Introduction
Shufti Pro has designed this Verification API document for its customers that have signed up for our next-generation service pack. This document will explain various kinds of verification services included in this service pack, how they are provided and what kind of data is required from our clients to perform these verifications successfully.
Shufti Pro’s API supports two verification types, i.e. on-site and off-site.
Authorization
BASIC AUTH
BASIC AUTH
POST / HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
Shufti Pro provides authorisation to clients through the Basic Auth header. Your Client ID will serve as your Username while the Secret Key will serve as your Password. The API will require this header for every request.
| Fields | Required | Description |
|---|---|---|
| username | Yes | Enter Client ID as username. |
| password | Yes | Enter your Secret Key as password. |
ACCESS TOKEN
ACCESS TOKEN
POST / HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Bearer NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
Shufti Pro provides Bearer Access Token Authorization method. Client can generate temporary access token using new access token endpoint. The shared token will be used to authorize API requests. The token shared with the client will be valid for 10 minutes and can be used once only.
| Field | Required | Description |
|---|---|---|
| Authorization | Yes | Enter your authorization token. |
Verification Services
The identity verification services suite of Shufti Pro consists of KYC and KYB screening, AML screening (of individuals and businesses), biometric verification, address verification, consent verification, and 2-factor authentication. All these verifications are performed using Artificial Intelligence to fetch and analyze the data form valid identity documents and by utilizing the information provided by our customers. This document will help our valuable customers gain useful insights about how our service works, the role of our customers and end-users in the verification process and technical aspects of this integration.
KYC / Biometric
The KYC / Biometric service of Shufti Pro performs real-time identity screening on the end-users. It includes two services KYC and biometric SDK. KYC service uses identity documents to verify the identity of customers and includes 2-factor authentication, address verification, document verification, and consent verification services. The biometric SDK performs facial authentication to verify end-users and utilize two security tokens to manage requests.
KYC
KYC service of Shufti Pro screens the identities of end-users using identity documents such as ID card, passport, and driving license. KYC service includes face verification, address verification, document verification, 2-factor authentication, and consent verification services. A mix of these services with background checks enables you to perform thorough KYC and AML procedures and take proactive risk-prevention measures.
Request
Every verification request received from the end-user or Shufti Pro customer is assessed on certain parameters (discussed in detail below) by Shufti Pro’s intelligent system. These parameters allow Shufti Pro to:
- Identify end-users.
- Check the authenticity of the client’s credentials.
- Read the client’s data.
- Decide what information is being sent to perform a certain verification.
Request Parameters
Herein it is essential to note that each service module is independent of the other and each one of them will be activated according to the nature of the request received from Shufti Pro’s client. Document and address verification services are provided via OCR. They can be used in combination with non-OCR services including face, consent and phone verification as well as AML background checks.
Each verification service is optional. Shufti Pro can provide clients with a single service or multiple services depending on their requirements. Every key is optional as well. For instance, if a key is given for document or address service and no value is provided, OCR will be performed for each of those keys.
| Parameters | Description |
|---|---|
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters Each request is issued a unique reference ID which is sent back to Shufti Pro’s client with each response. This reference ID helps to verify the request. Only alphanumeric values can be used. The client can use this ID to check the status of already performed verifications. |
| country | Required: No Type: string Length: 2 characters You may omit this parameter if you don't want to enforce country verification. If a valid country code is provided, then the proofs for document verification or address verification must be from the same country. Country code must be a valid ISO 3166-1 alpha-2 country code. Please consult Supported Countries for country codes. |
| language | Required: No Type: string Length: 2 characters If the Shufti Pro client wants their preferred language to appear on the verification screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents email of the end-user. |
|
| callback_url | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters A number of server-to-server calls are made to Shufti Pro’s client to keep them updated about the verification status. This allows the clients to keep the request updated on their end, even if the end-user is lost midway through the process. |
| redirect_url | Required: No Type: string Minimum: 6 characters Maximum: 250 characters Once an on-site verification is complete, User is redirected to this link after showing the results. |
| verification_mode | Required: No Type: string Accepted Values: any, image_only, video_only This key specifies the types of proof that can be used for verification. In a “video_only” mode, Shufti Pro’s client can only send “Base64” of videos wherein formats of proofs should be MP4 or MOV. “any” mode can be used to send a combination of images and videos as proofs for verification. |
| allow_offline | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter allows users to upload images or videos in case of non-availability of a functional webcam.If value: 0, users can capture photos/videos with the camera only. |
| allow_online | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter allows users to capture image or videos in real-time when internet is available. If value: 0 users can upload already captured images or videos. Note: if allow_offline: 0 priority will be given to allow_offline |
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you have another alternative mechanism in place. |
| show_results | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter will only work for onsite verification. If Value for this parameter is 1, verification result will be displayed to the end-user, showing them whether their verification is accepted or declined. If the value of this parameter is set 0, verification results will not be shown to end-user. In case of offsite verification if show_results is set to 0, then a request.received callback is returned in case of a valid verification |
| show_feedback_form | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter will work only for onsite verification. If its value is 1 at the end of verification, a feedback form is displayed to the end-user to collect his/her feedback. If it is 0 then it will not display the feedback page to the end-user. |
| face | Required: No Type: object This service key corresponds to Face Verification Service in which unique facial features of end-user are identified and verified in real-time. Example 1 { "proof" : ""} for more details Face Service |
| document | Required: No Type: object This service key corresponds to Document verification service in which the authenticity of identity documents submitted by end-users is checked. Once verified, these identity documents serve as proof of end-user’s identity. Example 1 { "document_number": "", "issue_date": "", "expiry_date": "", "dob": "", "name": "", "supported_types": ["id_card", "credit_or_debit_card", "passport"]} for more details Document Service |
| address | Required: No Type: object This service key corresponds to Address Verification service in which the authenticity of an end-user's provided address is checked with the help of an authentic Identity document, Utility bill or bank statement. Example 1 {"supported_types" : ["id_card","bank_statement"],"name": "","full_address": "" } for more details Address Service |
| consent | Required: No Type: object This service key corresponds to Consent Verification services in which the consent provided by end-user for a certain action is cross-checked with the help of a handwritten document or customized printed document Example 1 {"proof" : "","text" : ""} for more details Consent Service |
| phone | Required: No Type: object This service key corresponds to Phone Verification service of Shufti Pro. A customized code is sent to end-user on their phone number, that is sent back by end-user to verify their identity. Example 1 {"phone_number" : "","random_code" : "","text" : ""} for more details Phone Service |
| background_checks | Required: No Type: object This service key corresponds to AML Screening service offered by Shufti Pro. An AML background check is performed for every end-user in this service against a financial risk database compiled by Shufti Pro Example 1 {"name" : "", "dob" : "" } for more details Background Checks service |
Onsite Verification
On-site verification means that Shufti Pro will be interacting directly with end-user and will be responsible for data collection in order to perform Identity verification. Shufti Pro customer will only be notified about the verification status via Shufti Pro Back Office.
Shufti Pro offers following services in On-site verification: (Face, Document, Address, Consent, Phone and Background Checks)
With OCR
On-site with OCR Verification Request Example
POST / HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference" : "1234567",
"callback_url" : "http://www.example.com/",
"email" : "johndoe@example.com",
"country" : "GB",
"language" : "EN",
"redirect_url": "http://www.example.com",
"verification_mode" : "any",
"document" : {
"proof" : "",
"additional_proof" : "",
"supported_types" : ["id_card","driving_license","passport"],
"name" : "",
"dob" : "",
"issue_date" : "",
"expiry_date" : "",
"document_number" : "",
"allow_offline" : "1",
"allow_online" : "1"
},
"address" : {
"proof" : "",
"supported_types" : ["id_card","bank_statement"],
"name" : "",
"issue_date" : "",
"full_address" : "",
"address_fuzzy_match":"1",
"document_number" : ""
}
}
<?php
$url = 'https://api.shuftipro.com/';
//Your Shufti Pro account Client ID
$client_id = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
$verification_request = [
'reference' => 'ref-'.rand(4,444).rand(4,444),
'country' => 'GB',
'language' => 'EN',
'email' => 'example@email.com',
'callback_url' => 'https://yourdomain.com/profile/notifyCallback',
'verification_mode' => 'any',
];
//Use this key if you want to perform document verification with OCR
$verification_request['document'] =[
'proof' => '',
'additional_proof' => '',
'name' => '',
'dob' => '',
'document_number' => '',
'expiry_date' => '',
'issue_date' => '',
'allow_offline' => '1',
'allow_online' => '1',
'supported_types' => ['id_card','passport']
];
//Use this key if you want to perform address verification with OCR
$verification_request['address'] = [
'proof' => '',
'name' => '',
'full_address' => '',
'address_fuzzy_match' => '1',
'issue_date' => '',
'supported_types' => ['utility_bill','passport','bank_statement']
];
$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($verification_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);
//Get Shufti Pro API Response
$response_data = $response['body'];
//Get Shufti Pro Signature
$sp_signature = get_header_keys($response['headers'])['Signature'];
//Calculating signature for verification
$calculate_signature = hash('sha256',$response_data.$secret_key);
$decoded_response = json_decode($response_data,true);
$event_name = $decoded_response['event'];
if($event_name == 'request.pending'){
if($sp_signature == $calculate_signature){
$verification_url = $decoded_response['verification_url'];
echo "Verification url : $verification_url";
}else{
echo "Invalid signature : $response_data";
}
}else{
echo "Error : $response_data";
}
function send_curl($url, $post_data, $headers, $auth){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $auth);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$html_response = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($html_response, 0, $header_size);
$body = substr($html_response, $header_size);
curl_close($ch);
return ['headers' => $headers,'body' => $body];
}
function get_header_keys($header_string){
$headers = [];
$exploded = explode("\n", $header_string);
if(!empty($exploded)){
foreach ($exploded as $key => $header) {
if (!$key) {
$headers[] = $header;
} else {
$header = explode(':', $header);
$headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
}
}
}
return $headers;
}
?>
import requests, base64, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
verification_request = {
'reference' : 'ref-{}{}'.format(randint(1000, 9999), randint(1000, 9999)),
'country' : 'GB',
'language' : 'EN',
'email' : 'test@test.com',
'callback_url' : 'https://yourdomain.com/profile/notifyCallback',
'verification_mode' : 'any'
}
# Use this key if you want to perform document verification with OCR
verification_request['document'] = {
'proof' : '',
'additional_proof' : '',
'name' : '',
'dob' : '',
'document_number' : '',
'expiry_date' : '',
'issue_date' : '',
'allow_offline' : '1',
'allow_online' : '1',
'supported_types' : ['id_card','passport']
}
# Use this key want to perform address verification with OCR
verification_request['address'] = {
'proof' : '',
'name' : '',
'full_address' : '',
'address_fuzzy_match' : '1',
'issue_date' : '',
'supported_types' : ['utility_bill','passport','bank_statement']
}
# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url,
headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
data=json.dumps(verification_request))
# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()
# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')
# Convert json string to json object
json_response = json.loads(response.content)
# Get event returned
event_name = json_response['event']
print json_response
if event_name == 'request.pending':
if sp_signature == calculated_signature:
verification_url = json_response['verification_url']
print 'Verification URL: {}'.format(verification_url)
else:
print 'Invalid signature: {}'.format(response.content)
let payload = {
reference : `SP_REQUEST_${Math.random()}`,
callback_url : "https://yourdomain.com/profile/sp-notify-callback",
redirect_url : "https://yourdomain.com/site/sp-redirect",
country : "GB",
language : "EN",
verification_mode : "any",
}
//Use this key if you want to perform document verification with OCR
payload['document'] = {
proof : '',
additional_proof : '',
name : '',
dob : '',
document_number : '',
expiry_date : '',
issue_date : '',
allow_offline : '1',
allow_online : '1',
supported_types : ['id_card','passport']
}
//Use this key if you want to perform address verification with OCR
payload['address'] = {
name : '',
full_address : '',
address_fuzzy_match : '1',
issue_date : '',
supported_types : ['utility_bill','passport','bank_statement']
}
//BASIC AUTH TOKEN
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/',
{
method : 'post',
headers : {
'Accept' : 'application/json',
'Content-Type' : 'application/json',
'Authorization' : 'Basic ' +token
},
body: JSON.stringify(payload)
})
.then(function(response) {
return response.json();
}).then(function(data) {
if (data.event && data.event === 'request.pending') {
createIframe(data.verification_url)
}
});
//Method used to create an Iframe
function createIframe(src) {
let iframe = document.createElement('iframe');
iframe.style.position = 'fixed';
iframe.id = 'shuftipro-iframe';
iframe.name = 'shuftipro-iframe';
iframe.allow = "camera";
iframe.src = src;
iframe.style.top = 0;
iframe.style.left = 0;
iframe.style.bottom = 0;
iframe.style.right = 0;
iframe.style.margin = 0;
iframe.style.padding = 0;
iframe.style.overflow = 'hidden';
iframe.style.border = "none";
iframe.style.zIndex = "2147483647";
iframe.width = "100%";
iframe.height = "100%";
iframe.dataset.removable = true;
document.body.appendChild(iframe);
}
require 'uri'
require 'net/http'
require 'base64'
require 'json'
url = URI("https://api.shuftipro.com/")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
verification_request = {
reference: "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
callback_url: "https://yourdomain.com/profile/notifyCallback",
email: "johndoe@example.com",
country: "GB",
language: "EN",
redirect_url: "http://www.example.com",
verification_mode: "any"
}
# Use this key if you want to perform document verification with OCR
verification_request["document"] = {
supported_types: ["id_card","driving_license","passport"],
proof: "",
additional_proof: "",
name: "",
dob: "",
issue_date: "",
expiry_date: "",
document_number: "",
allow_offline: "1",
allow_online: "1",
}
# Use this key if you want to perform address verification with OCR
verification_request["address"] = {
supported_types: ["id_card","bank_statement"],
name: "",
issue_date: "",
full_address: "",
address_fuzzy_match: "1"
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = verification_request.to_json
response = http.request(request)
response_headers = response.instance_variable_get("@header")
response_data = response.read_body
sp_signature = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
puts response_data
else
puts "Invalid signature"
end
To read full API Documentation about Onsite Verification With OCR feature, click here.
Shufti Pro collects the image or video proofs from end-users. In the verification request, Shufti Pro customer specifies the keys for the parameters to be verified. Shufti Pro extracts the required information from the provided document and then the verification form is automatically filled with the extracted information. This reduces the manual work for the end-user. Next, Shufti Pro’s intelligently driven system verifies the provided documents for authenticity. Please consult This Document for Onsite with OCR verifications.
OCR is offered on the following services: (Document and Address) but Shufti Pro customers can also avail other non-OCR services such as Face & Phone Verification along with these OCR services.
