Plug & Play Onboarding¶
Happy Path¶
1. Previous steps to the ID proofing process
Terms acceptance (data treatment) Validate user contact details: email and/or sms Security Measures:
- Avoid DDoS using: Tokenized URLs & Captchas
- Rate limit to block multiple requests from the same IP
- Store credentials to connect with VeriSaaS in middleware.
- There is an authentication between frontside application and middleware
Process description and user recommendations Check that the browser used is supported by Veridas. If it's not supported, advise the user to use a compatible one. (providing a list of them)
2. Country and ID type selection
(Include a Country & Document selector)
Get info about available countries document types,geographical_area and required_document_sides
GET /available-types (filter_key=filter_value1,filter_value2) (set Version=2 in filter options)
3. Obtain an access token:
POST: https://XpressID_URL/api/v2/token
- Include in this call the Data parameter to Provide customization:
- Validation ID and Access Token (which has an expiration time) will be given at this moment
4. Embed XPressID in an Iframe with Access Token:
XPRESSID_URL/v2/?access_token=Token
- Launch it in full screen mode (recommended)
5. Xpress ID will start (with the configuration given) communicating directly with validas API in VeriSaaS
6. Add event listener during the validation:
ProcessCompleted - (Event sent by XpressID)
Option 1: (confirmed=YES)
- 7. Get validation data (OCR and scores): GET /validation
- 8. Get validation evidences. (obverse, reverse, cuts, selfie, selfie-Alive, video...). Store them, remember that Veridas does not keep them.
- Xpress ID confirms the validation process so that boi-das can download it.
- 10. Polling from boi-das to download all the confirmed validations and delete them. Store them, remember that Veridas does not keep them.
Option 2: (confirmed=NO)
- 7. Get validation data (OCR and scores): GET /validation
- 8. Get validation evidences. (obverse, reverse, cuts, selfie, selfie-Alive, video...). Store them, remember that Veridas does not keep them.
- 9. Confirm validation. PUT /confirmation
- 10. Polling from boi-das to download all the confirmed validations and delete them (if boidas is included). Store them, remember that Veridas does not keep them.
11. Define your business rules to accept, reject or review validations.
Provide customization¶
Check the following link for the whole list of configuration parameters.
-
operationMode: Mandatory.
XpressID offers four operation modes:
idv for conducting onboarding processes through a sequence of capture and configuration steps.
authentication mode allows users to verify their identity through a facial recognition comparison.
ageVerification mode verifies users' ages between 18 and 21 using facial recognition with or without additional document checks.
resume for resuming previously initiated idv processes that were left incomplete or have expired.
- platform: Mandatory
Necessary parameter perform the process/flow depends on the specific integration requirements and the desired level of customization. XpressID can be integrated with various platforms, see here.
- language: optional
This parameter allows the user to select the language in which the XpressID interface will be displayed. The default language is English. See the language options here.
-
flowSetup, Mandatory:
Necessary parameter that provides the flexibility to determine the stages that are required for the onboarding process, as well as customize the user interface (UI) and behavior settings for each stage. This allows for a tailored and personalized experience that aligns with the specific needs of the application or organization. See the flowSetup for each operation mode here.
- setup, optional:
This section provides the flexibility to customize the common views used throughout the onboarding process. See the setup for each operation mode here.
Alternative path¶
6 - (Events sent by XpressID):
Here you can find the whole list of events sent by XpressID Web.
-
Check the whole list of possible error events sent by XpressID Web.
If needed, download scores and evidences using validas cloud:
- 7. _Get validation data (OCR and scores): GET /validation
-
8. Get validation evidences. (obverse, reverse, cuts, selfie, selfie-Alive, video...)
Invite the user to repeat and finish the process up to a limited number of attempts, reminding again the recommendations.
Reload the iframe with a new token and therefore with a new validation id.
After the last try, provide the user an alternative method.
6 - Not finished processes.
Those validation processes that, having exceeded the time of the token (15 min), have not been notified by XpressID that they have finished.
Once the time of token has been exceeded and before the validation is automatically deleted by Veridas auto-cleaner process ( the time for Veridas Auto-cleaner is agreed with customer, typically 30 or 60 minutes), customers (if needed) can download scores and evidences using validas cloud:
- 7. _Get validation data (OCR and scores): GET /validation
- 8. Get validation evidences. (obverse, reverse, cuts, selfie, selfie-Alive, video...)
Invite the user to repeat and finish the process up to a limited number of attempts, reminding again the recommendations.
Reload the iframe with a new token and therefore with a new validation id.
After the last try, provide the user an alternative method.
7 - Final check. Validation scores below threshold:
-
if ValidationGlobalScore value is below recommended threshold, check particular scores according to your use case.
- Let the user repeat up to a limited number of times, starting a new process (Step 3) and reminding again the recommendations.
- Reload the iframe with a new token and therefore with a new validation id.
- After the last try, provide the user an alternative method.
Other alternative paths (Cancellations or abandons)¶
a) If the user cancels or abandons the validation process before being completed, there should be a mechanism to recover users and invite them to repeat it.
b) If the user abandons the journey in a step after the validation process, there should be a rescue process in place which offers the user to resume it from the point where it was left instead of starting over and repeating the validation process
User Recommendations¶
- Describe the process that the user is going to complete. It’s a one single time process that the user must understand in order to do it correctly.
- This process makes use of a camera. Please ensure the user knows it and provide access to it when requested.
- The light conditions should be good enough, recommended indoor places and no brightness.
- Recommend the use of mobile devices over desktop. Redirect to mobile if possible.
- Ensure the document is ready to be used in the process.
- The document used must be a valid one for the process. Displaying a list of valid documents for the process could help (specimens can be found here)
- The document used must be the original, no copies allowed. (General recommendation, maybe for particular situations can be allowed)
- The document used must be owned by the person doing the process.
- The document should not be expired and the person above the age required for the process. (General recommendation, maybe for particular situations can be different)
- When doing the selfie capture, verify that there is only one person behind the camera.
- When doing the selfie capture, verify that there are no objects covering the face.
Integration Review¶
The below document summarizes general recommendations/improvements, mandatory checks and several weak points an integration may have, so we strongly suggest paying special attention to them before moving forward as not doing so might cause issues in production.
Veridas Integration Review Document: Download