Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find everything related the REST APIs for using the by Unico integration method
In this section, you will find all available REST APIs for using the by Unico integration method
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find additional resources related to the by Unico integration method
Loading...
In this section, you will find the experience components that can be used with by Unico
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find everything related the REST APIs for using the by Client integration method
In this section, you will find all the available REST APIs for using the by Client integration method
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find additional resources related to the by Client integration method
Loading...
Loading...
Loading...
In this section, you will find all the technical specifications of the available SDKs from the Unico IDCloud platform
Loading...
Loading...
In this section, you will find all the necessary information to implement the SDKs of the Unico IDCloud platform
In this section, you will find all the necessary information to implement the Android SDK of the Unico IDCloud platform
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find all the necessary information to implement the Unico IDCloud platform's iOS SDK
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Nesta seção, você encontrará todas as informações necessárias pra implementar o SDK Flutter da plataforma Unico IDCloud
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find all the necessary information to implement the Web SDK of the Unico IDCloud platform
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find additional resources related to the SDK
Loading...
Loading...
Loading...
In this section, you will learn more about the integration methods of the Unico IDCloud platform
For companies that wish to have a partner to manage the user experience with best practices and privacy, as well as the ease of orchestrating flows with Unico's capabilities and automatic technology updates, such as SDKs.
With by Unico, you will have a team of security experts and UX design best practices to ensure the best possible conversion in your operation. It can be used responsively on both Desktop and Mobile. Offering the following usage possibilities:
Desktop
Webmobile
App mobile
Check out the end-user experience with by Unico in Messaging, Webview, and iFrame, respectively, in the tabs below:
For companies that wish to control the user experience with their own frontend, as well as build flows using Unico’s capabilities on the backend alongside other technologies and resources used for authentication.
With by Client, you have the freedom you need to create and manage the end-user journey as you see fit, leveraging the capabilities of the Unico IDCloud platform as necessary.
Check out the end-user selfie capture experience with by Client using Unico’s :
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find an overview of how to integrate with the Unico IDCloud platform
Regardless of the integration method you choose, the first step is . You must have a service account and perform OAuth2 authentication to obtain a valid access token.
Learn more in the section.
Understand the available on the Unico IDCloud platform and decide which ones you will utilize in your operation.
Learn more in the section.
Do you want the convenience of ? Or the freedom of?
Based on the you will use, define your integration method according to your operation and context.
Learn more in the section.
Opted for ?
and define where the end user's journey will take place.
Prefer to go with ?
Capture the end user's selfie using our and create a process.
To optimize your integration, you can use the and know when the result of your process is completed.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find instructions on how to create a service account to authenticate with the Unico IDCloud platform.
To use server-to-server interactions, you need to request the creation of a service account through the project manager responsible for your company by providing the following information: company name, application name, name, email, and phone number of the person responsible for the application within the company. Separate accounts are required for the Homologation and Production environments.
Once this information is received, a service account responsible for authenticating your application will be created, and an email will be sent to generate the key pair for the account.
A service account credential includes a unique account name, a company identifier (Tenant ID), and at least one key pair (public and private). After generating the keys, you will only receive the private key (a .key.pem file) along with the payload that must be used to construct the JWT. This payload will follow the format below:
If you need the public key to configure it in your system, contact the project manager responsible for your account. It is also possible to generate a public key using the following openssl command:
In this section, you will find which capabilities are available for each integration method of the Unico IDCloud platform
To meet the various use cases of your operation, the capabilities of IDCloud have different availability depending on the integration methods. Below, check out the table with all the usage possibilities, separated by integration method:
In each integration method, it is possible to combine various capabilities with each other. To learn more about the possible flows in each integration method, access the respective menus below:
For both integration methods, it is also possible to obtain the similarity response from Serpro.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Identity Verification
Risk Score
Behavior Alert
Liveness
Validation (1:1)
Document Capture and Reuse
Electronic Signature
;
.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find the full technical specifications for the authentication method required to use the IDCloud platform’s REST APIs
To use the IDCloud platform, it is necessary to authenticate via an access token, using the authentication system known as OAuth2.
The OAuth2 authentication system from Unico supports server-to-server interaction between a web application and Unico's services.
For this scenario, you will need a service account, which is an impersonal account belonging to your application and not to an individual user. Your application calls Unico’s APIs on behalf of the service account, so users are not directly involved. This scenario is called “two-legged OAuth,” or “2LO.” Typically, an application uses a service account when the application calls Unico’s APIs to work with its own data rather than user data.
This is step zero to begin your implementation; therefore, do not skip this step.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you’ll find instructions on how to complete the authentication process on the Unico IDCloud platform
After creating and configuring a service account, your application needs to complete the following steps:
Create a JSON Web Token (JWT), which includes the header, payload, and signature.
Request an Access Token from the OAuth2 authentication platform.
Process the JSON response returned by the authentication platform.
If the response includes an access token, you can use it to make requests to Unico product APIs for which the service account has access permissions. (If the response does not include an access token, your JWT or token request may be incorrect, or the service account might lack the necessary permissions to access the requested resources.)
The access token generated in the above request has a default validity of 3600 seconds, but this may vary based on the security configuration set for your company. When the access token expires, your application must generate a new JWT, sign it, and request a new access token from the authentication platform.
A JWT (JSON Web Token) consists of three parts: a header, a payload, and a signature. The header and payload are JSON objects, which are serialized in UTF-8 and then encoded using Base64url encoding. This encoding ensures resilience against modifications due to repeated encoding operations. The header, payload, and signature are concatenated using a period (.) separator.
A JWT is structured as follows:
The base text for the signature is formed in the following way:
The header consists of two fields that specify the signing algorithm and the token format. Both fields are mandatory, and each field has only one value. Service accounts rely on the RSA SHA-256 algorithm and the JWT token format.
As a result, the JSON representation of the header is as follows:
The Base64url representation is as follows:
This ensures that both header and payload are properly encoded before signing, which is crucial for secure authentication.
The JWT payload contains information about the JWT, including the requested permissions (scopes), the account requesting access, the issuer, the time the token was issued, and the token's lifespan. Most fields are mandatory. Like the JWT header, the payload is a JSON object and is used in the composition of the signature.
The required fields in the JWT are shown in the table below. They can appear in any order within the payload.
iss
The identifier of the service account within the company.
scope
A space-delimited list or a list separated by the plus sign (+) of the permissions that the application is requesting. If all permissions of the account are required, use the asterisk sign (*) for that purpose.
aud
exp
The expiration time of the token, specified in seconds since 00:00:00 UTC, January 1, 1970. This value has a maximum time of 1 hour after the moment of issuing the JWT. This value must be numeric. Common cases that DO NOT work:
Using quotes to delimit the value. For example: “1524161193” is a string and will not work. However, 1524161193 is a number and will work.
iat
The moment of issuing the JWT, specified in seconds since 00:00:00 UTC, January 1, 1970. This value must be numeric.
Using quotes to delimit the value. For example: “1524161193” is a string and will not work. However, 1524161193 is a number and will work.
Understand how the conversion works for the issuance (iat) and expiration (exp) fields of the JWT, and also see examples of how to use the values of these fields here. Additionally, the "iat" field should reflect the current time in the required format, and the "exp" field must adhere to the calculation below:
The representation of the mandatory JSON fields in the JWT payload is as follows:
The JSON Web Signature (JWS) specification is the mechanism that guides the calculation of the signature for a JWT. The input content for the signature calculation is the byte array of the following content:
The same algorithm specified in the header of the JWT must be used for the signature calculation. The only signature algorithm supported by the OAuth2 authentication platform is RSA using SHA-256. It is expressed as RS256 in the alg field of the JWT header.
Sign the UTF-8 representation of the input content using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with SHA-256 hash) with the private key that was created and associated with the service account (the .key.pem file generated from the request received by email). The output content will be a byte array.
The signature must then be encoded in Base64url. The header, payload, and signature must be concatenated with a period (.). The result is the JWT. It should be in the following format: {Header in Base64url}.{Payload in Base64url}.{Signature in Base64url} Below is an example of a JWT token before Base64url encoding:
Below is an example of a JWT token before Base64url encoding:
Below is an example of the JWT that has been signed and is ready for transmission:
After generating the signed JWT, an application can use it to request an access token. The access token request is a POST HTTPS request, and the body must be URL encoded. The URL is as follows:
The parameters below are mandatory in the request:
grant_type
Use the following text, URL-encoded if necessary: urn:ietf:params:oauth:grant-type:jwt-bearer.
assertion
The JWT, including the signature.
If the JWT and the access token request were properly formed and the service account has the necessary permissions, then the response from the authentication platform returns a JSON object containing an access token. Here’s an example of a response from the platform:
The duration of the access token is variable. Its duration is specified in the "expires_in" field, returned along with the access token. The same access token should be used during its validity for all calls to the product APIs.
Do not request a new access token until the validity of the current token is nearing its end. We recommend a margin of 600 seconds (10 minutes). To do this, perform the calculation:
Where token.exp is the timestamp of the token's expiration.
By default, the token sent to the company is valid for 1 hour, but this can be changed. It is recommended to always use the expires_in as a reference and subtract 600 seconds from it to request a new token.
Examples:
A new access token can be requested when there are 10 minutes left until expiration.
Do not use a fixed time to obtain a new token, as the duration of the received token may be shorter than the established time, which will result in service usage failures.
¹ According to RFC 4648 for BaseN encoding, the Base64url format is similar to the Base64 format, except that the character = should be omitted, and the characters + and / should be replaced with - and _, respectively.
Address of the authentication platform that issues access tokens. This value must always and exactly be Common cases that DO NOT work:
Inserting a trailing slash at the end of the address:
Using the HTTP protocol instead of HTTPS:
It is also possible to use pre-established libraries to create the JWT. As a reference, you can find a list of libraries on the website.
The access token returned in the “access_token” field of the JSON object is also a JWT that should be used for the APIs of Unico’s products. If an error occurs in the request, you can check the type of error in the error table by clicking .
² JSON Web Signature: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find additional resources related to authentication
In this section, you will find the Postman collection for the REST API to authenticate on the Unico IDCloud platform
Download the file below, import it into Postman, and replace the values of the parameters "service_account," "tenant_id," and "secret_key" to test the request.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find how to create a process in Unico via the REST API
In this section, you will find detailed documentation on how the Process Creation endpoint works in by Unico. Note that to utilize the capabilities of the IDCloud platform in this integration method, you only need to change the value of the "flow" parameter when creating the process. Unico will handle the orchestration of all the desired capabilities.
Learn more about using capabilities in by Unico in the Overview section.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Processes must be created exclusively through backend-to-backend communication, due to our CORS policy, which prevents processes from being created through frontend-to-backend communication.
The requirement for parameters in process creation may change depending on the flows used. For example:
In flows that involve Electronic Signature, it is mandatory to send the payload object and all its properties;
In flows that involve Validation (1:1), it is mandatory to send the bioTokenId property.
Tips:
For more information about the possible errors for this endpoint, refer to the Errors section.
You can learn more about generating an access token .
UAT: ;
Produção: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find how to obtain the result of a process in by Unico through the REST API
In this section, you will find detailed documentation on how the Process Result Query endpoint works in by Unico.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Processes must be created exclusively through backend-to-backend communication, due to our CORS policy, which prevents processes from being created through frontend-to-backend communication.
The content returned in the process.services.documents.doc.data parameter, referring to the OCR Extraction technology, can be consulted below:
If we are unable to extract a field from the document, it is not listed in the API return.
Tips:
To implement your business rules, always validate the response from the capabilities by checking the parameters in the following order:
state = PROCESS_STATE_FINISHED AND result = PROCESS_RESULT_OK;
THEN, you can proceed with decision-making by analyzing the authenticationInfo parameter.
If you receive state = PROCESS_STATE_FINISHED with results result = PROCESS_RESULT_INVALID_IDENTITY or PROCESS_RESULT_ERROR, interpret this as an error in the biometric process and attempt the process again.
To improve the performance of your operation, you can use our Webhooks and only query the results of processes that are in the finalized statuses.
For more information about the possible errors for this endpoint, refer to the Errors section.
You can learn more about generating an access token .
UAT: ;
Produção: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Here you will find the technical information for the Unico IDCloud platform's REST APIs
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
☁ About IDCloud
Start your reading by learning more about the IDCloud platform.
🔑 About Authentication
See the technical specifications for authentication to use the IDCloud platform APIs.
🔒 About APIs
See the technical specifications for the IDCloud platform APIs.
⚙ About SDKs
See the step-by-step guide to implement the IDCloud SDK for by Client.
