Navbar
For Developers
HTTP Javascript PHP Python

Introduction

Shufti Pro Biometric SDK authenticates users with Facial Authentication. The SDK uses two different security tokens to handle requests. It collects image/video proofs, and processes and saves them for future authentication. It generates different responses according to the nature of request.

This document explains various end-points, how they are provided, and the kind of data required from clients to perform authentication successfully.

Authentication Services

Shufti Pro performs a variety of authentication services for its customers. Our diverse services suite allows us to validate the identity of users through facial verification, document verification, phone number verification, and security questions verification.

Face Service

Shufti Pro Biometric SDK authenticates users with Facial Authentication and checks their liveness. This service is used as a default authentication service and can not be disabled.

Request Parameters

Parameters Description
webhook_url Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process.
language Required: No
Type: string
Length: 2 characters
If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English.
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
Each request has a unique Reference ID that is sent back to the client against each response. The client can use Reference ID to check the status of each verification.
request_type Required: Yes
Type: string
This parameter decides the type of verification you want to perform.
Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in.
email Required: No
Type: string
Minimum: 6 characters
Maximum: 128 characters
This field represents the email address of end-user.
Note: Providing email is optional during sign-up but necessary later in the registration process.
show_consent Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification.
show_privacy_policy Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place.

Document Service

Shufti Pro Biometric SDK provides document verification through ID document. It gives an option to end-users to verify their data from ID document.

Request Parameters

Parameters Description
webhook_url Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process.
language Required: No
Type: string
Length: 2 characters
If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English.
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
Each request has a unique Reference ID that is sent back to the client against each response. The client can use Reference ID to check the status of each verification.
request_type Required: Yes
Type: string
This parameter decides the type of verification you want to perform.
Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in.
document Required: No
Type: boolean
This option decides if End-User’s ID document is validated or not. Give value 1 if you want to validate the ID document, or 0 if you want to skip it.
email Required: No
Type: string
Minimum: 6 characters
Maximum: 128 characters
This field represents the email address of end-user.
Note: Providing email is optional during sign-up but necessary later in the registration process.
show_consent Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification.
show_privacy_policy Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place.

Phone Service

Shufti Pro Biometric SDK provides phone number verification. Shufti Pro Biometric SDK verifies the phone number of end-users by sending a random code to their number from Shufti Pro. Once the sent code is entered into the provided field by end-user, phone number will stand verified. Shufti Pro will be responsible only to send the message along with verification code to the end-user and verify the code entered by the end-user.

Request Parameters

Parameters Description
webhook_url Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
A number of server-to-server calls are made to the client to keep them updated about verification status. This allows them to keep the request updated on their end, even if the end-user is lost midway through the process.
language Required: No
Type: string
Length: 2 characters
If the client wants their preferred language to appear on the authentication screens they may provide the 2-characters long language code of their preferred language. The list of Supported Languages can be consulted for reference. If this key is missing in the request the system will select the default language as English.
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
Each request has a unique Reference ID that is sent back to the client against each response. The client can use Reference ID to check the status of each verification.
request_type Required: Yes
Type: string
This parameter decides the type of verification you want to perform.
Note: If you want end-users to sign-up, use "enroll" as the value for request_type, or use "authenticate" if you want them to sign-in.
phone Required: No
Type: boolean
This option decides if End-User’s phone number is validated or not. Give value 1 if you want to validate the phone number, or 0 if you want to skip it.
email Required: No
Type: string
Minimum: 6 characters
Maximum: 128 characters
This field represents the email address of end-user.
Note: Providing email is optional during sign-up but necessary later in the registration process.
show_consent Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification.
show_privacy_policy Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place.

Question Service

Shufti Pro Biometric SDK provides security questions verification for authentication. It takes the answers of the security question at the time of enrollment from the end-user. Once the end-user is successfully enrolled, it asks end-users to answer again on authentication to verify their answers.

Request Parameters

Parameters Description
webhook_url Required: Yes
Type: string
This allows the Client to receive response of request, either success or fail.
language Required: No
Type: string
Length: 2 characters
If the Shufti Pro client wants their preferred language to appear on the authentication screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English.
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 64 characters
Each request has a unique Reference ID which is sent back to Client against each response. The Client can use the Reference ID to check status of each verification.
request_type Required: Yes
Type: string
This parameter decides the type of verification you want to perform.
Note: Use "enroll" as the value for request_type if you want end-user to sign-up, or "authenticate" if you want end-user to sign-in.
question Required: No
Type: boolean
This option decides if the end-users asked for security questions or not. Give value 1 if you want to validate security questions, or 0 if you want to skip it.
email Required: No
Type: string
Minimum: 6 characters
Maximum: 128 characters
This field represents email address of the end-user.
Note: During SignUp email is optional but will necessary in the later registration process.
show_consent Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification.
show_privacy_policy Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place.

