Introduction
Shufti Pro Biometric SDK authenticates users with Facial Authentication. The SDK uses two different security tokens to handle requests. It collects image/video proofs, and processes and saves them for future authentication. It generates different responses according to the nature of request.
This document explains various end-points, how they are provided, and the kind of data required from clients to perform authentication successfully.
Authentication Services
Shufti Pro performs a variety of authentication services for its customers. Our diverse services suite allows us to validate the identity of users through facial verification, document verification, phone number verification, and security questions verification.
Face Service
Shufti Pro Biometric SDK authenticates users with Facial Authentication and checks their liveness. This service is used as a default authentication service and can not be disabled.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process. |
| language | Required: No Type: string Length: 2 characters If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters Each request has a unique Reference ID that is sent back to the client against each response. The client can use Reference ID to check the status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents the email address of end-user. Note: Providing email is optional during sign-up but necessary later in the registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Document Service
Shufti Pro Biometric SDK provides document verification through ID document. It gives an option to end-users to verify their data from ID document.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process. |
| language | Required: No Type: string Length: 2 characters If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters Each request has a unique Reference ID that is sent back to the client against each response. The client can use Reference ID to check the status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in. |
| document | Required: No Type: boolean This option decides if End-User’s ID document is validated or not. Give value 1 if you want to validate the ID document, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents the email address of end-user. Note: Providing email is optional during sign-up but necessary later in the registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Phone Service
Shufti Pro Biometric SDK provides phone number verification. Shufti Pro Biometric SDK verifies the phone number of end-users by sending a random code to their number from Shufti Pro. Once the sent code is entered into the provided field by end-user, phone number will stand verified. Shufti Pro will be responsible only to send the message along with verification code to the end-user and verify the code entered by the end-user.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process. |
| language | Required: No Type: string Length: 2 characters If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 250 characters Each request has a unique Reference ID that is sent back to the client against each response. The client can use Reference ID to check the status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in. |
| phone | Required: No Type: boolean This option decides if End-User’s phone number is validated or not. Give value 1 if you want to validate the phone number, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents the email address of end-user. Note: Providing email is optional during sign-up but necessary later in the registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Question Service
Shufti Pro Biometric SDK provides security questions verification for authentication. It takes the answers of the security question at the time of enrollment from the end-user. Once the end-user is successfully enrolled, it asks end-users to answer again on authentication to verify their answers.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string This allows the Client to receive response of request, either success or fail. |
| language | Required: No Type: string Length: 2 characters If the Shufti Pro client wants their preferred language to appear on the authentication screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 64 characters Each request has a unique Reference ID which is sent back to Client against each response. The Client can use the Reference ID to check status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: Use "enroll" as the value for request_type if you want end-user to sign-up, or "authenticate" if you want end-user to sign-in. |
| question | Required: No Type: boolean This option decides if the end-users asked for security questions or not. Give value 1 if you want to validate security questions, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents email address of the end-user. Note: During SignUp email is optional but will necessary in the later registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Authorization
Biometric SDK provides authorization to clients with Basic Auth header. Your Client ID will serve as Client ID and the Secret Key will serve as Client Secret Key. The API requires this header for every request.
| Fields | Required | Description |
|---|---|---|
| username | Yes | Enter Client ID |
| password | Yes | Enter Client Secret Key |
Access Token Request
Access Token Request Example
//POST /biometric/auth HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU
{
"webhook_url" : "http://www.example.com/",
"reference" : "123weqwe1231",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"request_type" : "enroll",
"email" : ""
}
<?php
$clientID = 'YOUR CLIENT ID';
$clientSecret = 'YOUR CLIENT SECRET';
$basic_auth = base64_encode ( $clientID . ":" . $clientSecret );
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.shuftipro.com/biometric/auth",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"webhook_url\": \"http://www.example.com\",\n \"request_type\" : \"enroll\,\n \"language\" : \"EN\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1,\n "email" : ""}",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic " . $basic_auth,
"Content-Type: application/json",
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>
import requests, base64, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
url = "https://api.shuftipro.com/biometric/auth"
payload = "{\n \"webhook_url\": \"http://www.example.com\",\n \"language\" : \"EN\",\n \"request_type\" : \"enroll\",\n \"email\" : \"\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1}"
headers = {
'Content-Type': "application/json",
'Authorization': "Basic %s" % b64Val
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
//We will be using two common practises for send Api calls
//Dispatch request via Jquery Ajax API
var payload = {
"async": true,
"crossDomain": true,
"url": "https://api.shuftipro.com/biometric/auth",
"method": "POST",
"headers": {
"Content-Type": "application/json",
"Authorization": "Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU",
"cache-control": "no-cache",
},
"processData": false,
"data": '{
"webhook_url": "http://www.example.com",
"request_type": "enroll",
"language" : "EN",
"email": "",
"reference": "123abc123",
"document": 1,
"phone": 1,
"question": 1
}'
}
$.ajax(payload).done(function (response) {
console.log(response);
});
Token request received from the end-user is assessed on specific parameters (discussed below):
- Identify Client ID & Client Secret Key.