In this section, you will find a description of all the capabilities of the Unico IDCloud platform
Below, you will find a detailed explanation of how each capability works:
When there is a need to verify if the person is real and alive at the time of the operation, it can be used either independently or in conjunction with the capabilities of Identity Verification, Behavior Alert, Risk Score, and Validation (1:1). It should always be used in conjunction with the SDKs.
The possible responses are:
YES: indicates that the user is alive at the moment the selfie is captured.
NO: indicates that the user is not alive at the moment the selfie is captured.
When there is a need to ensure that the user performing the process is who they claim to be, it is by default always used in conjunction with the Liveness capability.
The possible responses are:
YES: indicates that the face belongs to the actual holder of the CPF (Cadastro de Pessoas Físicas).
NO: indicates that the face does not belong to the actual holder of the CPF.
INCONCLUSIVE: indicates that there is insufficient evidence to determine whether the face belongs to the actual holder of the CPF.
The Behavior Alert complements the Identity Verification response by adding the behavior component, which provides certainty about a risk associated with that identity, based on previous fraudulent behavior. It can only be used in conjunction with the Identity Verification capability.
The possible responses are:
YES: indicates that the face has been involved in fraudulent identity transactions.
SUSPICIOUS: indicates that the face has had at least one occurrence in our database with a different identifier.
INCONCLUSIVE: indicates that there is insufficient evidence to suggest that the face is involved in fraudulent transactions in our database.
The Risk Score capability is being deprecated and can only be used in exceptional cases. To verify the eligibility of your case, please contact the person responsible for your account.
When there is a need to obtain a probability score about whether the user performing the process is who they claim to be, it can only be used in orchestration with the Identity Verification capability when the response is "INCONCLUSIVE."
The possible responses are:
Positive Score: can range from +10 to +100. The higher the score, the greater the probability that the face belongs to the actual holder of the CPF. (Cadastro de Pessoas Físicas).
Zero Score: indicates a registration error. We recommend a new capture be taken.
Negative Score: can range from -10 to -100. The lower the score, the greater the probability that the face does not belong to the actual holder of the CPF.
Negative
Between -40 and -100
We recommend denying the registration
Negative
Between -10 and -39
We recommend that the client assess the associated risks before making a decision
Neutral
Zero Score
We recommend denying the registration and asking the user to capture a new photo of the actual holder of the CPF
Positive
Between +10 and +49
We recommend that the client evaluate the risks involved in making a decision
Positive
Between +50 and +100
We recommend approving the registration
When there is a need to recognize if the person in the operation is the same one who completed the registration, it is by default always used in conjunction with the Liveness capability. It can only be used in cases where an Identity Verification process has already been completed.
The possible responses are:
YES: indicates that the face performing the transaction is the same as the one that completed the process used as a reference.
NO: indicates that the face performing the transaction is not the same as the one that completed the process used as a reference.
When there is a need to request, store, and reuse documents, we offer the ability to leverage users' personal documents (Passport, CIN, RG, and CNH—both digital and physical), reducing friction. If we do not have the documents in our database, it is possible to capture them.
This capability can only be used in conjunction with the Identity Verification capability. For document validation, we use the following technologies:
Typification: indicates whether the provided document is valid or not.
OCR: involves extracting data from the document based on an image.
FaceMatch: involves comparing the face in the selfie with the face on the document.
CPF Match: involves searching for a specific CPF in the provided document.
When there is a need to use biometrics to sign a document, utilize the same method of user authentication throughout the journey to finalize the operation with the contract signature.
*The electronic signature capability is only available through the by Unico integration mode in flows that involve other capabilities.
The Serpro similarity return is not a native capability of IDCloud but rather an additional feature incorporated to comply with a regulation from Dataprev concerning INSS payroll credit operations aimed at retirees and pensioners.
Since these operations require the SERPRO similarity return, the IDCloud platform has been adjusted to include this functionality as an option in the product. When using the SERPRO similarity feature, the API response will be the score of similarity.
When Serpro finds the face, it returns a score from 0-100, as in the example below:
When Serpro does not find the face, the score -1 is returned, as in the example below:
When there is an error in the integration with Serpro, the score -2 is returned, as in the example below:
To understand how you can use each of the capabilities, be sure to visit the "Integration Methods" section at the link below:
In this section, you will find instructions on how to obtain the evidential set from a process in by Unico via the REST API
In this section, you will find detailed documentation on how the Get Evidence Set endpoint works in by Unico. This endpoint will provide the evidence set of the completed biometric transaction, allowing you to store it for possible future disputes by the end user.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Processes must be created exclusively through backend-to-backend communication, due to our CORS policy, which prevents processes from being created through frontend-to-backend communication.
For more information about the possible errors for this endpoint, refer to the Errors section.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
To learn more about the evidence set, see the section.
You can learn more about generating an access token .
UAT: ;
Produção: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Liveness
Identity Verification
Behavior Alert
Risk Score
Validation (1:1)
Document Capture and Reuse
Electronic Signature
+Serpro similarity return
In this section, you will find how to obtain the signed document of a process in by Unico through the REST API
In this section, you will find detailed documentation on how the Signed Document Proof Set Retrieval endpoint works in by Unico. This endpoint will provide the proof set of the end user's signature in flows that have the Electronic Signature capability.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
For more information about the possible errors for this endpoint, refer to the Errors section.
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find all technical specifications for the Unico IDCloud platform's REST APIs, using the by Unico integration method.
In this section, you will find the Postman collection with the REST APIs of by Unico
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section you will find all the technical specifications of the by Unico REST APIs
by Unico is a channel that provides an infrastructure of identity validation solutions from the IDCloud platform.
Its goal is to simplify the use of the capabilities of the IDCloud platform by offering a solution that can be integrated into your back-end and front-end, enhancing the security of transactions.
Compatible with all devices with front camera, Android 8+, armv7 or arm64.
Compatible with all iOS devices version 11 or higher.
Compatible with all devices with a front camera, whether on laptops or mobile devices, adhering to the list of officially supported browsers below:
iOS:
version greater than or equal to 12.
Android:
version greater than or equal to 5.
Android:
Chrome: version greater than or equal to 90.
iOS:
Safari: version greater than or equal to 14.1;
Chrome: version greater than or equal to 90 (only for IOS version equal to or greater than 14.4).
Chrome:
version greater than or equal to 85.
Firefox:
version greater than or equal to 94.
Safari:
version greater than or equal to 11.
Other browsers are not supported.
To do this, you will only need to change the flow parameter in the REST API payload, which will give you several verification journey possibilities. See below the table relating the available flows and their respective capabilities:
idlive
id
idlivetrust
idtrust
idunicodocs
idunicosign
idunicodocssign
idtrustdocs
idtrustsign
idtrustdocssign
idtoken
idtokentrust
idtokensign
The Risk Score capability is being discontinued and can only be used in special cases.
In this section, you will find examples of CreateProcess requests in Unico
To use Postman, follow these steps:
Select the POST method.
Enter the URL https://api.cadastro.uat.unico.app/client/v1/process/.
Select the Authorization tab.
From the Type dropdown list, choose Bearer Token.
Enter the obtained token in the Token field with the prefix Bearer.
Select the Body tab and enter the data below according to your requirements.
by Unico is an integration method of Unico IDCloud that allows clients to integrate more easily and connect different in a single journey. This integration method provides the necessary resources to perform Liveness, Identity Verification, Risk Score, Document Capture and Reuse, and Electronic Signature.
Learn more in .
Learn more in
Will the journey be on the web? You can use the browser's or the .
Will the journey be in your app? You can use a .
Will the journey be in the messaging flow? You can send notifications via WhatsApp and SMS (for this, simply provide the corresponding parameter in the request in step 2).
Learn more in .
To optimize your integration, you can use the to know when the result of your process is completed.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This payload is used to create the following flows:
idlive / id / idlivetrust / idtrust / idcheck / iddocs / idchecktrust / idchecktrustdocs / idcheckserpro / idcheckserprodocs.
This payload is used to create the following flows:
idsign / iddocssign / idchecktrustsign / idchecktrustdocssign / creditoconsignado / idcheckserprodocssign / idtrustdocssign / idunicodocssign.
This payload is used to create the following flows:
idtoken / idtokentrust.
This payload is used to create the following flows:
idtokensign.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Nesta seção, você encontrará todas as especificações técnicas das APIs REST do IDCloud, utilizando o meio de integração by Client
Learn all about our Unico IDCloud identity verification platform
IDCloud is the only identity verification platform that combines security with guaranteed accuracy. With it, you can validate user identities in a simple and intuitive way, using only a selfie, ensuring smoothness and protection in your verification processes.
To learn more about our capabilities, visit the following page:
In this section, you will find the possible errors that may occur when trying to authenticate on the Unico IDCloud platform.
The errors returned in the request can be identified by the codes below and have the following structure:
1.0.1
Check if the ID provided in the formation of "iss" is the correct tenant ID given during the generation of the private key.
1.0.14
Check with the project manager if the application being used is active.
1.1.1
The "scope" parameter was not provided in the payload of the JWT used in the request.
1.2.4
The JWT used in the request has expired. Check the value specified in the "exp" field of the payload.
1.2.5
The JWT used in the request cannot be validated. Verify the parameters provided and ensure that it was signed correctly.
1.2.6
The private key used to sign the JWT in the request is no longer acceptable. Request new credentials for the account used.
1.2.7
The JWT used in the request is no longer acceptable as it has already been used. Generate a new token to make a new request.
1.2.11
The account used is not active.
1.2.14
The account used does not have the necessary permissions.
1.2.18
The account used has been temporarily locked due to exceeding the number of invalid authentication attempts.
1.2.19
The account used is not authorized to impersonate another user account (remove the "sub" parameter from the payload).
1.2.20 1.2.21
Failed to decode the JWT used in the request. Use a new token by including only the fields specified in the "Mandatory Fields" and "Additional Fields" sections, adhering to the naming, semantics, and type of each field.
1.2.22
The JWT used in the request contains additional fields in the payload that are not allowed. Use a new token by including only the fields specified in the "Mandatory Fields" and "Additional Fields" sections, adhering to the naming, semantics, and type of each field.
1.3.1
The account used has source IP restrictions.
1.3.2
The account used has access date/time restrictions.
In this section, you will find an example of implementing authentication for the Unico IDCloud platform in JavaScript
In this section, you will find the specifics of creating a process that has Liveness + Identity Verification as a capabilities
In this section, you will find detailed documentation about the functionality of the endpoint related to the "Liveness" + "Identity Verification" capabilities, used together.
These are two synchronous capabilities, meaning the entire integration occurs using a single endpoint.
The capabilities of the Unico IDCloud platform byClient are managed through API Keys—used as a parameter in the request headers—that define the access scope. As a prerequisite, it is necessary to have an API Key configured with the "Liveness" + "Identity Verification" capabilities, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important:
If the response for the "Identity Verification" capability returns unicoId = yes, this result already includes the Liveness (i.e., the liveness parameter will not be included in the response);
To use the "Liveness" capability, it is mandatory to use our SDKs:
It is possible to use the "Identity Verification" capability without the "Liveness". For this use case, the liveness value will always return as liveness = 1. In this scenario, no "Liveness" validation is performed, not even passive validation.
If an error occurs during processing, the process will return a status = 5, as shown in the example below:
Tips:
For this use case, there is no need to Get the Process Result, as the response is synchronous;
When implementing your business rules, always validate the final statuses of the processes (3, 5). To validate the response of IDCloud capabilities, only consider status = 3 for your decision-making process;
For more details on the scenarios you might receive in the response, refer to the Response Scenarios section;
For more information about possible errors for this endpoint, refer to the Errors section.
In this section, you will find all the specifications of the evidential set from by Unico
The evidential set is a .pdf document containing authentication evidence of a user who underwent identity validation at by Unico.
Below, you will see how this document is represented, as well as the specification of its return fields:
These evidences can be used to ensure the authenticity of the process.
In this section, you will find all the technical specifications for By Client REST APIs
by Client is a channel that offers complete freedom for the client to use the identity validation solutions from the IDCloud platform.
You can combine capabilities as you wish and for the most distinct use cases, but to do so, you will need to have API Keys configured with the capabilities you wish to use.
In by Client, we have capabilities where the response is synchronous (i.e., the response is returned when the process is created) and other capabilities that are asynchronous (where we process the data and you need to "fetch" the result through a GET method in the REST API).
