Important

The blueprints and code samples provided in this section are for reference and demonstration purposes only, delivered on an "as-is" basis. While these resources help illustrate how to connect Veridas services with third-party platforms, the final implementation, testing, and ongoing maintenance are the sole responsibility of the client. Our team does not guarantee continuous updates, long-term compatibility, or dedicated technical support for these sample integrations.

Agent

Genesys Cloud Voice Authentication agent based solution is based on a Web Component. This component is the Genesys Cloud Voice Authentication Web Component and includes all the UI and logic necessary to integrate with the following Veridas services:

• VSS (Veridas Streaming Service): for receiving and processing audio from Genesys Cloud Audiohook.
• VCSP (Veridas Credential Service Provider): for generating, storing, and managing biometric credentials and handling authentication.

Distributables

To build Genesys Cloud Voice Authentication agent based solution, Genesys Cloud Voice Authentication Web Component must be served from a web service so Genesys Cloud can reach it when setting the corresponding interaction widget (see image above).

Since Genesys Cloud does not host websites themselves, the customer must create their own web service to serve the Genesys Cloud Voice Authentication Web Component. To facilitate this integration, Veridas provides, as part of the Genesys Cloud Voice Authentication agent based solution, a Docker image that already contains a web service (Flask + Gunicorn) and serves the Genesys Cloud Voice Authentication Web Component. This image is known as the Genesys Cloud Voice Authentication Server.

Important

Genesys Cloud Voice Authentication Server can be run in any host. It's customers responsibility to deploy this image to the cloud server from which they want to host the web service and surround it with the cloud infrastructure they consider appropriate.

Important

Genesys Cloud Voice Authentication Web Component has predefined behavior and is not customizable. If any behavior needs to be customized, that work must be undertaken by the client. In that case, contact with Veridas to obtain access to the source code to start your own customization.

As part of the solution distributable, alongside the Genesys Cloud Voice Authentication Server, Veridas also provides the following parameters:

• VERIDAS_BASE_URL: The base URL of the Veridas production environment services that the integration should point to.
• VERIDAS_CLIENT_ID: OAuth2 Client ID for authenticating with Veridas services.
• VERIDAS_CLIENT_SECRET: OAuth2 Client Secret for authenticating with Veridas services.
• VERIDAS_APIKEY: API Key for authenticating with Veridas services.

Integration steps

Prerequisites

This section assumes the following:

• The customer/integrator has a Genesys Cloud account and possesses platform administration knowledge. No details regarding Genesys Cloud administration are provided here. In case of any doubts, it is recommended to consult the official Genesys Cloud documentation.
• There exists an already created in-queue flow and at least one user/agent assigned to the queue so it can handle call interactions.

1. Create a Genesys Cloud OAuth Client

Veridas Genesys Cloud Voice Authentication Web Component requires access to customers Genesys Cloud environment in order to receive calls, get agent/customer status or read notifications. Thus, a new OAuth Client must be created for this integration. Fill in with the following (other information can be left with default values):

• App Name: Voice Authentication OAuth Client
• Grant Type: Token Implicit Grant (Browser)
• Authorized redirect URIs: <CUSTOMER_HOST_URI>
• Scope: analytics conversations notifications user-basic-info

Lastly, copy the generated Client ID (GENESYS_CLIENT_ID).

Important

CUSTOMER_HOST_URI redirect URI must be the URI where customer hosts its own web service. Otherwise you'll get an unauthorized error from Genesys Cloud.

Note

Check how Scope parameter is filled in with those permissions required by Veridas Genesys Cloud Voice Authentication Web Component to work propperly.

2. Create an Audiohook integration

Audio must be sent to Veridas during a call. This is not automatically done by Genesys Cloud Voice Authentication Web Component. Due to the way Genesys Cloud works, this audio must be sent using the AudioHook protocol specification by creating an Audiohook integration. Just fill in the following (other information can be left with default values):

• Details:
  • Integration Name: Voice Authentication Audiohook
• Configuration:
  • Properties:
    • Connection URI: <VERIDAS_BASE_URL>/vss/api/v1/streams/audiohook
    • Channel: external
  • Credentials:
    • API Key: <VERIDAS_APIKEY>

With this, when a call is established, Genesys Cloud will send the audio to Veridas using the AudioHook protocol by creating an audiohook stream in VSS. You don’t need to worry about anything else.