- Check the authenticity of client’s credentials.
- Read client’s data.
- Response is sent back after generating access token.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string This allows the Client to receive response of request, either success or fail. |
| language | Required: No Type: string Length: 2 characters If the Shufti Pro client wants their preferred language to appear on the authentication screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 64 characters Each request has a unique Reference ID which is sent back to Client against each response. The Client can use the Reference ID to check status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: Use "enroll" as the value for request_type if you want end-user to sign-up, or "authenticate" if you want end-user to sign-in. |
| document | Required: No Type: boolean This option decides if End-User’s ID document is validated or not. Give value 1 if you want to validate the ID document, or 0 if you want to skip it. |
| phone | Required: No Type: boolean This option decides if End-User’s phone number is validated or not. Give value 1 if you want to validate the phone number, or 0 if you want to skip it. |
| question | Required: No Type: boolean This option decides if the end-users asked for security questions or not. Give value 1 if you want to validate security questions, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents email address of the end-user. Note: During SignUp email is optional but will necessary in the later registration process. |
|
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
Loading the SDK
The Shufti Pro SDK for JavaScript doesn’t have any standalone files that need to be downloaded or installed. You simply need to include a short piece of regular JavaScript in your HTML that will asynchronously load SDK on pages. The async loading does not block any other elements of your page.
The following snippet of code will give the basic version of the SDK where the options are set to most common defaults.
You can use one of two methods below to load the SDK asynchronously. Put the following code in the HTML of pages where you want to load the SDK.
Script Tag
Insert this directly after the opening body tag on every page where you want to load it.
<script async defer src="https://app.shuftipro.com/biometric/sdk/shuftipro.min.js"></script>Function Call
<script> ( function ( d, s, id ) { if ( d.getElementById ( id ) ) return; let js, fjs = d.getElementsByTagName ( s )[ 0 ]; js = d.createElement ( s ); js.id = id; js.src = "https://app.shuftipro.com/biometric/sdk/shuftipro.min.js"; fjs.parentNode.insertBefore ( js, fjs ); } ( document, 'script', 'shuftipro-jssdk' ) ); </script>
Custom Iframe
SDK will append & launch an iFrame. If you want to customize the iFrame for your website or application then include it according to your requirements. If no iFrame is provided in the HTML then Shufti Pro will render default from the SDK.
Note: The ID of the custom iFrame must be "shuftipro-iframe".
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>
Initializing the SDK
After getting the access_token from the server, put it in SP's init method to initialize the SDK.
SP.init ( callback, access_token );
With above mentioned command, SDK will initialize and will be ready to get the SignUp and Login requests.
Request Parameters
| Parameters | Description |
|---|---|
| callback method | Required: Yes Type: Function The Client will pass the callback function. Shufti Pro will use this to return response data of verification. |
| access_token | Required: Yes Type: string Please put the access token you received from server to server call. |
Register Request
To request for SignUp, you have to make server to server call with these parameters:
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'enroll',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : ""
}
You have the option to put end-user's email.
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'enroll',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "[email protected]",
}
Login Request
To request for Login, you have to make server to server call with these parameters:
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'authenticate',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : ""
}
You have the option to put end-user's email.
