Web KYC is an online tool that enables you to verify the identity of your users by checking that the person looking to verify their identity using a document, such as a passport, is the actual document holder. Depending on the requested scope, we can return the user details parsed out from the user ID along with the actual images of the document.
The standard defines several grant types. We use the Authorization Code grant type. At first glance, it may seem complicated, but it can be summed up to five simple steps:
The user selects Sign up with Authenteq on your website and is redirected to the Authenteq Identity Server.
The Authenteq Identity Server performs the identification process. The first step of that process is the liveness test. We make sure that the person in front of the web or front-facing camera is a real human being, and not a mannequin, picture, or person in a mask. The user then takes a picture of the Id he or she wishes to use in the identification process.
We then make sure that the person in front of the camera is the actual document holder by matching pictures from the liveness process with the picture from the Id document. If the identification is successful, we OCR the user details from the document.
When the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters. The redirect is performed to a predefined URI in the client system, which should inform the user about the successful identification and pass the code for further processing.
See Integrating with Authenteq for more information.
As mentioned, when the identification process is completed successfully, the Authenteq Identity Server redirects the user back to your service, passing an alphanumerical code in the parameters.
In your backend, you make a call to the Authenteq API. You exchange the code for a token that will be used to authorize further calls.
As an additional security measure, the exchange also requires your secret, provided to you when integrating with Authenteq. This ensures that even if the code is intercepted, it would be useless in any attempted attack.
When you have a token, you can get the user details parsed out from the Id document used in the identification process. We only store the user data temporarily so it must be retrieved from the Authenteq API within 15 minutes of token generation.