Without OCR
On-site without OCR Verification Request Example
POST / HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference" : "5667456341",
"callback_url" : "http://www.example.com/",
"email" : "johndoe@example.com",
"country" : "GB",
"language" : "EN",
"verification_mode" : "any",
"face": {
"proof": ""
},
"document" : {
"proof" : "",
"additional_proof" : "",
"supported_types" : ["id_card","driving_license","passport"],
"name" : {
"first_name" : "John",
"middle_name" : "Middleman",
"last_name" : "Doe"
},
"dob" : "1980-11-12",
"issue_date" : "1990-09-07",
"expiry_date" : "2050-10-10",
"document_number" : "0989-7752-6291-2387",
"allow_offline" : "1",
"allow_online" : "1"
},
"address" : {
"proof" : "",
"supported_types" : ["id_card","bank_statement"],
"name" : {
"first_name" : "John",
"middle_name" : "Middleman",
"last_name" : "Doe"
},
"full_address" : "3339 Maryland Avenue, Largo, Florida",
"address_fuzzy_match":"1",
"issue_date" : "1990-09-07"
},
"consent":{
"proof" : "",
"supported_types" : ["handwritten","printed"],
"text" : "this is a customized text",
"allow_offline" : "1",
"allow_online" : "1"
},
"phone": {
"phone_number" : "+4400000000",
"random_code" : "23234",
"text" : "Your verification code is 23234"
},
"background_checks": {
"name" : {
"first_name" : "John",
"middle_name" : "Middleman",
"last_name" : "Doe"
},
"dob" : "1980-11-12"
}
}
<?php
$url = 'https://api.shuftipro.com/';
//Your Shufti Pro account Client ID
$client_id = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
$verification_request = [
'reference' => 'ref-'.rand(4,444).rand(4,444),
'country' => 'GB',
'language' => 'EN',
'email' => 'example@email.com',
'callback_url' => 'https://yourdomain.com/profile/notifyCallback',
'verification_mode' => 'any',
];
//Use this key if you want to perform face verification
$verification_request['face'] = [
'proof' => '',
'allow_offline' => '1',
'allow_online' => '1',
];
//Use this key if you want to perform document verification
$verification_request['document'] =[
'name' => [
'first_name' => 'Your first name',
'middle_name' => 'Your middle name',
'last_name' => 'You last name',
'fuzzy_match' => '1'
],
'proof' => '',
'additional_proof' => '',
'dob' => '1992-10-10',
'document_number' => '2323-5629-5465-9990',
'expiry_date' => '2025-10-10',
'issue_date' => '2015-10-10',
'allow_offline' => '1',
'allow_online' => '1',
'supported_types' => ['id_card','passport']
];
//Use this key if you want to perform address verification
$verification_request['address'] = [
'name' => [
'first_name' => 'Your first name',
'middle_name' => 'Your middle name',
'last_name' => 'You last name',
'fuzzy_match' => '1'
],
'proof' => '',
'full_address' => 'your address',
'address_fuzzy_match' => '1',
'issue_date' => '2015-10-10',
'supported_types' => ['utility_bill','passport','bank_statement']
];
//Use this key if you want to perform consent verification
$verification_request['consent'] =[
'proof' => '',
'text' => 'some text for consent verification',
'supported_types' => ['handwritten'],
'allow_offline' => '1',
'allow_online' => '1',
];
//Use this key if you want to perform phone verification
$verification_request['phone'] =[
'phone_number' => '+1378746734',
'random_code' => '9977',
'text' => 'Your verification code is 9977'
];
//Use this key if you want to perform aml/background checks verification
$verification_request['background_checks'] = [
'name' => [
'first_name' => 'Your first name',
'middle_name' => 'Your middle name',
'last_name' => 'You last name'
],
'dob' => '1992-10-10',
];
$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($verification_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);
//Get Shufti Pro API Response
$response_data = $response['body'];
//Get Shufti Pro Signature
$sp_signature = get_header_keys($response['headers'])['Signature'];
//Calculating signature for verification
$calculate_signature = hash('sha256',$response_data.$secret_key);
$decoded_response = json_decode($response_data,true);
$event_name = $decoded_response['event'];
if($event_name == 'request.pending'){
if($sp_signature == $calculate_signature){
$verification_url = $decoded_response['verification_url'];
echo "Verification url : $verification_url";
}else{
echo "Invalid signature : $response_data";
}
}else{
echo "Error : $response_data";
}
function send_curl($url, $post_data, $headers, $auth){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $auth);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$html_response = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($html_response, 0, $header_size);
$body = substr($html_response, $header_size);
curl_close($ch);
return ['headers' => $headers,'body' => $body];
}
function get_header_keys($header_string){
$headers = [];
$exploded = explode("\n", $header_string);
if(!empty($exploded)){
foreach ($exploded as $key => $header) {
if (!$key) {
$headers[] = $header;
} else {
$header = explode(':', $header);
$headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
}
}
}
return $headers;
}
?>
import requests, base64, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
callback_url = 'https://yourdomain.com/profile/notifyCallback'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
verification_request = {
'reference' : 'ref-{}{}'.format(randint(1000, 9999), randint(1000, 9999)),
'country' : 'GB',
'language' : 'EN',
'email' : 'test@test.com',
'callback_url' : callback_url,
'verification_mode' : 'any'
}
# Use this key if want to perform face verification
verification_request['face'] = {}
# Use this key if want to perform document verification
verification_request['document'] = {
'name' : {
'first_name' : 'Your first name',
'middle_name' : 'Your middle name',
'last_name' : 'Your last name',
'fuzzy_match' : '1'
},
'proof' : '',
'additional_proof' : '',
'dob' : '1992-10-10',
'document_number' : '2323-5629-5465-9990',
'expiry_date' : '2025-10-10',
'issue_date' : '2015-10-10',
'allow_offline' : '1',
'allow_online' : '1',
'supported_types' : ['id_card','passport']
}
# Use this key if want to perform address verification
verification_request['address'] = {
'name' : {
'first_name' : 'Your first name',
'middle_name' : 'Your middle name',
'last_name' : 'Your last name',
'fuzzy_match' : '1'
},
'proof' : '',
'full_address' : 'your address',
'address_fuzzy_match' : '1',
'issue_date' : '2015-10-10',
'supported_types' : ['utility_bill','passport','bank_statement']
}
# Use this key if want to perform consent verification
verification_request['consent'] = {
'proof' : '',
'text' : 'some text for consent verification',
'supported_type': ['handwritten'],
'allow_offline' : '1',
'allow_online' : '1',
}
# Use this key if want to perform phone verification
verification_request['phone'] = {
'phone_number' : '+1378746734',
'random_code' : '9977',
'text' : 'Your verification code is 9977'
}
# Use this key if want to perform aml/backgorund checks verification
verification_request['background_checks'] = {
'name' : {
'first_name' : 'Your first name',
'middle_name' : 'Your middle name',
'last_name' : 'Your last name'
},
'dob' : '1992-10-10'
}
# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url,
headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
data=json.dumps(verification_request))
# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()
# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')
# Convert json string to json object
json_response = json.loads(response.content)
# Get event returned
event_name = json_response['event']
print json_response
if event_name == 'request.pending':
if sp_signature == calculated_signature:
verification_url = json_response['verification_url']
print 'Verification URL: {}'.format(verification_url)
else:
print 'Invalid signature: {}'.format(response.content)
let payload = {
reference : `SP_REQUEST_${Math.random()}`,
callback_url : "https://yourdomain.com/profile/sp-notify-callback",
redirect_url : "https://yourdomain.com/site/sp-redirect",
country : "GB",
language : "EN",
verification_mode : "any"
}
//Use this key if you want to perform face verification
payload['face'] = {
proof : "",
allow_offline : "1",
};
//Use this key if you want to perform document verification
payload['document'] = {
name : {
first_name : 'Your first name',
middle_name : 'Your middle name',
last_name : 'You last name',
fuzzy_match : '1'
},
proof : '',
additional_proof : '',
dob : '1992-10-10',
document_number : '2323-5629-5465-9990',
expiry_date : '2025-10-10',
issue_date : '2015-10-10',
allow_offline : '1',
allow_online : '1',
supported_types : ['id_card','passport']
}
//Use this key if you want to perform address verification
payload['address'] = {
name : {
first_name : 'Your first name',
middle_name : 'Your middle name',
last_name : 'You last name',
fuzzy_match : '1'
},
proof : '',
full_address : 'your address',
address_fuzzy_match : '1',
issue_date : '2015-10-10',
supported_types : ['utility_bill','passport','bank_statement']
}
//Use this key if you want to perform background checks verification
payload['background_checks'] = {
name : {
first_name : 'Your first name',
middle_name : 'Your middle name',
last_name : 'You last name',
},
dob : '1994-01-01',
}
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/',
{
method : 'post',
headers : {
'Accept' : 'application/json',
'Content-Type' : 'application/json',
'Authorization' : 'Basic ' +token
},
body: JSON.stringify(payload)
})
.then(function(response) {
return response.json();
}).then(function(data) {
if (data.event && data.event === 'request.pending') {
createIframe(data.verification_url)
}
});
//Method used to create an Iframe
function createIframe(src) {
let iframe = document.createElement('iframe');
iframe.style.position = 'fixed';
iframe.id = 'shuftipro-iframe';
iframe.name = 'shuftipro-iframe';
iframe.allow = "camera";
iframe.src = src;
iframe.style.top = 0;
iframe.style.left = 0;
iframe.style.bottom = 0;
iframe.style.right = 0;
iframe.style.margin = 0;
iframe.style.padding = 0;
iframe.style.overflow = 'hidden';
iframe.style.border = "none";
iframe.style.zIndex = "2147483647";
iframe.width = "100%";
iframe.height = "100%";
iframe.dataset.removable = true;
document.body.appendChild(iframe);
}
require 'uri'
require 'net/http'
require 'base64'
require 'json'
url = URI("https://api.shuftipro.com/")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
verification_request = {
reference: "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
callback_url: "https://yourdomain.com/profile/notifyCallback",
email: "johndoe@example.com",
country: "GB",
language: "EN",
redirect_url: "http://www.example.com",
verification_mode: "any"
}
# Use this key if you want to perform document verification with OCR
verification_request["document"] = {
supported_types: ["id_card","driving_license","passport"],
name: {
first_name: "John",
last_name: "Liveon"
},
proof: "",
additional_proof: "",
dob: "1990-10-10",
issue_date: "2015-10-10",
expiry_date: "2025-10-10",
document_number: "1234-1234-ABC",
allow_offline: "1",
allow_online: "1",
}
# Use this key if you want to perform address verification with OCR
verification_request["address"] = {
supported_types: ["id_card","bank_statement"],
name: {
first_name: "John",
last_name: "Liveon"
},
issue_date: "2015-10-10",
full_address: "Candyland Avenue",
address_fuzzy_match: "1"
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = verification_request.to_json
response = http.request(request)
response_headers = response.instance_variable_get("@header")
response_data = response.read_body
sp_signature = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
puts response_data
else
puts "Invalid signature"
end
To read full API Documentation about Onsite Verification Without OCR feature, click here.
Shufti Pro collects the image or video proofs from end-users. In the verification request, Shufti Pro customer specifies the keys for the parameters to be verified. Shufti Pro uses a unique template matching technique to match these values to the data on identity documents. Next, Shufti Pro’s intelligently driven system verifies the provided documents for authenticity. Please consult This Document for Onsite without OCR verifications.
These are the services offered in Onsite Verification without OCR: (Face, Document, Address, Consent, Phone and Background Checks)
Offsite Verification
Offsite Verification means that Shufti Pro will not be interacting with end-user and Shufti Pro customer will be responsible to collect and provide verification data. Shufti Pro Customer will provide us with the proofs (images/videos) to complete user verification.
Shufti Pro offers following services in Off-site verification: (Face, Document, Address, Consent and Background Checks)
With OCR
Off-site with OCR Verification Request Example
POST / HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference" : "567456314",
"callback_url" : "http://www.example.com/",
"email" : "johndoe@example.com",
"country" : "GB",
"language" : "EN",
"verification_mode" : "any",
"document" : {
"proof" : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
"additional_proof": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
"supported_types" : ["id_card","driving_license","passport"],
"name" : "",
"dob" : "",
"issue_date" : "",
"expiry_date" : "",
"document_number" : ""
},
"address" : {
"proof" : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
"supported_types" : ["id_card","bank_statement"],
"name" : "",
"full_address" : "",
"address_fuzzy_match":"1",
"issue_date":""
}
}
<?php
$url = 'https://api.shuftipro.com/';
//Your Shufti Pro account Client ID
$client_id = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
$verification_request = [
'reference' => 'ref-'.rand(4,444).rand(4,444),
'country' => 'GB',
'language' => 'EN',
'email' => 'example@email.com',
'callback_url' => 'https://yourdomain.com/profile/notifyCallback',
'verification_mode' => 'any',
];
//Use this key if you want to perform document verification
$verification_request['document'] =[
'proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
'additional_proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
'name' => '',
'dob' => '',
'document_number' => '',
'expiry_date' => '',
'issue_date' => '',
'supported_types' => ['id_card','passport']
];
//Use this key if you want to perform address verification
$verification_request['address'] = [
'proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
'name' => '',
'full_address' => '',
'address_fuzzy_match' => '1',
'issue_date' => '',
'supported_types' => ['utility_bill','passport','bank_statement']
];
$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($verification_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);
//Get Shufti Pro API Response
$response_data = $response['body'];
//Get Shufti Pro Signature
$sp_signature = get_header_keys($response['headers'])['Signature'];
//Calculating signature for verification
$calculate_signature = hash('sha256',$response_data.$secret_key);
$decoded_response = json_decode($response_data,true);
$event_name = $decoded_response['event'];
if($event_name == 'verification.accepted'){
if($sp_signature == $calculate_signature){
echo "Verification accepted : $response_data";
}else{
echo "Invalid signature : $response_data";
}
}else{
echo "Error : $response_data";
}
function send_curl($url, $post_data, $headers, $auth){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $auth);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$html_response = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($html_response, 0, $header_size);
$body = substr($html_response, $header_size);
curl_close($ch);
return ['headers' => $headers,'body' => $body];
}
function get_header_keys($header_string){
$headers = [];
$exploded = explode("\n", $header_string);
if(!empty($exploded)){
foreach ($exploded as $key => $header) {
if (!$key) {
$headers[] = $header;
} else {
$header = explode(':', $header);
$headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
}
}
}
return $headers;
}
?>
import base64, requests, json, hashlib, urllib2
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
verification_request = {
'reference' : 'ref-{}{}'.format(randint(1000, 9999), randint(1000, 9999)),
'country' : 'GB',
'language' : 'EN',
'email' : 'test@test.com',
'callback_url' : 'https://yourdomain.com/profile/notifyCallback',
'verification_mode' : 'any'
}
# Use this key if you want to perform document verification
verification_request['document'] = {
'proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
'additional_proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
'name' : '',
'dob' : '',
'document_number' : '',
'expiry_date' : '',
'issue_date' : '',
'supported_types' : ['id_card','passport']
}
# Use this key if you want to perform address verification
verification_request['address'] = {
'proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
'name' : '',
'full_address' : '',
'address_fuzzy_match' : '1',
'issue_date' : '',
'supported_types' : ['utility_bill','passport','bank_statement']
}
# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url,
headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
data=json.dumps(verification_request))
# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()
# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')
# Convert json string to json object
json_response = json.loads(response.content)
# Get event returned
event_name = json_response['event']
print json_response
if event_name == 'verification.accepted':
if sp_signature == calculated_signature:
print 'Verification accepted: {}'.format(response.content)
else:
print 'Invalid signature: {}'.format(response.content)
else:
print 'Error: {}'.format(response.content)
var payload = {
reference : `SP_REQUEST_${Math.random()}`,
callback_url : "https://yourdomain.com/profile/sp-notify-callback",
redirect_url : "https://yourdomain.com/site/sp-redirect",
country : "GB",
language : "EN",
verification_mode : "any",
document : {},
address : {},
}
//get document sample proof base64
convertImgToBase64URL('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').then(response=>{
//Use this key if you want to perform document verification
payload['document'] = {
proof : response,
additional_proof : response,
name : "",
dob : "",
document_number : "",
expiry_date : "",
issue_date : "",
supported_types : ['id_card','passport']
}
//Use this key if you want to perform address verification
payload['address'] = {
proof : response,
name : "",
full_address : "",
address_fuzzy_match : '1',
issue_date : '',
supported_types : ['utility_bill','passport','bank_statement']
}
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/',
{
method : 'post',
headers : {
'Accept' : 'application/json',
'Content-Type' : 'application/json',
'Authorization' : 'Basic ' +token
},
body: JSON.stringify(payload)
})
.then(function(response) {
return response.json();
}).then(function(data) {
console.log(data)
return data;
});
})
/*METHOD USED TO Get image BASE 64 string*/
function convertImgToBase64URL(url){
return new Promise(function(resolve, reject) {
var img = new Image();
img.crossOrigin = 'Anonymous';
img.onload = function(){
var canvas = document.createElement('CANVAS'),
ctx = canvas.getContext('2d'), dataURL;
canvas.height = img.height;
canvas.width = img.width;
ctx.drawImage(img, 0, 0);
dataURL = canvas.toDataURL('image/jpeg');
resolve(dataURL);
canvas = null;
};
img.src = url;
})
}
require 'uri'
require 'net/http'
require 'base64'
require 'json'
require 'open-uri'
url = URI("https://api.shuftipro.com/")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
# Sample image
SAMPLE_DOCUMENT_IMAGE = "https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg"
verification_request = {
reference: "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
callback_url: "https://yourdomain.com/profile/notifyCallback",
email: "johndoe@example.com",
country: "GB",
language: "EN",
redirect_url: "http://www.example.com",
verification_mode: "any"
}
# Use this key if you want to perform document verification with OCR
verification_request["document"] = {
proof: Base64.encode64(open(SAMPLE_DOCUMENT_IMAGE).read),
supported_types: ["id_card","driving_license","passport"],
name: "",
dob: "",
issue_date: "",
expiry_date: "",
document_number: ""
}
# Use this key if you want to perform address verification with OCR
verification_request["address"] = {
proof: Base64.encode64(open(SAMPLE_DOCUMENT_IMAGE).read),
supported_types: ["id_card","bank_statement"],
name: "",
issue_date: "",
full_address: "",
address_fuzzy_match: "1"
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = verification_request.to_json
response = http.request(request)
response_headers = response.instance_variable_get("@header")
response_data = response.read_body
sp_signature = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
puts response_data
else
puts "Invalid signature"
end
To read full API Documentation about Offsite Verification With OCR feature, click here
In offsite Verification with OCR, the verification data is extracted directly from the proofs (image/video) provided by the Shufti Pro customer. In the verification request, Shufti Pro customer specifies the keys for the parameters to be verified. Shufti Pro extracts the required information from the provided document and then the verification form is automatically filled with the extracted information. Please consult This Document for Offsite with OCR verifications.
OCR is offered on the following services: (Document and Address) but Shufti Pro customers can also avail other non-OCR services such as Face & Phone Verification along with these OCR services.