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'authenticate',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "[email protected]"
}
Full Example
Full Code Example
//POST /biometric/auth HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic 961551694eef2a4dc24e6367184d8e9f1191e6d
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : 'enroll',
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "[email protected]"
}
<?php
$clientID = 'YOUR CLIENT ID';
$clientSecret = 'YOUR CLIENT SECRET';
$basic_auth = base64_encode ( $clientID . ":" . $clientSecret );
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.shuftipro.com/biometric/auth",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"webhook_url\": \"http://www.example.com\",\n \"request_type\" : \"enroll\",\n \"language\" : \"EN\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1,\n "email" : ""}",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic " . $basic_auth,
"Content-Type: application/json",
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>
import requests, base64, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
url = "https://api.shuftipro.com/biometric/auth"
payload = "{\n \"webhook_url\": \"http://www.example.com\",\n \"request_type\" : \"enroll\",\n \"language\" : \"EN\",\n \"email\" : \"\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1}"
headers = {
'Content-Type': "application/json",
'Authorization': "Basic %s" % b64Val
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
//We will be using two common practises for send Api calls
//Dispatch request via Jquery Ajax API
var payload = {
"async": true,
"crossDomain": true,
"url": "https://api.shuftipro.com/biometric/auth",
"method": "POST",
"headers": {
"Content-Type": "application/json",
"Authorization": "Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU",
"cache-control": "no-cache",
},
"processData": false,
"data": '{
"webhook_url": "http://www.example.com",
"request_type": "enroll",
"language" : "EN",
"email": "",
"reference": "123abc123",
"document": 1,
"phone": 1,
"question": 1
}'
}
$.ajax(payload).done(function (response) {
console.log(response);
});
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>BiometricSDK Setup Example</title>
</head>
<body>
<input id="email" placeholder="Email..." type="email">
<label>
<input name="request_type" type="radio" value="enroll">
Enroll
</label>
<label>
<input name="request_type" type="radio" value="authenticate" checked>
Authenticate
</label>
<button onclick="spInit()">Init</button>
<br>
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>
<script>
// Load the SDK asynchronously
( function ( d, s, id ) {
if ( d.getElementById ( id ) ) return;
let js, fjs = d.getElementsByTagName ( s )[ 0 ];
js = d.createElement ( s );
js.id = id;
js.src = "https://app.shuftipro.com/biometric/sdk/shuftipro.min.js";
fjs.parentNode.insertBefore ( js, fjs );
} ( document, 'script', 'shuftipro-jssdk' ) );
spInit = function () {
let email = document.getElementById ( 'email' ).value;
let request_type = document.querySelector ( 'input[name="request_type"]:checked' ).value;
fetch ( 'https://api.shuftipro.com/biometric/auth', {
headers : {
'Authorization' : `Basic ${ btoa ( '22f1d49c01e52ddb7875b4b:E08UVMDwFnCiqtu338JH' ) }`,
'Accept' : 'application/json',
'Content-Type' : 'application/json'
},
body : JSON.stringify ( {
"webhook_url" : "https://api.shuftipro.com/biometric/test",
"reference" : Math.random ().toString ( 36 ).substring ( 4 ),
"request_type" : request_type,
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : email
} ),
mode : 'cors',
method : "POST"
} )
.then ( res => res.json () ).then ( data => {
if ( data.error !== "" ) {
alert ( data.error.message );
return;
}
let callback = function (response) {
console.log ( response )
};
SP.init ( callback, data.access_token )
} );
}
</script>
</body>
</html>
This code will load and initialize the JavaScript SDK in your HTML page. It is advised to not put the Client Credentials in your javascript code. Make a server to server request to get the access_token. We use JavaScript Fetch method to request our server, and then make server to server request to get the SDK access_token. Use the example on the right for guidance.
Example
In order to initialize the SDK, we use these tags:
input id="email" placeholder="Email..." type="email">
<label>
<input name="request_type" type="radio" value="enroll">
Enroll
</label>
<label>
<input name="request_type" type="radio" value="authenticate" checked>
Authenticate
</label>
<button onclick="spInit()">Init</button>
<br>
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>
And a script tag to load the SDK asynchronously with a call to SP's server for access token and Initialize the SDK with the access token.
Appendix
Responses
Sample Response
//Content-Type: application/json
{
"access_token": "474f51710fb60fdf9688f44ea0345eda28a9f55212a83266fb5d237babff2"
"reference":"17374217",
"event":"request.pending",
"verification_url":"https://app.shuftipro.com/biometric/verification/474f51710fb60fdf9688f44ea0345eda28a9f55212a83266fb5d237babff2"
}
The Shufti Pro SDK will send you two types of responses if a request is made. First is the HTTP response sent against your request, and the second is the webhook response. Both HTTP and webhook responses will be in the JSON format with header application/json The response header also includes a key Signature. This key is used for validating the source of response. Be sure to validate the request by generating signature and matching it with Signature value from the response header.