In your operation, you can combine the capabilities as you wish, but each capability will have its own communication method. For example:
You can have an operation that uses the Identity Verification + Behavioral Alert + Risk Score capabilities;
When creating the process, the response for the Identity Verification and Behavioral Alert capabilities will be synchronous, provided in the response of the process creation API;
However, the Risk Score capability will be executed asynchronously, requiring you to wait for its processing and then make another GET request to obtain the final result of the process.
Below, see the synchronous and asynchronous capabilities:
Validation (1:1)
The platform is versatile and can be adapted to different use cases, allowing you to adjust it according to your scenario's needs. To do so, we offer various —features of our platform that cater to a wide range of operations and demands. You can use the IDCloud platform through two integration methods:
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Its goal is to provide a wide range of possibilities for using the capabilities of the IDCloud platform, offering a solution that can be integrated into your back-end and providing freedom for clients who wish to control the user experience with their own front-end (for this, read about the ) or through our .
by Client is an integration method of Unico IDCloud that allows clients to integrate in any way they choose, combining or not combining the as they deem necessary. This integration method provides the necessary resources to perform Liveness, Identity Verification, Behavioral Alerts, Risk Score, and Document Reuse and Capture.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find information on how to redirect a user in your applications within the by Unico experience
he userRedirectUrl field is used to direct the user. This field is received in the success response of the process creation when making the CreateProcess request.
Here you will find three ways to manage the user experience in web applications:
It is also possible to use the link generated by Unico in hybrid frameworks. To do this, you can create a bridge between the framework used and the native one and follow as we suggest in the documents or use a library that makes these integration options available.
Integrating WebView into your application is the customer's sole responsibility, as this functionality is not offered as part of Unico's libraries or SDKs. Because of this, we do not offer technical support for questions or problems related to implementing WebView in your application. For configuration guidance, we recommend consulting the official documentation for the technology used in your project (e.g. React Native, Flutter, etc.).
In this section, you will find instructions on how to obtain the selfie from a process in by Unico via the REST API
In this section, you will find detailed documentation on how the Get User Selfie endpoint works in by Unico. This endpoint will provide the user's selfie, with a watermark, from completed processes, allowing you to use it as support in cases of disputes by the user.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Processes must be created exclusively through backend-to-backend communication, due to our CORS policy, which prevents processes from being created through frontend-to-backend communication.
Important:
The permission to obtain the user's selfie will depend on Unico's internal evaluation. Understand with the person responsible for your project whether you will be able to consume this service;
It is only possible to get the selfie with the watermark.
For more information about the possible errors for this endpoint, refer to the Errors section.
In this section, you will find how the QR Code flow works for desktop experiences.
By Unico provides the QR code functionality to facilitate the flow on desktop devices. Through the QR code, it is possible to start the By Unico in a web experience without having to worry about whether the user's device has a camera or not. In this way:
We reduce the chance of failure in biometric capture;
We ensure a better experience in other capabilities;
We increase the chances of conversion.
When the user starts By Unico through a desktop device:
We identified that it's a desktop device and provided the QR code so the user can continue the journey on their mobile:
Once scanned, the user continues their journey on the mobile as usual, while the desktop device waits for the completion:
The desktop device detects that the journey was completed on the mobile and redirects the user to the originating experience:
The user can continue their journey in the originating experience on the desktop as usual:
Screen size: minimum width of 961px;
Screen orientation: landscape;
User-Agent: must not be a mobile device.
In this section, you will find how to implement the Unico SDK in your web application for using the by Unico
The use of integrations that do not comply with the standards outlined in this documentation may result in unexpected system interruptions, which will not be covered or supported by by Unico.
Examples: Embedding the by Unico SDK (iFrame) within a webview, implementing the iFrame using an HTML tag, etc.
To use by Unico through the Unico Web SDK, the first step is to register the domains, always using the HTTPS protocol, that will be used as hosts to display the user journey experience.
Please inform the person responsible for your integration project or the Unico support team to carry out this configuration.
To begin using the SDK, we should start with the installation of the Unico web SDK:. by Unico uses the same SDK that is used for IDPay:
When installing the Unico SDK package, deploy without specifying the version you are using so that your dependency manager always updates minors and patches to the latest version.
This method initializes the SDK by preloading assets, creating a smoother experience for the end user. At this point, it is necessary to send the token received as a result of the CreateProcess.
Parameters:
options - an object with the following configuration properties:
type
The type of flow to be initialized. In by Unico, we use the "IFRAME" option.
token
Receives the token of the created process. This token is important to authenticate the journey and ensure that only authorized domains can use it (can be obtained when creating the process via API).
This method opens the by Unico experience. For the IFRAME flow, this function displays the already preloaded iFrame and initiates the messaging flow between the client page and the by Unico experience.
Parameters:
options - an object with configuration properties:
processId
Receives the ID of the created process. This ID is important to obtain the process details and carry out the entire flow correctly (can be obtained when creating the process via API).
token
Receives the token of the created process. This token is important to authenticate the journey and ensure that only authorized domains can use it (can be obtained when creating the process via API).
onFinish(process)
Receives a callback function that will be executed at the end of the by Unico journey, passing the process object with the following data: { captureConcluded, concluded, id }.
The sequence diagram below demonstrates how to use the SDK and the API result from by Unico to configure the iFrame:
After careful analysis of our needs and challenges, we have decided to adopt a solution based on iframes with authentication tokens rather than implementing a Content Security Policy (CSP). This choice was motivated by various considerations related to the security and flexibility required to meet our clients' demands.
Content Security Policy (CSP) is a powerful tool for protecting web applications against various types of attacks, such as Cross-Site Scripting (XSS) and code injection. However, when configuring a CSP policy, it is necessary to define a strict list of trusted domains. This approach is effective when the domains are fixed and predictable. However, for our clients, who often use dynamic and variable domains, this rigid configuration presents significant challenges.
Dynamic domains pose a substantial security risk when using CSP. When a client has domains that frequently change or are created dynamically, it would be necessary to constantly update the CSP policy to include these new domains. This not only increases maintenance efforts but also exposes the domains to which the CSP policy applies. Each domain added to the CSP policy is potentially a vulnerability point if not adequately managed.
To mitigate these risks and meet the flexibility required by our clients, we opted to use iframes combined with authentication tokens. This solution provides an additional layer of security and avoids the need to expose or manage an extensive and dynamic list of domains.
Secure Authentication: Each iframe is loaded with a unique authentication token for each transaction, ensuring that only authorized users can access the content. This token is verified in real-time, providing an additional layer of security and control.
Content Isolation: The use of iframes allows for the isolation of content in a separate context, reducing the risk of interference between different origins and mitigating potential attacks.
Flexibility for Dynamic Domains: By not relying on a static CSP policy, our solution easily adapts to our clients' dynamic domains without the need for constant updates to security policies.
In this section, you will find the specifics of creating a process that has Liveness + Identity Verification + Behavior Alert + Risk Score as a capabilities.
In this section, you will find detailed documentation on how the endpoints related to the Liveness + Identity Verification + Behavior Alert capabilities work when used together.
These are three synchronous capabilities (Liveness + Identity Verification + Behavior Alert), meaning that the entire integration occurs using a single endpoint.
The capabilities of the Unico IDCloud platform via by Client are managed through API Keys - used as a parameter in the request headers - which define the access scope. As a prerequisite, you must have an API Key configured with the Liveness + Identity Verification + Behavior Alert capabilities, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important:
If the response from the Identity Verification capability is unicoId = yes, this response already includes the Liveness (meaning you will not receive the liveness parameter in the response).
The Identity Verification and Behavior Alert capabilities are completely independent. To implement your business rules, make sure to analyze what each return means.
To use the Liveness capability, it is essential to use our SDKs:
It is possible to use the Identity Verification capability without Liveness. In this use case, the liveness return will always be liveness = 1. In this scenario, there is no validation of the life proof, not even passive validation.
If an error occurs during processing, the process will return a status = 5, as shown in the example below:
Tips:
For this use case, there is no need to Query the Process Result, as the response is synchronous.
To implement your business rules, always validate the final statuses of the processes (3, 5). To validate the response from the IDCloud capabilities, only consider status = 3 for your decision-making.
For more information on the scenarios you might receive in the response, refer to the Response Scenarios section.
For more information on possible errors for this endpoint, refer to the Errors section.
In the v2 endpoint (/processes/v2/{id}), we also return additional user information, as shown in the example below:
Attention:
When making a GET request for a process with status = 5 (error), the return status code will be 410 (Gone) instead of 200 (Success);
There may be cases of drops during orchestration with the Risk Score capability. In this scenario, the process will have the following combination: {status = 3, unicoId = inconclusive, liveness = 1, and NO score in the API response}. Learn more in the Response Scenarios section;
If you query a process with status = 2, implement polling until you receive status = 3 or implement Unico's Webhook to know when to get the result.
When implementing your business rules, always validate the final statuses of the processes (3, 4, 5). To validate the response of IDCloud capabilities, only consider status = 3 for your decision-making process;
To improve the performance of your operation, you can use our Webhooks and only query the results of processes that have a finalized status;
For more details on the scenarios you might receive in the response, refer to the Response Scenarios section;
For more information about possible errors for this endpoint, refer to the Errors section.
In this section, you will find the specifics of creating a process that has Liveness + Identity Verification + Risk score as a capabilities
In this section, you will find detailed documentation about the functionality of the endpoints related to the Liveness + Identity Verification + Risk Score capabilities, used together.
These consist of two synchronous capabilities (Liveness + Identity Verification) integrated with one asynchronous capability (Risk Score). In other words, while most processes will return synchronous responses, some will be orchestrated with the Risk Score and will require subsequent queries.
For this integration, it will be necessary to consume two endpoints described in this documentation, which can also be combined with the use of Webhooks.
The capabilities of the Unico IDCloud platform via Client are managed through API Keys—used as a parameter in the request headers—that define the access scope. As a prerequisite, it is necessary to have an API Key configured with the Liveness + Identity Verification + Risk Score capabilities, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important:
If the response for the Identity Verification capability returns unicoId = yes, this result already includes Liveness (i.e., the liveness parameter will not be included in the response);
To use the Liveness capability, it is mandatory to use our SDKs;
It is possible to use the Identity Verification capability without Liveness. For this use case, the liveness value will always return as liveness = 1. In this scenario, no Liveness validation is performed, not even passive validation.
If the response for the Identity Verification capability is unicoId = inconclusive, orchestration with the Risk Score capability will occur. Therefore, it will be necessary to Get the Process Result (endpoint described below), as the Risk Score response is asynchronous.
If an error occurs during processing, the process will return a status = 5, as shown in the example below:
Tips:
When implementing your business rules, always validate the final statuses of the processes (3, 5). To validate the response of IDCloud capabilities, only consider status = 3 for your decision-making process:
A percentage of your operation will have a conclusive response from the Identity Verification capability (yes or no). For these, you can decide whether to approve or reject the registration without needing to Get the Process Result;
For cases where the response from the Identity Verification capability is inconclusive (inconclusive), it will be necessary to Get the Process Result.
In the v2 endpoint (/processes/v2/{id}), we also return additional user information, as shown in the example below:
Attention:
When making a GET request for a process with status = 5 (error), the return status code will be 410 (Gone) instead of 200 (Success);
There may be cases of drops during orchestration with the Risk Score capability. In this scenario, the process will have the following combination: {status = 3, unicoId = inconclusive, liveness = 1, and NO score in the API response}. Learn more in the Response Scenarios section;
If you query a process with status = 2, implement polling until you receive status = 3 or implement Unico's Webhook to know when to get the result.
Tips:
When implementing your business rules, always validate the final statuses of the processes (3, 4, 5). To validate the response of IDCloud capabilities, only consider status = 3 for your decision-making process;
To improve the performance of your operation, you can use our Webhooks and only query the results of processes that have a finalized status;
For more details on the scenarios you might receive in the response, refer to the Response Scenarios section;
For more information about possible errors for this endpoint, refer to the Errors section.
In this section, you will find the specifics of creating a process that has Liveness + Identity Verification + Behavior Alert as a capabilities
IIn this section, you will find detailed documentation on how the endpoints related to the Liveness + Identity Verification + Behavior Alert capabilities work when used together.
These are three synchronous capabilities (Liveness + Identity Verification + Behavior Alert), meaning that the entire integration occurs using a single endpoint.
The capabilities of the Unico IDCloud platform via by Client are managed through API Keys - used as a parameter in the request headers - which define the access scope. As a prerequisite, you must have an API Key configured with the Liveness + Identity Verification + Behavior Alert capabilities, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important:
If the response for the Identity Verification capability returns unicoId = yes, this result already includes Liveness (i.e., the liveness parameter will not be included in the response);
The Identity Verification and Behavior Alert capabilities are completely independent. To implement your business rules, make sure to analyze what each return means.