Without OCR
Off-site without OCR Verification Request Example
POST / HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference" : "56745631",
"callback_url" : "http://www.example.com/",
"email" : "johndoe@example.com",
"country" : "GB",
"language" : "EN",
"verification_mode" : "any",
"face": {
"proof": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII="
},
"document" : {
"proof" : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
"additional_proof": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
"supported_types" : ["id_card","driving_license","passport"],
"name" : {
"first_name" : "John",
"last_name" : "Liveon"
},
"dob" : "1990-10-10",
"issue_date" : "2015-10-10",
"expiry_date" : "2025-10-10",
"document_number" : "1234-1234-ABC"
},
"address" : {
"proof" : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
"supported_types" : ["id_card","bank_statement"],
"name" : {
"first_name" : "John",
"last_name" : "Liveon"
},
"issue_date" : "2015-10-10",
"full_address" : "Candyland Avenue",
"address_fuzzy_match":"1"
},
"consent":{
"proof" : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
"supported_types" : ["printed"],
"text" : "Hi, I am giving my consent"
},
"background_checks": {
"name" : {
"first_name" : "John",
"middle_name" : "Middleman",
"last_name" : "Doe"
},
"dob": "1980-11-12"
}
}
<?php
$url = 'https://api.shuftipro.com/';
//Your Shufti Pro account Client ID
$client_id = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
$verification_request = [
'reference' => 'ref-'.rand(4,444).rand(4,444),
'country' => 'GB',
'language' => 'EN',
'email' => 'example@email.com',
'callback_url' => 'https://yourdomain.com/profile/notifyCallback',
'verification_mode' => 'any',
];
//Use this key if you want to perform face verification
$verification_request['face'] = [
'proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-face.jpg'))
];
//Use this key if want to perform document verification
$verification_request['document'] =[
'proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
'additional_proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
'name' => [
'first_name' => 'Your first name',
'last_name' => 'You last name',
'fuzzy_match' => '1'
],
'dob' => '1992-10-10',
'document_number' => '2323-5629-5465-9990',
'expiry_date' => '2025-10-10',
'issue_date' => '2015-10-10',
'supported_types' => ['id_card','passport']
];
//Use this key if you want to perform address verification
$verification_request['address'] = [
'proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
'name' => [
'first_name' => 'Your first name',
'last_name' => 'You last name',
'fuzzy_match' => '1'
],
'full_address' => 'your address',
'address_fuzzy_match' => '1',
'issue_date' => '2015-10-10',
'supported_types' => ['utility_bill','passport','bank_statement']
];
//Use this key if you want to perform consent verification
$verification_request['consent'] =[
'proof' => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-consent-document.jpg')),
'text' => 'some text for consent verification',
'supported_types' => ['handwritten'],
];
//Use this key if you want to perform aml/background checks verification
$verification_request['background_checks'] = [
'name' => [
'first_name' => 'Your first name',
'last_name' => 'You last name'
],
'dob' => '1992-10-10',
];
$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($verification_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);
//Get Shufti Pro API Response
$response_data = $response['body'];
//Get Shufti Pro Signature
$sp_signature = get_header_keys($response['headers'])['Signature'];
//Calculating signature for verification
$calculate_signature = hash('sha256',$response_data.$secret_key);
$decoded_response = json_decode($response_data,true);
$event_name = $decoded_response['event'];
if($event_name == 'verification.accepted'){
if($sp_signature == $calculate_signature){
echo "Verification accepted : $response_data";
}else{
echo "Invalid signature : $response_data";
}
}else{
echo "Error : $response_data";
}
function send_curl($url, $post_data, $headers, $auth){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $auth);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$html_response = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($html_response, 0, $header_size);
$body = substr($html_response, $header_size);
curl_close($ch);
return ['headers' => $headers,'body' => $body];
}
function get_header_keys($header_string){
$headers = [];
$exploded = explode("\n", $header_string);
if(!empty($exploded)){
foreach ($exploded as $key => $header) {
if (!$key) {
$headers[] = $header;
} else {
$header = explode(':', $header);
$headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
}
}
}
return $headers;
}
?>
import base64, requests, json, hashlib, urllib2
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
verification_request = {
'reference' : 'ref-{}{}'.format(randint(1000, 9999), randint(1000, 9999)),
'country' : 'GB',
'language' : 'EN',
'email' : 'test@test.com',
'callback_url' : 'https://yourdomain.com/profile/notifyCallback',
'verification_mode' : 'any'
}
# Use this key if want to perform face verification
verification_request['face'] = {
'proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-face.jpg').read())
}
# Use this key if you want to perform document verification
verification_request['document'] = {
'proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
'additional_proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
'name' : {
'first_name' : 'Your first name',
'last_name' : 'Your last name',
'fuzzy_match' : '1'
},
'dob' : '1992-10-10',
'document_number' : '2323-5629-5465-9990',
'expiry_date' : '2025-10-10',
'issue_date' : '2015-10-10',
'supported_types' : ['id_card','passport']
}
# Use this key if want to perform address verification
verification_request['address'] = {
'proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
'name' : {
'first_name' : 'Your first name',
'last_name' : 'Your last name',
'fuzzy_match' : '1'
},
'full_address' : 'your address',
'address_fuzzy_match' : '1',
'issue_date' : '2015-10-10',
'supported_types' : ['utility_bill','passport','bank_statement']
}
# Use this key if you want to perform consent verification
verification_request['consent'] = {
'proof' : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-consent-document.jpg').read()),
'text' : 'some text for consent verification',
'supported_types' : ['handwritten']
}
# Use this key if you want to perform AML/Background Checks verification
verification_request['background_checks'] = {
'name' : {
'first_name' : 'Your first name',
'last_name' : 'You last name'
},
'dob' : '1992-10-10'
}
# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url,
headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
data=json.dumps(verification_request))
# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()
# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')
# Convert json string to json object
json_response = json.loads(response.content)
# Get event returned
event_name = json_response['event']
print json_response
if event_name == 'verification.accepted':
if sp_signature == calculated_signature:
print 'Verification accepted: {}'.format(response.content)
else:
print 'Invalid signature: {}'.format(response.content)
else:
print "Error: {}".format(response.content)
var payload = {
reference : `SP_REQUEST_${Math.random()}`,
callback_url : "https://yourdomain.com/profile/sp-notify-callback",
redirect_url : "https://yourdomain.com/site/sp-redirect",
country : "GB",
language : "EN",
verification_mode : "any",
document : {},
address : {},
}
/*Get face sample proof Base64*/
convertImgToBase64URL('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-face.jpg').then(response=>{
payload['face'] = {
proof : response
}
})
//get Document proof base64
convertImgToBase64URL('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').then(response=>{
//Use this key if you want to perform document verification with OCR
payload['document'] = {
proof : response,
additional_proof : response,
name : {
first_name : 'Your first name',
last_name : 'You last name',
fuzzy_match : '1'
},
dob : '1992-10-10',
document_number : '2323-5629-5465-9990',
expiry_date : '2025-10-10',
issue_date : '2015-10-10',
supported_types : ['id_card','passport']
}
//Use this key if you want to perform address verification with OCR
payload['address'] = {
proof : response,
name : {
first_name : 'Your first name',
last_name : 'You last name',
fuzzy_match : '1'
},
full_address : 'your address',
address_fuzzy_match : '1',
issue_date : '2015-10-10',
supported_types : ['utility_bill','passport','bank_statement']
}
//Use this key if you want to perform background checks verification
payload['background_checks'] = {
name : {
first_name : 'Your first name',
middle_name : 'Your middle name',
last_name : 'Your last name'
},
dob : '1994-10-03'
}
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/',
{
method : 'post',
headers : {
'Accept' : 'application/json',
'Content-Type' : 'application/json',
'Authorization' : 'Basic ' +token
},
body: JSON.stringify(payload)
})
.then(function(response) {
return response.json();
}).then(function(data) {
console.log(data)
return data;
});
})
/*METHOD USED TO Get image BASE 64 string*/
function convertImgToBase64URL(url){
return new Promise(function(resolve, reject) {
var img = new Image();
img.crossOrigin = 'Anonymous';
img.onload = function(){
var canvas = document.createElement('CANVAS'),
ctx = canvas.getContext('2d'), dataURL;
canvas.height = img.height;
canvas.width = img.width;
ctx.drawImage(img, 0, 0);
dataURL = canvas.toDataURL('image/jpeg');
resolve(dataURL);
canvas = null;
};
img.src = url;
})
}
require 'uri'
require 'net/http'
require 'base64'
require 'json'
require 'open-uri'
url = URI("https://api.shuftipro.com/")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
# Sample image
SAMPLE_DOCUMENT_IMAGE = "https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg"
verification_request = {
reference: "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
callback_url: "https://yourdomain.com/profile/notifyCallback",
email: "johndoe@example.com",
country: "GB",
language: "EN",
redirect_url: "http://www.example.com",
verification_mode: "any"
}
# Use this key if you want to perform document verification with OCR
verification_request["document"] = {
proof: Base64.encode64(open(SAMPLE_DOCUMENT_IMAGE).read),
supported_types: ["id_card","driving_license","passport"],
name: {
first_name: "John",
last_name: "Liveon"
},
dob: "1990-10-10",
issue_date: "2015-10-10",
expiry_date: "2025-10-10",
document_number: "1234-1234-ABC"
}
# Use this key if you want to perform address verification with OCR
verification_request["address"] = {
proof: Base64.encode64(open(SAMPLE_DOCUMENT_IMAGE).read),
supported_types: ["id_card","bank_statement"],
name: {
first_name: "John",
last_name: "Liveon"
},
issue_date: "2015-10-10",
full_address: "Candyland Avenue",
address_fuzzy_match: "1"
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = verification_request.to_json
response = http.request(request)
response_headers = response.instance_variable_get("@header")
response_data = response.read_body
sp_signature = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
puts response_data
else
puts "Invalid signature"
end
To read full API Documentation about Offsite Verification Without OCR feature, click here
Shufti Pro customer collects the image or video proofs from end-users. In the verification request, Shufti Pro customer specifies the keys for the parameters to be verified. Shufti Pro uses a unique template matching technique to match these values to the data on identity documents. Next, Shufti Pro’s intelligently driven system verifies the provided documents for authenticity. Please consult This Document for Offsite without OCR verifications.
These are the services offered in Onsite Verification without OCR: (Face, Document, Address, Consent and Background Checks)
Instructions
Face Service
Take a selfie or upload a video of your full face.
Ensure the image or video is not blurred.
Make sure light is not too low or too bright.
Make sure your full face is within the image or video frame.
Don’t crop or cut the edges.
Remove all accessories like glasses, hats, etc.
Don’t edit the image or video in any way (photoshop, crop, etc.).
Maximum image size: 16MB
Maximum video size: 20MB
Image Format: JPG, JPEG, PNG, PDF
Video Format: MP4/MOV
Document Service
Take a photo or upload a video of the front side of your document.
There should be sufficient light and avoid glare on the document.
Ensure the image or video is not blurred.
Make sure your full Document is within the image or video.
All edges of the document should be within the frame.
Make sure that document number and expiry date are clearly visible.
Don’t edit the image or video in any way.
Don’t hide, fold or crop any part of the document.
Maximum image size: 16MB
Maximum video size: 20MB
Image Format: JPG, JPEG, PNG, PDF
Video Format: MP4/MOV
Document Two Service
Take a photo or upload a video of the front side of your document.
There should be sufficient light and avoid glare on the document.
Ensure the image or video is not blurred.
Make sure your full Document is within the image or video.
All edges of the document should be within the frame.
Make sure that document number and expiry date are clearly visible
Don’t edit the image or video in any way.
Don’t hide, fold or crop any part of the document.
Maximum image size: 16MB
Maximum video size: 20MB
Image Format: JPG, JPEG, PNG, PDF
Video Format: MP4/MOV
Address Service
Upload a photo or upload a video of the full address document.
There should be sufficient light and avoid glare on the address document.
Ensure the image or video is not blurred.
Address should be clearly visible in the image or video.
Don’t edit the image or video in any way.
Don’t hide, fold or crop any part of the address document.
Proof of address document SHOULD NOT BE OLDER THAN THREE MONTHS.
Maximum image size: 16MB
Maximum video size: 20MB
Image Format: JPG, JPEG, PNG, PDF
Video Format: MP4/MOV
Consent Service
Take a photo or Upload a video of your full face with Handwritten or Printed consent note.
Ensure the image or video is not blurred.
There should be sufficient light and avoid glare on the note.
Remove all accessories like glasses, hats, etc.
Your full face and consent note should be within the image or video frame.
Given text should be mentioned on the consent note.
Handwritten or Printed consent note should be legible.
Don’t crop, hide or fold any part of the consent note.
Maximum image size: 16MB
Maximum video size: 20MB
Image Format: JPG, JPEG, PNG, PDF
Video Format: MP4/MOV
Services
Shufti Pro is performing variety of verifications for its customers. Our diverse services suite allows us to validate the identity of users through facial verification, documents verification and address verification. We can also check the authenticity of customised documents like official IDs and perform background checks for AML compliance. A mix of various service modules can also be acquired to perform multifaceted verifications like facial and document verification can help you perform a thorough KYC procedure.
Face Service
Face service sample object
{
"face" : {
"proof" : "",
"allow_offline" : "1"
}
}
The face verifications of end-users are the simplest to perform.
For offsite verification: The face image of end-user is provided by Shufti Pro’s client that is then verified by Shufti Pro.
For Onsite Verification: End-user will have to show their face in front of a webcam or phone camera for verification
| Parameters | Description |
|---|---|
| proof | Required: No Type: string Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB Video Format: MP4/MOV Maximum: 20MB Provide valid BASE64 encoded string. Leave empty for an on-site verification. |
| allow_offline | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter allows user to upload their selfie in case of non-availability of a functional webcam. If value is 0, users can only perform Face Verification with the camera only. |
| allow_online | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter allows users to take their selfie in real-time when internet is available. If value: 0 users can upload already captured selfie. Note: if allow_offline: 0 priority will be given to allow_offline |
Document Service
Document service sample object
{
"document" : {
"proof" : "",
"additional_proof" : "",
"supported_types" : ["id_card","driving_license","passport"],
"name" : {
"first_name" : "John",
"last_name" : "Liveon"
},
"dob" : "1990-10-10",
"issue_date" : "2015-10-10",
"expiry_date" : "2025-10-10",
"document_number" : "1234-1234-ABC",
"allow_offline" : "1",
"fetch_enhanced_data" : "1"
}
}
Shufti Pro provides document verification through various types of documents. The supported formats are passports, ID Cards, driving licenses and debit/credit cards. You can opt for more than 1 document type as well. In that case, Shufti Pro will give an option to end-users to verify their data from any of the given document types.
In case of off-site verification, you can provide more than 1 document image and use “additional proof” parameter for this. This is to ensure that the required credentials are easily visible e.g. a document might have name and image of individual at the front but the date of birth of that person is printed at the back of the document or on another page of the passport. If you opt for both facial and document verification, face of individual from document will be used to validate uploaded selfie.
| Parameters | Description |
|---|---|
| proof | Required: No Type: string Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB Video Format: MP4/MOV Maximum: 20MB Provide valid BASE64 encoded string. Leave empty for an on-site verification. |
| additional_proof | Required: No Type: string Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB Video Format: MP4/MOV Maximum: 20MB Provide valid BASE64 encoded string. Leave empty for an on-site verification. |
| supported_types | Required: Yes Type: Array Document verification have two parameters: proof and additional_proof. If these two are not set or empty, it means that it should be an on-site verification. You can provide any one, two or more types of documents to verify the identity of user. For example, if you opt for both passport and driving license, then your user will be given an opportunity to verify data from either of these two documents. Please provide only one document type if you are providing proof of that document with the request. All supported types are listed here Example 1 ["driving_license"] Example 2 ["id_card", "credit_or_debit_card", "passport"] |
| dob | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be before today. Example 1990-12-31 |
| document_number | Required: No Type: string Minimum: 2 characters Maximum: 100 characters Allowed Characters are numbers, alphabets, dots, dashes, spaces, underscores and commas. Examples 35201-0000000-0, ABC1234XYZ098 |
| issue_date | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be before today. Example 2015-12-31 |
| expiry_date | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be after today. Example 2025-12-31 |
| allow_offline | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter allows user to upload their document in case of non-availability of a functional webcam. If value is 0, users can only perform Document Verification with the camera only. |
| allow_online | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter allows users to capture their document in real-time when internet is available. If value: 0 users can upload already captured document. Note: if allow_offline: 0 priority will be given to allow_offline |
| fetch_enhanced_data | Required: No Type: string Value Accepted: 1 Provide 1 for enabling enhanced data extraction for the document. Shufti Pro provides its customers with the facility of extracting enhanced data features using OCR technology. Now, instead of extracting just personal information input fields, Shufti Pro can fetch all the additional information comprising more than 100 data points from the official ID documents supporting 150 languages. For example height, place_of_birth, nationality, marital_status, weight, etc.(additional charges apply) Extrated data will be returned in object under the key additional_data in case of verification.accepted or verification.declined. For Details on additional_data object go to Additional Data |
| name | Required: No Type: object In name object used in document service, first_name is required if you don't want to perform OCR of the name parameter. Other fields are optional. Example 1 { "first_name" : "John", "last_name" : "Doe" } Example 2 { "first_name" : "John", "last_name" : "Doe", "fuzzy_match" : "1"} Parameters for name are listed here: |
Document Two Service
Document Two service sample object
{
"document_two" : {
"proof" : "",
"additional_proof" : "",
"supported_types" : ["id_card","driving_license","passport"],
"name" : {
"first_name" : "John",
"last_name" : "Liveon"
},
"dob" : "1990-10-10",
"issue_date" : "2015-10-10",
"expiry_date" : "2025-10-10",
"document_number" : "1234-1234-ABC",
"allow_offline" : "1",
"fetch_enhanced_data" : "1"
}
}
Document Two Service is provided to verify the personal details of a user from more than 1 document e.g. If you have verified the DOB & Name of a user from their ID Card, you can use Document Two Service to verify the Credit Card Number of your customer.