Verification Response
Responses will contain the following parameters:
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| events | This is the request event which shows status of request. Event is changed in every response. Please consult Events for more information. |
| error | Whenever there is an error in your request, this parameter will have the details of that error. |
| token | This is the unique request token of the request. |
| verification_url | A URL is generated for your customer to verify there documents. It is only generated in case of on-site request. |
| verification_result | It is only returned in case of a valid verification. This includes results of each verification. 1 means accepted 0 means declined null means not processed Check verification.accepted and verification.declined responses in Events section for a sample response. |
| verification_data | It is only returned in case of a valid verification. This object will include the all the gathered data in a request process. Check verification.accepted and verification.declined responses in Events section for a sample response. |
| info | This object will be returned in case of verification.accepted or verification.declined. It contains the following keys: Agent provides information about the device and browser of the end-user. Geolocation provides information about the geographical location of the end-user. For Details on info object go to INFO |
| declined_reason | This parameter will have the reason due to which a verification has been declined, and is only returned in this case in the callback URL. |
| declined_codes | This array contains status codes of all declined verification reasons. It will return only for verification.declined. |
| services_declined_codes | This object contains status codes of declined reasons for each service separately. Each service object will contain an array of status codes for declined reasons specific to that service. It will return only for verification. declined. |
Status Response
Sample Response
//Content-Type: application/json
//Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference" : "17374217",
"event" : "verification.accepted",
"proof" : {
"face": {
"proof": "https://ns.shuftipro.com/api/pea/65c1cf23bc0ed5a25613539f5cn3bebc0d565rfb"
},
"document": {
"proof": "https://ns.shuftipro.com/api/pea/65c1cf23bc0ed5a25613539f5cn3bebc0d566ca1"
},
"verification_video":"https://ns.shuftipro.com/api/pea/65c1cf23bc0ed5a25613539f5cn3bebc0d566c6a"
},
"verification_data": {
"document": {
"issue_date": "1990-01-01",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card"
]
},
},
"verification_result": {
"document": {
"issue_date": 1,
"document_visibility": 1,
"document_must_not_be_expired": 1,
"document": 1,
"document_country": 1,
"selected_type": 1
},
"face": 1
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
}
}
The Shufti Pro Verification API will send a JSON response if a status request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| event | This is the request event which shows status of request. Event is changed in every response. Please consult Events for more information. |
| proof | This contains all the proofs that were used to verify data. The Proof URLs returned are temporary and valid for 15 minutes only. Note: verification_video It contains the video URL and will be returned only for the video recorded on-site. |
| verification_data | This contains all the data used for verification. This will only be returned in case of verification.accepted or verification.declined. |
| verification_result | This is the complete result of the verification. 1 stands for verified, 0 for not verified and null for no verification performed. This will only be returned in case of verification.accepted or verification.declined. |
| info | This object will be returned in case of verification.accepted or verification.declined. It contains the following keys: Agent provides information about the device and browser of the end-user. Geolocation provides information about the geographical location of the end-user. For Details on info object go to INFO |
| declined_reason | This key will only be returned when event is verification.declined. This will contain the reason why verification was declined. |
| declined_codes | This array contains status codes of all declined verification reasons. It will return only for verification.declined. |
| services_declined_codes | This object contains status codes of declined reasons for each service separately. Each service object will contain an array of status codes for declined reasons specific to that service. It will return only for verification. declined. |
Delete Request Response
Sample Response
//Content-Type: application/json
//Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference": "17374217",
"event": "request.deleted"
}
The Shufti Pro Verification API will send a JSON response if a delete request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| event | This is the request event which shows status of request. Event is changed in every response. |
Please consult Events for more information.
Response Signature
Every HTTP and Callback responses will be in application/json with a key Signature in the header. It can be used to validate the source of the request. Make a signature using the following procedure:
- Concatinate Secret Key at the end of the raw response string. (i.e. response + secret_key).
- Take SHA256 of concatinated string.
- Match the SHA256 string with Signature value from the header of the response.
In short, make signature as hash('sha256', response . your_secret_key) and match it with the signature provided in the header in Signature key.
Access Token Response
Responses will contain the following parameters:
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| events | This is the request event which shows status of request. Event is changed in every response. Please consult Events for more information. |
| error | Whenever there is an error in your request, this parameter will have the details of that error. |
| access_token | This is the unique access token of the request. |
| verification_url | A URL is generated for your customer to verify their documents. |
| verification_result | It is only returned in case of a valid verification. This includes results of each verification. 1 means accepted 0 means declined null means not processed Check verification.accepted and verification.declined responses in Events section for a sample response. |
| verification_data | It is only returned in case of a valid verification. This object will include the all the gathered data in a request process. Check verification.accepted and verification.declined responses in Events section for a sample response. |
| declined_reason | This parameter will have the reason due to which a verification has been declined, and is only returned in this case in the webhook URL. |
| declined_codes | This array contains status codes of all declined verification reasons. It will return only for verification.declined. |
| services_declined_codes | This object contains status codes of declined reasons for each service separately. Each service object will contain an array of status codes for declined reasons specific to that service. It will return only for verification. declined. |
Callback method Response
Sample Response
{
"status": "Enrolled"
"reason":"face",
}
Responses will contain the following parameters:
| Parameters | Description |
|---|---|
| status | This is the request status. Status is changed in every response.Please consult Callback Method Status for more information. |
| reason | This parameter will have the reason due to which a verification has been declined. |
Response Signature
Every HTTP and Callback responses will be in application/json with a key Signature in the header. It can be used to validate the source of the request. Make a signature using the following procedure:
- Concatinate Secret Key at the end of the raw response string. (i.e. response + secret_key).
- Take SHA256 of concatinated string.
- Match the SHA256 string with Signature value from the header of the response.
In short, make signature as hash('sha256', response . your_secret_key) and match it with the signature provided in the header in Signature key.
HTTP Status Codes and Events
Shufti Pro SDK uses conventional HTTP response codes. Go to Status Codes for the complete list. Events are sent in responses which show the status of request. These events are sent in both HTTP and webhook responses. Please consult Events for a complete list of events.
Status Codes
Shufti Pro SDK uses conventional HTTP response codes to indicate the success or failure of an API request. Every response is generated in JSON with a specific HTTP code.
