API Reference

The details of API endpoints for Web IDV.

Request Identity Verification

GET https://api.app.authenteq.com/web-idv/verification-url

This endpoint returns a URL that leads to Authenteq Identity Server. This endpoint is authorized with Basic Auth. You should use your Client ID and Client Secret from the Customer Dashboard as the credentials.

Query Parameters

Name

Type

Description

redirectUrl*

string

One of your registered redirect URLs that will be used to receive the code.

Headers

Name

Type

Description

Authorization

string

Your client credentials combined with a colon separator, base64-encoded and prefixed with "Basic ".

AQ-Multi-Document-Flow

string

The "On" value turns on use of the multi-document flow for the requested identity verification. By default, it's turned off for backward compatibility.

AQ-Flow-Slug

string

The Flow ID of the verification flow that should be used for the verification. If not present the default flow will be used.

{
  "verificationUrl": "https://web-idv.app.authenteq.com/verify?token=<token>"
}

{
  "errorCode": "MISSING_REQUEST_PARAMETER",
  "errorMessage": "Required 'redirectUrl' parameter is missing"
}

{
  "errorCode": "INVALID_REQUEST_PARAMETER",
  "errorMessage": "Parameter 'redirectUrl' does not match any registered one"
}

{
  "errorCode": "NO_REDIRECT_URLS",
  "errorMessage": "No registered redirect URLs. Please specify at least one in Customer Dashboard"
}

{
  "errorCode": "API_KEYS_MISSING",
  "errorMessage": "No API Keys in the Authorization header"
}

{
  "errorCode": "API_KEYS_INVALID",
  "errorMessage: "Invalid API Keys in the Authorization header"
}

{
  "errorCode: "BAD_API_KEYS",
  "errorMessage: "Bad API Keys"
}

{
  "errorCode": "ACCOUNT_DEACTIVATED",
  "errorMessage": "Account deactivated. Please contact your Authenteq Sales Representative in order to keep using this service"
}

This endpoint should be called by your backend system.

The client secret, as its name suggests, is a secret and should never be made publicly available. It SHOULD NOT be stored in the frontend code that is run in the user's browser.

Get Verification Result Details

GET https://api.app.authenteq.com/web-idv/verification-result

The endpoint returns the verification result details extracted from the user document during identification. The verification result details are paired with the granted code. This endpoint is authorized with Basic Auth. You should use your Client ID and Client Secret from the Customer Dashboard as the credentials.

Query Parameters

Name

Type

Description

redirectUrl

string

The redirect URL you used to request the verification session.

code

string

The code you got on redirect and granted to access the verification result details.

Headers

Name

Type

Description

Authorization

string

Your client credentials combined with a colon separator, base64-encoded and prefixed with "Basic ".

{
  "id": "3631324b-5bcc-48b0-b717-4f12f45e0a1d",
  "status": "PASSED",
  "platform": "WEB",
  "startTime": "2020-04-10T11:44:40Z",
  "endTime": "2020-04-10T11:47:23Z",
  "livenessFaceImage": {
    "contentType": "image/jpeg",
    "content": "bGl2ZW5lc3NGYWNlSW1hZ2UK"
  },
  "documentData": {
    "documentType": "DL",
    "documentNumber": "1234567890",
    "issuingCountry": "USA",
    "jurisdiction": "UT",
    "nationality": "USA",
    "surnameAndGivenNames": "DOE JOHN",
    "surname": "DOE",
    "givenNames": "JOHN",
    "nameSuffixes": "MR",
    "namePrefixes": "JR",
    "sex": "M",
    "dateOfBirth": "1964-12-30",
    "dateOfExpiry": "2022-12-30",
    "dateOfIssue": "2012-05-30",
    "address": "430-985 ELEIFEND^DULUTH WA 92611",
    "licenseClass": "B/C/D",
    "licenseClassDetails": {
      "B": {
        "from": "2019-01-30",
        "to": "2029-01-30",
        "notes": "Some valuable note"
      },
      "C": {
        "from": "2019-01-30",
        "to": "2029-01-30"
      },
      "D": {
        "from": "2019-01-30",
        "to": "2029-01-30"
      }
    },
    "croppedFrontImage": {
      "contentType": "image/jpeg",
      "content": "Y3JvcHBlZEZyb250SW1hZ2U="
    },
    "croppedBackImage": {
      "contentType": "image/jpeg",
      "content": "Y3JvcHBlZEJhY2tJbWFnZQ=="
    },
    "faceImage": {
       "contentType": "image/jpeg",
       "content": "ZmFjZUltYWdlCg=="
    }
  },
  "nfcVerified": false,
  "addressProofDocument": {
    "contentType": "application/pdf",
    "content": "YWRkcmVzc1Byb29mRG9jdW1lbnQK"
  }
}