Authorization

Biometric SDK provides authorization to clients with Basic Auth header. Your Client ID will serve as Client ID and the Secret Key will serve as Client Secret Key. The API requires this header for every request.

Fields Required Description
username Yes Enter Client ID
password Yes Enter Client Secret Key

Access Token Request

Access Token Request Example


POST /biometric/auth HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json


Authorization: Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU

{
    "webhook_url" : "http://www.example.com/",
    "reference"   : "123weqwe1231",
    "language"    : "EN",
    "document"    : 1,
    "phone"       : 1,
    "question"    : 1,
    "request_type" : "enroll",
    "email" : ""
}


<?php

$clientID = 'YOUR CLIENT ID';
$clientSecret = 'YOUR CLIENT SECRET';
$basic_auth = base64_encode ( $clientID . ":" . $clientSecret );

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://api.shuftipro.com/biometric/auth",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\n    \"webhook_url\": \"http://www.example.com\",\n    \"request_type\" : \"enroll\,\n    \"language\" : \"EN\",\n    \"reference\": \"123abc123\",\n    \"document\": 1,\n    \"phone\": 1,\n    \"question\": 1,\n        "email" : ""}",
  CURLOPT_HTTPHEADER => array(
    "Authorization: Basic " . $basic_auth,
    "Content-Type: application/json",
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

?>


import requests, base64, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''

url = 'https://api.shuftipro.com/'

# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'

# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'

auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()

url = "https://api.shuftipro.com/biometric/auth"

payload = "{\n    \"webhook_url\": \"http://www.example.com\",\n    \"language\" : \"EN\",\n    \"request_type\" : \"enroll\",\n    \"email\" : \"\",\n    \"reference\": \"123abc123\",\n    \"document\": 1,\n    \"phone\": 1,\n    \"question\": 1}"
headers = {
    'Content-Type': "application/json",
    'Authorization': "Basic %s" % b64Val
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)


//We will be using two common practises for send Api calls
//Dispatch request via Jquery Ajax API
var payload = {
  "async": true,
  "crossDomain": true,
  "url": "https://api.shuftipro.com/biometric/auth",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU",
    "cache-control": "no-cache",
  },
  "processData": false,
  "data": '{
          "webhook_url": "http://www.example.com",
          "request_type": "enroll",
          "language"     : "EN",
          "email": "",
          "reference": "123abc123",
          "document": 1,
          "phone": 1,
          "question": 1
      }'
}

$.ajax(payload).done(function (response) {
  console.log(response);
});

Token request received from the end-user is assessed on specific parameters (discussed below):

Request Parameters

Parameters Description
webhook_url Required: Yes
Type: string
This allows the Client to receive response of request, either success or fail.
language Required: No
Type: string
Length: 2 characters
If the Shufti Pro client wants their preferred language to appear on the authentication screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English.
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 64 characters
Each request has a unique Reference ID which is sent back to Client against each response. The Client can use the Reference ID to check status of each verification.
request_type Required: Yes
Type: string
This parameter decides the type of verification you want to perform.
Note: Use "enroll" as the value for request_type if you want end-user to sign-up, or "authenticate" if you want end-user to sign-in.
document Required: No
Type: boolean
This option decides if End-User’s ID document is validated or not. Give value 1 if you want to validate the ID document, or 0 if you want to skip it.
phone Required: No
Type: boolean
This option decides if End-User’s phone number is validated or not. Give value 1 if you want to validate the phone number, or 0 if you want to skip it.
question Required: No
Type: boolean
This option decides if the end-users asked for security questions or not. Give value 1 if you want to validate security questions, or 0 if you want to skip it.
email Required: No
Type: string
Minimum: 6 characters
Maximum: 128 characters
This field represents email address of the end-user.
Note: During SignUp email is optional but will necessary in the later registration process.
show_consent Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification.
show_privacy_policy Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place.

Loading the SDK

The Shufti Pro SDK for JavaScript doesn’t have any standalone files that need to be downloaded or installed. You simply need to include a short piece of regular JavaScript in your HTML that will asynchronously load SDK on pages. The async loading does not block any other elements of your page.

The following snippet of code will give the basic version of the SDK where the options are set to most common defaults.

You can use one of two methods below to load the SDK asynchronously. Put the following code in the HTML of pages where you want to load the SDK.

