Product Documentation
Start typing to search…

Process the Proof Results

V.1

The application must wait for the user to complete the Proof, then obtain and analyze the results.

Proof Status

When the user completes Proof, the status changes from 0 - Pending to 1 - Accepted, and the results are ready to be picked up immediately. Refer to the Transaction Status section for more details.

📘

Common Transaction Status

The Transaction Status is common between Proof (Identity Verification) and Verified (Authentication) workflows.

The application has several ways to detect when the status changes.

  • Periodically polling the backend for Proof operation status change using Operation Status Endpoint
  • Embedded Integrations can receive Web Component Events for web integration or to JavaScript bridge events for WebView integration requests. The UI emits the signal that the user has reached the "final page" of the experience.

Please refer to the Web Component Events section for more details.

The best strategy considering both a UX transition reaction time and system load perspective is to:

  • Listen to events from the Web Component / WebView.
  • When the user reaches the final page, pass the signal from your application frontend to your application's backend.
  • Confirm the status change via the backend Operation Status Endpoint.
  • As a backup, poll status changes periodically using Operation Status Endpoint, for example, once every 5 seconds.

Both Out-of-band and Embedded integrations can use Webhook to receive notifications when the status changes. Note that webhooks are not queued and do not have guaranteed delivery, so the periodic polling backup strategy still applies.

Get Proof Results

When Proof status is 1 - Accepted the results are ready to be retrieved using Operation Result Endpoint

The application needs to ingest and inspect the results. The beginning part of Proof Results v2 sample JSON is shown below:

{
    "Name": "GetForeignIDDocument",
    "OperationId": "e09febaa-3b64-b632-1236-4f491d48b47c",
    "Payload": {
        "Data": {
            "VerificationSteps": {
                ...
            },
            "Document": {
                "Description": "Document Image",
                "Type": "2",
                "CapMethod": 2,
                "RawData": [
                    ...
                ],
                "Data": [
                    {
                        "Key": "Page1Name",
                        "Value": "United States - Georgia Driving License (2019) Real"
                    },
                    {
                        "Key": "Page1Probability",
                        "Value": "0.96807367"
                    },
                    {
                        "Key": "Page2Name",
                        "Value": "United States - Georgia Driving License (2019) Side B"
                    },
                    {
                        "Key": "Page2Probability",
                        "Value": "0.9040118"
                    },
                      
                    ...

Results JSON Values Description

The Proof result object schema can be inspected at Proof Result - GetIDDocument API Swagger UI endpoint description.

For V1 legacy API, the information is located in the Data object. If developers follow the guide for the current V2 version of the API, the information is located in the Payload.Data object.

Reference for Payload.Data contents:

Key Name

Content and Description

Data Format​

Document

The object contains data elements extracted from the document.

JSON Object

Document.Data

The array of key-value pairs of fields obtained from the document via OCR / MRZ / Barcodes(s) decode. The possible values for keys are listed in the fieldTypes csv document provided on demand

Array of Key/Value Pairs

Document.Data.BarcodeSecurity

This field denotes whether the document (including US, Mexican, and Canadian IDs) has successfully passed barcode security validation.

PASS or FAIL

Document.Data.padResult

This field indicates whether the presented document has successfully passed liveness detection. Additional details can be found in the Document.RawData in Ipsidy.Bus.Pad.Score key

PASS or FAIL

Document.Data.documentInjectionAttackDetectionResult

The field indicates that injection attack has been performed at the time of document acquisition.

PASS or FAIL

Document.Data.mismatchMrzOcr

This field denotes if there has been a significant mismatch between the OCR and MRZ/PDF417 data

True (true) on mismatch, otherwise not present

Document.RawData

The array contains various objects depending on features enabled in configuration on a per-customer basis.

Escaped JSON

Document.AdditionalImages

An array containing objects with images cropped from document capture. The “Description” field provides details of the contents of an array element. The contents depend on the document type. Some examples of Description values:

  • Document front side  
  • Document back side
  • Ghost portrait

An array of objects containing base64-encoded images

Document.FacialImage

Contains cropped document owner’s photo (aka mugshot) personalization element, usually found on the “front” side of the document. DataType key is the enum describing image format, refer to the schema.

The object containing base64-encoded image.

CurrentFacialImage

The object contains a live user selfie. DataType key is the enum describing image format, please see schema.

Base64-encoded image

Document.RawData.FacialImageInformation

This field supplies the coordinates of the user's face within the selfie, enabling the Selfie image to be cropped for privacy.

Coordinates of the user's face within the selfie image

Matched

Contains the result of comparing a person’s selfie to a document. Additional information is provided in MatchProbabilty

True or False (true or false)

MatchProbabilty

Contains inverse (1-x) of False Match Probability

Value from 0 to 1

MatchScore

Logarithm-based (base 10) score output of the matching algorithm

Integer (integer)

BiometryProcessingResult

Should be disregarded as it contains technical information. Do NOT use the liveness metrics contained in this object.

