Biometric token
This article explains how to use the IDToken capability to verify the authenticity of a person previously registered in the client's database. The IDToken allows you to identify whether the image of a face submitted corresponds to a face previously recorded in the client's database by using the reference process identifier for comparison. It can be used in conjunction with the IDLive capability.
How to use it?
Make a POST request to the endpoint:
Production: https://api.id.unico.app/processes/v1
UAT: https://api.id.uat.unico.app/processes/v1
With a valid Access token, make a request to one of the above endpoints sending the following parameters:
{
"referenteProcessId": "PROCESS_ID",
"imagebase64": "PERSON_PHOTO"
}
If you are using the combination of IDToken + IDLive capabilities, you will need to send the following parameters:
{
"subject": {
"code": "PERSON_DOCUMENT_NUMBER"
},
"referenceProcessId": "PROCESS_ID",
"imagebase64": "PERSON_PHOTO"
}
Parameters:
- HEADER PARAMETERS
| Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| APIKEY | String | Mandatory | API key |
| Authorization | String | Mandatory | Access token |
- REQUEST BODY SCHEMA
| Name | Type | Mandatory/Optional | Description |
|---|---|---|---|
| subject.code | String | Mandatory | National identification document code (e.g., CPF). |
| referenceProcessId | String | Mandatory | Identifier of the process that was generated during the creation of the transaction. |
| imagebase64 | String | Mandatory | Photo of the person. The image must be base64 (png, jpg, jpeg). If the photo is captured using the Unico SDK with Liveness, the image sent must be a Json Web Token (.jwt). The .JWT must be sent within 10 minutes to prevent the image from expiring. And this .jwt can only be used once. |
Example of a request:
{
"subject": {
"code": "1234568791"
},
"referenceProcessId": "D7A8B471-E69C-42B7-AF14-05E83365A944",
"imagebase64": "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAAgSURBVDhPY/wPBAwUACYoTTYYNWDUABAYNWDgDWBgAABrygQclUTopgAAAABJRU5ErkJggg=="
}
Successful request
If the request was executed successfully, the return response is a JSON containing the status of the check as follows:
{
"id": "D7A8B471-E69C-42B7-AF14-05E83365A944",
"authenticated": true,
"liveness": 1
}
The property authenticated is a boolean value indicating whether the photo sent in the request is the same person who previously passed in the reference process (true - same person / false - not the same person);
The property liveness is an integer indicating the result of the liveness validation (0 - Inconclusive / 1 - liveness passed / 2 - liveness failed).
The examples above consider the use of IDToken + IDLive. If only IDToken is used, there is no need to send subject.code and you will also not receive the liveness return.
Request error
If an error occurs, the return response is a JSON containing the error code and description:
{
"Error": {
"code": "40004",
"description": "Error description"
}
}
For more information on the errors returned, see the list available in the article Response Errors.
Any concerns?
Missing something or still need help? If you are already a customer or partner, you can contact us through the Help Center.