What is the Web IDV?

Web IDV (Identity Verification) is an online tool that enables you to verify the identity of your users by checking that the person looking to verify their identity (using a document, such as a passport) is the actual document holder. You can use it to get the user details parsed out from the user ID along with the actual images of the document.

Web IDV Flow

The Web IDV Flow is fairly simple and it can be summed up to five simple steps:

Redirect to Authenteq Identity Server

You use our API to request the identity verification session. This request requires the credentials so it should happen in the backend of your service. You will get an URL to the Authenteq Identity Server. You should redirect your user to this URL.

The liveness and the document scan

Identification process

The Authenteq Identity Server performs the identification process. The first step of that process is the liveness test. We make sure that the person in front of the web or front-facing camera is a real human being, and not a mannequin, picture, or person in a mask. The user then takes a picture of the Id he or she wishes to use in the identification process.

We then make sure that the person in front of the camera is the actual document holder by matching pictures from the liveness process with the picture from the Id document. If the identification is successful, we OCR the user details from the document.

Redirect with code back to the client system

When the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters. The redirect is performed to a predefined URI in the client system, which should inform the user about the successful identification and pass the code for further processing.

See Integrating with Authenteq for more information.

Code to token exchange

As mentioned, when the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters.

In your backend, you make a call to the Authenteq API. You exchange the code for a token that will be used to authorize further calls.

As an additional security measure, the exchange also requires your secret, provided to you when integrating with Authenteq. This ensures that even if the code is intercepted, it would be useless in any attempted attack.

Details retrieval

When you have a token, you can get the user details parsed out from the Id document used in the identification process. We only store the user data temporarily so it must be retrieved from the Authenteq API within 15 minutes of token generation.