Just like the “Document Service”, the supported formats for this service are also passports, ID Cards, driving licenses and debit/credit cards and more than one document type can be selected as well. In that case, Shufti Pro will give an option to end-users to verify their data from any of the given document types.
It goes without saying that provided document proofs should belong to the same person in order to verify the identity of the user.
In case of off-site verification, you can provide more than 1 document image and use “additional proof” parameter for this. This is to ensure that the required credentials are easily visible e.g. a document might have name and image of individual at the front but the date of birth of that person is printed at the back of the document or on another page of the passport. If you opt for both facial and document verification, face of individual from document will be used to validate uploaded selfie.
| Parameters | Description |
|---|---|
| proof | Required: No Type: string Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB Video Format: MP4/MOV Maximum: 20MB Provide valid BASE64 encoded string. Leave empty for an on-site verification. |
| additional_proof | Required: No Type: string Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB Video Format: MP4/MOV Maximum: 20MB Provide valid BASE64 encoded string. Leave empty for an on-site verification. |
| supported_types | Required: Yes Type: Array Document verification have two parameters: proof and additional_proof. If these two are not set or empty, it means that it should be an on-site verification. You can provide any one, two or more types of documents to verify the identity of user. For example, if you opt for both passport and driving license, then your user will be given an opportunity to verify data from either of these two documents. Please provide only one document type if you are providing proof of that document with the request. All supported types are listed here Example 1 ["driving_license"] Example 2 ["id_card", "credit_or_debit_card", "passport"] |
| dob | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be before today. Example 1990-12-31 |
| document_number | Required: No Type: string Minimum: 2 characters Maximum: 100 characters Allowed Characters are numbers, alphabets, dots, dashes, spaces, underscores and commas. Examples 35201-0000000-0, ABC1234XYZ098 |
| issue_date | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be before today. Example 2015-12-31 |
| expiry_date | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be after today. Example 2025-12-31 |
| allow_offline | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter allows user to upload their document in case of non-availability of a functional webcam. If value is 0, users can only perform Document Verification with the camera only. |
| allow_online | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter allows users to capture their document in real-time when internet is available. If value: 0 users can upload already captured document. Note: if allow_offline: 0 priority will be given to allow_offline |
| fetch_enhanced_data | Required: No Type: string Value Accepted: 1 Provide 1 for enabling enhanced data extraction for the document. Shufti Pro provides its customers with the facility of extracting enhanced data features using OCR technology. Now, instead of extracting just personal information input fields, Shufti Pro can fetch all the additional information comprising more than 100 data points from the official ID documents supporting 150 languages. For example height, place_of_birth, nationality, marital_status, weight, etc.(additional charges apply) Extrated data will be returned in object under the key additional_data in case of verification.accepted or verification.declined. For Details on additional_data object go to Additional Data |
| name | Required: No Type: object In name object used in document service, first_name is required if you don't want to perform OCR of the name parameter. Other fields are optional. Example 1 { "first_name" : "John", "last_name" : "Doe" } Example 2 { "first_name" : "John", "last_name" : "Doe", "fuzzy_match" : "1"} Parameters for name are listed here: |
Address Service
Address service sample object
{
"address" : {
"proof" : "",
"supported_types" : ["id_card","bank_statement"],
"name" : {
"first_name" : "John",
"last_name" : "Liveon"
},
"issue_date" : "2015-10-10",
"full_address" : "Candyland Avenue",
"address_fuzzy_match" : "1"
}
}
For address verification, a valid identity document is required with the same address printed on it as the one claimed by the end-user. The address can also be verified with the help of Utility Bills and Bank Statements.
For offsite Verification: The address document is provided directly by Shufti Pro’s client that it has already collected from end-user
For Onsite Verification: The address document will be displayed or uploaded by end-user directly for verification.
| Parameters | Description |
|---|---|
| proof | Required: No Type: string Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB Video Format: MP4/MOV Maximum: 20MB |
| supported_types | Required: Yes Type: Array Provide any one, two or more document types in proof parameter in Address verification service. For example, if you choose id_card and utility_bill, then the user will be able to verify data using either of these two documents. Please provide only one document type if you are providing proof of that document with the request. The Following list Shows Supported Types of Address Verification. It can be found here. Example 1 [ "utility_bill" ] Example 2 [ "id_card", "bank_statement" ] |
| full_address | Required: No Type: string Minimum: 2 characters Maximum: 250 characters Allowed Characters are numbers, alphabets, dots, dashes, spaces, underscores, hashes and commas. |
| address_fuzzy_match | Required: No Type: string Accepted Values: 0, 1 Default Value: 0 Provide 1 for enabling a fuzzy match for address verification. Enabling fuzzy matching attempts to find a match which is not 100% accurate. Default value will be 0, which means that only 100% accurate address will be verified. |
| issue_date | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be before today. Example 2015-12-31 |
| name | Required: No Type: object In name object used in document service, first_name is required if you don't want to perform OCR of the name parameter. Other fields are optional. Example 1 { "first_name" : "John", "last_name" : "Doe" } Example 2 { "first_name" : "John", "last_name" : "Doe", "fuzzy_match" : "1"} Parameters for name are listed here: |
Consent Service
Consent service sample object
{
"consent" : {
"proof" : "",
"supported_types" : ["printed"],
"text" : "Hi, I am giving my consent",
"allow_offline" : "1"
}
}
Customised documents/notes can also be verified by Shufti Pro. Company documents, employee cards or any other personalised note can be authenticated by this module. You can choose handwritten or printed document format but only one form of document can be verified in this verification module. Text whose presence on the note/customized document is to be verified, is also needed to be provided.
For offsite Verification: The consent document is provided directly by Shufti Pro’s client that it has already collected from end-user
For Onsite Verification: The consent document will be displayed or uploaded by end-user directly for verification.
| Parameters | Description |
|---|---|
| proof | Required: No Type: string Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB Video Format: MP4/MOV Maximum: 20MB |
| supported_types | Required: Yes Type: Array Text provided in the consent verification can be verified by handwritten documents or printed documents. Supported types are listed here Example 1 ["printed"] Example 2 ["printed", "handwritten"] |
| text | Required: Yes Type: string Minimum: 2 characters Maximum: 100 characters Provide text in the string format which will be verified from a given proof. |
| allow_offline | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter allows user to upload their Consent Document (Handwritten Note/printed document) in case of non-availability of a functional webcam. If value is 0, users can only perform Consent Verification with the camera only. |
| allow_online | Required: No Type: string Accepted Values: 0, 1 Default-Value: 1 This parameter allows users to capture their Consent in real-time when internet is available. If value: 0 users can upload already captured Consent. Note: if allow_offline: 0 priority will be given to allow_offline |
| with_face | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter is applicable if supported_type is handwritten and default value is 1. If value of with_face is 1 then hand written note will be accepted only with face which means your customer must need to show his/her face along with the consent on a paper. If value of with_face is 0 then hand written note is accepted with or without face. |
Phone Service
Phone service sample object
{
"phone" : {
"phone_number" : "+44127873938323",
"random_code" : "55667",
"text" : "Your verification code is 55667"
}
}
Verify the phone number of end-users by sending a random code to their number from Shufti Pro. Once the sent code is entered into the provided field by end-user, phone number will stand verified. It is primarily an on-site verification and you have to provide phone number of the end-user to us, in addition to the verification code and the message that is to be forwarded to the end-user. Shufti Pro will be responsible only to send the message along with verification code to the end-user and verify the code entered by the end-user.
| Parameters | Description |
|---|---|
| phone_number | Required: No Type: string Minimum: 6 characters Maximum: 64 characters Allowed Characters: numbers and plus sign at the beginning. Provide a valid customer’s phone number with country code. Shufti Pro will directly ask the end-user for phone number if this field is missing or empty. |
| random_code | Required: No Type: string Minimum: 2 characters Maximum: 10 characters Provide a random code. If this field is missing or empty. Shufti Pro will generate a random code. |
| text | Required: No Type: string Minimum: 2 characters Maximum: 100 characters Provide a short description and random code in this field. This message will be sent to customers. This field should contain random_code. If random_code field is empty than Shufti Pro will generate a random code and append the code with this message at the end. |
Background Checks Service
Background Checks service sample object
{ "background_checks" : { "name" : { "first_name" : "John", "middle_name" : "Carter", "last_name" : "Doe" }, "dob" : "1995-10-10" } }
It is a verification process that will require you to send us the full Name of end-user in addition to date of birth. Shufti Pro will perform AML based background checks based on this information. Please note that the name and dob keys will be extracted from document service if these keys are empty.
| Parameters | Description |
|---|---|
| dob | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be before today. Example 1990-12-31 |
| name | Required: No Type: object In name object used in background checks service, first_name required and other fields are optional. Parameters for name are listed here: Example 1 { "first_name" : "John", "last_name" : "Doe" } Example 2 { "first_name" : "John", "middle_name" : "Carter", "last_name" : "Doe"} |
| ongoing | Required: No Accepted values: 0, 1 Default: 0 This Parameter is used for Ongoing AML Screening, and is allowed only on Production Accounts. If Shufti Pro detects a change in AML statuses, then we will send you a webhook with event verification.status.changed. The new AML status can be checked using get status endpoint, or from the back-office. Use fuzzy_match = 1 in the name object for better results for Ongoing AML Screening. |
Biometric
Shufti Pro Biometric SDK authenticates users with Facial Authentication. The SDK uses two different security tokens to handle requests. It collects image/video proofs, and processes and saves them for future authentication. It generates different responses according to the nature of request.
Request
Every verification request received from the end-user or Shufti Pro customer is assessed on certain parameters (discussed in detail below) by Shufti Pro’s intelligent system.
Access Token Request Example
POST /biometric/auth HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU
{
"webhook_url" : "http://www.example.com/",
"reference" : "123weqwe1231",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"request_type" : "enroll",
"email" : ""
}
<?php
$clientID = 'YOUR CLIENT ID';
$clientSecret = 'YOUR CLIENT SECRET';
$basic_auth = base64_encode ( $clientID . ":" . $clientSecret );
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.shuftipro.com/biometric/auth",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"webhook_url\": \"http://www.example.com\",\n \"request_type\" : \"enroll\,\n \"language\" : \"EN\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1,\n "email" : ""}",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic " . $basic_auth,
"Content-Type: application/json",
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>
import requests, base64, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
url = "https://api.shuftipro.com/biometric/auth"
payload = "{\n \"webhook_url\": \"http://www.example.com\",\n \"language\" : \"EN\",\n \"request_type\" : \"enroll\",\n \"email\" : \"\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1}"
headers = {
'Content-Type': "application/json",
'Authorization': "Basic %s" % b64Val
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
//We will be using two common practises for send Api calls
//Dispatch request via Jquery Ajax API
var payload = {
"async": true,
"crossDomain": true,
"url": "https://api.shuftipro.com/biometric/auth",
"method": "POST",
"headers": {
"Content-Type": "application/json",
"Authorization": "Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU",
"cache-control": "no-cache",
},
"processData": false,
"data": '{
"webhook_url": "http://www.example.com",
"request_type": "enroll",
"language" : "EN",
"email": "",
"reference": "123abc123",
"document": 1,
"phone": 1,
"question": 1
}'
}
$.ajax(payload).done(function (response) {
console.log(response);
});
Token request received from the end-user is assessed on specific parameters (discussed below):
- Identify Client ID & Client Secret Key.
- Check the authenticity of client’s credentials.
- Read client’s data.
- Response is sent back after generating access token.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string This allows the Client to receive response of request, either success or fail. |
| language | Required: No Type: string Length: 2 characters If the Shufti Pro client wants their preferred language to appear on the authentication screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 64 characters Each request has a unique Reference ID which is sent back to Client against each response. Only alphanumeric values can be used. The Client can use the Reference ID to check status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: Use "enroll" as the value for request_type if you want end-user to sign-up, or "authenticate" if you want end-user to sign-in. |
| document | Required: No Type: boolean This option decides if End-User’s ID document is validated or not. Give value 1 if you want to validate the ID document, or 0 if you want to skip it. |
| phone | Required: No Type: boolean This option decides if End-User’s phone number is validated or not. Give value 1 if you want to validate the phone number, or 0 if you want to skip it. |
| question | Required: No Type: boolean This option decides if the end-users asked for security questions or not. Give value 1 if you want to validate security questions, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents email address of the end-user. Note: During SignUp email is optional but will necessary in the later registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Register Request
To request for SignUp, you have to make server to server call with these parameters:
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'enroll',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : ""
}
You have the option to put end-user's email:
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'enroll',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "abc@xyz.com",
}
Login Request
To request for Login, you have to make server to server call with these parameters:
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'authenticate',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : ""
}
You have the option to put end-user's email.
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'authenticate',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "abc@xyz.com"
}
Loading the SDK
The Shufti Pro SDK for JavaScript doesn’t have any standalone files that need to be downloaded or installed. You simply need to include a short piece of regular JavaScript in your HTML that will asynchronously load SDK on pages. The async loading does not block any other elements of your page.
The following snippet of code will give the basic version of the SDK where the options are set to most common defaults.
You can use one of two methods below to load the SDK asynchronously. Put the following code in the HTML of pages where you want to load the SDK.
Script Tag
Insert this directly after the opening body tag on every page where you want to load it.
<script async defer src="https://app.shuftipro.com/biometric/sdk/shuftipro.min.js"></script>Function Call
<script> ( function ( d, s, id ) { if ( d.getElementById ( id ) ) return; let js, fjs = d.getElementsByTagName ( s )[ 0 ]; js = d.createElement ( s ); js.id = id; js.src = "https://app.shuftipro.com/biometric/sdk/shuftipro.min.js"; fjs.parentNode.insertBefore ( js, fjs ); } ( document, 'script', 'shuftipro-jssdk' ) ); </script>
Custom Iframe
SDK will append & launch an iFrame. If you want to customize the iFrame for your website or application then include it according to your requirements. If no iFrame is provided in the HTML then Shufti Pro will render default from the SDK.
Note: The ID of the custom iFrame must be "shuftipro-iframe".
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>
Initializing the SDK
After getting the access_token from the server, put it in SP's init method to initialize the SDK.
SP.init ( callback, access_token );
With above mentioned command, SDK will initialize and will be ready to get the SignUp and Login requests.
Request Parameters
| Parameters | Description |
|---|---|
| callback method | Required: Yes Type: Function The Client will pass the callback function. Shufti Pro will use this to return response data of verification. |
| access_token | Required: Yes Type: string Please put the access token you received from server to server call. |
Services
Shufti Pro performs a variety of authentication services for its customers. Our diverse services suite allows us to validate the identity of users through facial verification, document verification, phone number verification, and security questions verification.
Face Service
Shufti Pro Biometric SDK authenticates users with Facial Authentication and checks their liveness. This service is used as a default authentication service and can not be disabled.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process. |
| language | Required: No Type: string Length: 2 characters If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters Each request has a unique Reference ID that is sent back to the client against each response. Only alphanumeric values can be used here. The client can use Reference ID to check the status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents the email address of end-user. Note: Providing email is optional during sign-up but necessary later in the registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Document Service
Shufti Pro Biometric SDK provides document verification through ID document. It gives an option to end-users to verify their data from ID document.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process. |
| language | Required: No Type: string Length: 2 characters If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters Each request has a unique Reference ID that is sent back to the client against each response. Only alphanumeric values can be used here. The client can use Reference ID to check the status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in. |
| document | Required: No Type: boolean This option decides if End-User’s ID document is validated or not. Give value 1 if you want to validate the ID document, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents the email address of end-user. Note: Providing email is optional during sign-up but necessary later in the registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Phone Service
Shufti Pro Biometric SDK provides phone number verification. Shufti Pro Biometric SDK verifies the phone number of end-users by sending a random code to their number from Shufti Pro. Once the sent code is entered into the provided field by end-user, phone number will stand verified. Shufti Pro will be responsible only to send the message along with verification code to the end-user and verify the code entered by the end-user.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process. |
| language | Required: No Type: string Length: 2 characters If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters Each request has a unique Reference ID that is sent back to the client against each response. Only alphanumeric values can be used here. The client can use Reference ID to check the status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in. |
| phone | Required: No Type: boolean This option decides if End-User’s phone number is validated or not. Give value 1 if you want to validate the phone number, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents the email address of end-user. Note: Providing email is optional during sign-up but necessary later in the registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Question Service
Shufti Pro Biometric SDK provides security questions verification for authentication. It takes the answers of the security question at the time of enrollment from the end-user. Once the end-user is successfully enrolled, it asks end-users to answer again on authentication to verify their answers.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string This allows the Client to receive response of request, either success or fail. |
| language | Required: No Type: string Length: 2 characters If the Shufti Pro client wants their preferred language to appear on the authentication screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 64 characters Each request has a unique Reference ID which is sent back to Client against each response. Only alphanumeric values can be used. The Client can use the Reference ID to check status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: Use "enroll" as the value for request_type if you want end-user to sign-up, or "authenticate" if you want end-user to sign-in. |
| question | Required: No Type: boolean This option decides if the end-users asked for security questions or not. Give value 1 if you want to validate security questions, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents email address of the end-user. Note: During SignUp email is optional but will necessary in the later registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
To read full API Documentation about Biometric Service and see the full example, click here.