  1. Script Tag
    Insert this directly after the opening body tag on every page where you want to load it.
    <script async defer src="https://app.shuftipro.com/biometric/sdk/shuftipro.min.js"></script>

  2. Function Call
    <script> ( function ( d, s, id ) { if ( d.getElementById ( id ) ) return; let js, fjs = d.getElementsByTagName ( s )[ 0 ]; js = d.createElement ( s ); js.id = id; js.src = "https://app.shuftipro.com/biometric/sdk/shuftipro.min.js"; fjs.parentNode.insertBefore ( js, fjs ); } ( document, 'script', 'shuftipro-jssdk' ) ); </script>

Custom Iframe

SDK will append & launch an iFrame. If you want to customize the iFrame for your website or application then include it according to your requirements. If no iFrame is provided in the HTML then Shufti Pro will render default from the SDK.
Note: The ID of the custom iFrame must be "shuftipro-iframe".

<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>

Initializing the SDK

After getting the access_token from the server, put it in SP's init method to initialize the SDK.

SP.init ( callback, access_token );

With above mentioned command, SDK will initialize and will be ready to get the SignUp and Login requests.

Request Parameters

Parameters Description
callback method Required: Yes
Type: Function
The Client will pass the callback function. Shufti Pro will use this to return response data of verification.
access_token Required: Yes
Type: string
Please put the access token you received from server to server call.

Register Request

To request for SignUp, you have to make server to server call with these parameters:

{ "webhook_url" : "https://example.com/", "reference" : "rAnd0mStr1ng", "request_type" : 'enroll', "language" : "EN", "document" : 1, "phone" : 1, "question" : 1, "email" : "" }

You have the option to put end-user's email.

{ "webhook_url" : "https://example.com/", "reference" : "rAnd0mStr1ng", "request_type" : 'enroll', "language" : "EN", "document" : 1, "phone" : 1, "question" : 1, "email" : "abc@xyz.com", }

Login Request

To request for Login, you have to make server to server call with these parameters:

{ "webhook_url" : "https://example.com/", "reference" : "rAnd0mStr1ng", "request_type" : 'authenticate', "language" : "EN", "document" : 1, "phone" : 1, "question" : 1, "email" : "" }

You have the option to put end-user's email.

{ "webhook_url" : "https://example.com/", "reference" : "rAnd0mStr1ng", "request_type" : 'authenticate', "language" : "EN", "document" : 1, "phone" : 1, "question" : 1, "email" : "abc@xyz.com" }

Full Example

Full Code Example


POST /biometric/auth HTTP/1.1
Host: api.shuftipro.com
Content-Type: application/json


Authorization: Basic 961551694eef2a4dc24e6367184d8e9f1191e6d

{
    "webhook_url"   : "https://example.com/",
    "reference"     : "rAnd0mStr1ng",
    "request_type"  : 'enroll',
    "language"     : "EN",
    "document"      : 1,
    "phone"         : 1,
    "question"      : 1,
    "email"         : "abc@xyz.com"
}


<?php

$clientID = 'YOUR CLIENT ID';
$clientSecret = 'YOUR CLIENT SECRET';
$basic_auth = base64_encode ( $clientID . ":" . $clientSecret );

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://api.shuftipro.com/biometric/auth",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\n    \"webhook_url\": \"http://www.example.com\",\n    \"request_type\" : \"enroll\",\n    \"language\" : \"EN\",\n    \"reference\": \"123abc123\",\n    \"document\": 1,\n    \"phone\": 1,\n    \"question\": 1,\n        "email" : ""}",
  CURLOPT_HTTPHEADER => array(
    "Authorization: Basic " . $basic_auth,
    "Content-Type: application/json",
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

?>


import requests, base64, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''

url = 'https://api.shuftipro.com/'

# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'

# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'

auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()

url = "https://api.shuftipro.com/biometric/auth"

payload = "{\n    \"webhook_url\": \"http://www.example.com\",\n    \"request_type\" : \"enroll\",\n    \"language\" : \"EN\",\n    \"email\" : \"\",\n    \"reference\": \"123abc123\",\n    \"document\": 1,\n    \"phone\": 1,\n    \"question\": 1}"
headers = {
    'Content-Type': "application/json",
    'Authorization': "Basic %s" % b64Val
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)


//We will be using two common practises for send Api calls
//Dispatch request via Jquery Ajax API
var payload = {
  "async": true,
  "crossDomain": true,
  "url": "https://api.shuftipro.com/biometric/auth",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU",
    "cache-control": "no-cache",
  },
  "processData": false,
  "data": '{
          "webhook_url": "http://www.example.com",
          "request_type": "enroll",
          "language"     : "EN",
          "email": "",
          "reference": "123abc123",
          "document": 1,
          "phone": 1,
          "question": 1
      }'
}

$.ajax(payload).done(function (response) {
  console.log(response);
});


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>BiometricSDK Setup Example</title>
</head>
<body>

<input id="email" placeholder="Email..." type="email">
<label>
    <input name="request_type" type="radio" value="enroll">
    Enroll
</label>
<label>
    <input name="request_type" type="radio" value="authenticate" checked>
    Authenticate
</label>
<button onclick="spInit()">Init</button>
<br>
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>

