REST Endpoint Reference

Here you can find the description and guidance of how Actions can be validated by using AuthenticAction service Rest API.

Validate Session

POST /v1/validate

Validates the authenticated action. This request is usually made by the application backend to validate authenticity and correctness of the action requested by the client. A successful response specifies whether biometric and values were collected and matched and overall verification status of the Action.

This endpoing can also be used to enroll users to biometrics. Specify isEnrollment: true in the request body to use images captured during the session to create a biometric template assigned to the user.

Prerequisites:

An organization has been set in the AuthenticAction Service and you have been provided with the apiKey (Organization API Key) to perform AuthenticAction validations.

A session for AuthenticAction was initiated by the client with the designated ironvest-session-id.

CURL Example:

curl 'https://<Validation Endpoint>/v1/validate'
-H 'Content-Type: application/json'
-H 'apikey: <apiKey>'
--data-raw $'{ "cid": "<Client ID>", "csid": "<User Session ID>", "userID": "<User ID>", "action": "<action name>", "additionalData": {"sessionData":[{"key": "amount", "value": 35, "synonyms": ["amount"]}, {"key": "payeeID", "value": 6, "synonyms": ["payeeList"]}, {"key": "accountNumber", "value": "66666666", "synonyms": ["account_number"]}, {"key": "notes", "value": "Wire transfer", "synonyms": ["notes"]}]}}'
--compressed

CURL Example (with mTLS enabled endpoint)

curl -X POST —cert <path_to_the_certificate> —key <path_to_the_certificate_private_key> 'https://<Validation Endpoint>/v1/validate'
-H 'Content-Type: application/json'
-H 'apikey: <apiKey>'
--data-raw $'{ "cid": "<Client ID>", "csid": "<User Session ID>", "userID": "<User ID>", "action": "<action name>", "additionalData": {"sessionData":[{"key": "amount", "value": 35, "synonyms": ["amount"]}, {"key": "payeeID", "value": 6, "synonyms": ["payeeList"]}, {"key": "accountNumber", "value": "66666666", "synonyms": ["account_number"]}, {"key": "notes", "value": "Wire transfer", "synonyms": ["notes"]}]}}'
--compressed

Headers

Name

Type

Description

apiKey*

string

Authentication token.

Request Body

Name

Type

Description

cid*

String

Customer ID

csid*

String

Customer Session ID

userID*

String

User ID

action

String

Action name. Meaningful name for validation and presentation purposes.

additionalData*

Json

Activity related data. Example:

{

"sessionData":[{

"key":"amount",

"value":50,

"synonyms":["total"]}]

}

additionalData:sessionData*

Json list

List of form fields values, can be empty

isEnrollment

Bool

Supported starting version 2024-09-1 In case an active enrollment to biometrics is enforced, this flag indicates that the validate request is made in context of the enrollment and if the session is successful the user will be marked as enrolled.

The value specified in sessionData can be either string or decimal number. The value matching is agnostic to the type of the value used.

Response

The request was successfully processed. The results details are specified in the response body.

{
    "success": true,
    "verifiedAction": false,
    "indicators": {
        "iv_is_values_collected": true,
        "iv_is_values_match": true,
        "iv_values_match_details": {},
        "iv_is_biometrics_collected": false,
        "iv_is_biometrics_match": false,
        "iv_liveness": false,
        "iv_policy_violations": {
            "violations": [],
            "has_violations": false,
            "total_frames": 0,
            "verified_frames": 0
        },
        "iv_biometrics_info": [],
        "iv_user_enrolled": false,
        "idv_matching": false,
        "driverLicenseCollected": false,
        "idlive_liveness": false,
        "regular_liveness": false
    },
    "ivScore": 2000
}

Error message in response indicates application level error

{
  "errorMessage": "string"
}

{
    "success": false,
    "error": "relevant error message"
}

Successful response contains the following details:

verifiedAction - boolean, designates the overall verification status

indicators - object containing detailed validation information:

iv_is_values_collected - boolean, indicates if form field values were collected
iv_is_values_match - boolean, indicates if collected form field values matched expected values
iv_values_match_details - object, contains detailed information about value matching results
iv_is_biometrics_collected - boolean, indicates if biometric data was collected
iv_is_biometrics_match - boolean, indicates if collected biometric data matched
iv_liveness - boolean, indicates if liveness detection passed
iv_policy_violations - object containing policy violation details:
- violations - array of specific violations detected
- has_violations - boolean indicating if any violations were found
- total_frames - number of total frames analyzed
- verified_frames - number of frames that passed verification
iv_biometrics_info - array containing biometric collection information
iv_user_enrolled - boolean, indicates if user was actively enrolled in the system
idv_matching - boolean, indicates if identity document verification matching occurred
driverLicenseCollected - boolean, indicates if driver's license data was collected
idlive_liveness - boolean, indicates if ID liveness check passed
regular_liveness - boolean, indicates if standard liveness check passed

ivScore - numeric score representing the overall identity verification confidence level

One of the possible values for errorMassgae is "processing", indicating that data received during the activity has not been fully processed yet. If an optional "retryAfterMS" period is specified, a subsequent request should be issued after waiting for the specified period of time for higher probability of a final response.

{
  "errorMessage": "processing",
  "retryAfterMS": 50
}

PreviousThe AuthenticAction Data

Last updated 3 days ago