Phone (2FA)
Phone service sample object
{
"phone" : {
"phone_number" : "+44127873938323",
"random_code" : "55667",
"text" : "Your verification code is 55667"
}
}
Verify the phone number of end-users by sending a random code to their number from Shufti Pro. Once the sent code is entered into the provided field by end-user, phone number will stand verified. It is primarily an on-site verification and you have to provide phone number of the end-user to us, in addition to the verification code and the message that is to be forwarded to the end-user. Shufti Pro will be responsible only to send the message along with verification code to the end-user and verify the code entered by the end-user.
| Parameters | Description |
|---|---|
| phone_number | Required: No Type: string Minimum: 6 characters Maximum: 64 characters Allowed Characters: numbers and plus sign at the beginning. Provide a valid customer’s phone number with country code. Shufti Pro will directly ask the end-user for phone number if this field is missing or empty. |
| random_code | Required: No Type: string Minimum: 2 characters Maximum: 10 characters Provide a random code. If this field is missing or empty. Shufti Pro will generate a random code. |
| text | Required: No Type: string Minimum: 2 characters Maximum: 100 characters Provide a short description and random code in this field. This message will be sent to customers. This field should contain random_code. If random_code field is empty than Shufti Pro will generate a random code and append the code with this message at the end. |
AML / Background Checks
For Individuals
Background Checks service sample object
{ "background_checks" : { "name" : { "first_name" : "John", "middle_name" : "Carter", "last_name" : "Doe" }, "dob" : "1995-10-10" } }
It is a verification process that will require you to send us the full Name of end-user in addition to date of birth. Shufti Pro will perform AML based background checks based on this information. Please note that the name and dob keys will be extracted from document service if these keys are empty.
| Parameters | Description |
|---|---|
| dob | Required: No Type: string Format: yyyy-mm-dd Provide a valid date. Please note that the date should be before today. Example 1990-12-31 |
| name | Required: No Type: object In name object used in background checks service, first_name required and other fields are optional. Parameters for name are listed here: Example 1 { "first_name" : "John", "last_name" : "Doe" } Example 2 { "first_name" : "John", "middle_name" : "Carter", "last_name" : "Doe"} |
| ongoing | Required: No Accepted values: 0, 1 Default: 0 This Parameter is used for Ongoing AML Screening, and is allowed only on Production Accounts. If Shufti Pro detects a change in AML statuses, then we will send you a webhook with event verification.status.changed. The new AML status can be checked using get status endpoint, or from the back-office. Use fuzzy_match = 1 in the name object for better results for Ongoing AML Screening. |
For Businesses
AML for Businesses service sample object
{ "aml_for_businesses" : { "business_name" : "Shufti Pro Ltd", "business_incorporation_date" : "2016-01-01", "ongoing" : "1" } }
Anti-money laundering checks for businesses by Shufti Pro help identify companies involved in money laundering (ML) or terror financing (TL) in real-time. Shufti Pro verifies if the business has been blacklisted. Eliminate the risk of penalties, financial loss, and fraud in real-time through in-depth AML screening of your prospect.
| Parameters | Description |
|---|---|
| business_name | Required: Yes Type: string This parameter receives the business name to run it against the AML list. Example: Shufti Pro Ltd |
| business_incorporation_date | Required: Yes Type: string Format: yyyy-mm-dd This parameter receives the incorporation date of the business to run it against the AML list. Example: 2016-01-01 |
| ongoing | Required: No Accepted values: 0, 1 Default: 0 This Parameter is used for Ongoing AML Screening, and is allowed only on Production Accounts. If Shufti Pro detects a change in AML statuses, then we will send you a webhook with event verification.status.changed. The new AML status can be checked using get status endpoint, or from the back-office. |
Know Your Business
Know Your Business service sample object
{
"kyb" : {
"company_registration_number" : "12345678",
"company_jurisdiction_code" : "ae_az"
}
}
Shufti Pro verifies millions of businesses in real-time through its KYB services. The KYB verification includes an in-depth screening of Ultimate Beneficial Owners (UBOs) and company registration documents. Develop trustworthy business relationships through in-depth screening of your prospects.
| Parameters | Description |
|---|---|
| company_registration_number | Required: Yes Type: string This parameter receives the company registration number to collect and verify the company information reports. Example: 12345678 |
| company_jurisdiction_code | Required: Yes Type: string This parameter receives the company jurisdiction code to collect and verify the company information. Supported types are listed here Example: ae_az |
Response Parameters
Know Your Business response sample object
{
"reference": "sp-bc-demo-U3cl95qO",
"event": "verification.accepted",
"email": null,
"country": null,
"verification_data": {
"kyb": {
"company_number": "11039567",
"company_type": "Private Limited Company",
"company_source": {
"publisher": "UK Companies House",
"url": "http://xmlgw.companieshouse.gov.uk/",
"terms": "UK Crown Copyright",
"retrieved_at": "2019-10-31T08:50:01+00:00"
},
"native_company_number": null,
"company_industry_codes": [
{
"code": "62.01/2",
"description": "Business and domestic software development",
"code_scheme_id": "uk_sic_2007",
"code_scheme_name": "UK SIC Classification 2007"
},
{
"code": "63.11",
"description": "Data processing, hosting and related activities",
"code_scheme_id": "uk_sic_2007",
"code_scheme_name": "UK SIC Classification 2007"
},
{
"code": "62.01",
"description": "Computer programming activities",
"code_scheme_id": "eu_nace_2",
"code_scheme_name": "European Community NACE Rev 2"
},
{
"code": "6201",
"description": "Computer programming activities",
"code_scheme_id": "isic_4",
"code_scheme_name": "UN ISIC Rev 4"
},
{
"code": "63.11",
"description": "Data processing, hosting and related activities",
"code_scheme_id": "eu_nace_2",
"code_scheme_name": "European Community NACE Rev 2"
},
{
"code": "6311",
"description": "Data processing, hosting and related activities",
"code_scheme_id": "isic_4",
"code_scheme_name": "UN ISIC Rev 4"
}
],
"company_trademark_registrations": [],
"company_corporate_groupings": [],
"company_data": [],
"home_company": null,
"company_ultimate_beneficial_owners": [
{
"name": "Mr. Carl Victor Gregor Fredung Neschko"
}
],
"company_filings": [
{
"title": "Confirmation Statement",
"date": "2019-10-30",
"reference_url": "https://opencorporates.com/statements/705738001"
},
{
"title": "Annual Accounts",
"date": "2019-07-19",
"reference_url": "https://opencorporates.com/statements/656789159"
},
{
"title": "Change of registered office address",
"date": "2019-06-04",
"reference_url": "https://opencorporates.com/statements/635021777"
},
{
"title": "Change of registered office address",
"date": "2019-04-02",
"reference_url": "https://opencorporates.com/statements/610263028"
},
{
"title": "Change of secretary's details",
"date": "2018-11-26",
"reference_url": "https://opencorporates.com/statements/593461364"
},
{
"title": "Give notice of individual person with significant control",
"date": "2018-11-13",
"reference_url": "https://opencorporates.com/statements/579687687"
},
{
"title": "Give notice of update to PSC statements",
"date": "2018-11-13",
"reference_url": "https://opencorporates.com/statements/579687688"
},
{
"title": "Confirmation Statement",
"date": "2018-11-12",
"reference_url": "https://opencorporates.com/statements/579687689"
},
{
"title": "Termination of appointment of director ",
"date": "2018-11-12",
"reference_url": "https://opencorporates.com/statements/579687690"
},
{
"title": "Appointment of director",
"date": "2018-11-12",
"reference_url": "https://opencorporates.com/statements/579687691"
},
{
"title": "Return of allotment of shares",
"date": "2018-11-03",
"reference_url": "https://opencorporates.com/statements/579336389"
},
{
"title": "Appointment of secretary",
"date": "2018-10-26",
"reference_url": "https://opencorporates.com/statements/579336390"
},
{
"title": "New incorporation documents",
"date": "2017-10-31",
"reference_url": "https://opencorporates.com/statements/512335712"
}
],
"company_officers": [
{
"name": "RICHARD MARLEY FISHER",
"position": "director",
"start_date": "2017-10-31",
"end_date": "2018-11-02",
"occupation": "COMPANY DIRECTOR",
"inactive": true,
"current_status": null,
"address": null
},
{
"name": "MUAZ AHMAD JABAL",
"position": "secretary",
"start_date": "2018-10-25",
"end_date": null,
"occupation": null,
"inactive": false,
"current_status": null,
"address": null
},
{
"name": "CARL VICTOR GREGOR FREDUNG NESCHKO",
"position": "director",
"start_date": "2018-10-30",
"end_date": null,
"occupation": "BUSINESSMAN",
"inactive": false,
"current_status": null,
"address": null
}
],
"company_name": "SHUFTI PRO LIMITED",
"company_jurisdiction_code": "gb",
"company_incorporation_date": "2017-10-31",
"company_dissolution_date": null,
"company_registry_url": "https://beta.companieshouse.gov.uk/company/11039567",
"company_branch": null,
"company_branch_status": null,
"company_registered_address_in_full": "35 Little Russell Street, Holborn, London, WC1A 2HH",
"company_inactive": false,
"company_current_status": "Active",
"company_agent_name": null,
"company_agent_address": null,
"company_alternative_names": [],
"company_previous_names": [],
"company_number_of_employees": null,
"company_alternate_registration_entities": [],
"company_previous_registration_entities": [],
"company_subsequent_registration_entities": [],
"company_identifiers": [],
"company_registered_address": {
"street_address": "35 Little Russell Street, Holborn",
"locality": "London",
"region": null,
"postal_code": "WC1A 2HH",
"country": "England"
},
"company_financial_summary": null,
"company_controlling_entity": null
}
},
"verification_result": {
"kyb_service": null
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_4"
},
"geolocation": {
"host": "172.18.0.1",
"ip": "172.18.0.1",
"rdns": "172.18.0.1",
"asn": "",
"isp": "",
"country_name": "",
"country_code": "",
"region_name": "",
"region_code": "",
"city": "",
"postal_code": "",
"continent_name": "",
"continent_code": "",
"latitude": "",
"longitude": "",
"metro_code": "",
"timezone": ""
}
}
}
| Parameters | Description |
|---|---|
| company_name | Type: string The legal name of the Company |
| company_number | Type: string The identifier is given to the company by the company register |
| company_jurisdiction_code | Type: string The code for the jurisdiction in which the company is incorporated |
| company_incorporation_date | Type: string The date the company was incorporated on |
| company_dissolution_date | Type: string The date the company was dissolved (if so) |
| company_type | Type: string The type of company (e.g. LLC, Private Limited Company, GBMH) |
| company_registry_url | Type: string The URL of the company page in the company register. Note, not all company registers provide persistent URLs for the companies in the register |
| company_branch | Type: string A flag to indicate if a company is a 'branch'. If the flag is 'F' it indicates that the entry in the company register relates to an out-of-jurisdiction company (sometimes called a 'foreign corporation' in the US). If it is 'L' it is a local office of a company (few company registers collect this information). If it is a null value, it means either the company is not a branch, or the company register does not make the information available |
| company_branch_status | Type: string A descriptive text version of the 'branch' flag |
| company_inactive | Type: boolean Filter by inactive status (boolean). This replaces the exclude_inactive filter from previous versions. If ‘true’ is supplied, it will be restricted to inactive companies. If ‘false’ is supplied, it will exclude inactive companies. If no value is supplied it will not filter by inactive status. |
| company_current_status | Type: string The current status of the company, as defined by the company register. |
| company_source | Type: object The source(s) from which we gather company data. Parameters: publisher, url, terms and retrieved_at. |
| company_agent_name | Type: string The name of the individual who manages the company affairs on behalf of the company. |
| company_agent_address | Type: string Specific person’s address |
| company_alternative_names | Type: array Other operating name(s) of the company if any. Parameters: company_name, type and language. |
| company_previous_names | Type: array Old name of that firm/company (if any) |
| company_number_of_employees | Type: string No of employees working for the company |
| native_company_number | Type: string Country number (Similar to ID number) |
| company_alternate_registration_entities | Type: array Other areas of registration (includes partnership types) |
| company_previous_registration_entities | Type: array Previous registration entity type (e.g. partnership, sole traders etc.) |
| company_subsequent_registration_entities | Type: array If closed then further or new entity type of partnership |
| company_registered_address_in_full | Type: string Address where the company is registered |
| company_industry_codes | Type: array Type of industry it is working in (Tech, Manufacturing, etc.) Parameters: code, description, code_scheme_id and code_scheme_name. |
| company_identifiers | Type: array This is similar to company registration number |
| company_trademark_registrations | Type: array Any patent or trademark registered or filled by company |
| company_registered_address | Type: object Address where company is registered. Parameters: street_address, locality, region, postal_code and country. |
| company_corporate_groupings | Type: array Corporate umbrella(Parent company to child company tree |
| company_data | Type: array Information related company filled or posted. Parameters: title, data_type and description. |
| company_financial_summary | Type: string Statement of Financial position |
| home_company | Type: object Main parent company or Ultimate parent company. Parameters: name, jurisdiction_code, company_number and reference_url. |
| company_controlling_entity | Type: object Owner, Beneficiary ,CEO or anyone with decision making powers. Parameters: name, jurisdiction_code, company_number and reference_url. |
| company_ultimate_beneficial_owners | Type: array Owner, Beneficiary or anyone benefiting from revenues of company |
| company_filings | Type: array Parameters: title, date and reference_url. |
| company_officers | Type: array Any significant officers such as agent, director, CEO, CTO. Parameters: name, position, start_date, end_date, occupation, inactive, current_status and address. |
Status Request
Status Request Sample
POST /status HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference" : "17374217"
}
<?php
$url = 'https://api.shuftipro.com/status';
//Your Shufti Pro account Client ID
$client_id = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
$status_request = [
"reference" => "your_request_reference",
];
$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($status_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);
//Get Shufti Pro API Response
$response_data = $response['body'];
//Get Shufti Pro Signature
$sp_signature = get_header_keys($response['headers'])['Signature'];
//Calculating signature for verification
$calculate_signature = hash('sha256',$response_data.$secret_key);
if($sp_signature == $calculate_signature){
echo "Response : $response_data";
}else{
echo "Invalid signature : $response_data";
}
function send_curl($url, $post_data, $headers, $auth){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $auth);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$html_response = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($html_response, 0, $header_size);
$body = substr($html_response, $header_size);
curl_close($ch);
return ['headers' => $headers,'body' => $body];
}
function get_header_keys($header_string){
$headers = [];
$exploded = explode("\n", $header_string);
if(!empty($exploded)){
foreach ($exploded as $key => $header) {
if (!$key) {
$headers[] = $header;
} else {
$header = explode(':', $header);
$headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
}
}
}
return $headers;
}
?>
var payload = {
reference : 'your_request_reference'
}
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/status',
{
method : 'post',
headers : {
'Accept' : 'application/json',
'Content-Type' : 'application/json',
'Authorization' : 'Basic ' +token
},
body: JSON.stringify(payload)
})
.then(function(response) {
return response.json();
}).then(function(data) {
console.log(data)
return data;
});
import base64, requests, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/status'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
status_request = {
"reference" : "your_request_reference"
}
# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url,
headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
data=json.dumps(status_request))
# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()
# Convert json string to json object
json_response = json.loads(response.content)
sp_signature = response.headers.get('Signature','')
if sp_signature == calculated_signature:
print 'Response : {}'.format(json_response)
else:
print 'Invalid Signature: {}'.format(json_response)
require 'uri'
require 'net/http'
require 'base64'
require 'json'
url = URI("https://api.shuftipro.com/status")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
post_data = {
reference: "your_request_reference"
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = post_data.to_json
response = http.request(request)
response_headers = response.instance_variable_get("@header")
response_data = response.read_body
sp_signature = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
puts response_data
else
puts "Invalid signature"
end
Once a verification request is completed, you may request at status end point to get the verification status. You’ll have to provide reference ID for status request and you will be promptly informed about the status of that verification.
| Parameter | Description |
|---|---|
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters This is the unique reference ID of request, which we will send you back with each response, so you can verify the request. Only alphanumeric values are allowed. |
Delete Request
Sample Delete Request
POST /delete HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference" : "17374217",
"comment" : "Customer asked to delete his/her data"
}
<?php
$url = 'https://api.shuftipro.com/delete';
//Your Shufti Pro account Client ID
$client_id = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
$delete_request = [
"reference" => "your_request_reference",
"comment" => "Customer asked to delete his/her data"
];
$auth = $client_id . ":" . $secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($delete_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);
//Get Shufti Pro API Response
$response_data = $response['body'];
//Get Shufti Pro Signature
$sp_signature = get_header_keys($response['headers'])['Signature'];
//Calculating signature for verification
$calculate_signature = hash('sha256',$response_data.$secret_key);
if($sp_signature == $calculate_signature){
echo "Response : $response_data";
}else{
echo "Invalid signature : $response_data";
}
function send_curl($url, $post_data, $headers, $auth){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $auth);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$html_response = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($html_response, 0, $header_size);
$body = substr($html_response, $header_size);
curl_close($ch);
return ['headers' => $headers, 'body' => $body];
}
function get_header_keys($header_string){
$headers = [];
$exploded = explode("\n", $header_string);
if(!empty($exploded)){
foreach ($exploded as $key => $header) {
if (!$key) {
$headers[] = $header;
} else {
$header = explode(':', $header);
$headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
}
}
}
return $headers;
}
?>
var payload = {
reference : 'your_request_reference',
comment : 'Customer asked to delete his/het data'
}
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/delete',
{
method : 'post',
headers : {
'Accept' : 'application/json',
'Content-Type' : 'application/json',
'Authorization' : 'Basic ' +token
},
body: JSON.stringify(payload)
})
.then(function(response) {
return response.json();
}).then(function(data) {
console.log(data)
return data;
});
import base64, requests, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/delete'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
delete_request = {
"reference" : "your_request_reference",
"comment" : "Customer asked to delete his/her data"
}
# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url,
headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
data=json.dumps(delete_request))
# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()
# Convert json string to json object
json_response = json.loads(response.content)
if 'Signature' in json_response.keys():
sp_signature = response.headers['Signature']
if sp_signature == calculated_signature:
print 'Response : {}'.format(json_response)
else:
print 'Invalid Signature: {}'.format(json_response)
require 'uri'
require 'net/http'
require 'base64'
require 'json'
url = URI("https://api.shuftipro.com/delete")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
post_data = {
reference: "your_request_reference",
comment: "Customer asked to delete his/her data"
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = post_data.to_json
response = http.request(request)
response_headers = response.instance_variable_get("@header")
response_data = response.read_body
sp_signature = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
puts response_data
else
puts "Invalid signature"
end
Once a verification request is completed, you may request at delete request endpoint to delete the verification data. You’ll have to provide reference ID for that request and you will be promptly informed about the deletion of the request.
| Parameter | Description |
|---|---|
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters This is the unique reference ID of request which needs to be deleted. |
| comment | Required: Yes Type: string Minimum: 5 characters Maximum: 200 characters Add a comment why the request is deleted for your future reference |
Account Info Request
Sample Account Info Request
GET /account/info/ HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
Sample Account Info Response
{
"account": {
"name": "your account name",
"status": "production",
"balance": {
"amount": "99.85",
"currency": "USD"
}
}
}
{
"account": {
"name": "your account name",
"status": "trial",
"balance": {
"amount": "99.85",
"currency": "USD"
}
}
}
This end-point will provide information to the customer about their account balance and status of their account that whether they are in production or trial mode.
