Web IDV (Identity Verification) is an online tool that enables you to verify the identity of your users by checking that the person looking to verify their identity (using a document, such as a passport) is the actual document holder. You can use it to get the user details parsed out from the user ID along with the actual images of the document.
The Web IDV Flow is fairly simple and it can be summed up to five simple steps:
You use our API to request the identity verification session. This request requires the credentials so it should happen in the backend of your service. You will get an URL to the Authenteq Identity Server. You should redirect your user to this URL.
The Authenteq Identity Server performs the identification process. The first step of that process is the liveness test. We make sure that the person in front of the web or front-facing camera is a real human being, and not a mannequin, picture, or person in a mask. The user then takes a picture of the Id he or she wishes to use in the identification process.
We then make sure that the person in front of the camera is the actual document holder by matching pictures from the liveness process with the picture from the Id document. If the identification is successful, we OCR the user details from the document.
When the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters. The redirect is performed to a predefined URI in the client system, which should inform the user about the successful identification and pass the code for further processing.
See Integrating with Authenteq for more information.
As mentioned, when the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters.
In your backend, you make a call to the Authenteq API. You exchange the code for a token that will be used to authorize further calls.
As an additional security measure, the exchange also requires your secret, provided to you when integrating with Authenteq. This ensures that even if the code is intercepted, it would be useless in any attempted attack.
When you have a token, you can get the user details parsed out from the Id document used in the identification process. We only store the user data temporarily so it must be retrieved from the Authenteq API within 15 minutes of token generation.