LivenessDetectionResult

Contains an object describing the genuine presence detection/presentation attack detection details, the AI model version, quality metric, etc..  IsLive element contains system decision.

LivenessDetectionResult.IsLive

The field indicates if the user's selfie has successfully passed the liveness detection.

True or False (true or false)

Document.Data.selfieInjectionAttackDetectionResult

The field indicates that injection attack has been performed at the time of selfie acquisition.

PASS or FAIL

Geofencing

Contains select elements describing the end user environment.

The top-level JSON object also contains additional elements:

  • Metadata contains elements that are retained in the audit trail after PII is removed
  • Tag contains the tag element that can be provided via API during transaction initialization, and can be used for tracing or reporting purposes.
🚧

Warning

The key case for padResult and mismatchMrzOcr may change from the camelCase to PascalCase in subsequent releases.

Save Proof Results

By default, authID retains user-provided documents and other PII (Personally Identifiable Information) for 72 hours. To explore options for extending the storage duration of end-user PII, please contact authID support.

Developers can parse and save individual objects/keys into the permanent storage of the user application (user database).

Developers can also get a pre-formatted PDF of Proof details with all PII data, as displayed in the Identity Portal, using the dedicated authID Reports API. Use the Ledger formatting option when generating the Proof report PDF as the default choice may have margin/formatting issues.

Inspect Proof Results

The logic determining if a user can proceed with onboarding must be taken into account in the following checklist.

Inspection Step

Proof Result Key

Description

Check if document biometry matches the user's selfie.

Matched

Contains true or false and shows if the document image matches user biometry (selfie).

Check if the user has passed the genuine presence detection/liveness test.

LivenessDetectionResult.IsLive

Contains true or false stating if the live person was genuinely present, i.e., not a Presentation Attack.

Check if an injection attack occurred instead of taking a selfie.

Document.Data.selfieInjectionAttackDetectionResult

It contains PASS or FAIL and indicates that an injection attack has been performed.
The details of injection attack detection can be found in Document.RawData array, in Ipsidy.Bus.Iad.Score key.

Check for detection event of a potential counterfeit document.

Document.Data.BarcodeSecurity

It contains PASS or FAIL and indicates a potentially counterfeit document. This key is only present for documents with PDF417 barcode.

Check for significant discrepancies between OCR and machine-readable information such as MRZ and barcode(s).

Document.Data.mismatchMrzOcr

This key is present and set to true only if there is a substantial difference between document machine-readable data and OCR data. Otherwise, there is no key (null).

Check for signals from the document manipulation detection AI stack (screen replay/paper copy / etc.).

Document.Data.padResult

It contains PASS or FAIL and indicates potential document manipulation, for example, the Screen Replay attack.
The details of AI pipelines for document manipulation can be found in  Document.RawData array, in Ipsidy.Bus.Pad.Score key.

Check if an injection attack occurred instead of presenting a physical document in front of the device camera.

Document.Data.documentInjectionAttackDetectionResult

It contains PASS or FAIL and indicates that an injection attack has been performed.
The details of injection attack detection can be found in Document.RawData array, in Ipsidy.Bus.Iad.Score key.

Check if document has expired.

Document.Data.DateOfExpiry

The expiration date is provided in the YYYY-MM-DD format. It should be compared to the current date to determine whether the document has expired.

If the value is not present or contains a non-date string (e.g., NonExpiring), the document is considered to have no expiration date

The allow expired documentcapture option must be enabled on your account to allow users to complete a Proof transaction using an expired document.

❗️

Injection Attack Protection Options

Injection attack protection can be configured to either automatically terminate the Proof transaction or allow the data submission while reporting it in the results. Please contact [email protected] to modify the behavior for your account.


Proof Results Suggested Decision Matrix​

The following table outlines suggested application logic to determine whether the user should proceed with enrollment/onboarding.

🚧

Developers Must Implement Decision Logic

authID does not automatically determine outcomes based on the Proof process signals. Developers must code their own decision logic that properly accounts for failed signals that indicate fraud.

ParameterDocument Type​ValueAction
MatchedAllfalseReject
LivenessDetectionResult.IsLiveAllfalseReject
Document.Data.selfieInjectionAttackDetectionResultAllFAILReject
Document.Data.BarcodeSecurityDriver License / State IDFAILReject
Document.Data.mismatchMrzOcrAlltrueManual Review or Reject
Document.Data.padResultAllFAILManual Review or Reject
Document.Data.documentInjectionAttackDetectionResultAllFAILManual Review or Reject
Document.Data.DateOfExpiryAllcontains YYYY-MM-DD string and date is in the pastReject
❗️

Sample Documents

If a sample document is used, the value of the Document.Data.DocumentStatus key will be "SPECIMEN".

Updated 10 days ago