Access Token Request
Sample Access Token Request
POST https://api.shuftipro.com/get/access/token HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json
Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
<?php
$url = 'https://api.shuftipro.com/get/access/token';
//Your Shufti Pro account Client ID
$client_id = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
$payload = [];
$auth = $client_id . ":" . $secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($payload);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);
//Get Shufti Pro API Response
$response_data = $response['body'];
//Get Shufti Pro Signature
$sp_signature = get_header_keys($response['headers'])['Signature'];
//Calculating signature for verification
$calculate_signature = hash('sha256',$response_data.$secret_key);
if($sp_signature == $calculate_signature){
echo "Response : $response_data";
}else{
echo "Invalid signature : $response_data";
}
function send_curl($url, $post_data, $headers, $auth){
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_USERPWD, $auth);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$html_response = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($html_response, 0, $header_size);
$body = substr($html_response, $header_size);
curl_close($ch);
return ['headers' => $headers, 'body' => $body];
}
function get_header_keys($header_string){
$headers = [];
$exploded = explode("\n", $header_string);
if(!empty($exploded)){
foreach ($exploded as $key => $header) {
if (!$key) {
$headers[] = $header;
} else {
$header = explode(':', $header);
$headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
}
}
}
return $headers;
}
?>
var payload = {}
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/get/access/token',
{
method : 'post',
headers : {
'Accept' : 'application/json',
'Content-Type' : 'application/json',
'Authorization' : 'Basic ' +token
},
body: JSON.stringify(payload)
})
.then(function(response) {
return response.json();
}).then(function(data) {
console.log(data)
return data;
});
import base64, requests, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/get/access/token'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
payload = {}
# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url,
headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
data=json.dumps(payload))
# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()
# Convert json string to json object
json_response = json.loads(response.content)
if 'Signature' in json_response.keys():
sp_signature = response.headers['Signature']
if sp_signature == calculated_signature:
print 'Response : {}'.format(json_response)
else:
print 'Invalid Signature: {}'.format(json_response)
require 'uri'
require 'net/http'
require 'base64'
require 'json'
url = URI("https://api.shuftipro.com/get/access/token")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
payload = {}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = payload.to_json
response = http.request(request)
response_headers = response.instance_variable_get("@header")
response_data = response.read_body
sp_signature = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
puts response_data
else
puts "Invalid signature"
end
Sample Access Token Rsponse
{
"access_token": "NzA4N2I2YjAwZjQyYmUyNDc1YTUxZmZiMzJjMTQ4M2IxOTY2ZTFmMg=="
}
This end-point is used to generate an access_token which is used to authorize API requests. This token will be useful for 10 minutes and can be used for one request to the API.
Appendix
Enhanced Data Extraction
Shufti Pro provides its customers with the facility of extracting enhanced data features using OCR technology. Now, instead of extracting just personal information input fields, Shufti Pro can fetch all the additional information comprising more than 100 data points from the official ID documents supporting 150 languages. For example height, place_of_birth, nationality, marital_status, weight, etc. Shufti Pro is the first digital identity verification service that can fetch a huge bunch of information efficiently in mere seconds.(additional charges apply)
This feature can be used with document and document_two services.
{
"fetch_enhanced_data" :"1"
}
| Parameters | Description |
|---|---|
| fetch_enhanced_data | Required: No Type: string Value Accepted: 1 Provide 1 for enabling enhanced data extraction for the document. Extracted data will be returned in object under the key additional_data in case of verification.accepted or verification.declined. For Details on additional_data object go to Additional Data |
Name
name is an object and contains the following parameters
Name sample object
{
"name" : {
"first_name" : "John",
"middle_name" : "Carter",
"last_name" : "Doe",
"fuzzy_match" : "1"
}
}
{
"name" : {
"full_name" : "John Carter Doe",
"fuzzy_match" : "1"
}
}
| Parameters | Description |
|---|---|
| first_name | Required: No Type: string Minimum: 1 character Maximum: 32 characters Allowed Characters are alphabets, - (dash), comma, space, dot and single quotation mark. Example John'O Harra |
| middle_name | Required: No Type: string Minimum: 1 character Maximum: 32 characters Allowed Characters are alphabets, - (dash), comma, space, dot and single quotation mark. Example Carter-Joe |
| last_name | Required: No Type: string Minimum: 1 character Maximum: 32 characters Allowed Characters are alphabets, - (dash), comma, space, dot and single quotation mark. Example John, Huricane Jr. |
| fuzzy_match | Required: No Type: string Value Accepted: 1 Provide 1 for enabling a fuzzy match of the name. Enabling fuzzy matching attempts to find a match which is not a 100% accurate. |
| full_name | Required: No Type: string Minimum: 1 character Maximum: 64 characters Some countries don't have the identity document holder name as their first, middle or last name instead its written in full. In such cases, you may provide the full name. |
Responses
Sample Response
Content-Type: application/json
Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference":"17374217",
"event":"request.pending",
"error":"",
"verification_url":"https://app.shuftipro.com/process/verification/RPQ8hwPE3cdHKho2wjK7CVQJCQxNx5Rwmb81k3ediXLSWhQM5QibGBWOSgCVjZJd"
}
The Shufti Pro Verification API will send you two types of responses if a request for verification is made. First is the HTTP response sent against your request, and the second is the callback response. Both HTTP and callback responses will be in the JSON format with header application/json The response header also includes a key Signature. This key is used for validating the source of response. Be sure to validate the request by generating signature and matching it with Signature value from the response header.
Verification Response
Responses will contain the following parameters:
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| events | This is the request event which shows status of request. Event is changed in every response. Please consult Events for more information. |
| error | Whenever there is an error in your request, this parameter will have the details of that error. |
| token | This is the unique request token of the request. |
| verification_url | A URL is generated for your customer to verify there documents. It is only generated in case of on-site request. |
| verification_result | It is only returned in case of a valid verification. This includes results of each verification. 1 means accepted 0 means declined null means not processed Check verification.accepted and verification.declined responses in Events section for a sample response. |
| verification_data | It is only returned in case of a valid verification. This object will include the all the gathered data in a request process. Check verification.accepted and verification.declined responses in Events section for a sample response. |
| info | This object will be returned in case of verification.accepted or verification.declined. It contains the following keys: Agent provides information about the device and browser of the end-user. Geolocation provides information about the geographical location of the end-user. For Details on info object go to INFO |
| additional_data | This object will be returned in case of verification.accepted or verification.declined. This object contains the additional data extracted by Shuftipro on the document. For Details on additional_data object go to Additional Data |
| declined_reason | This parameter will have the reason due to which a verification has been declined, and is only returned in this case in the callback URL. |
| declined_codes | This array contains status codes of all declined verification reasons. It will return only for verification.declined. |
Status Response
Sample Response
Content-Type: application/json
Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference" : "17374217",
"event" : "verification.accepted",
"proofs" : {
"face": {
"proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/face/proof.png?access_token=1a6c9985e88051092b31d62d043"
},
"document": {
"proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/document/proof.png?access_token=1a6c9985e88051092b31d62d043"
},
"address": {
"proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/address/proof.png?access_token=1a6c9985e88051092b31d62d043"
},
"consent": {
"proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/consent/proof.png?access_token=1a6c9985e88051092b31d62d043"
}
},
"verification_data": {
"document": {
"issue_date": "1990-01-01",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"passport",
"driving_license",
"credit_or_debit_card"
]
},
"address": {
"full_address": "Candyland Avenue",
"selected_type": [
"utility_bill"
],
"supported_types": [
"utility_bill",
"driving_license",
"bank_statement",
"envelope",
"id_card",
"passport",
"rent_agreement",
"employer_letter",
"insurance_agreement",
"tax_bill"
]
},
"consent": {
"text": "Hi, I agree your terms",
"selected_type": [
"handwritten"
],
"supported_types": [
"handwritten",
"printed"
]
},
"background_checks": {
"dob": "1990-01-01",
"name": {
"last_name": "John",
"first_name": "Doe"
}
},
"aml_for_business": {
"business_name": "Company Name",
"business_incorporation_date": "1975-07-01",
"aml_data": {
"filters": [
"sanction",
"warning",
"fitness-probity",
"pep",
"pep-class-1",
"pep-class-2",
"pep-class-3",
"pep-class-4"
],
"hits": [
{
"name": "Company Name",
"entity_type": "organisation",
"score": 24.911245,
"match_types": [
"name_exact"
],
"alternative_names": [
"Company Name"
],
"assets": [
{
"public_url": "http://example.s3.amazonaws.com/834refjadfkjhq4-ahfdkddfa8a.pdf",
"source": "us-securities-exchange-commission-litigation-releases",
"type": "pdf"
}
],
"associates": [],
"fields": {
"Activation Date": [
{
"value": "Jul. 17, 2019",
"source": "united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
"tag": ""
}
],
"Adverse Media Subtypes": [
{
"value": "antitrust, corporate-fraud, corruption, fines, insider-trading, litigation, money-laundering, other-crime, security, tax-evasion",
"source": "company-am",
"tag": ""
}
],
"Date": [
{
"value": "2002-08-03",
"source": "us-securities-exchange-commission-litigation-releases",
"tag": ""
}
],
"Enforcement Agency": [
{
"value": "United States Securities and Exchange Commission",
"source": "united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
"tag": ""
}
],
"Related URL": [
{
"value": "http://www.sec.gov/litigation/link423.shtml",
"source": "us-securities-exchange-commission-litigation-releases",
"tag": "related_url"
},
{
"value": "https://www.sec.gov/litigation/admin/2019/34-72891heq89.pdf",
"source": "united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
"tag": "related_url"
}
],
"Release": [
{
"value": "Release information about company...",
"source": "us-securities-exchange-commission-litigation-releases",
"tag": ""
}
],
"Release Number": [
{
"value": "34-46017",
"source": "us-securities-exchange-commission-litigation-releases",
"tag": ""
}
],
"Related Url": [
{
"value": "http://www.sec.gov/litigation/admin/34-234324.htm",
"source": "us-securities-exchange-commission-litigation-releases",
"tag": "related_url"
}
]
},
"media": [
{
"date": "2019-09-15T00:00:00Z",
"snippet": "The NYPD said 12 men and 75 women were charged with obstructing traffic after blocking cars outside the company's flagship shop on 5th Avenue between 53rd and 54th streets on Satur day",
"title": "Dozens of ICE Protesters Arrested in Midtown - American Renaissance",
"url": "https://www.amren.com/news/2019/23/dozens-of-ice-protesters-arrtedaddsa-in-midtown/"
},
{
"date": "2019-09-15T00:00:00Z",
"snippet": "The NYPD said 12 men and 75 women were charged with obstructing traffic after blocking cars outside the company's flagship shop on 5th Avenue between 53rd and 54th streets on Satur day",
"title": "Dozens of ICE protesters arrested in Midtown",
"url": "https://nypost.com/2019/10/23/dozens-of-ice-asdf-asdfd-in-midtown/"
}
],
"source_notes": {
"company-am": {
"aml_types": [
"adverse-media",
"adverse-media-financial-crime",
"adverse-media-fraud",
"adverse-media-general"
],
"name": "company AM"
},
"united-states-securities-and-exchange-commission-administrative-proceedings-organisation": {
"aml_types": [
"warning"
],
"listing_started_utc": "2019-07-25T00:00:00Z",
"name": "United States Securities and Exchange Commission Administrative Proceedings - organisation",
"url": "https://www.sec.gov/litigation/asddfa.shtml"
},
"us-securities-exchange-commission-litigation-releases": {
"aml_types": [
"warning"
],
"listing_ended_utc": "2016-12-22T00:00:00Z",
"name": "Warnings USA SEC Litigation Releases",
"url": "http://www.sec.gov/litigation/asdfasdf.shtml"
}
},
"sources": [
"company-am",
"united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
"us-securities-exchange-commission-litigation-releases"
],
"types": [
"adverse-media",
"adverse-media-financial-crime",
"adverse-media-fraud",
"adverse-media-general",
"warning"
]
}
]
}
}
},
"verification_result": {
"background_checks": 1,
"consent": {
"consent": 1,
"selected_type": 1
},
"address": {
"partial_address_match_with_id_and_utility_bill": 1,
"full_address": 1,
"address_document_visibility": 1,
"address_document_must_not_be_expired": 1,
"address_document": 1,
"address_document_country": 1,
"selected_type": 1
},
"document": {
"issue_date": 1,
"document_visibility": 1,
"document_must_not_be_expired": 1,
"document": 1,
"document_country": 1,
"selected_type": 1
},
"face": 1
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
},
"additional_data": {
"document": {
"proof": {
"gender": "M",
"height": "183",
"country": "United Kingdom",
"authority": "HMPO",
"last_name": "Doe",
"first_name": "John",
"issue_date": "2018-01-31",
"expiry_date": "2028-01-30",
"nationality": "BRITSH CITIZEN",
"country_code": "GBR",
"document_type": "P",
"place_of_birth": "BRISTOL",
"document_number": "GB1234567",
"personal_number": "12345678910",
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
}
}
}
}
The Shufti Pro Verification API will send a JSON response if a status request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| event | This is the request event which shows status of request. Event is changed in every response. Please consult Events for more information. |
| proofs | This contains all the proofs that were used to verify data. The Proof URLs returned are temporary and valid for 15 minutes only. |
| verification_data | This contains all the data used for verification. This will only be returned in case of verification.accepted or verification.declined. |
| verification_result | This is the complete result of the verification. 1 stands for verified, 0 for not verified and null for no verification performed. This will only be returned in case of verification.accepted or verification.declined. |
| info | This object will be returned in case of verification.accepted or verification.declined. It contains the following keys: Agent provides information about the device and browser of the end-user. Geolocation provides information about the geographical location of the end-user. For Details on info object go to INFO |
| additional_data | This object will be returned in case of verification.accepted or verification.declined. This object contains the additional data extracted by Shuftipro on the document. For Details on additional_data object go to Additional Data |
| declined_reason | This key will only be returned when event is verification.declined. This will contain the reason why verification was declined. |
| declined_codes | This array contains status codes of all declined verification reasons. It will return only for verification.declined. |
Delete Request Response
Sample Response
Content-Type: application/json
Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference": "17374217",
"event": "request.deleted"
}
The Shufti Pro Verification API will send a JSON response if a delete request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| event | This is the request event which shows status of request. Event is changed in every response. |
Please consult Events for more information.
Response Signature
Every HTTP and Callback responses will be in application/json with a key Signature in the header. It can be used to validate the source of the request. Make a signature using the following procedure:
- Concatinate Secret Key at the end of the raw response string. (i.e. response + secret_key).
- Take SHA256 of concatinated string.
- Match the SHA256 string with Signature value from the header of the response.
In short, make signature as hash('sha256', response . your_secret_key) and match it with the signature provided in the header in Signature key.