<script>
     // Load the SDK asynchronously
     ( function ( d, s, id ) {
         if ( d.getElementById ( id ) ) return;
         let js, fjs = d.getElementsByTagName ( s )[ 0 ];
         js = d.createElement ( s );
         js.id = id;
         js.src = "https://app.shuftipro.com/biometric/sdk/shuftipro.min.js";
         fjs.parentNode.insertBefore ( js, fjs );
     } ( document, 'script', 'shuftipro-jssdk' ) );


    spInit = function () {
        let email = document.getElementById ( 'email' ).value;
        let request_type = document.querySelector ( 'input[name="request_type"]:checked' ).value;

        fetch ( 'https://api.shuftipro.com/biometric/auth', {
            headers : {
                'Authorization' : `Basic ${ btoa ( '22f1d49c01e52ddb7875b4b:E08UVMDwFnCiqtu338JH' ) }`,
                'Accept' : 'application/json',
                'Content-Type' : 'application/json'
            },
            body : JSON.stringify ( {
                "webhook_url" : "https://api.shuftipro.com/biometric/test",
                "reference" : Math.random ().toString ( 36 ).substring ( 4 ),
                "request_type" : request_type,
                "language"     : "EN",
                "document" : 1,
                "phone" : 1,
                "question" : 1,
                "email" : email
            } ),
            mode : 'cors',
            method : "POST"
        } )
        .then ( res => res.json () ).then ( data => {

            if ( data.error !== "" ) {
                alert ( data.error.message );
                return;
            }

            let callback = function (response) { 
                console.log ( response ) 
            };

            SP.init ( callback, data.access_token )

        } );
    }

</script>
</body>
</html>


This code will load and initialize the JavaScript SDK in your HTML page. It is advised to not put the Client Credentials in your javascript code. Make a server to server request to get the access_token. We use JavaScript Fetch method to request our server, and then make server to server request to get the SDK access_token. Use the example on the right for guidance.

Example

In order to initialize the SDK, we use these tags:

input id="email" placeholder="Email..." type="email"> <label> <input name="request_type" type="radio" value="enroll"> Enroll </label> <label> <input name="request_type" type="radio" value="authenticate" checked> Authenticate </label> <button onclick="spInit()">Init</button> <br> <iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>

And a script tag to load the SDK asynchronously with a call to SP's server for access token and Initialize the SDK with the access token.

Appendix

Responses

Sample Response

Content-Type: application/json

{
    "access_token": "474f51710fb60fdf9688f44ea0345eda28a9f55212a83266fb5d237babff2"
    "reference":"17374217",
    "event":"request.pending",
    "verification_url":"https://app.shuftipro.com/biometric/verification/474f51710fb60fdf9688f44ea0345eda28a9f55212a83266fb5d237babff2"
}

The Shufti Pro SDK will send you two types of responses if a request is made. First is the HTTP response sent against your request, and the second is the webhook response. Both HTTP and webhook responses will be in the JSON format with header application/json The response header also includes a key Signature. This key is used for validating the source of response. Be sure to validate the request by generating signature and matching it with Signature value from the response header.

Verification Response

Responses will contain the following parameters:

Parameters Description
reference Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made.
events This is the request event which shows status of request. Event is changed in every response. Please consult Events for more information.
error Whenever there is an error in your request, this parameter will have the details of that error.
token This is the unique request token of the request.
verification_url A URL is generated for your customer to verify there documents. It is only generated in case of on-site request.
verification_result It is only returned in case of a valid verification. This includes results of each verification.
1 means accepted
0 means declined
null means not processed
Check verification.accepted and verification.declined responses in Events section for a sample response.
verification_data It is only returned in case of a valid verification. This object will include the all the gathered data in a request process. Check verification.accepted and verification.declined responses in Events section for a sample response.
info This object will be returned in case of verification.accepted or verification.declined. It contains the following keys:
Agent provides information about the device and browser of the end-user.
Geolocation provides information about the geographical location of the end-user.
For Details on info object go to INFO
declined_reason This parameter will have the reason due to which a verification has been declined, and is only returned in this case in the callback URL.
declined_codes This array contains status codes of all declined verification reasons. It will return only for verification.declined.
services_declined_codes This object contains status codes of declined reasons for each service separately. Each service object will contain an array of status codes for declined reasons specific to that service. It will return only for verification. declined.