HTTP Codes
Following is a list of HTTP codes which are generated in responses by Shufti Pro Verification API.
| HTTP code | HTTP message | Message |
|---|---|---|
| 200 | OK | success |
| 400 | Bad Request | bad request: one or more parameter is invalid or missing |
| 401 | Unauthorized | unauthorized: invalid signature key provided in the request |
| 402 | Request Failed | invalid request data: missing required parameters |
| 403 | Forbidden | forbidden: service not allowed |
| 404 | Not Found | resource not found |
| 409 | Conflict | conflicting data: already exists |
| 500 | Server Error | internal server error |
| 429 | Too Many Requests | Too Many Attempts. |
Response Events
Events are sent in responses which show the status of request. These events are sent in both HTTP and callback responses.
request.pending
{
"reference": "17374217",
"event": "request.pending",
"verification_url": "https://app.shuftipro.com/biometric/verification/ATt6HmlXbK7My50frDjKfuip9Vg9UToulg5Elw8pXcFUgVhOAcWdrwMjIsC04tie",
"email": "[email protected]",
"country": "GB"
}
request.invalid
{
"reference": "17374217",
"event": "request.invalid",
"error": {
"service": "document",
"key": "dob",
"message": "The dob does not match the format Y-m-d."
},
"email": null,
"country": null"
}
verification.cancelled
{
"reference": "17374217",
"event": "verification.cancelled",
"country": "GB",
"proofs": {}
}
request.timeout
{
"reference": "17374217",
"event": "request.timeout",
"country": "GB",
"proofs": {}
}
request.unauthorized
{
"reference": "",
"event": "request.unauthorized",
"error": {
"service": "",
"key": "",
"message": "Authorization keys are missing/invalid."
},
"email": null,
"country": null"
}
verification.status.changed
{
"reference": "17374217",
"event": "verification.status.changed"
}
verification.accepted
{
"reference": "17374217",
"event": "verification.accepted",
"verification_result": {
"document": {
"name": 1,
"dob": 1,
"expiry_date": 1,
"issue_date": 1,
"document_number": 1,
"document": 1
},
"address": {
"name": 1,
"full_address": 1
}
},
"verification_data": {
"document": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
"document_number": "1456-0989-5567-0909",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"driving_license",
"passport"
]
},
"address": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"full_address": "3339 Maryland Avenue, Largo, Florida",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"bank_statement"
]
}
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
}
}
verification.declined
{
"reference": "95156124",
"event": "verification.declined",
"verification_result": {
"document": {
"name": 0,
"dob": 1,
"expiry_date": 1,
"issue_date": 1,
"document_number": 1,
"document": null
},
"address": {
"name": null,
"full_address": null
}
},
"verification_data": {
"document": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"dob": "1978-03-13",
"issue_date": "2015-10-10",
"expiry_date": "2025-12-31",
"document_number": "1456-0989-5567-0909",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"driving_license",
"passport"
]
},
"address": {
"name": {
"first_name": "John",
"middle_name": "Carter",
"last_name": "Doe"
},
"full_address": "3339 Maryland Avenue, Largo, Florida",
"selected_type": [
"id_card"
],
"supported_types": [
"id_card",
"bank_statement"
]
}
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
},
"declined_reason": "Name on the document doesn't match",
"declined_codes":[
"SPDR07",
"SPDR06",
"SPDR23"
],
"services_declined_codes": {
"document": [
"SPDR13",
"SPDR12"
],
"address": [
"SPDR22",
"SPDR26"
],
"face": [
"SPDR01"
]
}
}
| Event | description | HTTP Response | Webhook Response |
|---|---|---|---|
| request.pending | Request parameters are valid and verification access token is generated. | Yes | Yes |
| request.invalid | Request parameters provided in request are invalid. | Yes | Yes |
| verification.cancelled | Request is cancelled by the user. This event occurs when end-user disagrees to terms and conditions before starting verifications. | Yes | Yes |
| request.timeout | Request has timed out after a specific period of time. The onsite request will Time Out after 60 minutes. |
No | Yes |
| request.unauthorized | Request is unauthorized. The information provided in authorization header is invalid. | Yes | No |
| verification.status.changed | Request status has been updated. | No | Yes |
