Developers

Photo enroll API

Photo enroll requires two sequential processes to enroll new users from trusted photo ID documents:

  1. Enroll an existing trusted photo or an image captured from a document.

  2. Complete a face verification using ‘s Genuine Presence Assurance® (GPA) or Liveness Assurance™ (LA).

implementationn sequence

Photo enroll requires the following implementationn sequence:

  1. Generate a photo enroll token.

  2. Enroll the trusted image.

  3. Generate a verification token.

  4. Launch the client SDK with the token.

  5. Validate the token once the user journey has been completed.

  • The generated user_id must be stored for validation, audit trail, and future verification.

  • recommends storing tokens with user records to help investigate and troubleshoot problems.

Image requirements

Photo enroll has the following image requirements:

Image source options

Capture type Image source option Description
Electronic ID eid The image is obtained from a Near-field communication (NFC) enabled document chip, for example, ICAO 9303 Machine Readable Travel Documents (MTRDs) such as passports.
Optical ID oid The image is obtained from an Optical Character Recognition (OCR) process that captures the photo present on government issued ID documents.
Face or liveness verification selfie An existing trusted image that you have for the user.

Implement the API calls

Use this sequence of API calls to implement photo enroll:

  1. Generate and store a user_id that conforms to this regex: [a-zA-Z0-9'\\+_@\\.-]{1,256}
    2. Obtain a trusted photo of the user's cropped photo image from one of the following verified sources:
    • OCR procedure
    • NFC chip, for example, Data Group 2 in a passport.
    • Existing trusted photo or face/liveness verification, see image requirements
  3. Generate a photo enroll token: POST /claim/enrol/token
  4. Enroll the trusted image: POST /claim/enrol/image
    • Use the token from the previous step.
    • Provide the image source option: `eid`, `oid`, `selfie`
  5. Generate a verification token in response: POST /claim/verify/token The `user_id` must be the same as the one you generated in step 1.
  6. Launch the client SDK using the token from the previous step. The user is guided through the journey using GPA or LA.
  7. Validate the token: POST /claim/verify/validate
    • You will receive one of these GPA or LA outcomes and the failure reason where appropriate: `true `, `false`
    • You must store the outcome with your user record. You cannot make subsequent calls to this endpoint with this user_id and token combination.