Status Response

Sample Response



Content-Type: application/json


Signature: NmI4NmIyNzNmZjM0ZmNl

{
    "reference" : "17374217",
    "event"     : "verification.accepted",
    "proof"     : {
        "face": {
            "proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/face/proof.png?access_token=1a6c9985e88051092b31d62d043"
        },
        "document": {
            "proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/document/proof.png?access_token=1a6c9985e88051092b31d62d043"
        },
        "verification_video":"https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/video/video.mp4?access_token=3242f486e3346db90f442c9ac06a4ad1771ead3c" 
    },
    "verification_data": {
        "document": {
            "issue_date": "1990-01-01",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card"
            ]
        },
    },
    "verification_result": {
        "document": {
            "issue_date": 1,
            "document_visibility": 1,
            "document_must_not_be_expired": 1,
            "document": 1,
            "document_country": 1,
            "selected_type": 1
        },
        "face": 1
    },
    "info": {
        "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        },
        "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }
    }
}

The Shufti Pro Verification API will send a JSON response if a status request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.

Parameters Description
reference Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made.
event This is the request event which shows status of request. Event is changed in every response.
Please consult Events for more information.
proof This contains all the proofs that were used to verify data. The Proof URLs returned are temporary and valid for 15 minutes only.
Note: verification_video It contains the video URL and will be returned only for the video recorded on-site.
verification_data This contains all the data used for verification. This will only be returned in case of verification.accepted or verification.declined.
verification_result This is the complete result of the verification. 1 stands for verified, 0 for not verified and null for no verification performed. This will only be returned in case of verification.accepted or verification.declined.
info This object will be returned in case of verification.accepted or verification.declined. It contains the following keys:
Agent provides information about the device and browser of the end-user.
Geolocation provides information about the geographical location of the end-user.
For Details on info object go to INFO
declined_reason This key will only be returned when event is verification.declined. This will contain the reason why verification was declined.
declined_codes This array contains status codes of all declined verification reasons. It will return only for verification.declined.
services_declined_codes This object contains status codes of declined reasons for each service separately. Each service object will contain an array of status codes for declined reasons specific to that service. It will return only for verification. declined.

Delete Request Response

Sample Response

Content-Type: application/json


Signature: NmI4NmIyNzNmZjM0ZmNl

{
    "reference": "17374217",
    "event": "request.deleted"
}

The Shufti Pro Verification API will send a JSON response if a delete request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.

Parameters Description
reference Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made.
event This is the request event which shows status of request. Event is changed in every response.

Please consult Events for more information.

Response Signature

Every HTTP and Callback responses will be in application/json with a key Signature in the header. It can be used to validate the source of the request. Make a signature using the following procedure:

  1. Concatinate Secret Key at the end of the raw response string. (i.e. response + secret_key).
  2. Take SHA256 of concatinated string.
  3. Match the SHA256 string with Signature value from the header of the response.

In short, make signature as hash('sha256', response . your_secret_key) and match it with the signature provided in the header in Signature key.

Access Token Response

Responses will contain the following parameters:

Parameters Description
reference Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made.
events This is the request event which shows status of request. Event is changed in every response. Please consult Events for more information.
error Whenever there is an error in your request, this parameter will have the details of that error.
access_token This is the unique access token of the request.
verification_url A URL is generated for your customer to verify their documents.
verification_result It is only returned in case of a valid verification. This includes results of each verification.
1 means accepted
0 means declined
null means not processed
Check verification.accepted and verification.declined responses in Events section for a sample response.
verification_data It is only returned in case of a valid verification. This object will include the all the gathered data in a request process. Check verification.accepted and verification.declined responses in Events section for a sample response.
declined_reason This parameter will have the reason due to which a verification has been declined, and is only returned in this case in the webhook URL.
declined_codes This array contains status codes of all declined verification reasons. It will return only for verification.declined.
services_declined_codes This object contains status codes of declined reasons for each service separately. Each service object will contain an array of status codes for declined reasons specific to that service. It will return only for verification. declined.

Callback method Response

Sample Response

{
    "status": "Enrolled"
    "reason":"face",
}

Responses will contain the following parameters:

Parameters Description
status This is the request status. Status is changed in every response.Please consult Callback Method Status for more information.
reason This parameter will have the reason due to which a verification has been declined.

Response Signature

Every HTTP and Callback responses will be in application/json with a key Signature in the header. It can be used to validate the source of the request. Make a signature using the following procedure:

  1. Concatinate Secret Key at the end of the raw response string. (i.e. response + secret_key).
  2. Take SHA256 of concatinated string.
  3. Match the SHA256 string with Signature value from the header of the response.

In short, make signature as hash('sha256', response . your_secret_key) and match it with the signature provided in the header in Signature key.

HTTP Status Codes and Events

Shufti Pro SDK uses conventional HTTP response codes. Go to Status Codes for the complete list. Events are sent in responses which show the status of request. These events are sent in both HTTP and webhook responses. Please consult Events for a complete list of events.

Status Codes

Shufti Pro SDK uses conventional HTTP response codes to indicate the success or failure of an API request. Every response is generated in JSON with a specific HTTP code.

