4. Enrol the trusted image: POST /claim/enrol/image
    • Use the token from the previous step.
    • Provide the image source option: eid, oid, selfie
  5. Generate a verification token in response: POST /claim/verify/token — the user_id must be the same as the one you generated in step 1.
  6. Launch the client SDK using the token from the previous step. The user is guided through the journey using GPA or LA.
  7. Validate the token: POST /claim/verify/validate
    • You will receive one of these GPA or LA outcomes and the failure reason where appropriate: true, false
    • You must store the outcome with your user record. You cannot make subsequent calls to this endpoint with this user_id and token combination.