To use the Liveness capability, it is mandatory to use our SDKs;
It is possible to use the Identity Verification capability without Liveness. For this use case, the liveness value will always return as liveness = 1. In this scenario, no Liveness validation is performed, not even passive validation.
If an error occurs during processing, the process will return a status = 5, as shown in the example below:
Tips:
For this use case, there is no need to Query the Process Result, as the response is synchronous.
To implement your business rules, always validate the final statuses of the processes (3, 5). To validate the response from the IDCloud capabilities, only consider the status = 3 for your decision-making.
For more information on the scenarios you might receive in the response, refer to the Response Scenarios section.
For more information on possible errors for this endpoint, refer to the Errors section.
In this section, you will find the specific details on creating a process that includes Document Capture and Reuse as a capability
In this section, you will find detailed documentation about the functionality of the endpoints related to the Document Capture and Reuse capability. The use of Reuse requires that there be a previous Identity Verification process and this must obtain a “YES” response OR the Risk Score equal or more than +50, otherwise it will be necessary to capture the user's document.
This is an synchronous capability that requires consuming two endpoints, detailed in this documentation, for its full utilization.
The capabilities of the Unico IDCloud platform via Client are managed through API Keys—used as a parameter in the request headers—that define the access scope. As a prerequisite, it is necessary to have an API Key configured exclusively for the Document Capture and Reuse capability, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important:
To use the Document Capture and Reuse capability, the Identity Verification capability must be used beforehand, as it is necessary to include the processId obtained from the Identity Verification in the document.authProcessId parameter:
The process must have valid biometrics, be used within 24 hours of completion and cannot be reused;
It is possible to reuse a biometric authentication previously performed by the same user within a period of up to 24 hours. Within this timeframe, the ID authentication proof can be used in different document verification processes (e.g., RG and CNH) without the need for a new biometric authentication.
If we are unable to extract a field from the document, it is not listed in the API return;
If an error occurs during processing, the process will return a status = 5, as shown in the example below:
Content returned in document.content based on document.type:
Tips:
When implementing your business rules, always validate the final statuses of the processes (3, 5). To validate the response of IDCloud capabilities, only consider status = 3 for your decision-making process;
For more information about possible errors for this endpoint, refer to the Errors section.
In this section, you will find the specifics of creating a process that includes the 1:1 Validation capability
In this section, you will find detailed documentation about the functionality of the endpoint related to the Liveness + 1:1 Validation capabilities, used together.
These are two synchronous capabilities, meaning the entire integration occurs using a single endpoint.
The capabilities of the Unico IDCloud platform via Client are managed through API Keys—used as a parameter in the request headers—that define the access scope. As a prerequisite, it is necessary to have an API Key configured with the Liveness + 1:1 Validation capabilities, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important Points::
To use the "Liveness" capability, it is mandatory to use our SDKs:
It is possible to use the Validation (1:1) capability without Liveness. In this use case, we will not return the liveness parameter in the API response. In this scenario, there is no liveness validation, not even passive validation.
If an error occurs during processing, the process will return a status = 5, as shown in the example below:
Tips:
For this use case, there is no need to Query the Process Result, as the response is synchronous;
For more information about possible errors for this endpoint, refer to the Errors section.
In this section, you will find how to obtain the signed document of a process in by Unico through the REST API
In this section, you will find detailed documentation on how the Signed Document Retrieval endpoint works in by Unico. This endpoint will provide the signed document of the end user in flows that have the Electronic Signature capability.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
If the return of the signed document via by Unico is delayed in processing, we recommend waiting at least one minute after the process is completed before performing the query. Additionally, it is important to set up an automatic retry policy for cases where the signed document is not yet available, such as making up to 10 attempts with intervals of 1 to 5 minutes between them.
For more information about the possible errors for this endpoint, refer to the Errors section.
In this section, you will find the specifics of creating a process that only has the Liveness capability
In this section, you will find detailed documentation about the functionality of the endpoint related to the "Liveness" capability, used in isolation.
This is a synchronous capability, meaning the entire integration occurs using a single endpoint.
The capabilities of the Unico IDCloud platform by Client are managed through API Keys - used as a parameter in the request headers—that define the access scope. As a prerequisite, it is necessary to have an API Key configured exclusively for the "Liveness" capability, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important:
To use the "Liveness" capability, it is mandatory to use our SDKs;
If an error occurs during biometric processing, the request will return a status code = 200, and the process will return a status = 5, as shown in the example below:
Tips:
For this use case, there is no need to Get the Process Result, as the response is synchronous;
When implementing your business rules, always validate the final statuses of the processes (3, 5). To validate the response of IDCloud capabilities, only consider status = 3 for your decision-making process;
For more details on the scenarios you might receive in the response, refer to the Response Scenarios section;
For more information about possible errors for this endpoint, refer to the Errors section.
It is recommended to follow these steps:
In your common flow (which includes the by Unico Registration), you will redirect the client to the link generated through the API;
After that, the client within the platform carries out the necessary procedures to continue the flow;
When completed, they are redirected to your page (using the redirectUrl provided during the process creation).
window.open():The window.open() option consists of opening a new tab in the user's browser so that they can complete the process. At the end, this tab is closed and redirected to your application.
For this, it is recommended to:
Follow the public documentation on this, which can be found ;
Monitorar se houve alteração de URL (para a redirectUrl) e então fechar a aba utilizando window.close().
1 - Add the necessary dependency for using CustomTabs in your app/build.gradle:
Add the necessary permissions and intents in the AndroidManifest.xml for the Activity that you want to receive the callback_uri.
It is necessary to include the attribute android:launchMode="singleTop" as well as the <data> tag providing the URI data.
The following permissions are necessary for it to function correctly:
Camera
Geolocation
o retrieve redirect information with the provided data, you can use the following code in the onNewIntent method of your Activity:
1 - O primeiro passo é criar o controlador de autenticação, e, para isso crie uma classe chamada UnicoAuthenticationController (ou como preferir chamar).
2 - Na sequência, importe o framework AuthenticationServices no topo da classe.
3 - Declare a classe como NSObject e implemente o protocolo ASWebAuthenticationPresentationContextProviding.
O resultado deve ser:
1 - Abra o arquivo onde você executa a autenticação e adicione as importações necessárias (como exemplo, o ContentView.swift é usado).
2 - Para controlar o estado do fluxo é preciso criar a propriedade @State.
3 - Crie uma instância da classe UnicoAuthenticationController fora do corpo da estrutura ContentView.
4 - Para a validação do processo, crie uma função chamada redirectUser.
Ambientes:
Lembre-se de alterar a url URL_AUTHENTICATION para a URL de autenticação recebida em seu processo e também o callbackURLScheme BUNDLE para o redirect informado na criação do processo (o uso do Bundle Identifier de seu aplicativo é recomendado).
Autenticação única:
É importante setar prefersEphemeralWebBrowserSession para true para garantir uma autenticação única por processo.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Produção: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
To check previous versions, go to .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: p.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your Android applications
In this section, you will find information about how the Webhook of the Unico IDCloud platform works
The respective GetProcess articles for the integration methods describe a way to obtain the status of a process through a call to an endpoint. This enables polling to receive information about the created processes. This means that the endpoint can be called multiple times for the same process to obtain the most recent status.
With the use of webhooks, it is possible to notify a specific endpoint every time the status of a process is changed.
A webhook is a systemic notification service that allows asynchronous integration between systems, where one system notifies the other through a trigger. This way, webhooks can keep systems updated with the latest information without the need for constant polling for updates.
To configure the webhook, the following information is required:
Notification URL: This is the endpoint used by By Unico for notifications about status updates.
Authentication Type: This is the authentication method used to invoke the endpoint. The following options are available:
Basic Authorization;
API Key;
No authentication.
Secret: This indicates a secret used for authentication. The secret is only necessary when the authentication type is Basic Authorization or API Key:
For Basic Authentication, it must be sent in the format user:pass.
For API Key, it can be sent in two formats:
header:value, when a specific header name is desired;
value, when the desired header is the Authorization.
Retry Settings: Indicates the number of attempts in case of a failure in calling the endpoint:
Maximum number of attempts
Interval between attempts (in seconds)
Rate Limit: Maximum number of simultaneous sends (maximum: 500).
Timeout: Maximum wait time for the endpoint's response (in seconds).
Status to be Notified: Currently, the notification is sent whenever the state of a process changes to:
finished: Process finished.
2: In divergence;
3: Completed;
4: Canceled;
5: Error.
When configuring a webhook on the platform, you can receive information about processes through notifications sent to an endpoint of the API developed by you to receive these updates.
The information sent by the platform to the API includes:
processId: ID of the transaction;
state: State of the transaction;
flow: Journey of the transaction.
id: ID of the transaction;
status: State of the transaction.
The request must be a POST method in a REST API, making it easier and more secure to send the information. All fields must be mandatory. The body of the request must accept the transaction ID and the status, as shown in the following example:
About the response status:
Currently, the platform has a set of statuses that may change in the future. Therefore, it is recommended that the statuses you are interested in for taking action be configurable.
The response should be synchronous. The status for successful requests must be in the range of 200 to 299. Any other status is considered a failure, and the platform will then retry the notifications (with exponential backoff between attempts), until receiving a 2xx response or reaching the maximum number of retries.
In this section, you will find the Postman collection for the by Client REST APIs
In this section, you will find the specifics of creating a process that includes Liveness + 1:1 Validation + Behavior Alert as capabilities.
In this section, you will find detailed documentation on the operation of the endpoint related to the capabilities Liveness + 1:1 Validation + Behavior Alert, used together.
These are three synchronous capabilities, meaning the entire integration takes place using a single endpoint.
The capabilities of the Unico IDCloud platform via by Client are managed through API Keys - used as a parameter in the request header - which define the scope of access. As a prerequisite, it is necessary to have an API Key configured with the Liveness + 1:1 Validation + Behavior Alert capabilities, ensuring dedicated and secure access to the resource.
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
Important:
To use the liveness capability, it is essential to use our SDKs:
It is possible to use the Validation (1:1) capability without liveness. In this use case, we will not return the liveness parameter in the API response. In this scenario, there is no validation of the liveness, not even passive.
If an error occurs during processing, the process will return a status = 5, as shown in the example below:
Tips:
For this use case, there is no need to Query the Process Result, as the response is synchronous;
For more information about possible errors for this endpoint, refer to the Errors section.
In this section, you will find how the capture standard for the user's selfie should be if you do not use our SDKs
To achieve better results in image capture, a capture standard has been defined. The image should be clear with sufficient frontal lighting. The face should be straight, facing the camera, free from objects or obstructions, and with a neutral expression.
Common issues in captured images include:
Lighting behind the client: Frontal lighting must be strong enough for a clear capture of the face.
Overexposed lighting: Frontal lighting needs to be adequate for a sharp capture.
Face too close to the camera: The face should be centered in the camera frame with proper lighting.
Blurry images: The person’s face needs to be well-focused at the moment of capture.
Shaky images: Stabilize the camera during capture.
Client wearing glasses: The client should not wear glasses or objects that obstruct full visibility of the face.
For obtaining and sending images, the ICAO standard is used. The ICAO (International Civil Aviation Organization) standard defines characteristics for a photograph to comply with the following requirements and recommendations for image capture and submission settings:
Face Positioning and Additional Information:
The photo should be taken from the front — look directly at the camera and keep the head upright. The face should be centered. The shoulders should be aligned and parallel to the camera's image plane.
The eyes should be naturally open — pupils and irises visible.
Glasses — the photo should be captured without glasses.
No hats, caps, or masks — the face area should be clearly visible.
Neutral expression — the face should have a neutral expression, the person should not smile, raise eyebrows, squint, or frown.
Hairstyle — Hair should not cover the visible eye area.
Lighting and Background: The background should be light, smooth, and without texture. It should not contain spots, lines, or curves visible in the captured image. Light colors like light blue or white can be used as long as there is sufficient contrast between the face/hair and the background. Camera color settings should not be altered depending on the background color. There should be no shadows behind the face image. Additionally, no visible objects should be present in the background, such as people, furniture, patterned wallpapers, or plants. The lighting should be adequate and uniform, equally distributed across the face so there is no difference between the left and right sides. The photo should have good brightness and contrast between the hair, face, and background. Poor lighting occurs when light is only from the side, top, or bottom.
Image formats: JPEG, PNG, or JWT.