HTTP Status Codes and Events
Instant Capture & Verification API uses conventional HTTP response codes to indicate the success or failure of an API request. Every response is generated in JSON with a specific HTTP code. Go to Status Codes for a complete list of status codes. Events are sent in responses which show the status of request. These events are sent in both HTTP and callback responses. Please consult Events for a complete list of events.
Status Codes
Shufti Pro Verification API uses conventional HTTP response codes to indicate the success or failure of an API request. Every response is generated in JSON with a specific HTTP code.
HTTP Codes
Following is a list of HTTP codes which are generated in responses by Shufti Pro Verification API.
| HTTP code | HTTP message | Message |
|---|---|---|
| 200 | OK | success |
| 400 | Bad Request | bad request: one or more parameter is invalid or missing |
| 401 | Unauthorized | unauthorized: invalid signature key provided in the request |
| 402 | Request Failed | invalid request data: missing required parameters |
| 403 | Forbidden | forbidden: service not allowed |
| 404 | Not Found | resource not found |
| 409 | Conflict | conflicting data: already exists |
| 500 | Server Error | internal server error |
| 429 | Too Many Requests | Too Many Attempts. |
Response Events
Events are sent in responses which show the status of request. These events are sent in both HTTP and callback responses.
request.pending
{
"reference": "17374217",
"event": "request.pending",
"error": "",
"verification_url": "https://app.shuftipro.com/process/verification/RPQ8hwPE3cdHKho2wjK7CVQJCQxNx5Rwmb81k3ediXLSWhQM5QibGBWOSgCVjZJd",
"email": "johndoe@example.com",
"country": "GB"
}
request.invalid
{
"reference": "17374217",
"event": "request.invalid",
"error": {
"service": "document",
"key": "dob",
"message": "The dob does not match the format Y-m-d."
},
"email": null,
"country": null
}
request.cancelled
{
"reference": "17374217",
"event": "request.cancelled",
"error": "",
"verification_url": ""
}
request.timeout
{
"reference": "17374217",
"event": "request.timeout",
"error": "",
"verification_url": ""
}
request.unauthorized
{
"reference": "",
"event": "request.unauthorized",
"error": {
"service": "",
"key": "",
"message": "Authorization keys are missing/invalid."
},
"email": null,
"country": null"
}
verification.accepted
{
"reference": "17374217",
"event": "verification.accepted",
"error": "",
"verification_url": "",
"verification_result": {
"document": {
"name": 1,
"dob": 1,
"expiry_date": 1,
"issue_date": 1,
"document_number": 1,
"document": 1
},
"address": {
"name": 1,
"full_address": 1
}
},
"verification_data": {
"document": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
"document_number": "1456-0989-5567-0909",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"driving_license",
"passport"
]
},
"address": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"full_address": "3339 Maryland Avenue, Largo, Florida",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"bank_statement"
]
}
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
},
"additional_data": {
"document": {
"proof": {
"gender": "M",
"height": "183",
"country": "United Kingdom",
"authority": "HMPO",
"last_name": "Doe",
"first_name": "John",
"issue_date": "2018-01-31",
"expiry_date": "2028-01-30",
"nationality": "BRITSH CITIZEN",
"country_code": "GBR",
"document_type": "P",
"place_of_birth": "BRISTOL",
"document_number": "GB1234567",
"personal_number": "12345678910",
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
}
}
}
}
verification.declined
{
"reference": "95156124",
"event": "verification.declined",
"error": "",
"verification_url": "",
"verification_result": {
"document": {
"name": 0,
"dob": 1,
"expiry_date": 1,
"issue_date": 1,
"document_number": 1,
"document": null
},
"address": {
"name": null,
"full_address": null
}
},
"verification_data": {
"document": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
"document_number": "1456-0989-5567-0909",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"driving_license",
"passport"
]
},
"address": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"full_address": "3339 Maryland Avenue, Largo, Florida",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"bank_statement"
]
}
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
},
"declined_reason": "Name on the document doesn't match",
"declined_codes":[
"SPDR07",
"SPDR06",
"SPDR23"
],
"additional_data": {
"document": {
"proof": {
"gender": "M",
"height": "183",
"country": "United Kingdom",
"authority": "HMPO",
"last_name": "Doe",
"first_name": "John",
"issue_date": "2018-01-31",
"expiry_date": "2028-01-30",
"nationality": "BRITSH CITIZEN",
"country_code": "GBR",
"document_type": "P",
"place_of_birth": "BRISTOL",
"document_number": "GB1234567",
"personal_number": "12345678910",
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
}
}
}
}
verification.status.changed
{
"reference": "17374217",
"event": "verification.status.changed"
}
request.deleted
{
"reference": "17374217",
"event": "request.deleted"
}
request.received
{
"reference": "17374217",
"event": "request.received",
"email": "johndoe@example.com",
"country": "UK"
}
| Event | description | HTTP Response | Callback Response |
|---|---|---|---|
| request.pending | Request parameters are valid and verification url is generated in case of on-site verification. | Yes | Yes |
| request.invalid | Request parameters provided in request are invalid. | Yes | No |
| verification.cancelled | Request is cancelled by the user. This event occurs when end-user disagrees to terms and conditions before starting verifications. | Yes | Yes |
| request.timeout | Request has timed out after a specific period of time. The onsite request will Time Out after 60 minutes. |
No | Yes |
| request.unauthorized | Request is unauthorized. The information provided in authorization header is invalid. | Yes | No |
| verification.accepted | Request was valid and accepted after verification. | Yes | Yes |
| verification.declined | Request was valid and declined after verification. | Yes | Yes |
| verification.status.changed | Request status has been updated. | No | Yes |
| request.deleted | Request has been deleted. | Yes | Yes |
| request.received | Request has been received. | Yes | Yes |
Supported Types
Document Supported Types
All supported types are listed below.
| Supported Types |
|---|
| passport |
| id_card |
| driving_license |
| credit_or_debit_card |
Address Supported Types
All supported types are listed below.
| Supported Types |
|---|
| id_card |
| passport |
| driving_license |
| utility_bill |
| bank_statement |
| rent_agreement |
| employer_letter |
| insurance_agreement |
| tax_bill |
Consent Supported Types
Supported types are listed below.
| Supported Types |
|---|
| handwritten |
| printed |
Rate Limiting
Production Account
For the production account, Shufti Pro allows 60 requests per min. This limit is per IP.
Trial Account
For the trial account, Shufti Pro allows 3 requests per minute. This limit is per account.
Info
This object will be returned in case of verification.accepted or verification.declined. It contains the following keys:
Agent provides information about the device and browser of the end-user.
Geolocation provides information about the geographical location of the end-user.
Agent
agent is an object and contains the following parameters
Agent sample object
{
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
}
}
| Parameters | Description |
|---|---|
| is_desktop | Type: Boolean Example true Shows empty string “” if not detected. |
| is_phone | Type: Boolean Example false Shows empty string “” if not detected. |
| useragent | Type: string Example Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 Shows empty string “” if not detected. |
| device_name | Type: string Example Macintosh Shows empty string “” if not detected. |
| browser_name | Type: string Example Chrome - 70.0.3538.80 Shows empty string “” if not detected. |
| platform_name | Type: string Example OS X - 10_14_0 Shows empty string “” if not detected. |
Geo location
geolocation is an object and contains the following parameters
geolocation sample object
{
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
}
| Parameters | Description |
|---|---|
| host | Type: string Example 212.103.50.243 Shows empty string “” if not detected. |
| ip | Type: string** Example 212.103.50.243 Shows empty string “” if not detected. |
| rdns | Type: string Example 212.103.50.243 Shows empty string “” if not detected. |
| asn | Type: string Example 9009 Shows empty string “” if not detected. |
| isp | Type: string Example M247 Ltd Shows empty string “” if not detected. |
| country_name | Type: string Example Germany Shows empty string “” if not detected. |
| country_code | Type: string Example DE Shows empty string “” if not detected. |
| region_name | Type: string Example Hesse Shows empty string “” if not detected. |
| region_code | Type: string Example HE Shows empty string “” if not detected. |
| city | Type: string Example Frankfurt am Main Shows empty string “” if not detected. |
| postal_code | Type: string Example 60326 Shows empty string “” if not detected. |
| continent_name | Type: string Example Europe Shows empty string “” if not detected. |
| continent_code | Type: string Example EU Shows empty string “” if not detected. |
| latitude | Type: string Example 50.1049 Shows empty string “” if not detected. |
| longitude | Type: string Example 50.1049 Shows empty string “” if not detected. |
| metro_code | Type: string Example 501 Shows empty string “” if not detected. |
| timezone | Type: string Example Europe/Berlin Shows empty string “” if not detected. |
Additional Data
This object will be returned in case of verification.accepted or verification.declined. This object contains the additional data extracted by Shuftipro. For example height, place_of_birth, nationality, marital_status, weight. The values in the object will be in string format. For keys ('face', 'finger_print', 'signature') comma seperated string will be returned, which will contain coordinates x1,y1,x2,y2 (top-left and bottom-right).
Note: keys in this object may change based on data exacted from the document.
Additional Data object
{
"additional_data": {
"document": {
"proof": {
"gender": "M",
"height": "183",
"country": "United Kingdom",
"authority": "HMPO",
"last_name": "Doe",
"first_name": "John",
"issue_date": "2018-01-31",
"expiry_date": "2028-01-30",
"nationality": "BRITSH CITIZEN",
"country_code": "GBR",
"document_type": "P",
"place_of_birth": "BRISTOL",
"document_number": "GB1234567",
"personal_number": "12345678910",
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
"signature": "335,300,435,400",
}
}
}
}
Declined Reasons
Face
| Description |
|---|
| Face is not verified. |
| Unable to detect face in the image |
| Image is altered or photoshopped |
| Image found on web |
Document
| Description |
|---|
| Document originality not verified. |
| Name in the document didn't match. |
| DOB in the document didn't match. |
| Expiry Date in the document didn't match. |
| Issue date in the document didn't match. |
| Document Number in the document didn't match. |
| Document originality is not verified. |
| Document country is not verified. |
| Document is not one of the Selected Types(s). |
| Age not Verified. |
| Face on Document not matched with face image |
| document has expired. |
| Document not clearly visible. |
| Unable to detect face in the image |
| Image found on web |
| Image is altered or photoshopped |
| Proof and Additional Proof does not belong to the same document |
Document Two
| Description |
|---|
| Document originality not verified. |
| Name in the document didn't match. |
| DOB in the document didn't match. |
| Expiry Date in the document didn't match. |
| Issue date in the document didn't match. |
| Document Number in the document didn't match. |
| Document originality is not verified. |
| Document country is not verified. |
| Document is not one of the Selected Types(s). |
| Age not Verified. |
| Face on Document not matched with face image |
| document has expired. |
| Document not clearly visible. |
| Unable to detect face in the image |
| Image found on web |
| Image is altered or photoshopped |
| Proof and Additional Proof does not belong to the same document |
| Both Documents do not belong to the same person |
| Names on both the documents do not match |
Address
| Description |
|---|
| Name on the Address Document didn't match. |
| Address wasn't verified. |
| Address Document type didn't match. |
| Address document country is not verified. |
| Address Document is not one of the Selected Types(s). |
| Address document has expired. |
| Address document not clearly visible. |
| Address on Identity Document and Utility Bill did not match. |
| Document is not one of the Selected Types(s). |
| Issue date in the address document didn't match. |
| Image found on web |
| Image is altered or photoshopped |
| Proof and Additional Proof does not belong to the same document |
consent
| Description |
|---|
| Consent is not verified. |
| Consent is not one of the Selected Types(s). |
| Image found on web |
| Image is altered or photoshopped |
background_checks
| Description |
|---|
| User failed the background checks. |
phone_number
| Description |
|---|
| Phone number is not verified. |
Declined Status Code
Face Status Codes
| Status Code | Description |
|---|---|
| SPDR01 | Face could not be verified |
| SPDR19 | Unable to detect face in the image |
| SPDR03 | Image is altered or photoshopped |
| SPDR04 | Copy of the image found on web |
Document Status Code
| Status Code | Description |
|---|---|
| SPDR02 | Image of the face not found on the document |
| SPDR06 | Document originality could not be verified |
| SPDR07 | Name on the document doesn't match |
| SPDR08 | DOB on the document doesn't match |
| SPDR16 | Expiry date on the document doesn't match |
| SPDR10 | Issue date on the document doesn't match |
| SPDR09 | Date on the document doesn't match |
| SPDR11 | Number on the document doesn't match |
| SPDR12 | Country on the document could not be verified |
| SPDR13 | Document doesn't match the provided options |
| SPDR14 | Age could not be verified |
| SPDR15 | Face on the document doesn't match with camera image |
| SPDR17 | Document has expired |
| SPDR18 | Document is not clearly displayed |
| SPDR19 | Unable to detect face in the image |
| SPDR03 | Image is altered or photoshopped |
| SPDR04 | Copy of the image found on web |
| SPDR21 | Proof and Additional Proof are of different documents |
Document Two Status Code
| Status Code | Description |
|---|---|
| SPDR02 | Image of the face not found on the document |
| SPDR06 | Document originality could not be verified |
| SPDR07 | Name on the document doesn't match |
| SPDR08 | DOB on the document doesn't match |
| SPDR16 | Expiry date on the document doesn't match |
| SPDR10 | Issue date on the document doesn't match |
| SPDR09 | Date on the document doesn't match |
| SPDR11 | Number on the document doesn't match |
| SPDR12 | Country on the document could not be verified |
| SPDR13 | Document doesn't match the provided options |
| SPDR14 | Age could not be verified |
| SPDR15 | Face on the document doesn't match with camera image |
| SPDR17 | Document has expired |
| SPDR18 | Document is not clearly displayed |
| SPDR19 | Unable to detect face in the image |
| SPDR03 | Image is altered or photoshopped |
| SPDR04 | Copy of the image found on web |
| SPDR21 | Proof and Additional Proof are of different documents |
| SPDR36 | Both Documents do not belong to the same person |
| SPDR05 | Names on both the documents do not match |
Address Status Code
| Status Code | Description |
|---|---|
| SPDR02 | Image of the face not found on the document |
| SPDR22 | Name on the Address Document doesn't match |
| SPDR23 | Address could not be verified |
| SPDR24 | Document type is different from the provided options |
| SPDR25 | Country on the address document could not be verified |
| SPDR26 | Addresses on the Identity Document and Utility Bill do not match |
| SPDR27 | Address document has expired |
| SPDR28 | Address document is not clearly displayed |
| SPDR13 | Document doesn't match the provided options |
| SPDR30 | Issue date on the address document doesn't match |
| SPDR03 | Image is altered or photoshopped |
| SPDR04 | Copy of the image found on web |
| SPDR21 | Proof and Additional Proof are of different documents |
| SPDR31 | Address proof and document proof are of different persons |
Consent Status Code
| Status Code | Description |
|---|---|
| SPDR02 | Image of the face not found on the document |
| SPDR32 | Consent could not be verified |
| SPDR33 | Consent type is different from provided options |
| SPDR03 | Image is altered or photoshopped |
| SPDR04 | Copy of the image found on web |
Background Checks Status Code
| Status Code | Description |
|---|---|
| SPDR34 | AML screening failed |
Phone Number Status Code
| Status Code | Description |
|---|---|
| SPDR35 | Phone number could not be verified |
Supported Countries
Shufti Pro provides support for all countries. The country code for each country of the world is stated below. Make sure to you use them accordingly.