| verification.accepted | Request was valid and accepted after verification. | No | Yes |
| verification.declined | Request was valid and declined after verification. | No | Yes |
Callback Method Status
| Event | description |
|---|---|
| Verification Cancelled | Request is cancelled by the user. This event occurs when end-user disagrees to terms and conditions before starting verifications or closes the verification modal. |
| Enrolled | Request was valid and accepted after verification ,with request_type enroll. |
| Authenticated | Request was valid and accepted after verification , with request_type authenticate . |
| Declined | Request was valid and declined after verification ,with request_type enroll. |
| Unauthenticated | Request was valid and declined after verification , with request_type authenticate . |
Declined Reasons
Face
| Description |
|---|
| Face is not verified. |
| Face not found on document |
| Image is altered or photoshopped |
| Image found on web |
Document
| Description |
|---|
| Document originality not verified. |
| Name in the document didn't match. |
| DOB in the document didn't match. |
| Expiry Date in the document didn't match. |
| Issue date in the document didn't match. |
| Document Number in the document didn't match. |
| Document originality is not verified. |
| Document country is not verified. |
| Document is not one of the Selected Types(s). |
| Age not Verified. |
| Face on Document not matched with face image |
| document has expired. |
| Document not clearly visible. |
| Face not found on document |
| Image found on web |
| Image is altered or photoshopped |
| Proof and Additional Proof does not belong to the same document |
phone_number
| Description |
|---|
| Phone number is not verified. |
Declined Status Code
Face Status Codes
| Status Code | Description |
|---|---|
| SPDR01 | Face could not be verified |
| SPDR19 | Face not found on the document |
| SPDR03 | Image is altered or photoshopped |
| SPDR04 | Copy of the image found on web |
Document Status Code
| Status Code | Description |
|---|---|
| SPDR02 | Image of the face not found on the document |
| SPDR06 | Document originality could not be verified |
| SPDR07 | Name on the document doesn't match |
| SPDR08 | DOB on the document doesn't match |
| SPDR16 | Expiry date on the document doesn't match |
| SPDR10 | Issue date on the document doesn't match |
| SPDR09 | Date on the document doesn't match |
| SPDR11 | Number on the document doesn't match |
| SPDR12 | Country on the document could not be verified |
| SPDR13 | Document doesn't match the provided options |
| SPDR14 | Age could not be verified |
| SPDR15 | Face on the document doesn't match with camera image |
| SPDR17 | Document has expired |
| SPDR18 | Document is not clearly displayed |
| SPDR19 | Face not found on the document |
| SPDR03 | Image is altered or photoshopped |
| SPDR04 | Copy of the image found on web |
| SPDR21 | Proof and Additional Proof are of different documents |
phone_number Status Code
| Status Code | Description |
|---|---|
| SPDR35 | Phone number could not be verified |
Supported Browsers and Devices
In case of on-site verification, a verify iframe is shown to users. This iframe is supported on the following list of browsers.
| Browsers | Minimum Version/SDK |
|---|---|
| 1. Chrome (Recommended) | 65 |
| 2. Firefox (Recommended) | 58 |
| 3. Safari | 8 |
| 4. Opera | 52 |
| 5. Internet Explorer | 11 |
| 6. Edge | 16 |
Here a list of supported operating systems on mobile devices.
| Mobile OS | Minimum Version/SDK |
|---|---|
| 1. Android | 6.0 (Marshmallow) |
| 2. iOS | 10 |
Rate Limiting
Shufti Pro has induced request limits for the Production and Trial accounts. The limits for both types of accounts are mentioned below.
Production Account
For the production account, Shufti Pro allows 60 requests per min. This limit is per IP.
Trial Account
For the trial account, Shufti Pro allows 3 requests per minute. This limit is per account.
Webhook IPs
All webhook requests will come from the following IPs:
- Europe:
- 142.132.144.101
- 65.108.103.45
- United States:
- 5.161.114.110
- 5.161.87.219
- 5.78.56.7
- 5.78.58.196
Please make sure that you allow these IPs in order to receive webhook notifications.
Supported Languages
Shufti Pro offers worldwide language coverage. Use the appropriate language code from the list given below.
