This is an introduction to the Onfido product and technology.
This guide will:
- provide an overview of the Onfido API, check creation and the available report types
- introduce the Onfido input-capture SDK(s)
- explain the key terms in Onfido's identity verification technology
You'll find more detailed information about integrating with Onfido in our 'Get started integrating' guide.
The Onfido API allows you to submit verification checks programmatically, and is based on REST principles. It uses standard HTTP response codes and verbs, and token-based authentication.
By default, verification checks using the Onfido API have the following basic workflow:
- An applicant is created.
- Documents and images are uploaded to the applicant object (if required).
- A check is constructed consisting of one or more reports.
The report(s) included in a verification check will depend on the type of check you want to complete. Onfido offers the following report options in API v3 and above:
|Document||A Document report checks if an identity document uploaded by an applicant is genuine. It is composed of data integrity, visual authenticity and police record checks, which check the document's internal and external consistency to identify potential discrepancies. The Document report combines software and an expert team to maximise fraud detection.|
|Facial Similarity||A Facial Similarity report compares a selfie or video provided by an applicant to the photo in the most recent identity document they have provided. It aims to prove identity document ownership, so that only the owner of the identity document can use it to verify their identity and access services. Onfido offers 3 types of Facial Similarity report: Photo, Photo Fully Auto and Video.|
|Known Faces||A Known Faces report compares a specific applicant’s likeness in their most recent live photo or live video to live photos and live videos from the last 250k applicants in your Onfido account database. It alerts you to faces which have already been through your identity verification flow, so you can catch repeat identity fraud attempts, and help confused users who may have forgotten they already registered with you to recover their accounts.|
|Identity Enhanced||An Identity Enhanced report validates an applicant’s address, date of birth, name, and mortality (where applicable) by cross-referencing their details against a range of verified databases. It is typically used for "Know Your Customer" (KYC) purposes. For example, if you are providing a financial service.|
|Watchlist||A Watchlist report allows you to verify a user's records on global watchlists. Watchlists include Sanctions, Politically Exposed Persons (PEP), Monitored Lists, and Adverse Media. Onfido offers 5 types of Watchlist report: AML, Enhanced, Standard, Sanctions only and PEPs only.|
|Proof of Address||A Proof of Address (PoA) report validates an applicant's address using supported UK PoA documents uploaded by the applicant. (This report can only process UK PoA documents, unless you are using API v3.3 onwards).|
|Right to Work||A Right to Work report verifies a person has the right to work in the UK using copies of documents that would be accepted by the UK Home Office, based on up to date UK Visa and Immigration guidelines. (This report is only available for the UK).|
|Driver's License Data Verification (DLDV)||A DLDV report verifies the authenticity of an end user's document by comparing it against US state driver's license databases to confirm whether the data submitted corresponds to a real driver's license. This allows quick and accurate verification that a given driver's license is real, providing a strong signal against synthetic fraud. (This report is only available for the US documents).|
For report options in API v2, see this table.
Example flow for a check containing a Document report and a Facial Similarity Photo report:
For more details of how to create a check containing a Document report and a Facial Similarity report read our Quick Start: API v3 guide.
Onfido input-capture SDKs
The Onfido SDKs are a set of Software Development Kits that provide a secure, accessible document and face capture flow for your apps. They are optimized to help you successfully verify users in a way that is both fraud-proof and compliant.
The SDKs offer a number of benefits to help you create the best onboarding and identity verification experience for your customers:
- carefully designed UI to guide your customers through the entire photo and video-capture process
- modular design to help you seamlessly integrate the photo and video-capture process into your application flow
- advanced image quality detection technology to ensure the quality of the captured images meets the requirement of the Onfido identity verification process, guaranteeing the best success rate
- direct image upload to the Onfido service, to simplify integration*
* Note: the SDK is only responsible for capturing and uploading photos/videos. You still need to access the Onfido API to create and manage checks.
Build, manage, and deploy identity verification journeys with Onfido Studio. Onfido Studio enables you to select from Onfido’s curated library of verifications, build the ideal journey, and manage the capture and upload of user data in one place.
Onfido Studio offers a number of benefits including:
- Automated, smart decision making through no-code workflows
- Customized and flexible user verification flows
- Scalability to new markets and user requirements
In the Onfido API, an applicant is the representation of an end user.
An applicant is the individual who will be the subject of a check. Creating an applicant is the first step towards initiating a check. Without an applicant a check cannot be completed.
Required applicant data differs depending on report type within a check.
In the Onfido API a check is a request to carry out one or more reports on an applicant.
A check consists of one or more reports. A report cannot exist without a check to contain it. The outcome of a check is derived from the results of the individual reports that it contains.
In the Onfido API a report is a single verification request, such as a Document Report or Facial Similarity Photo report.
There are a number of different report types. Depending on the type of check you wish to perform, different information will be required when you create an applicant.
For example, to complete a check on an applicant with only a Document report, a document will be required, whereas to complete a check with both a Document report and a Facial Similarity Photo report, a document and a live photo will be required.
In the Onfido API, a document is the upload of a required document provided by an applicant.
Documents are associated with an applicant in the Onfido API. The type of document required depends on the individual reports which make up the check.
You can review our full list of supported documents.
In the Onfido API, a live photo is an image of the applicant’s face.
A live photo is required in order to perform a Facial Similarity Photo report on the applicant. A live photo is typically taken by an applicant at the same time as documents are provided.
In the Onfido API, a live video is footage of the applicant’s face, recorded and uploaded by the Onfido SDKs (iOS, Android or Web).
A live video is used to perform a Facial Similarity Video report on the applicant. During the video recording end users are asked to perform randomly generated actions. These include a combination of recital—i.e. saying 3 randomly generated digits—and movement, i.e. looking over their right or left shoulder.
A live video is typically taken by an applicant at the same time as documents or live photos are provided.
At Onfido, a face scan is a short interactive experience completed by an end user via the Onfido SDKs. A face scan requires the user to frame their face using the device camera and then move the device closer to capture the face again. A 3D facemap of the applicant’s face is then created based on the images captured during the scan.
A face scan is required in order to complete Face Authentication using the Onfido SDKs, and is taken by an applicant each time they re-verify their identity.