Images should be captured in color.
Recommended size: Aspect ratio 1920x1080 or 1080x1920;
Orientation: Portrait;
Size: Maximum 800kb, if necessary you can compress it to Jpeg92.
Recommended Size: HD ratio - 1280x720 or 720x1280;
Minimum Size: VGA ratio - 640x480 or 480x640;
Orientation: If OCR is used, it is recommended that the image be captured in reading orientation;
Size: Maximum 800KB. If necessary, you can compress to Jpeg92;
Framing: It is recommended that the image has no unnecessary space (no borders). The larger the unused area (border), the worse it will be for document classification.
Color
Proper framing
Sharp and clear focus, free of ink marks or creases.
Look directly at the camera.
Show the natural skin tone.
Have appropriate brightness and contrast.
Neutral expression and eyes clearly visible.
No hair covering the eyes.
Facing the camera directly, without looking over the shoulder or tilted, and showing both edges of the face clearly.
With a simple light-colored background, preferably white.
With even lighting, no shadows or flash reflections on the face, and without red-eye.
No colored contact lenses.
No makeup.
The use of glasses is not recommended; however, if necessary:
The eyes must be clear, without reflections from flash or ambient light on the glasses, and without colored lenses.
The frame must not cover any part of the eyes.
Add instructions before capturing for the user:
Use capture "frames" to guide the client's positioning in front of the camera:
In this section, you will find the possible responses for the combinations of capabilities separated by their methods to facilitate your understanding of the by Client integration
Understanding how the return of each parameter works is essential for implementing the best decision-making. To see in detail the meaning of each parameter, see the section Parameter Specification
In all the combinations described below, if an error occurs during processing, the process will return a status = 5. For this reason, the scenarios below do not display responses related to this condition. Example:
For the scenarios where the response in CreateProcess is the same as the response from GetProcess, optimize your application and make your decision synchronously.
For the scenarios where the response in CreateProcess is the same as the response from GetProcess, optimize your application and make your decision synchronously.
For the scenarios where the response in CreateProcess is the same as the responsefrom GetProcess, optimize your application and make your decision synchronously.
In this section, you'll find all the customizations available in by Unico.
by Unico's customization options allow you to tailor its interface to your company's visual identity and create a personalized user experience.
You can customize the logo displayed to users who access by Unico journeys. This customization reinforces the partnership between your company and Unico, indicating that the verification is performed by Unico at the request of the client or partner.
Recommendations:
Preferably send the logo in the icon logo format, due to its better readability in reduced sizes.
Rules:
Make sure the logo is square, respects the proportional grid and ensures that it is exported with at least 192x192 pixels.
Accepted formats: SVG, PNG and JPEG.
Rules:
Prioritize the application of the logo on backgrounds that guarantee legibility.
Do not use logos that do not respect the square grid.
Avoid using low-resolution logos.
Do not apply the logo on transparent backgrounds.
Recommendations:
Use the hexadecimal of the colors to check the contrast scale. Example: Foreground ColorPicker: #000000, Background Color: #FFFFFF, Contrast Ratio: 21.00:1.
To request the inclusion of the logo, send the Unico team a URL where the logo is hosted in an online directory (i.e., the logo must be accessible via URL in the browser).
Base64 encoded URLs cannot be registered. (These URLs typically begin with "data:image/jpeg;base64,/9j/4AAQ...").
Customize the by Unico action buttons. Define the text color, background, and border radius of the button to reinforce your company's visual identity.
Recommendations:
Choose accessible colors: When customizing button colors in By Unico, opt for an accessible color scheme that ensures visibility for all users, including those with visual impairments.
Contrast ratios: Aim for a contrast ratio higher than 4.51:1 for the best results.
Example: #FFFFFF (text) on #000000 (background) results in a contrast ratio of 21.00:1.
In addition to text and background colors, you can also define the button's corner rounding (border-radius) in pixels, according to the scale below:
To configure the visual identity of the client or partner for the button, share the following information with Unico's implementation team:
Hexadecimal code for the button background color.
Example: #000000.
Hexadecimal code for the button text color.
Example: #ffffff.
Button corner rounding (border-radius) in pixels.
Example: 10px.
The by Unico contextualization module allows the client or partner to provide information about the verification, such as the requesting company, reason, and value of the operation, making the process more secure.
The section of the request to be modified is as follows:
In this section, you will find all the information needed to install the Unico IDCloud platform SDK in your Android applications
Your development environment must meet the following prerequisites:
The Android SDK is compatible with the majority of devices running Android 5.0 (API level 21) or higher.
The table below lists the devices tested in the lab, along with the availability of the supplier/manufacturer extensions. Some extensions listed may be subject to specific APIs or SKUs from the manufacturer. Click below to view the tested devices:
To implement the Unico IDCloud Android SDK into your Android application, follow the step-by-step instructions listed below:
The Android SDK is provided through a Maven Repository. Add the following to the repositories block in the build.gradle file located at the root of your project:
Enable AndroidX support in your gradle.properties file at the root of your project (this ensures better performance and operation of the capture framework):
After configuring the Android SDK, simply import it into your project. To do this, add acessobio-android to the dependencies block in the app/build.gradle file.
The dependency should be included in a file different from the one used in the previous step. In this step, you need to use the build.gradle file for the module, not the project.
When compiling the project, you may encounter the following error:
Invoke-customs are only supported starting with android --min-api 26
This is due to the incompatibility with the min-26 frame version. Add the following lines to the compileOptions block in the same app/build.gradle file:
Contact the CS and/or Onboarding team.
Request the SDK Key by providing the identifiers of your applications: Bundle Identifier for iOS, PackageID for Android, and Host for WEB.
The identifiers of your applications will be linked to the SDK Key by the Unico team.
You will receive your SDK Key to implement the AcessoBioConfigDataSource.
In this section, you will find the update policy for using the SDK
It is essential that all clients maintain a regular SDK update routine, as new forms of attacks are developed constantly. The best way to protect your business against new types of Injection and Liveness fraud is to use the most up-to-date version of the Unico SDK.
It is the client's responsibility to maintain a healthy SDK update routine, ensuring the minimum version for the proper functioning of our solutions in their operations. Similarly, it is Unico's responsibility to provide updated versions in response to emerging threats in the market and to keep our clients informed on the topic. With this in mind, Unico has created an SDK Update Policy.
With the SDK outdated, our clients are vulnerable to attacks from fraudsters. Given that Unico prioritizes the utmost security for its clients, along with the urgency of the matter and the need for an agile update process, the SDK Update Policy was created to safeguard our clients from the latest frauds that constantly emerge in the market. The only way to be secure is to stay updated.
Unico categorizes all SDK updates into Critical and Non-Critical, based on the severity of the frauds that are blocked with the new version.
Critical Updates: These updates are designed to protect our clients against recent frauds and attacks in the market. They must be implemented within 5 (five) calendar days due to the real threat that the operation is susceptible to. After this period, we will no longer provide support for previous versions. In practice, any client who contacts us with a version earlier than the latest will be required to update the SDK in order for us to assist them.
Non-Critical Updates: These updates are simpler, focusing on technological improvements. They can be implemented within 60 (sixty) calendar days. It is important to note that the more up-to-date the version, the higher the chances of avoiding bugs and errors. Therefore, we recommend updating as soon as possible. After this period, we will no longer provide technical support, and the client must update their SDK in order for us to assist in cases.
We identify critical updates in the Release Notes with a tag just below the version, as shown in the example below:
Critical Update
These periods apply to all Unico clients, regardless of the capacity used.
For Critical updates: We will send an email as soon as the new version is available, with reinforcement from the Customer Success team, highlighting the urgency of the matter and the 5 (five) calendar days deadline for the update.
For Non-Critical updates: To avoid overloading the client teams, we will send a monthly email with a summary of the non-critical updates, informing the key changes and the 60 (sixty) calendar days deadline for the update.
In this section, you will find all the necessary information for using and integrating the Unico IDCloud SDK into your Android applications for document capture
In this camera mode, there is a capture frame to assist the user in positioning the document correctly. Once the document is correctly positioned, the user must click the button to capture the photo of the document.
The SDK does not perform any type of validation on what is being captured.
In this camera mode, it is possible to capture the following documents:
CPF: Capture the front of the CPF;
CNH: Capture the open CNH;
CNH Front: Capture the front of the CNH;
CNH Back: Capture the back of the CNH;
RG Front: Capture the front of the RG;
RG Back: Capture the back of the RG;
Others: Capture any other document.
Create an instance of the builder (generated through the IAcessoBioBuilder interface), providing the relevant context and the implementation of the AcessoBioListener class as parameters.
The implementation of this class is quite simple and can be done with just a few lines of code. All you need to do is instantiate the builder by specifying the context and override the callback methods with the business logic of your application:
Note that the work of implementing the AcessoBioListener class is largely about configuring the callback methods. Each method is called in a specific situation based on the SDK's return.
Simply override the methods shown in the previous step with your application's business logic:
onErrorAcessoBio(ErrorBio errorBio)
onUserClosedCameraManually()
This method is invoked whenever the user manually closes the camera, such as by clicking the "Back" button.
onSystemClosedCameraTimeoutSession()
This method is invoked as soon as the maximum session time is reached (without capturing any image).
It can be configured in the builder through the setTimeoutSession method. This method should receive the maximum session time in seconds. You can change the maximum session time for your user when using the face detection feature (Selfie camera with smart capture). If the user exceeds the time set in your process to capture the photo, you can display a customizable message or instruction to the user. The default value is 40 seconds, and the minimum value is also 40 seconds.
onSystemChangedTypeCameraTimeoutFaceInference()
This method is invoked as soon as the maximum time for detecting the user's face is reached (without detecting anything). In this case, the camera mode is automatically switched to manual capture mode (without the smart capture outline).
The maximum capture time when using face detection (Selfie camera with smart capture) is 13 seconds. If the user encounters difficulty capturing the photo through face detection and exceeds the time set in the process, the capture is automatically switched to manual mode, aiming to make the action easier for the user (TimeoutToFaceInference).
All the above methods must be created as indicated in your project (even without any logic). Otherwise, the project will not compile successfully.
The camera opening method, which is called in the next step, needs to know what to do when it successfully captures an image or when an error occurs in the process. It is necessary to inform "what to do" to the camera opening method by implementing listeners that are called in cases of success or error.
Through the configuration of the listeners, you can specify what happens in your app in error situations (onErrorDocument method) or success situations (onSuccessDocument method) during image capture.
The example below illustrates the configuration of the listeners, building, and opening of the camera:
It is necessary to create an instance of the builder using the build() method. This method is provided through the object generated with the IAcessoBioBuilder interface and the AcessoBio class:
The next step is to prepare the camera using the prepareDocumentCamera() method with the object returned by the builder (named UnicoCheckCamera in the example above).
The prepareDocumentCamera() method generates an object of type UnicoCheckCameraOpener.Document, which is used to open the camera with its open() method, receiving the parameters for the type of document to be captured, which are:
If you need to capture a document for which we don't have a specific frame (e.g., RNE, among others), use the DocumentCameraType.None frame, which will provide you with a generic, rectangular frame that can be used to guide any capture.
onSucessDocument MethodWhen an image capture is successful, this method is invoked and returns an object of type ResultCamera, which is later used in the REST API calls:
The ResultCamera object returns two attributes: base64 and encrypted:
The base64 attribute can be used if you want to display a preview of the image in your app.
onErrorDocument MethodWhen an error occurs during image capture, this method is invoked and returns an object of type ErrorBio:
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can learn more about generating an access token .
UAT: ;
Production: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Note: Images taken from the guide "ICAO Guide for MRTD Photo Guidelines. ICAO. Icao guide for mrtd photo guidelines.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Prioritize colors with a readable contrast of at least 4.5:1, following accessibility parameters.
Ex: .
Accessible colors improve navigation for everyone, especially for people with low vision. Use hexadecimal color codes to check contrast and follow guidelines.
To customize the information on the contextualization screen, change the values of the parameters contained in the contextualization object when making the call.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Done. Once the SDK installation is complete, proceed to the implementation by reading the following :
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can follow the standard update or installation process described according to the version you are using: , , , and .
API contract breaks are restricted to Major version releases only . This means that significant changes to the API contract can only occur with major changes to the SDK, and not in minor revisions. We make it a practice to avoid any Major version breaks as much as possible, as it leads to major changes in the client integration, which is not our goal. We will only do so in cases of extreme necessity, always with the aim of ensuring security in all operations.