Important

Veridas only collects audio from the AudioHook connection while it is needed during a registration or authentication. Veridas uses the pause and resume messages to pause and resume the audio transmission as necessary. This is important since as stated in Audiohook pricing documentation: "Genesys does not bill customers during pauses during the streaming session, including pauses during voice transcription, customer-initiated pauses from the AudioHook server, or when the server is disabled."

3. Create an Interaction Widget integration

A new Interaction Widget integration must be created so that when agents handle a call, they can see a new tab with the voice authentication widget containing the Genesys Cloud Voice Authentication Web Component and access its functionality. Fill in with the following information (other information can be left with default values):

• Details: - Integration Name: Voice Authentication
• Configuration:
  • Properties:
    • Application URL: <CUSTOMER_HOST_URI>?langTag={{ gcLangTag }}&gcTargetEnv={{ gcTargetEnv }}&gcHostOrigin={{ gcHostOrigin }}&conversationId={{ gcConversationId }}&usePopupAuth={{ gcUsePopupAuth }}&pcEnvironment={{ pcEnvironment }}&gcConversationId={{ gcConversationId }}
    • Iframe Sandbox Options: allow-scripts,allow-same-origin,allow-forms
    • Group filtering: <GROUP_NAME>*
    • Communication Type Filtering: call
  • Advanced:

    {
        "lifecycle": {
                "ephemeral": false,
                "hooks": {
                "blur": true,
                "focus": true,
                "bootstrap": true,
                "stop": true
            }
        },
        "icon": {
            "vector": "<CUSTOMER_HOST_URI>/veridas_logo.png"
        }
    }
    

* Interaction widget must be assigned at least to one existing group so group members can see the application. Otherwise application is hidden. User/agents that are required to use the widget must be assigned to this group/s. Additionally, queue filtering can be configured.

Click Save and Activate.

After this, a new application tab will appear within the agent interactions control bar with the voice authentication widget. However, since there's no web service available yet, an error will be returned.

Note

Note how Application URL points to customer web service URL. Query parameters included in the URL are sent by Genesys Cloud and they're used by Genesys Cloud Voice Authentication Web Component to configure itself. Also vector property is pointing to <CUSTOMER_HOST_URI> which hosts Veridas logo that is shown in agent interactions control bar.

Note

Note how vector property is filled in with <CUSTOMER_HOST_URI>/veridas_logo.png since veridas_logo.png is already served by Genesys Cloud Voice Authentication Server. This logo is used by Genesys Cloud when showing the interaction widget within agent's panel.

4. Run docker image

As a prerequisite, you must have Docker installed on the machine where the Genesys Cloud Voice Authentication Server docker image will be run.

Once Docker is installed you can import the corresponding image in your local docker image repository by loading the distributed tar file:

docker load -i genesys-cloud-voice-authentication-server.tar

The docker image includes a web server with Flask + Gunicorn running on port 80. Additionally, it includes the following environment variables, which allow configuring the behavior of the WC. Please, make sure to set these environment variables before running the docker image.

Environment variable	default	description
GENESYS_CLIENT_ID		GENESYS_CLIENT_ID generated during integration step 1 used to authenticate with Genesys Cloud.
VERIDAS_BASE_URL		VERIDAS_BASE_URL provided by Veridas as part of the distributable used to access production environment.
VERIDAS_CLIENT_ID		VERIDAS_CLIENT_ID provided by Veridas as part of the distributable used to authenticate within Veridas Cloud.
VERIDAS_CLIENT_SECRET		VERIDAS_CLIENT_SECRET provided by Veridas as part of the distributable used to authenticate within Veridas Cloud.
REGISTER_NET_SPEECH_DURATION	5	Audio seconds required for a registration process.
VERIFY_NET_SPEECH_DURATION	5	Audio seconds required for an authentication process.
REGISTER_AUTHENTICITY_THRESHOLD	0.8	Threshold below which a registration is considered spoof*.
VERIFY_AUTHENTICITY_THRESHOLD	0.8	Threshold below which an authentication is considered spoof*.
BIOMETRIC_THRESHOLD	0.8	Threshold below which an authentication is considered unsuccessful*.