HTTP Codes

Following is a list of HTTP codes which are generated in responses by Shufti Pro Verification API.

HTTP code HTTP message Message
200 OK success
400 Bad Request bad request: one or more parameter is invalid or missing
401 Unauthorized unauthorized: invalid signature key provided in the request
402 Request Failed invalid request data: missing required parameters
403 Forbidden forbidden: service not allowed
404 Not Found resource not found
409 Conflict conflicting data: already exists
500 Server Error internal server error
429 Too Many Requests Too Many Attempts.

Response Events

Events are sent in responses which show the status of request. These events are sent in both HTTP and callback responses.

request.pending

{
    "reference": "17374217",
    "event": "request.pending",
    "verification_url": "https://app.shuftipro.com/biometric/verification/ATt6HmlXbK7My50frDjKfuip9Vg9UToulg5Elw8pXcFUgVhOAcWdrwMjIsC04tie",
    "email": "johndoe@example.com",
    "country": "GB"
}

request.invalid

{
    "reference": "17374217",
    "event": "request.invalid",
    "error": {
        "service": "document",
        "key": "dob",
        "message": "The dob does not match the format Y-m-d."
    },
    "email": null,
    "country": null"
}

request.cancelled

{
    "reference": "17374217",
    "event": "request.cancelled",
    "error": ""
}

request.timeout

{
    "reference": "17374217",
    "event": "request.timeout",
    "error": ""
}

request.unauthorized

{
    "reference": "",
    "event": "request.unauthorized",
    "error": {
        "service": "",
        "key": "",
        "message": "Authorization keys are missing/invalid."
    },
    "email": null,
    "country": null"
}

verification.status.changed

{
    "reference": "17374217",
    "event": "verification.status.changed"
}

verification.accepted

{
    "reference": "17374217",
    "event": "verification.accepted",
    "verification_result": {
        "document": {
            "name": 1,
            "dob": 1,
            "expiry_date": 1,
            "issue_date": 1,
            "document_number": 1,
            "document": 1
        },
        "address": {
            "name": 1,
            "full_address": 1
        }
    },
    "verification_data": {
        "document": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "dob": "1978-03-13",
            "issue_date": "2015-10-10",
            "expiry_date": "2025-12-31",
            "document_number": "1456-0989-5567-0909",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "driving_license",
                "passport"
            ]
        },
        "address": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "full_address": "3339 Maryland Avenue, Largo, Florida",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "bank_statement"
            ]
        }
    },
    "info": {
        "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        },
        "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }
    }
}

verification.declined

{
    "reference": "95156124",
    "event": "verification.declined",
    "verification_result": {
        "document": {
            "name": 0,
            "dob": 1,
            "expiry_date": 1,
            "issue_date": 1,
            "document_number": 1,
            "document": null
        },
        "address": {
            "name": null,
            "full_address": null
        }
    },
    "verification_data": {
        "document": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "dob": "1978-03-13",
            "issue_date": "2015-10-10",
            "expiry_date": "2025-12-31",
            "document_number": "1456-0989-5567-0909",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "driving_license",
                "passport"
            ]
        },
        "address": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "full_address": "3339 Maryland Avenue, Largo, Florida",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "bank_statement"
            ]
        }
    },
    "info": {
        "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        },
        "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }
    },
    "declined_reason": "Name on the document doesn't match",
    "declined_codes":[
        "SPDR07",
        "SPDR06",
        "SPDR23"
    ],
    "services_declined_codes": {
        "document": [
            "SPDR13",
            "SPDR12"
        ],
        "address": [
            "SPDR22",
            "SPDR26"
        ],
        "face": [
            "SPDR01"
        ]
    }
}
Event description HTTP Response Webhook Response
request.pending Request parameters are valid and verification access token is generated. Yes Yes
request.invalid Request parameters provided in request are invalid. Yes Yes
verification.cancelled Request is cancelled by the user. This event occurs when end-user disagrees to terms and conditions before starting verifications. Yes Yes
request.timeout Request has timed out after a specific period of time.
The onsite request will Time Out after 60 minutes.
No Yes
request.unauthorized Request is unauthorized. The information provided in authorization header is invalid. Yes No
verification.status.changed Request status has been updated. No Yes
verification.accepted Request was valid and accepted after verification. No Yes
verification.declined Request was valid and declined after verification. No Yes

Callback Method Status

Event description
Verification Cancelled Request is cancelled by the user. This event occurs when end-user disagrees to terms and conditions before starting verifications or closes the verification modal.
Enrolled Request was valid and accepted after verification ,with request_type enroll.
Authenticated Request was valid and accepted after verification , with request_type authenticate .
Declined Request was valid and declined after verification ,with request_type enroll.
Unauthenticated Request was valid and declined after verification , with request_type authenticate .