Each version has its own release notes, available through the links below, showcasing new features or bug fixes / fraud blocks: , , , and .
Whenever a new SDK version is released, the website is updated. If you are a Unico client, you will receive an email with the updates and information about the changes. If you are not receiving it, please contact your CSM.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This guide has been created to help you implement the Android SDK quickly and easily. Below, you will find a step-by-step process for the entire integration. Afterward, if you wish to customize the experience, be sure to check out the section.
This method is invoked with a parameter of type ErrorBio, which contains details about the error. Learn more about the ErrorBio type in the section.
Both the encrypted and base64 attributes can be sent in the REST API calls to .
If it's necessary to convert base64 to bitmap, the standard method doesn't work for Android. You need to perform a split at the comma (,) for it to work. If you'd like to learn more, read the article
Learn more about the ErrorBio types in the section of the SDK.
Capturing the images is just the first part of the journey. After capturing the image, it is necessary to send the base64 generated by the SDK to the by Client REST APIs. Learn more in the
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
DocumentCameraType.CPF
Frame for capturing the front of the CPF.
DocumentCameraType.CNH
Frame for capturing the open CNH.
DocumentCameraType.CNH_FRENTE
Frame for capturing the front of the CNH.
DocumentCameraType.CNH_VERSO
Frame for capturing the back of the CNH.
DocumentCameraType.RG_FRENTE
Frame for capturing the front of the RG.
DocumentCameraType.RG_VERSO
Frame for capturing the back of the RG.
DocumentCameraType.None
Frame for capturing any other document.
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your iOS applications
Have the Android SDK version 21 or higher;
Have the Unico Maven repository configured.
ASUS - X01BDA
10.0.0
Físico
ASUS - Z01KD
8.0.1
Físico
HUAWEY - P30 Lite
9.0.0
Físico
LG - K22
10.0.0
Físico
LG - Q6
7.0.0
Físico
MOTOROLA - Moto one macro
10.0.0
Físico
MOTOROLA - Moto G4
6.0.1
Físico
MOTOROLA - Moto G5s Plus
8.1.0
Físico
MOTOROLA - Moto G6 Play
9.0.0
Físico
MOTOROLA - Moto G7 Play
10.0.0
Físico
MOTOROLA - Moto G7 Power
10.0.0
Físico
MOTOROLA - Moto G8 Power Lite
10.0.0
Físico
SAMSUNG - A01
10.0.0
Físico
SAMSUNG - J8 SM J810M
8.1.0
Físico
SAMSUNG - Galaxy A30s SM-A307GT
10.0.0
Físico
SAMSUNG - Galaxy A51
10.0.0
Físico
SAMSUNG - Galaxy A71
11.0.0
Físico
SAMSUNG - Galaxy S20+
11.0.0
Físico
SAMSUNG - s10e
11.0.0
Físico
XIAOMI - Mi 8 Lite
9.0.0
Físico
XIAOMI - Mi 8 Lite
10.0.0
Físico
XIAOMI - Poco X3
10.0.0
Físico
XIAOMI - Redmi Note 8
10.0.0
Físico
XIAOMI - Redmi Note 8 Pro
10.0.0
Físico
XIAOMI - Redmi Note 9
10.0.0
Físico
XIAOMI - Redmi Note 9 Pro
10.0.0
Físico
GOOGLE - Pixel sailfish
8.0.0
Virtual (TestLab)
HUAWEY - ALE L23
5.0.0
Virtual (TestLab)
HUAWEY - ANE LX1
9.0.0
Virtual (TestLab)
HUAWEY - ANE LX2
9.0.0
Virtual (TestLab)
HUAWEY - COR L29
8.1.0
Virtual (TestLab)
HUAWEY - MHA L29
7.0.0
Virtual (TestLab)
HUAWEY - NEO L29
9.0.0
Virtual (TestLab)
SAMSUNG - SC 02J
8.0.0
Virtual (TestLab)
SAMSUNG - SM G891A
9.0.0
Virtual (TestLab)
SAMSUNG - SM G930AZ
8.0.0
Virtual (TestLab)
SAMSUNG - SM G935A
8.0.0
Virtual (TestLab)
SAMSUNG - SM G965N
9.0.0
Virtual (TestLab)
SAMSUNG - SM G965U1
8.0.0
Virtual (TestLab)
SAMSUNG - SM G981U1
10.0.0
Virtual (TestLab)
SAMSUNG - SM J727V
8.1.0
Virtual (TestLab)
SAMSUNG - SM N950F
9.0.0
Virtual (TestLab)
SAMSUNG - SM N950N
9.0.0
Virtual (TestLab)
SAMSUNG - SM N950U
8.0.0
Virtual (TestLab)
SAMSUNG - SM N960F
9.0.0
Virtual (TestLab)
SAMSUNG - SM N960N
9.0.0
Virtual (TestLab)
SAMSUNG - SM N960U1
8.1.0
stLab)
In this section, you will find solutions to some common issues encountered during the integration of the Unico IDCloud SDK into your Android applications
The obfuscation material is intended to assist the developer in overcoming obfuscation issues in their application.
The client's obfuscator can affect the functionality of the SDK, so it is necessary that it does not obfuscate the SDK code.
Unico is not responsible for any obfuscation conflicts with the SDK.
Obfuscation is a process of transforming the bytecode into a form that is less readable by humans, thereby making reverse engineering more difficult.
This process involves removing debugging-related information such as variable tables, line numbers, and renaming packages, classes, and methods.
When embedding the Android SDK in the application, issues may occur.
When obfuscation is performed via DexGuard, in case of failure, use the following rules:
When obfuscation is performed via ProGuard, in case of failure, use the following rules:
Change the Maven repository to the new repository in the project's build.gradle file.
The implementation was done as follows:
It should now be updated to the new repository:
Change the SDK dependency to the new dependency in the app/build.gradle file of the project.
The implementation was done as follows:
It should now be updated to the new dependency:
In this section, you will find an overview of how the Unico IDCloud platform SDK operates
The SDKs from the Unico IDCloud platform aim to enhance the security of your business and your clients, even allowing you to personalize the user experience by applying your brand's visual identity. The SDKs abstract the complexity of handling the user's device camera and capturing images (Selfie and document), making life easier for developers and reducing the time to deliver the final product. Other advantages:
Image Capture Accuracy: The SDKs have features that help the user obtain biometrically valid photos, reducing image drop rates compared to captures made by standard device cameras. SmartFrames are added, which are "key elements" that automatically adjust to the user's silhouette and screen proportions, allowing for better image capture.
Enhanced Security: Encryption features and protection against image injection, also including functionalities that prevent fraud, adapted to different camera modes. Security layers that work complementarily, both at the application level and in relation to the data transmitted between the SDKs and the backend. The SDK also includes code obfuscation, emulator blocking, and app bundle verification for the app executing it.
The SDK (Client-side) is responsible for simplifying your integration with the Unico IDCloud platform, handling all the complexity of camera manipulation and image capture.
If the capture is successful, the SDK returns an object that must be sent to the biometric engine API, thus completing the biometric validation, as illustrated in the diagram below:
Below are the necessary information and requirements officially supported by each Unico Client SDK:
Plugins: Flutter
Linguagens: Java/Kotlin
Xcode: >= 15.0
Plugins: Flutter
Linguagens: swift/objective-c
iOS: >= 11
Dependency manager: Cocoapods ou Swift Package Manager
Frameworks: React JS, Angular, Next JS, Vue JS e JS Vanilla.
Versão Javascript: ECMAScript 5 or higher.
Our support is restricted to applications developed directly on the native Android and iOS platforms, using their respective native modules, as well as the Flutter framework (if the implementation uses our plugin). At this time, we do not offer support for applications developed using hybrid frameworks such as React Native, Ionic, or other cross-platform development technologies.
The SDKs of the Unico IDCloud platform follow semantic versioning, which means there is a version number in the format "MAJOR.MINOR.PATCH", described as follows:
Major Version (MAJOR): When making incompatible changes to the API;
Minor Version (MINOR): When adding functionality while maintaining compatibility;
Patch Version (PATCH): When fixing bugs while maintaining compatibility.
In this section, you will find all the necessary information for handling errors from the Unico IDCloud SDK in your Android applications
This object is returned whenever an error occurs in the Android SDK.
getCode()
Method used to obtain the error code that occurred.
getDescription()
Method used to obtain the description of the error that occurred.
Below is the list of possible error codes for the Android SDK:
73001
Context invalid
73002
Did not grant permission to open camera
73003
The lest API is 21(LOLLIPOP)
73004
Could not find implementation interface callback iAcessoBioSelfie
73005
Could not find implementation interface callback iAcessoBioDocument
73006
Unable to open camera on emulators
73100
Unable to connect to internet
73200
Please inform the json file name
73202
Unable to parse json file
73300
Unable to get unico authentication object
73301
Unable to parse object
73302
Could not find the unico token
73303
Current host is not registered
73400
Could not initialize camera
73500
Unable to get session token, service response error
73501
Unable to parce object
73502
Could not get session token
73701
Could not find active liveness import
73702
Unable to initialize active liveness in production mode
73703
Unable to get active liveness session
73704
The user pressed the cancel button and did not complete the Session.
73705
The Session was not performed successfully and a FaceScan was not generated. In general, other statuses will be sent to the
73706
The camera access is prevented because either the user has explicitly denied permission or the user's device is configured to
73707
The Session was cancelled due to the app being terminated, put to sleep, an OS notification, or the app was placed in the
73708
The Session was cancelled because device is in landscape mode. The user experience of devices in these orientations is poor
73709
The Session was cancelled because device is in reverse portrait mode. The user experience of devices in these orientations is
73710
The Session was cancelled because the user was unable to complete a Session in the default allotted time or the timeout set
73712
The Session was cancelled due to memory pressure.
73712
The Session was cancelled because your App is not in production and requires a network connection.
73713
The Session was cancelled because your key needs to be validated again.
73714
The Session was cancelled because the developer-configured encryption key was not valid.
73715
The Session was cancelled because not all guidance images were configured.
73716
The Session was cancelled because SDK was unable to start the camera on this device.
73717
The Session was cancelled because the user was in a locked out state.
73718
The Session was cancelled because of an unknown and unexpected error. SDK leverages a variety of iOS APIs including camera,
73719
The Session cancelled because user pressed the Get Ready screen subtext message. Note: This functionality is not available by
73800
Could not build encrypted key
In this section, you will find all the information necessary for customizing the SDK of the Unico IDCloud platform in your Android applications
The Android SDK allows for some customizations. Below, you can see all the possible customizations for this SDK.
It is possible to configure the experience of the informational messages in the capture frames by changing their language. Use the enumerated type LocaleTypes, which contains the following values:
LocaleTypes.PT_BR: for Portuguese(Brazil);
LocaleTypes.ES_MX: for Spanish(Mexico);
LocaleTypes.ES_ES: for Spanish(Spain);
LocaleTypes.EN_US: for English(USA).
See how to implement it in the example below:
This is an optional step, but highly recommended so that the capture process reflects your company's visual identity.
It is possible to customize some objects of the frame according to the camera mode used, through the setTheme() method.
The supported types for color representation are Color Resource or String containing the hexadecimal color code. Example: R.color.red or #FF0000.
All methods are available below:
It is also possible to make static customizations. In your colors.xml file, add the following code:
Below, check the field specification for the customization:
This is an optional step, but highly recommended so that the capture process reflects your company's visual identity.
It is possible to customize some objects of the frame according to the camera mode used, through the setTheme() method.
The supported types for color representation are Color Resource or String containing the hexadecimal color code. For example: R.color.red or #FF0000.
All methods are available below:
It is also possible to make static customizations. In your colors.xml file, add the following code:
Below, check the specification of the customization fields:
In this section, you will find all the updates for the Unico IDCloud Android SDK
Keep your Android SDK always updated with the latest available version.
Critical Update
Enhanced detection and protection against injection attacks on both the device and server, leveraging artificial intelligence;
Critical reinforcements in the RASP layer, improving the detection of critical threats and implementing measures to eliminate continuous exploitation by fraudsters;
Improvements in the liveness engine layer to counter recurring attacks in the market.
Internal dependency adjustments ensuring compatibility with kotlin 1.6.0.
Rear camera support in physical store flows;
Update of the Liveness SDK and server with interaction;
Internal product improvements. These improvements do not directly affect the end user experience, keeping the interface and external functionalities unchanged.
Update SDK and Server version of Liveness with interaction.
Update SDK and Server version of Liveness with interaction.
Update SDK and Server version of Liveness with interaction.