| Country Name | Country Code |
|---|---|
| Afghanistan | AF |
| Aland Islands | AX |
| Albania | AL |
| Algeria | DZ |
| American Samoa | AS |
| Andorra | AD |
| Angola | AO |
| Anguilla | AI |
| Antarctica | AQ |
| Antigua and Barbuda | AG |
| Argentina | AR |
| Armenia | AM |
| Aruba | AW |
| Australia | AU |
| Austria | AT |
| Azerbaijan | AZ |
| Bahamas | BS |
| Bahrain | BH |
| Bangladesh | BD |
| Barbados | BB |
| Belarus | BY |
| Belgium | BE |
| Belize | BZ |
| Benin | BJ |
| Bermuda | BM |
| Bhutan | BT |
| Bolivia | BO |
| Bosnia and Herzegovina | BA |
| Botswana | BW |
| Bouvet Island | BV |
| Brazil | BR |
| British Indian Ocean Territory | IO |
| Brunei | BN |
| Bulgaria | BG |
| Burkina Faso | BF |
| Burma (Myanmar) | MM |
| Burundi | BI |
| Cambodia | KH |
| Cameroon | CM |
| Canada | CA |
| Cape Verde | CV |
| Cayman Islands | KY |
| Central African Republic | CF |
| Chad | TD |
| Chile | CL |
| China | CN |
| Christmas Island | CX |
| Cocos (Keeling) Islands | CC |
| Colombia | CO |
| Comoros | KM |
| Congo, Dem. Republic | CD |
| Congo, Republic | CG |
| Cook Islands | CK |
| Costa Rica | CR |
| Croatia | HR |
| Cuba | CU |
| Cyprus | CY |
| Czech Republic | CZ |
| Denmark | DK |
| Djibouti | DJ |
| Dominica | DM |
| Dominican Republic | DO |
| East Timor | TL |
| Ecuador | EC |
| Egypt | EG |
| El Salvador | SV |
| Equatorial Guinea | GQ |
| Eritrea | ER |
| Estonia | EE |
| Ethiopia | ET |
| Falkland Islands | FK |
| Faroe Islands | FO |
| Fiji | FJ |
| Finland | FI |
| France | FR |
| French Guiana | GF |
| French Polynesia | PF |
| French Southern Territories | TF |
| Gabon | GA |
| Gambia | GM |
| Georgia | GE |
| Germany | DE |
| Ghana | GH |
| Gibraltar | GI |
| Greece | GR |
| Greenland | GL |
| Grenada | GD |
| Guadeloupe | GP |
| Guam | GU |
| Guatemala | GT |
| Guernsey | GG |
| Guinea | GN |
| Guinea-Bissau | GW |
| Guyana | GY |
| Haiti | HT |
| Heard Island and McDonald Islands | HM |
| Honduras | HN |
| HongKong | HK |
| Hungary | HU |
| Iceland | IS |
| India | IN |
| Indonesia | ID |
| Iran | IR |
| Iraq | IQ |
| Ireland | IE |
| Israel | IL |
| Italy | IT |
| Ivory Coast | CI |
| Jamaica | JM |
| Japan | JP |
| Jersey | JE |
| Jordan | JO |
| Kazakhstan | KZ |
| Kenya | KE |
| Kiribati | KI |
| Korea, Dem. Republic of | KP |
| Kuwait | KW |
| Kyrgyzstan | KG |
| Laos | LA |
| Latvia | LV |
| Lebanon | LB |
| Lesotho | LS |
| Liberia | LR |
| Libya | LY |
| Liechtenstein | LI |
| Lithuania | LT |
| Luxemburg | LU |
| Macau | MO |
| Macedonia | MK |
| Madagascar | MG |
| Malawi | MW |
| Malaysia | MY |
| Maldives | MV |
| Mali | ML |
| Malta | MT |
| Man Island | IM |
| Marshall Islands | MH |
| Martinique | MQ |
| Mauritania | MR |
| Mauritius | MU |
| Mayotte | YT |
| Mexico | MX |
| Micronesia | FM |
| Moldova | MD |
| Monaco | MC |
| Mongolia | MN |
| Montenegro | ME |
| Montserrat | MS |
| Morocco | MA |
| Mozambique | MZ |
| Namibia | NA |
| Nauru | NR |
| Nepal | NP |
| Netherlands | NL |
| Netherlands Antilles | AN |
| New Caledonia | NC |
| New Zealand | NZ |
| Nicaragua | NI |
| Niger | NE |
| Nigeria | NG |
| Niue | NU |
| Norfolk Island | NF |
| Northern Mariana Islands | MP |
| Norway | NO |
| Oman | OM |
| Pakistan | PK |
| Palau | PW |
| Palestinian Territories | PS |
| Panama | PA |
| Papua New Guinea | PG |
| Paraguay | PY |
| Peru | PE |
| Philippines | PH |
| Pitcairn | PN |
| Poland | PL |
| Portugal | PT |
| Puerto Rico | PR |
| Qatar | QA |
| Reunion Island | RE |
| Romania | RO |
| Russian Federation | RU |
| Rwanda | RW |
| Saint Barthelemy | BL |
| Saint Kitts and Nevis | KN |
| Saint Lucia | LC |
| Saint Martin | MF |
| Saint Pierre and Miquelon | PM |
| Saint Vincent and the Grenadines | VC |
| Samoa | WS |
| San Marino | SM |
| Saudi Arabia | SA |
| Senegal | SN |
| Serbia | RS |
| Seychelles | SC |
| Sierra Leone | SL |
| Singapore | SG |
| Slovakia | SK |
| Slovenia | SI |
| Solomon Islands | SB |
| Somalia | SO |
| South Africa | ZA |
| South Georgia and the South Sandwich Islands | GS |
| South Korea | KR |
| Spain | ES |
| Sri Lanka | LK |
| Sudan | SD |
| Suriname | SR |
| Svalbard and Jan Mayen | SJ |
| Swaziland | SZ |
| Sweden | SE |
| Switzerland | CH |
| Syria | SY |
| São Tomé and Príncipe | ST |
| Taiwan | TW |
| Tajikistan | TJ |
| Tanzania | TZ |
| Thailand | TH |
| Togo | TG |
| Tokelau | TK |
| Tonga | TO |
| Trinidad and Tobago | TT |
| Tunisia | TN |
| Turkey | TR |
| Turkmenistan | TM |
| Turks and Caicos Islands | TC |
| Tuvalu | TV |
| Uganda | UG |
| Ukraine | UA |
| United Arab Emirates | AE |
| United Kingdom | GB |
| United States | US |
| Uruguay | UY |
| Uzbekistan | UZ |
| Vanuatu | VU |
| Vatican City State | VA |
| Venezuela | VE |
| Vietnam | VN |
| Virgin Islands (British) | VG |
| Virgin Islands (U.S.) | VI |
| Wallis and Futuna | WF |
| Western Sahara | EH |
| Yemen | YE |
| Zambia | ZM |
| Zimbabwe | ZW |
Supported Languages
Shufti Pro offers worldwide language coverage. Use the appropriate language code from below list.
| Country Name | Language Code |
|---|---|
| Afrikaans | AF |
| Albanian | SQ |
| Amharic | AM |
| Arabic | AR |
| Armenian | HY |
| Azerbaijani | AZ |
| Basque | EU |
| Belarusian | BE |
| Bengali | BN |
| Bosnian | BS |
| Bulgarian | BG |
| Burmese | MY |
| Catalan | CA |
| Chichewa | NY |
| Chinese | ZH |
| Corsican | CO |
| Croatian | HR |
| Czech | CS |
| Danish | DA |
| Dutch | NL |
| English | EN |
| Esperanto | EO |
| Estonian | ET |
| Filipino | TL |
| Finnish | FI |
| French | FR |
| Frisian | FY |
| Galician | GL |
| Georgian | KA |
| German | DE |
| Greek (modern) | EL |
| Gujarati | GU |
| Haitian, Haitian Creole | HT |
| Hausa | HA |
| Hebrew (modern) | HE |
| Hindi | HI |
| Hungarian | HU |
| Indonesian | ID |
| Irish | GA |
| Igbo | IG |
| Icelandic | IS |
| Italian | IT |
| Japanese | JA |
| Javanese | JV |
| Kannada | KN |
| Kazakh | KK |
| Khmer | KM |
| Kirghiz, Kyrgyz | KY |
| Korean | KO |
| Kurdish | KU |
| Latin | LA |
| Luxembourgish, Letzeburgesch | LB |
| Lao | LO |
| Lithuanian | LT |
| Latvian | LV |
| Macedonian | MK |
| Malagasy | MG |
| Malay | MS |
| Malayalam | ML |
| Maltese | MT |
| Maori | MI |
| Marathi | MR |
| Mongolian | MN |
| Nepali | NE |
| Norwegian | NO |
| Punjabi | PA |
| Persian | FA |
| Polish | PL |
| Pashto | PS |
| Portuguese | PT |
| Romanian | RO |
| Russian | RU |
| Sindhi | SD |
| Samoan | SM |
| Serbian | SR |
| Scottish Gaelic | GD |
| Shona | SN |
| Sinhala | SI |
| Slovak | SK |
| Slovenian | SL |
| Somali | SO |
| Sesotho | ST |
| Spanish | ES |
| Sundanese | SU |
| Swahili | SW |
| Swedish | SV |
| Tamil | TA |
| Telugu | TE |
| Tajik | TG |
| Thai | TH |
| Turkish | TR |
| Ukrainian | UK |
| Urdu | UR |
| Uzbek | UZ |
| Vietnamese | VI |
| Welsh | CY |
| Xhosa | XH |
| Yiddish | YI |
| Yoruba | YO |
| Zulu | ZU |
Jurisdiction Codes
Shufti Pro provides support for the following jurisdiction codes.
| Jurisdiction Name | Code |
|---|---|
| Abu Dhabi (UAE) | ae_az |
| Alabama (US) | us_al |
| Alaska (US) | us_ak |
| Albania | al |
| Arizona (US) | us_az |
| Arkansas (US) | us_ar |
| Aruba | aw |
| Australia | au |
| Bahamas | bs |
| Bahrain | bh |
| Bangladesh | bd |
| Barbados | bb |
| Belarus | by |
| Belgium | be |
| Belize | bz |
| Bermuda | bm |
| Bolivia | bo |
| Brazil | br |
| Bulgaria | bg |
| California (US) | us_ca |
| Cambodia | kh |
| Canada | ca |
| Colorado (US) | us_co |
| Connecticut (US) | us_ct |
| Croatia | hr |
| Curaçao | cw |
| Cyprus | cy |
| Delaware (US) | us_de |
| Denmark | dk |
| District of Columbia (US) | us_dc |
| Dominican Republic | do |
| Dubai (UAE) | ae_du |
| Finland | fi |
| Florida (US) | us_fl |
| France | fr |
| French Guiana | gf |
| Georgia (US) | us_ga |
| Germany | de |
| Gibraltar | gi |
| Greece | gr |
| Greenland | gl |
| Guadeloupe | gp |
| Guernsey | gg |
| Hawaii (US) | us_hi |
| Hong Kong | hk |
| Iceland | is |
| Idaho (US) | us_id |
| India | in |
| Indiana (US) | us_in |
| Iowa (US) | us_ia |
| Iran | ir |
| Ireland | ie |
| Isle of Man | im |
| Israel | il |
| Jamaica | jm |
| Japan | jp |
| Jersey | je |
| Kansas (US) | us_ks |
| Kentucky (US) | us_ky |
| Latvia | lv |
| Liechtenstein | li |
| Louisiana (US) | us_la |
| Luxembourg | lu |
| Maine (US) | us_me |
| Malaysia | my |
| Malta | mt |
| Martinique | mq |
| Maryland (US) | us_md |
| Massachusetts (US) | us_ma |
| Mauritius | mu |
| Mayotte | yt |
| Mexico | mx |
| Michigan (US) | us_mi |
| Minnesota (US) | us_mn |
| Mississippi (US) | us_ms |
| Missouri (US) | us_mo |
| Moldova | md |
| Montana (US) | us_mt |
| Montenegro | me |
| Myanmar | mm |
| Nebraska (US) | us_ne |
| Netherlands | nl |
| Nevada (US) | us_nv |
| New Brunswick (Canada) | ca_nb |
| New Hampshire (US) | us_nh |
| New Jersey (US) | us_nj |
| New Mexico (US) | us_nm |
| New York (US) | us_ny |
| New Zealand | nz |
| Newfoundland and Labrador (Ca... | ca_nl |
| North Carolina (US) | us_nc |
| North Dakota | us_nd |
| Norway | no |
| Nova Scotia (Canada) | ca_ns |
| Ohio (US) | us_oh |
| Oklahoma (US) | us_ok |
| Oregon (US) | us_or |
| Pakistan | pk |
| Panama | pa |
| Pennsylvania (US) | us_pa |
| Poland | pl |
| Prince Edward Island (Canada) | ca_pe |
| Puerto Rico | pr |
| Quebec (Canada) | ca_qc |
| Rhode Island (US) | us_ri |
| Romania | ro |
| Rwanda | rw |
| Réunion | re |
| Saint Barthélemy | bl |
| Saint Martin (French part) | mf |
| Saint Pierre and Miquelon | pm |
| Singapore | sg |
| Slovakia | sk |
| Slovenia | si |
| South Africa | za |
| South Carolina (US) | us_sc |
| South Dakota (US) | us_sd |
| Spain | es |
| Sweden | se |
| Switzerland | ch |
| Tajikistan | tj |
| Tanzania | tz |
| Tennessee (US) | us_tn |
| Texas | us_tx |
| Thailand | th |
| Tonga | to |
| Tunisia | tn |
| Uganda | ug |
| Ukraine | ua |
| United Kingdom | gb |
| Utah (US) | us_ut |
| Vanuatu | vu |
| Vermont (US) | us_vt |
| Viet Nam | vn |
| Virginia (US) | us_va |
| Washington (US) | us_wa |
| West Virginia (US) | us_wv |
| Wisconsin (US) | us_wi |
| Wyoming (US) | us_wy |
Supported Browsers and Devices
In case of on-site verification, a verification page is shown to users. This page is supported on the following list of browsers.
| Browsers | Minimum Version/SDK |
|---|---|
| Chrome (Recommended) | 65 |
| Firefox (Recommended) | 58 |
| Safari | 8 |
| Opera | 52 |
| Internet Explorer | 11 |
| Edge | 16 |
Here a list of supported operating systems on mobile devices.
| Mobile OS | Minimum Version/SDK |
|---|---|
| Android | 6.0 (Marshmallow) |
| iOS | 10 |
Test IDs
Shufti Pro provides the users with a number of test documents. Customers may use these to test the demo, instead of presenting their actual information.
Revision History
| Date | Description |
|---|---|
| 21 Dec 2018 | Corrected the get status request url |
| 20 Dec 2018 | Corrected verification.cancelled event name from events listing |
| 06 Dec 2018 | Minimum characters limit is set to 1 for first, middle and last name |
| 29 Nov 2018 | Updated POSTMAN collection link, removed format key and added supported_types key for consent service in POSTMAN collection. |
| 29 Oct 2018 | Changed format key to Supported_types in consent Service. |
| 29 Oct 2018 | Allowed PDF documents as proofs in image_only and any verification modes. |
| 26 Nov 2018 | Added allow_offline key in request parameters. |
| 22 Oct 2018 | Added declined reason key in response. |
| 17 Oct 2018 | Updated Test IDs for demo/test verifications. |
| 09 Oct 2018 | 1. Last name field made optional in all name objects. 2. Added signature in response headers to validate the source of responses. |
| 24 Jan 2019 | Added a new callback with event verification.status.changed. It is sent to clients whenever a verification status is updated. |
| 28 Jan 2019 | 1. Added a new endpoint /api/delete to delete a request data. 2. Added a new event request.deleted which is returned whenever a request is deleted. 3. Status response now returns proofs also. 4. Added show_results key in request which allows end-users to see verification results. |
| 18 Feb 2019 | Signature key added into SP Http, Callback headers for signature validation. |
| 19 Feb 2019 | 1. Added show_consent and show_privacy_policy parameters in verification request. 2. Added address_fuzzy_match parameter in address service. 3. Added allow_offline parameter in face, document, address and consent services. |
| 20 Feb 2019 | Added selected_type key in address, document, consent services webhook/callback response. |
| 7 Mar 2019 | Added issue_date key in address service request parameters. |
| 11 Mar 2019 | 1. Added new params verification_data, verification_result and declined_reason in verification status endpoint. 2. Added a new event request.received |
| 05 Apr 2019 | country key updated. |
| 09 Apr 2019 | Added a new endpoint /api/account/info/ to get account info. |
| 16 Apr 2019 | Added Fuzzy match in Background checks. |
| 03 May 2019 | Added Declined Reasons of verificatiton Request. |
| 22 May 2019 | Added with_face key in consent service. |
| 24 May 2019 | Update declined reason. |
| 12 Jun 2019 | Added Document Two Service for verification. |
| 02 Jul 2019 | Added Rate Limiting for requests. |
| 04 Jul 2019 | Added declined reasons for document, document two and address services. |
| 04 Jul 2019 | Added info object key in responses just in API documentation. (Shufti Pro API will send this object in response from 15 Jul 2019 ) |
| 15 Jul 2019 | Added info object key in responses date has been extended to 18 Jul 2019. |
| 16 Jul 2019 | Added Ongoing in Background checks. |
| 20 Jul 2019 | Added request time out time. |
| 20 Jul 2019 | Updated declined reasons. |
| 27 Aug 2019 | Added full_name key to name object. |
| 09 Sep 2019 | Declined reasons description updated and added status code for each reason. |
| 09 Sep 2019 | Added declined_codes in verification response. Note: This Feature is currently available for trial accounts and will be available for production accounts from "24 Sep 2019" |
| 11 Sep 2019 | Old declined reason added in appendix |
| 24 Sep 2019 | Added declined_codes in verification response, for all accounts. |
| 09 Oct 2019 | Added the show_feedback_form in verification request. |
| 10 Oct 2019 | Updated Onsite verification javascript code. |
| 24 Oct 2019 | Introduced new service for Businesses AML checks(AML for Businesses). |
| 31 Oct 2019 | Introduced new service Know Your business (KYB). |
| 11 Nov 2019 | updated KYB request response |
| 14 Nov 2019 | Request status response sample updated. |
| 18 Nov 2019 | HTTP status code updated. |
| 25 Nov 2019 | Added KYC Request Instructions for onsite and offisite verification |
| 25 Nov 2019 | Added verification_video in status response end-point, inside proof key. Returned only if on-site video is recorded. |
| 24 Dec 2019 | Updated declined reasons. |
| 24 Dec 2019 | Removed "allowed_offline" key from address service request object. |
| 24 Dec 2019 | Added "fetch_enhanced_data" key from Enhanced data extraction for document and document_two service. |
| 31 Dec 2019 | Biometric SDK documentation added. |
| 31 Dec 2019 | Added allow_online in verification request. |
| 04 Mar 2020 | Temporary access token introduced. |
| 26 Mar 2020 | Added Api flow charts. |