Declined Reasons

Face

Description
Face is not verified.
Face not found on document
Image is altered or photoshopped
Image found on web

Document

Description
Document originality not verified.
Name in the document didn't match.
DOB in the document didn't match.
Expiry Date in the document didn't match.
Issue date in the document didn't match.
Document Number in the document didn't match.
Document originality is not verified.
Document country is not verified.
Document is not one of the Selected Types(s).
Age not Verified.
Face on Document not matched with face image
document has expired.
Document not clearly visible.
Face not found on document
Image found on web
Image is altered or photoshopped
Proof and Additional Proof does not belong to the same document

phone_number

Description
Phone number is not verified.

Declined Status Code

Face Status Codes

Status Code Description
SPDR01 Face could not be verified
SPDR19 Face not found on the document
SPDR03 Image is altered or photoshopped
SPDR04 Copy of the image found on web

Document Status Code

Status Code Description
SPDR02 Image of the face not found on the document
SPDR06 Document originality could not be verified
SPDR07 Name on the document doesn't match
SPDR08 DOB on the document doesn't match
SPDR16 Expiry date on the document doesn't match
SPDR10 Issue date on the document doesn't match
SPDR09 Date on the document doesn't match
SPDR11 Number on the document doesn't match
SPDR12 Country on the document could not be verified
SPDR13 Document doesn't match the provided options
SPDR14 Age could not be verified
SPDR15 Face on the document doesn't match with camera image
SPDR17 Document has expired
SPDR18 Document is not clearly displayed
SPDR19 Face not found on the document
SPDR03 Image is altered or photoshopped
SPDR04 Copy of the image found on web
SPDR21 Proof and Additional Proof are of different documents

phone_number Status Code

Status Code Description
SPDR35 Phone number could not be verified

Supported Browsers and Devices

In case of on-site verification, a verification page is shown to users. This page is supported on the following list of browsers.

Browsers Minimum Version/SDK
Chrome (Recommended) 65
Firefox (Recommended) 58
Safari 8
Opera 52
Internet Explorer 11
Edge 16

Here a list of supported operating systems on mobile devices.

Mobile OS Minimum Version/SDK
Android 6.0 (Marshmallow)
iOS 10

Rate Limiting

Production Account

For the production account, Shufti Pro allows 60 requests per min. This limit is per IP.

Trial Account

For the trial account, Shufti Pro allows 3 requests per minute. This limit is per account.

Supported Languages

Shufti Pro offers worldwide language coverage. Use the appropriate language code from below list.

Country Name Language Code
Afrikaans AF
Albanian SQ
Amharic AM
Arabic AR
Armenian HY
Azerbaijani AZ
Basque EU
Belarusian BE
Bengali BN
Bosnian BS
Bulgarian BG
Burmese MY
Catalan CA
Chichewa NY
Chinese ZH
Corsican CO
Croatian HR
Czech CS
Danish DA
Dutch NL
English EN
Esperanto EO
Estonian ET
Filipino TL
Finnish FI
French FR
Frisian FY
Galician GL
Georgian KA
German DE
Greek (modern) EL
Gujarati GU
Haitian, Haitian Creole HT
Hausa HA
Hebrew (modern) HE
Hindi HI
Hungarian HU
Indonesian ID
Irish GA
Igbo IG
Icelandic IS
Italian IT
Japanese JA
Javanese JV
Kannada KN
Kazakh KK
Khmer KM
Kirghiz, Kyrgyz KY
Korean KO
Kurdish KU
Latin LA
Luxembourgish, Letzeburgesch LB
Lao LO
Lithuanian LT
Latvian LV
Macedonian MK
Malagasy MG
Malay MS
Malayalam ML
Maltese MT
Maori MI
Marathi MR
Mongolian MN
Nepali NE
Norwegian NO
Punjabi PA
Persian FA
Polish PL
Pashto PS
Portuguese PT
Romanian RO
Russian RU
Sindhi SD
Samoan SM
Serbian SR
Scottish Gaelic GD
Shona SN
Sinhala SI
Slovak SK
Slovenian SL
Somali SO
Sesotho ST
Spanish ES
Sundanese SU
Swahili SW
Swedish SV
Tamil TA
Telugu TE
Tajik TG
Thai TH
Turkish TR
Ukrainian UK
Urdu UR
Uzbek UZ
Vietnamese VI
Welsh CY
Xhosa XH
Yiddish YI
Yoruba YO
Zulu ZU