In this version, we updated the compileSdkVersion to API 34, in compliance with Google Play policies.
Update SDK and Server version of Liveness with interaction.
Update SDK and Server version of Liveness with interaction.
SDK Update and Liveness Server Interaction;
Internal Improvements.
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your Android applications for selfie capture
Create an instance of the builder (generated through the IAcessoBioBuilder interface), providing the context and environment as parameters, along with the implementation of the AcessoBioListener class.
The implementation of this class is quite simple and can be done in just a few lines of code. All you need to do is instantiate the builder by providing the relevant context and override the callback methods with the business logic of your application:
Configure the environment that will be used during the SDK execution. Use the Environment enum, which contains the following options:
Environment.PROD: for production environment;
Environment.UAT: for approval environment.
See how to implement it in the example below:
Note that the work of implementing the AcessoBioListener class is, for the most part, configuring the callback methods. Each method is called in a specific situation based on the SDK's return.
Simply override the methods shown in the previous step with your application's business logic.
This method is invoked whenever any implementation error occurs while using one of our methods:
onErrorAcessoBio(ErrorBio errorBio)
onUserClosedCameraManually()
This method is invoked whenever the user manually closes the camera, such as when clicking the "Back" button.
onSystemClosedCameraTimeoutSession()
This method is invoked as soon as the maximum session time is reached (without capturing any image).
It can be configured in the builder through the setTimeoutSession method. This method should receive the maximum session time in seconds. You can change the maximum session time for your user when using the face detection feature (Selfie camera with smart capture). If the user exceeds the time set for capturing the photo, you can display a customizable message or instruction to the user. The default value is 40 seconds, and the minimum value is also 40 seconds.
onSystemChangedTypeCameraTimeoutFaceInference()
This method is invoked as soon as the maximum time for face detection is reached (without detecting anything). In this case, the camera mode is automatically switched to manual capture mode (without the smart capture outline).
The maximum capture time when using face detection (Selfie camera with smart capture) is 13 seconds. If the user encounters difficulty capturing the photo through face detection and exceeds the time set in the process, the capture is automatically switched to manual mode, aiming to make the action easier for the user (TimeoutToFaceInference).
All of the above methods must be created as indicated in your project (even if without any logic). Otherwise, the project will not compile successfully.
The SDK has smart framing and automatic capture configured and enabled by default. As a result, you must configure the camera mode in your builder as follows:
The false/true values of the methods above do not alter the capture experience; they are only used for the internal logic of the SDK's operation.
The camera opening method, which is called in the next step, needs to know what to do when it successfully captures an image or when an error occurs in the process. It is necessary to inform "what to do" to the camera opening method by implementing listeners that are called in cases of success or error.
Through the configuration of the listeners, you can specify what happens in your app in error situations (onErrorSelfie method) or success situations (onSuccessSelfie method) during image capture.
Changes in naming conventions for versions lower than 4.2.1:
The method prepareCamera, which was previously prepareSelfieCamera.
The class CameraListener, which was previously SelfieCameraListener.
The object UnicoCheckCameraOpener.Camera, which was previously UnicoCheckCameraOpener.Selfie.
To configure the listeners, it is necessary to implement:
When the camera is prepared, the onCameraReady event is triggered, which receives an object of type UnicoCheckCameraOpener.Camera as a parameter.
It is necessary to override this method, opening the camera with the object received through the open() method. The open() method should receive as parameters the listeners configured in the previous steps.
onSucessSelfie MethodWhen an image capture is successful, this method is invoked and returns an object of type ResultCamera, which is used later in the REST API calls:
The ResultCamera object returns two attributes: base64 and encrypted:
The base64 attribute can be used if you want to display a preview of the image in your app.
The encrypted attribute is strictly intended for sending the image through the by Client APIs. It should not be opened or serialized, as its characteristics may change without notice. Its use must be exclusive to interactions with the APIs to ensure data integrity and security. Unico is not responsible for any damages resulting from this practice, as modifications can occur unexpectedly.
The base64/encrypted files may vary in size due to several factors, including the quality of the devices and the photos generated by them, as well as Unico's business rules. To avoid issues in your application, do not limit the size of the string generated by the SDK for the files in your programming logic or infrastructure.
onErrorSelfie MethodWhen an error occurs during image capture, this method is invoked and returns an object of type ErrorBio:
For security reasons, the interval between the generation of the encrypted and its submission via one of the available flows must be a maximum of 10 minutes. Submissions made beyond this period will be automatically rejected by the API.
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your iOS applications for selfie capture
To get started with the Unico Check iOS SDK, import the SDK and implement the AcessoBioManagerDelegate interface within the ViewController you want to use.
The implementation of this class is straightforward and can be done with just a few lines of code. All you need to do is instantiate the builder, providing the context and environment in question, and override the callback methods with the business logic of your application:
Configure the environment that will be used to run the SDK. Use the enumerated environment that contains the following enumerates:
PROD: for production environment;
UAT: for approval environment.
See how to implement it in the example below:
Note that, as shown in the previous example, the implementation of the AcessoBioManagerDelegate interface mainly involves configuring the callback methods. Each method is called in a specific situation in the SDK's return process.
You simply need to override the methods demonstrated in the previous step with the business logic of your application:
onErrorAcessoBioManager(_ error: ErrorBio!)
This method is invoked when any implementation error occurs while using one of the methods, such as providing an incorrect document type for the document capture functionality.
onUserClosedCameraManually()
This method is invoked whenever the user manually closes the camera, such as by clicking the "Back" button.
onSystemClosedCameraTimeoutSession()
This method is invoked as soon as the maximum session time is reached (without capturing any image).
It can be configured in the builder through the setTimeoutSession method. This method should receive the maximum session time in seconds. You can change the maximum session time for your user by using the face detection feature (Selfie camera with smart capture). If the time exceeds the duration specified for the process to capture the photo, you can display a customizable message or instruction to the user. The default value is 40 seconds, and the minimum value is also 40 seconds.
onSystemChangedTypeCameraTimeoutFaceInference()
This method is invoked as soon as the maximum time for detecting a user's face is reached (without detecting anything). In this case, the camera mode is automatically switched to manual capture mode (without the intelligent capture silhouette).
The maximum capture time when using face detection (Selfie camera with smart capture) is 13 seconds. If the user encounters any difficulty capturing the photo through face detection and exceeds the time specified in the process, the capture automatically switches to manual mode to facilitate the user's action (TimeoutToFaceInference).
All the methods above must be created as indicated in your project (even without any logic). Otherwise, the project will not compile successfully.
The SDK has intelligent framing and automatic capture configured and enabled by default. As a result, you should configure the camera mode in your builder as follows:
The false/true values for the methods above do not change the capture experience; they are only used for the internal logic of the SDK's functionality.
The camera opening method needs to know what to do when it successfully captures an image or encounters an error during the process. "What to do" is informed to the camera opening method through the configuration of delegates that are called in success or error situations.
By configuring the delegates, you can specify what happens in your app in error situations (method onErrorSelfie) or success (method onSuccessSelfie) when capturing images.
To configure the delegates, you need to implement the SelfieCameraDelegate and AcessoBioSelfieDelegate interfaces:
onSuccessSelfie MethodWhen successfully capturing an image, this method is invoked and returns an object of type SelfieResult, which is later used in the REST API calls.
The ResultCamera object returns 2 attributes: base64 and encrypted:
The base64 attribute can be used if you want to display a preview of the image in your app.
The encrypted attribute is strictly intended for sending the image through the by Client APIs. It should not be opened or serialized, as its characteristics may change without prior notice. Its use should be exclusive in interactions with the APIs to ensure data integrity and security. Unico is not responsible for any damages resulting from this practice, as modifications can occur unexpectedly.
The base64/encrypted files may vary in size depending on various factors, including the quality of the devices and photos generated by them, as well as Unico’s business rules. To avoid issues in your application, do not limit the size of the string generated by the SDK for the files within your programming logic or infrastructure.
onErrorSelfie MethodWhen an error occurs during the image capture, this method is invoked and returns an object of type ErrorBio:
It is possible to configure the environment to be used during the execution of the SDK. Use the EnvironmentEnum enumerated type, which contains the following values:
EnvironmentEnum.PROD: for the Production environment
EnvironmentEnum.UAT: for the Staging environment
See how to implement it in the example below:
To proceed with opening the camera, you must first prepare it using the prepareSelfieCamera method. This method takes as parameters the implementation of the SelfieCameraDelegate class and the JSON containing the credentials generated in the previous step.
Once the camera is prepared, the onCameraReady event is triggered and receives an object of type AcessoBioCameraOpenerDelegate as a parameter.
You should override this method and open the camera using the object received through the open() method:
If any error occurs while preparing the camera, the onCameraFailed event is triggered. You should implement this method applying your app's business rules.
For security reasons, the time interval between the generation of the encrypted and its submission via one of the available flows must be no more than 10 minutes. Submissions made beyond this period will be automatically rejected by the API.
In this section, you will find solutions to some common issues encountered during the integration of the Unico IDCloud SDK into your iOS applications
The obfuscation material is intended to assist the developer in overcoming obfuscation issues in their application.
The client obfuscator may affect the functionality of the SDK, so it is necessary that it does not obfuscate the SDK code.
Unico is not responsible for obfuscation conflicts with the SDK.
Obfuscation is a process of transforming the bytecode into a form that is less readable by humans, thus making reverse engineering more difficult.
This process involves removing debugging-related information, such as variable tables, line numbers, and renaming packages, classes, and methods.
When embedding the Android SDK into the application, issues may occur.
When obfuscation is performed using the iXGuard tool, we recommend using version 4.12.6 or higher.
The responsibility for controlling the flow is delegated to the caller of the SDK. Therefore, if any form of shadow appears or the screen does not close after successfully completing the capture, it is recommended to implement a way to release this screen. This release may vary depending on the navigation stack implemented. For this implementation, add the appropriate release method preferably within the onSuccessSelfie delegate method. Below are some examples of releases that can be used:
After the official release of Xcode 16 on September 17, 2024, and its use for distributing apps on the App Store, we encountered a block when using the iOS SDK, signaling the use of bitcode in two internal dependencies when using Cocoapods as the dependency manager. These dependencies are DeviceProfiling and UnicoSdkLogger. In order to avoid blocking new releases, it is possible to apply the following steps until the issue is fully resolved in a future iOS SDK release:
Open the Podfile file.
Add the following lines after the post_install command (do |installer|) and before the last end:
2.1. If there is already some code, insert the following before the existing code;
2.2. If you are already manually removing bitcode, explicitly add the paths mentioned in framework_paths.
If the post_install do |installer| command is not present in the Podfile, insert it as follows before the last end:
In this section, you will find all the information needed to install the Unico IDCloud platform SDK in your iOS applications
Your development environment must meet the following prerequisites:
To implement the iOS SDK from the Unico IDCloud platform into your iOS application, follow the step-by-step instructions listed below:
Swift Package Manager is a dependency manager for Swift projects. It is integrated with the Swift build system to automate the process of downloading, compiling, and linking dependencies. To integrate the iOS SDK into your project using SPM, follow the instructions below:
Include the dependency in your Package.swift file:
Contact the CSs and/or the Onboarding team.
Request the SDK Key by providing the identifiers of your applications: Bundle Identifier for iOS, PackageID for Android, and Host for WEB.
The identifiers of your applications will be linked to the SDK Key by the Unico team.
You will receive your SDK Key to implement the AcessoBioConfigDataSource.
In this section, you will find all the information necessary for customizing the SDK of the Unico IDCloud platform in your Android applications
The Android SDK allows for some customizations to be made. Below are all the possible customizations for this SDK.
It is possible to configure the experience of the informational messages in the capture frames by changing their language. Use the enumerated type LocaleTypes, which contains the following values:
LocaleTypes.PT_BR: for Portuguese(Brazil);
LocaleTypes.ES_MX: for Spanish(Mexico);
LocaleTypes.ES_ES: for Spanish(Spain);
LocaleTypes.EN_US: for English(USA).
See how to implement it in the example below:
This is an optional step, but highly recommended for the capture process to have your company's visual identity.
It is possible to customize some objects of the frame according to the camera mode used, through the setTheme() method.
The supported types for color representation are Color Resource or String containing the hexadecimal color code. For example: R.color.red or #FF0000.
All methods are available below:
Here are some examples of how you can use the above methods in your project:
In this section, you will find all the necessary information for using and integrating the Unico IDCloud SDK into your iOS applications for document capture
This guide has been designed to help you quickly and easily implement the Android SDK. Below, you'll find the step-by-step process for the complete integration. If you wish to customize the experience further, check out the iOS Customization section.