| Languages | Language Code |
|---|---|
| 1. Afrikaans | AF |
| 2. Albanian | SQ |
| 3. Amharic | AM |
| 4. Arabic | AR |
| 5. Armenian | HY |
| 6. Azerbaijani | AZ |
| 7. Basque | EU |
| 8. Belarusian | BE |
| 9. Bengali | BN |
| 10. Bosnian | BS |
| 11. Bulgarian | BG |
| 12. Burmese | MY |
| 13. Catalan | CA |
| 14. Chichewa | NY |
| 15. Chinese | ZH |
| 16. Corsican | CO |
| 17. Croatian | HR |
| 18. Czech | CS |
| 19. Danish | DA |
| 20. Dutch | NL |
| 21. English | EN |
| 22. Esperanto | EO |
| 23. Estonian | ET |
| 24. Filipino | TL |
| 25. Finnish | FI |
| 26. French | FR |
| 27. Frisian | FY |
| 28. Galician | GL |
| 29. Georgian | KA |
| 30. German | DE |
| 31. Greek (modern) | EL |
| 32. Gujarati | GU |
| 33. Haitian, Haitian Creole | HT |
| 34. Hausa | HA |
| 35. Hebrew (modern) | HE |
| 36. Hindi | HI |
| 37. Hungarian | HU |
| 38. Indonesian | ID |
| 39. Irish | GA |
| 40. Igbo | IG |
| 41. Icelandic | IS |
| 42. Italian | IT |
| 43. Japanese | JA |
| 44. Javanese | JV |
| 45. Kannada | KN |
| 46. Kazakh | KK |
| 47. Khmer | KM |
| 48. Kirghiz, Kyrgyz | KY |
| 49. Korean | KO |
| 50. Kurdish | KU |
| 51. Latin | LA |
| 52. Luxembourgish, Letzeburgesch | LB |
| 53. Lao | LO |
| 54. Lithuanian | LT |
| 55. Latvian | LV |
| 56. Macedonian | MK |
| 57. Malagasy | MG |
| 58. Malay | MS |
| 59. Malayalam | ML |
| 60. Maltese | MT |
| 61. Maori | MI |
| 62. Marathi | MR |
| 63. Mongolian | MN |
| 64. Nepali | NE |
| 65. Norwegian | NO |
| 66. Punjabi | PA |
| 67. Persian | FA |
| 68. Polish | PL |
| 69. Pashto | PS |
| 70. Portuguese | PT |
| 71. Romanian | RO |
| 72. Russian | RU |
| 73. Sindhi | SD |
| 74. Samoan | SM |
| 75. Serbian | SR |
| 76. Scottish Gaelic | GD |
| 77. Shona | SN |
| 78. Sinhala | SI |
| 79. Slovak | SK |
| 80. Slovenian | SL |
| 81. Somali | SO |
| 82. Sesotho | ST |
| 83. Spanish | ES |
| 84. Sundanese | SU |
| 85. Swahili | SW |
| 86. Swedish | SV |
| 87. Tamil | TA |
| 88. Telugu | TE |
| 89. Tajik | TG |
| 90. Thai | TH |
| 91. Turkish | TR |
| 92. Ukrainian | UK |
| 93. Urdu | UR |
| 94. Uzbek | UZ |
| 95. Vietnamese | VI |
| 96. Welsh | CY |
| 97. Xhosa | XH |
| 98. Yiddish | YI |
| 99. Yoruba | YO |
| 100. Zulu | ZU |
Revision History
| Date | Description |
|---|---|
| 02 Mar 2023 | Updated proof accessing urls in status endpoint. |
| 13 Jan 2023 | Added new Parameter enhanced_originality_checks in verification request. |
| 25 Oct 2022 | Introduced new service Questionnaire. |
| 14 Sep 2022 | Added new Parameter check_duplicate_request inside face service in verification request. |
| 02 Nov 2021 | Added new Parameter manual_review in verification request. |
| 21 Oct 2021 | Added new Parameter show_ocr_form in document, document_two and address service. |
| 18 Oct 2021 | Introduced new service Age Verification. |
| 13 Oct 2021 | Added New Supported types property_tax, lease_agreement, insurance_card, credit_card_statement, insurance_policy, e_commerce_receipt, bank_letter_receipt, birth_certificate, salary_slip, permanent_residence_permit and any for Address service. |
| 28 Sep 2021 | Added New Parameter in verification_instructions object for document, document_two and address service. |
| 24 Sep 2021 | Added declined_codes in Background Checks & AML For Businesses. Note: This Feature is currently available for trial accounts and will be available for production accounts from "27 Sep 2021" |
| 13 July 2021 | Updated php sample code. |
| 03 June 2021 | dob key in Background Checks Service made optional. |
| 29 Mar 2021 | face_match_confidence key is now available. |
| 24 Mar 2021 | Added new endpoint to get all verification decline reasons. |
| 11 Mar 2021 | Added new key face_match_confidence under the verification_data object in verification response. Note: This Key will be available from "29 MARCH 2021" |
| 01 Jan 2021 | Introduced new type Others in Gender. |
| 11 Dec 2020 | Introduced new service OCR For Business. |
| 20 Nov 2020 | Added New key services_declined_codes in Verification Response. |
| 04 Nov 2020 | Updated declined reasons. |
| 04 Nov 2020 | Added New Parameter verification_instructions in document, document_two and address service. |
| 21 Sep 2020 | Added allow_retry in verification request. |
| 18 Sep 2020 | Added allow_na_ocr_inputs in verification request. |
| 08 Sep 2020 | Added ttl in verification request. |
| 20 Jul 2020 | consent service sample object and test IDs updated. |
| 14 Jul 2020 | callback_url parameter made optional. |
| 16 June 2020 | Added New Supported type cpr_smart_card_reader_copy for Address service. |
| 15 June 2020 | Added full_name key to name object for background checks service. |
| 11 June 2020 | Added decline_on_single_step in verification request. |
| 10 June 2020 | Added gender key for document and document_two service. |
| 19 May 2020 | Added subscription plan details to account info Response. |