Revision History

Date Description
20 Nov 2020 Added New key services_declined_codes in Verification Response.
04 Nov 2020 Updated declined reasons.
04 Nov 2020 Added New Paremeter verification_instructions in document, document_two and address service.
21 Sep 2020 Added allow_retry in verification request.
18 Sep 2020 Added allow_na_ocr_inputs in verification request.
08 Sep 2020 Added ttl in verification request.
20 Jul 2020 consent service sample object and test IDs updated.
14 Jul 2020 callback_url parameter made optional.
16 June 2020 Added New Supported type cpr_smart_card_reader_copy for Address service.
15 June 2020 Added full_name key to name object for background checks service.
11 June 2020 Added decline_on_single_step in verification request.
10 June 2020 Added gender key for document and document_two service.
19 May 2020 Added subscription plan details to account info Response.
08 May 2020 Added Country Key to Status Responses.
05 May 2020 Increased max length of AML for Business Name from 64 to 255.
16 Apr 2020 business_incorporation_date in AML for Businesses service made optional.
08 Apr 2020 Added video KYC documentation.
07 Apr 2020 Added backside_proof_required parameter.
27 Mar 2020 Updated Api urls.
26 Mar 2020 Added Api flow charts.
04 Mar 2020 Temporary access token introduced.
31 Dec 2019 Added allow_online in verification request.
31 Dec 2019 Biometric SDK documentation added.
24 Dec 2019 Added "fetch_enhanced_data" key from Enhanced data extraction for document and document_two service.
24 Dec 2019 Removed "allowed_offline" key from address service request object.
24 Dec 2019 Updated declined reasons.
25 Nov 2019 Added verification_video in status response end-point, inside proof key. Returned only if on-site video is recorded.
25 Nov 2019 Added KYC Request Instructions for onsite and offisite verification
18 Nov 2019 HTTP status code updated.
14 Nov 2019 Request status response sample updated.
11 Nov 2019 updated KYB request response
31 Oct 2019 Introduced new service Know Your business (KYB).
24 Oct 2019 Introduced new service for Businesses AML checks(AML for Businesses).
10 Oct 2019 Updated Onsite verification javascript code.
09 Oct 2019 Added the show_feedback_form in verification request.
24 Sep 2019 Added declined_codes in verification response, for all accounts.
11 Sep 2019 Old declined reason added in appendix.
09 Sep 2019 Added declined_codes in verification response. Note: This Feature is currently available for trial accounts and will be available for production accounts from "24 Sep 2019"
09 Sep 2019 Declined reasons description updated and added status code for each reason.
27 Aug 2019 Added full_name key to name object.
20 Jul 2019 Updated declined reasons.
20 Jul 2019 Added request time out time.
16 Jul 2019 Added Ongoing in Background checks.
15 Jul 2019 Added info object key in responses date has been extended to 18 Jul 2019.
04 Jul 2019 Added info object key in responses just in API documentation. (Shufti Pro API will send this object in response from 15 Jul 2019 )
04 Jul 2019 Added declined reasons for document, document two and address services.
02 Jul 2019 Added Rate Limiting for requests.
12 June 2019 Added Document Two Service for verification.
24 May 2019 Update declined reason.
22 May 2019 Added with_face key in consent service.
03 May 2019 Added Declined Reasons of verificatiton Request.
16 Apr 2019 Added Fuzzy match in Background checks.
09 Apr 2019 Added a new endpoint /api/account/info/ to get account info.
05 Apr 2019 country key updated.
11 Mar 2019 1. Added new params verification_data, verification_result and declined_reason in verification status endpoint.
2. Added a new event request.received
07 Mar 2019 Added issue_date key in address service request parameters.
20 Feb 2019 Added selected_type key in address, document, consent services webhook/callback response.
19 Feb 2019 1. Added show_consent and show_privacy_policy parameters in verification request.
2. Added address_fuzzy_match parameter in address service.
3. Added allow_offline parameter in face, document, address and consent services.
18 Feb 2019 Signature key added into SP Http, Callback headers for signature validation.
28 Jan 2019 1. Added a new endpoint /api/delete to delete a request data.
2. Added a new event request.deleted which is returned whenever a request is deleted.
3. Status response now returns proofs also.
4. Added show_results key in request which allows end-users to see verification results.
24 Jan 2019 Added a new callback with event verification.status.changed. It is sent to clients whenever a verification status is updated.
21 Dec 2018 Corrected the get status request url.
20 Dec 2018 Corrected verification.cancelled event name from events listing.
06 Dec 2018 Minimum characters limit is set to 1 for first, middle and last name.
29 Nov 2018 Updated POSTMAN collection link, removed format key and added supported_types key for consent service in POSTMAN collection.
26 Nov 2018 Added allow_offline key in request parameters.
29 Oct 2018 Allowed PDF documents as proofs in image_only and any verification modes.
29 Oct 2018 Changed format key to Supported_types in consent Service.
22 Oct 2018 Added declined reason key in response.
17 Oct 2018 Updated Test IDs for demo/test verifications.
09 Oct 2018 1. Last name field made optional in all name objects.
2. Added signature in response headers to validate the source of responses.