Web IDV (Identity Verification) is an online tool that enables you to verify the identity of your users by checking that the person looking to verify their identity (using a document, such as a passport) is the actual document holder. You can use it to get the user details parsed out from the user ID along with the actual images of the document.
The simplified Web IDV Flow is fairly simple and it can be summed up in a few simple steps illustrated and described below:
You use our API to request the identity verification session. This request requires your API keys as credentials, so it should happen in the backend of your service. It also requires a URL that leads back to your service. You will get a URL to the Authenteq Identity Server and should redirect your user to this URL.
The Authenteq Identity Server performs the identification process.
In the first step of that process the user takes a picture of the Id he or she wishes to use in the identification process. The second step is the liveness test. We make sure that the person in front of the web or front-facing camera is a real human being, and not a mannequin, picture, or person in a mask.
We then make sure that the person in front of the camera is the actual document holder by matching pictures from the Id document with the picture from the liveness process. If the identification is successful, we OCR the user details from the document.
When the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters. You should inform the user about the successful identification and pass the code for further processing.
As mentioned, when the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters.
In your backend, you make a call to the Authenteq API. You exchange the code for the result details parsed out from the Id document used in the identification process.
As an additional security measure, the exchange also requires your API keys as credentials. This ensures that even if the code is intercepted, it would be useless in any attempted attack.