| 08 May 2020 | Added Country Key to Status Responses. |
| 05 May 2020 | Increased max length of AML for Business Name from 64 to 255. |
| 16 Apr 2020 | business_incorporation_date in AML for Businesses service made optional. |
| 08 Apr 2020 | Added video KYC documentation. |
| 07 Apr 2020 | Added backside_proof_required parameter. |
| 27 Mar 2020 | Updated Api urls. |
| 26 Mar 2020 | Added Api flow charts. |
| 04 Mar 2020 | Temporary access token introduced. |
| 31 Dec 2019 | Added allow_online in verification request. |
| 31 Dec 2019 | Biometric SDK documentation added. |
| 24 Dec 2019 | Added "fetch_enhanced_data" key from Enhanced data extraction for document and document_two service. |
| 24 Dec 2019 | Removed "allowed_offline" key from address service request object. |
| 24 Dec 2019 | Updated declined reasons. |
| 25 Nov 2019 | Added verification_video in status response end-point, inside proof key. Returned only if on-site video is recorded. |
| 25 Nov 2019 | Added KYC Request Instructions for onsite and offisite verification |
| 18 Nov 2019 | HTTP status code updated. |
| 14 Nov 2019 | Request status response sample updated. |
| 11 Nov 2019 | updated KYB request response |
| 31 Oct 2019 | Introduced new service Know Your business (KYB). |
| 24 Oct 2019 | Introduced new service for Businesses AML checks(AML for Businesses). |
| 10 Oct 2019 | Updated Onsite verification javascript code. |
| 09 Oct 2019 | Added the show_feedback_form in verification request. |
| 24 Sep 2019 | Added declined_codes in verification response, for all accounts. |
| 11 Sep 2019 | Old declined reason added in appendix. |
| 09 Sep 2019 | Added declined_codes in verification response. Note: This Feature is currently available for trial accounts and will be available for production accounts from "24 Sep 2019" |
| 09 Sep 2019 | Declined reasons description updated and added status code for each reason. |
| 27 Aug 2019 | Added full_name key to name object. |
| 20 Jul 2019 | Updated declined reasons. |
| 20 Jul 2019 | Added request time out time. |
| 16 Jul 2019 | Added Ongoing in Background checks. |
| 15 Jul 2019 | Added info object key in responses date has been extended to 18 Jul 2019. |
| 04 Jul 2019 | Added info object key in responses just in API documentation. (Shufti Pro API will send this object in response from 15 Jul 2019 ) |
| 04 Jul 2019 | Added declined reasons for document, document two and address services. |
| 02 Jul 2019 | Added Rate Limiting for requests. |
| 12 June 2019 | Added Document Two Service for verification. |
| 24 May 2019 | Update declined reason. |
| 22 May 2019 | Added with_face key in consent service. |
| 03 May 2019 | Added Declined Reasons of verificatiton Request. |
| 16 Apr 2019 | Added Fuzzy match in Background checks. |
| 09 Apr 2019 | Added a new endpoint /api/account/info/ to get account info. |
| 05 Apr 2019 | country key updated. |
| 11 Mar 2019 | 1. Added new params verification_data, verification_result and declined_reason in verification status endpoint. 2. Added a new event request.received |
| 07 Mar 2019 | Added issue_date key in address service request parameters. |
| 20 Feb 2019 | Added selected_type key in address, document, consent services webhook/callback response. |
| 19 Feb 2019 | 1. Added show_consent and show_privacy_policy parameters in verification request. 2. Added address_fuzzy_match parameter in address service. 3. Added allow_offline parameter in face, document, address and consent services. |
| 18 Feb 2019 | Signature key added into SP Http, Callback headers for signature validation. |
| 28 Jan 2019 | 1. Added a new endpoint /api/delete to delete a request data. 2. Added a new event request.deleted which is returned whenever a request is deleted. 3. Status response now returns proofs also. 4. Added show_results key in request which allows end-users to see verification results. |
| 24 Jan 2019 | Added a new callback with event verification.status.changed. It is sent to clients whenever a verification status is updated. |
| 21 Dec 2018 | Corrected the get status request url. |
| 20 Dec 2018 | Corrected verification.cancelled event name from events listing. |
| 06 Dec 2018 | Minimum characters limit is set to 1 for first, middle and last name. |
| 29 Nov 2018 | Updated POSTMAN collection link, removed format key and added supported_types key for consent service in POSTMAN collection. |
| 26 Nov 2018 | Added allow_offline key in request parameters. |
| 29 Oct 2018 | Allowed PDF documents as proofs in image_only and any verification modes. |
| 29 Oct 2018 | Changed format key to Supported_types in consent Service. |
| 22 Oct 2018 | Added declined reason key in response. |
| 17 Oct 2018 | Updated Test IDs for demo/test verifications. |
| 09 Oct 2018 | 1. Last name field made optional in all name objects. 2. Added signature in response headers to validate the source of responses. |