* Check voice biometry performance report.

To run docker image, you can run it using docker run by specifying environment variables (-e) and publishing port 80 (-p 80:80):

docker run -p 80:80 -e GENESYS_CLIENT_ID=<GENESYS_CLIENT_ID> -e VERIDAS_BASE_URL=<VERIDAS_BASE_URL> -e VERIDAS_CLIENT_ID=<VERIDAS_CLIENT_ID> -e VERIDAS_CLIENT_SECRET=<VERIDAS_CLIENT_SECRET> genesys-cloud-voice-authentication-server:latest

Alternatively, you can also use docker compose if it's clearier or easier for you:

version: '3.8'
services:
  genesys-cloud-voice-authentication-server:
    image: genesys-cloud-voice-authentication-server:latest
    ports:
      - "80:80"
    environment:
        - GENESYS_CLIENT_ID=<GENESYS_CLIENT_ID>
        - VERIDAS_BASE_URL=<VERIDAS_BASE_URL>
        - VERIDAS_CLIENT_ID=<VERIDAS_CLIENT_ID>
        - VERIDAS_CLIENT_SECRET=<VERIDAS_CLIENT_SECRET>

After starting the image, you will see the corresponding Gunicorn logs, indicating that the server started successfully.

[2025-09-29 06:41:17 +0000] [1] [INFO] Starting gunicorn 23.0.0
[2025-09-29 06:41:17 +0000] [1] [INFO] Listening at: http://0.0.0.0:80 (1)
[2025-09-29 06:41:17 +0000] [1] [INFO] Using worker: sync
[2025-09-29 06:41:17 +0000] [7] [INFO] Booting worker with pid: 7
[2025-09-29 06:41:17 +0000] [8] [INFO] Booting worker with pid: 8
[2025-09-29 06:41:17 +0000] [9] [INFO] Booting worker with pid: 9
[2025-09-29 06:41:17 +0000] [10] [INFO] Booting worker with pid: 10

Now, a user agent can access to the Genesys Cloud agent interactions panel and start using Genesys Cloud Voice Authentication Web Component during a call interaction.

Usage

Genesys Cloud Voice Authentication Web Component offers to the agent user registration/verification capabilities.

Upon successful integration, Genesys Cloud Voice Authentication Web Component will appear within platform's agent panel for an existing call.

Register a user

Any agent can start a registration process for a calling user using voice from interaction call just by pressing Register User button. This will create a session in VSS (using the stream from the Audiohook integration) and the agent will receive feedback of the progress of the session. Once enough voice has been collected, an enrollment request will be performed against VCSP, which will store the credential for future identifications based on the specified subject_id:

Upon successful registration, agent will receive a notification and a green tick icon will be displayed.

When an audio is marked as spoof (based on authenticity_threshold) during registration, a warning message will be displayed.

Important

Caller ANI number is used as default subjectId. This is the default behavior and can't be changed by the customer unless it creates its own solution.

Authenticate a user

When an agent receives a call from a user that was previously registered, then Authenticate User button will be displayed:

Any agent can start an authentication process for a calling user using voice from interaction call just by pressing Authenticate User button. This will create a session in VSS and the agent will receive feedback of the progress of the session. Once enough voice has been collected, a 1:1 matching request will be performed against VCSP using the previously registered subject_id:

Upon successful authentication, agent will receive a notification and a green tick icon will be displayed.

Upon unsuccessful authentication, agent will receive a notification and a red cross icon will be displayed.

When an audio is marked as spoof (based on authenticity_threshold) during authentication, a warning message will be displayed.

Delete a user

During an interaction, an agent can delete a user if already registered just by pressing Delete User trash icon button. A popup will be displayed for confirmation.

After confirmation, a delete account request will be performed against VCSP to remove existing subject_id account.

Errors

If any error is detected during the usage of the application, an error message will be displayed. For more details about the specific error, check browser console.