{
  "errorCode": "MISSING_REQUEST_PARAMETER",
  "errorMessage": "Required 'code' parameter is missing"
}

{
  "errorCode": "MISSING_REQUEST_PARAMETER",
  "errorMessage": "Required 'redirectUrl' parameter is missing"
}

{
  "errorCode": "INVALID_REQUEST_PARAMETER",
  "errorMessage: "Parameter 'code' is invalid or expired"
}

{
  "errorCode": "INVALID_REQUEST_PARAMETER",
  "errorMessage: "Parameter 'redirectUrl' does not match the given authorization code"
}

{
  "errorCode": "API_KEYS_MISSING",
  "errorMessage": "No API Keys in the Authorization header"
}

{
  "errorCode": "API_KEYS_INVALID",
  "errorMessage": "Invalid API Keys in the Authorization header"
}

{
  "errorCode": "API_KEYS_BAD",
  "errorMessage": "Bad API Keys"
}

This endpoint should be called by your backend system.

The client secret, as its name suggests, is a secret and should never be made publicly available. It SHOULD NOT be stored in the frontend code that is run in the user's browser.

The code can be used once only. On subsequent requests you will get an error that the code is invalid or expired.

The successful response on getting the verification result can hold the following properties:

Property

Description

Mandatory

Example

The unique id of the identity verification.

Yes

"c72322ac-23fc-4667-b23b-f8a1a50653d4"

platform

The client platform on which the identity verirication was started. Actually it's always WEB.

Yes

"WEB"

startTime

The date-time when the identity verification was started.

Yes

"2020-04-10T11:44:40Z"

endTime

The date-time when the identity verification was finished.

Yes

"2020-04-10T11:47:23Z"

livenessFaceImage

The face image taken on the liveness check.

Yes

{

"contentType": "image/jpeg",

"content": "bGl2ZW5lc3NGYWNlSW1hZ2UK"

}

documentData

The document data extracted from the first scanned document.

Yes

Described below.

documentData2

The document data extracted from the second scanned document in case of the multi-document flow.

Described below.

documentData3

The document data extracted from the third scanned document in case of the multi-document flow.

Described below.

nfcVerified

Whether at least one of the scanned documents was verified via NFC.

Yes

true or false

addressProofDocument

The address proof document provided by the user.

{

"contentType": "application/pdf" ,

"content": "YWRkcmVzc1Byb29mRG9jdW1lbnQK"

}

Each document data field can hold the following properties:

Property

Description

Mandatory

Example

documentType

The document type described by abbreviations:

PP - passport,
DL - driver's license,
NID - national ID.

Yes

"PP", "DL", "NID"

documentNumber

The document number.

Yes

"FG617451", "8136431812"

issuingCountry

The three letter country code in of the country which issued the document.

Yes

"DEU", "UKR", "USA"

jurisdiction

The state issued the document.

"FL"

nationality

The three letter country code in of the user’s nationality.

"DEU", "UKR", "USA"

surnameAndGivenNames

The surname and given names, separated by whitespace.

Yes

"GARCIA DILS ANNA MARIA DE O", "GOZHENKO VITALII"

surname

The surname (family name).

"GARCIA DILS", "GOZHENKO"

givenNames

The given names, separated by whitespace.

"ANNA MARIA DE O", "VITALII"

nameSuffixes

The name suffixes, separated by whitespace.

"JR 3RD", "8TH"

namePrefixes

The name prefixes, separated by whitespace.

"DR MRS", "DR"

sex

The user's gender that contains one of values:

F - female,
M - male,
X - unspecified.

"F", "M", "X"

dateOfBirth

The date of user's birth.

Yes

"1987-01-12"

dateOfExpiry

The date of document expiration.

"2017-01-30"

dateOfIssue

The date when the document was issued.

"2017-01-30"

address

The user's address.

"430-985 ELEIFEND^DULUTH WA 92611"

licenseClass

The type of Driving License detected.

"A","B","C"

licenseClassDetails

The details of Driver License detected.

{

"A" : {

"from": "2019-01-30",

"to": "2029-01-30",

"note": "Some valuable note"

}

Not all documents contain surname and given names as separate fields. Quite often there is just a single field where surname and given names follow each other. So surname and givenNames fields exist in the retrieved document data only when they exist in the user document as separate ones.

All binary data like content of images, attached documents and so on are returned in base64 format and will need to be decoded.

PreviousExamples NextExport Overview

Last updated 1 year ago

Was this helpful?