In this camera mode, there is a capture frame to assist the user in positioning the document correctly. After positioning the document correctly, the user should click the button to capture the photo of the document.
The SDK does not perform any type of validation on what is being captured.
In this camera mode, it is possible to capture the following documents:
RG: Capture of the RG (separate front and back).
CNH: Capture of the CNH opened.
CNH Front: Capture of the front of the CNH.
CNH Back: Capture of the back of the CNH.
CPF: Capture of the CPF document.
Without Silhouette: Capture of a generic document.
To get started with the Unico IDCloud iOS SDK, import the SDK and implement the AcessoBioManagerDelegate interface within the ViewController you wish to use.
The implementation of this class is straightforward and can be done with just a few lines of code. All you need to do is instantiate the builder by providing the relevant context and override the callback methods with the business logic of your application:
Note that, as shown in the previous example, the implementation work of the AcessoBioManagerDelegate interface is largely about configuring the callback methods. Each method is called in a specific situation based on the SDK's response.
Simply override the methods illustrated in the previous step with your application's business logic:
onErrorAcessoBioManager(_ error: ErrorBio!)
This method is invoked whenever an implementation error occurs while using any of the methods, such as providing an incorrect document type for the document capture functionality.
onUserClosedCameraManually()
This method is invoked whenever the user manually closes the camera, such as by clicking the "Back" button.
onSystemClosedCameraTimeoutSession()
This method is also invoked once the maximum session time is reached (without capturing any image).
It can be configured in the builder through the setTimeoutSession method. This method should receive the maximum session time in seconds. You can modify the maximum session time for your user when using the face detection feature (Selfie camera with intelligent capture). If the time limit for capturing the photo is exceeded, you can present a customizable message or instruction to the user. The default value is 40 seconds, and the minimum value is also 40 seconds.
onSystemChangedTypeCameraTimeoutFaceInference()
This method is invoked once the maximum time for detecting the user's face is reached (without detecting anything). In this case, the camera mode is automatically switched to manual capture mode (without the intelligent capture silhouette).
The maximum capture time when using face detection (Selfie camera with intelligent capture) is 13 seconds. If the user faces difficulties capturing the photo using face detection and exceeds the time limit set in the process, the capture automatically switches to manual mode, aiming to facilitate the process for the user (TimeoutToFaceInference).
All of the above methods must be implemented as indicated in your project (even if with no logic). Otherwise, the project will not compile successfully.
The camera opening method (which is called in the next step) needs to know what to do when it successfully captures an image or encounters an error during the process. The "actions" to be taken are specified to the camera opening method through the configuration of delegates, which are called in success or error situations.
By configuring the delegates, you can define what happens in your app during error situations (onErrorDocument method) or success situations (onSuccessDocument method) when capturing images.
To configure the delegates, you need to implement the DocumentCameraDelegate and AcessoBioDocumentDelegate interfaces:
onSucessDocument MethodWhen an image is successfully captured, this method is invoked and returns an object of type ResultCamera, which is used later in the REST API request.
The ResultCamera object returns two attributes: base64 and encrypted.
The base64 attribute can be used if you want to display a preview of the image in your app.
Both the encrypted and base64 attributes can be sent in the REST API calls of the by Client.
onErrorDocumentWhen an error occurs during image capture, this method is invoked and returns an object of type ErrorBio.
To open the camera, it is necessary to prepare it using the method prepareDocumentCamera. This method takes as a parameter the implementation of the DocumentCameraDelegate class and the JSON with the credentials generated in the previous step.
When the camera is ready, the event onCameraReadyDocument is triggered, which receives as a parameter an object of type AcessoBioCameraOpenerDelegate.
You should override this method, opening the camera with the object received through the openDocument() method, receiving the document type parameters to be captured, which are:
If you need to capture a document for which we don't have a specific frame (e.g., RNE, among others), use the DocumentEnums.none frame, which will provide a generic, rectangular frame that can be used to guide any capture.
The delegates implemented above (referred to here as Self):
If an error occurs while preparing the camera, the onCameraFailedDocument event is triggered. You should implement this method according to the business logic of your app.
In case of success, the onSuccessDocument event is triggered, as explained in the section above.
Have version 9 or higher of installed (Google's official development IDE);
Starting from version 4.4.x of the SDK, Unico began using its own Maven repository to distribute the Android SDK and changed the name of the SDK dependency, along with adjustments to ProGuard and DexGuard rules for clients using the GuardSquare library, as described in the section above.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Liveness: The SDKs are used in conjunction with the capability to ensure that the user is alive at the moment of capturing the selfie.
The image capture through the SDKs is just the first part of the journey. Therefore, it is extremely important to understand the basic concepts and how the biometric engine APIs work. For more information, see the REST API of the .
Unico is not responsible for issues arising from the lack of SDK updates in the client's operation. [
Android: 5.0 (API 21)
Kotlin: 1.6
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Semantic versioning is used to number the versions. For more information, refer to the article .
Additionally, the repository where the SDK is provided has changed, and there has also been a change in the SDK dependency name. You should update your records according to the article .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This guide has been designed to help you implement the Android SDK quickly and easily. Below, you'll find a step-by-step process for the entire integration. Afterward, if you wish to customize the experience, be sure to check out the section.
When invoked, the method receives a parameter of type ErrorBio that contains details about the error. Learn more about the ErrorBio type in the section.
To proceed with opening the camera, it is first necessary to prepare it using the prepareCamera method. This method receives as parameters the implementation of the CameraListener class, the class, or the JSON with the credentials generated in.
The encrypted attribute must be sent in the REST API calls to.
Learn more about the ErrorBio types in the section of the SDK.
If it's necessary to convert base64 to bitmap, the standard method doesn't work for Android. It is necessary to perform a split at the comma (,) for it to work. If you'd like to learn more, read the article:
Image capture is just the first part of the journey. After capturing the image, it is necessary to send the encrypted generated by the SDK to the by Client REST APIs. Learn more in the CreateProcess section of
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This guide has been created to help you implement the Unico iOS SDK quickly and easily. Below is the step-by-step process for the entire integration. Afterward, if you wish to personalize the experience, be sure to check the section.
When invoked, the method will receive a parameter of type ErrorBio that contains details of the error. For more information on the ErrorBio type, refer to the article in this SDK documentation.
The encrypted attribute must be sent in the REST API calls of
If you want to convert the base64 to bitmap, the standard method doesn’t work for iOS. You need to split the string starting from the comma (,) to make it work. To learn more, read this article:
Learn more about the types of ErrorBio in the SDK section.
The The ErrorPrepare type is an extension of ErrorBio, thus containing all of its properties. Learn more about the ErrorBio type in the section of the SDK.
Capturing the images is only the first part of the journey. After capturing the image, it is necessary to send the encrypted generated by the SDK to the by Client REST APIs. Learn more in the section of by Client.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Source: , , .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
The capture component provided through the iOS SDK is compatible with all devices running iOS 11 or later. You can check the list of compatible devices on the official Apple .
CocoaPods is a dependency manager for Cocoa projects. For installation and usage instructions, visit the official documentation. To integrate the iOS SDK into your Xcode project using CocoaPods, follow the instructions below:
Done. After completing the SDK installation, proceed to the implementation by reading the following material: :
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
When invoked, the method receives a parameter of type ErrorBio, which contains details about the error. Learn more about the ErrorBio type in the article of this SDK.
If you need to convert the base64 to bitmap, the standard method does not work for Android. You need to split the string at the comma (,) to make it work. If you want to learn more, read the article:
Capturing the images is only the first part of the journey. After capturing the image, you need to send the base64 generated by the SDK to the by Client REST APIs. Learn more in the section of the by Client.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
getCode()
Method used to obtain the error code that occurred.
getDescription()
Method used to obtain the description of the error that occurred.
73000
The Session was cancelled because of an unknown and unexpected error. The Unico Check SDK leverages a variety of iOS APIs including camera, storage, security, networking, and more. This return value is a catch-all for errors experienced during normal usage of these APIs.
73001
Context invalid
73003
The API version needs to be 11 or newer.
73006
Unable to open camera on emulators
73100
Unable to connect to internet
73200
Could not find the unico_sdk json file
73202
Unable to load unico_sdk json file
73203
Unable to load AcessoBioConfigDataSource
73204
Unable to initialize the SDK, please configure the environment on setEnviroment method of build.
73300
Unable to get unico authentication object
73301
Unable to parse unico authentication object
73302
Could not find the unico token
73701
Could not find active liveness import
73702
Unable to initialize active liveness in production mode
73703
Unable to get active liveness session
73704
The user pressed the cancel button and did not complete the Session.
73705
The Session was not performed successfully and a FaceScan was not generated. In general, other statuses will be sent to the developer for specific unsuccess reasons.
73706
The camera access is prevented because either the user has explicitly denied permission or the user's device is configured to not allow access by a device policy.
73707
The Session was cancelled due to the app being terminated, put to sleep, an OS notification, or the app was placed in the background.
73708
The Session was cancelled because the device is in landscape mode. The user experience of devices in these orientations is poor and thus portrait is required.
73709
The Session was cancelled because the device is in reverse portrait mode. The user experience of devices in these orientations is poor and thus portrait is required.
73710
The Session was cancelled because the user was unable to complete a Session in the default allotted time or the timeout set by the developer.
73711
The Session was cancelled due to memory pressure.
73712
The Session was cancelled because your App is not in production and requires a network connection.
73713
The Session was cancelled because your key needs to be validated again.
73714
The Session was cancelled because the developer-configured encryption key was not valid.
73715
The Session was cancelled because not all guidance images were configured.
73716
The Session was cancelled because SDK was unable to start the camera on this device.
73717
The Session was cancelled because the user was in a locked out state.
73718
The Session was cancelled because of an unknown and unexpected error. SDK leverages a variety of iOS APIs including camera, storage, security, networking, and more. This return value is a catch-all for errors experienced during normal usage of these APIs.
73719
The Session was cancelled because the user pressed the Get Ready screen subtext message. Note: This functionality is not available by default, and must be requested from FaceTec in order to enable it.
73720
The Session was not processed.
73721
The Session can't be performed: attempts limit exceeded.
73722
The Session can't be performed: face alignment timeout.
73730
Unable to initialize an active liveness session because of an unknown and unexpected license error.
73731
Unable to initialize an active liveness session because the license has expired.
73800
Could not build encrypted key
getColorSilhouetteSuccess()
Method used to customize the success color of the silhouette.
getColorSilhouetteError()
Method used to customize the error color of the silhouette.
getColorBackground()
Method used to customize the background color of the silhouette.
getColorBoxMessage()
Method used to customize the background color of the message.
getColorTextMessage()
Method used to customize the text color of the message.
getColorTextPopupError()
Method used to customize the text and icon color of the error popup.
getColorBackgroundPopupError()
Method used to customize the background color of the error popup.
getColorBackgroundButtonPopupError()
Method used to customize the background color of the popup button.
getColorTextButtonPopupError()
Method used to customize the text color of the popup button.
getColorBackgroundTakePictureButton()
Method used to customize the background color of the manual photo capture button.
getColorIconTakePictureButton()
Method used to customize the icon color of the manual photo capture button.
getColorBackgroundBottomDocument()
Method used to customize the background color of the document capture box.
getColorTextBottomDocument()
Method used to customize the text color of the document capture box.
getImageIconPopupError()
Method used to customize the icon of the error popup, displayed when the face is incorrectly positioned within the capture frame.
getProgressBarColor() (opcional)
Optional method used to customize the loading icon color for the Liveness camera with interaction. If not implemented, getColorBoxMessage() will be used.
getCancelButtonIconColor() (opcional)
Optional method used to customize the cancel icon color for the Liveness camera with interaction. If not implemented, getColorBackgroundTakePictureButton() will be used.
DocumentEnums.CPF
Capture the front of the CPF
DocumentEnums.CNH
Capture the open CNH
DocumentEnums.cnhFrente
Capture the front of the CNH
DocumentEnums.cnhVerso
Capture the back of the CNH
DocumentEnums.RG
Capture the open RG
DocumentEnums.rgFrente
Capture the front of the RG
DocumentEnums.rgVerso
Capture the back of the RGo RG
DocumentEnums.none
Capture any other document
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your Flutter applications
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your Webapplications
Have the iOS SDK version 11 or higher installed;
Have the dependency manager Cocoapods or Swift Package Manager configured.
In this section, you will find all the updates for the Unico IDCloud iOS SDK
Keep your iOS SDK always up to date with the latest available version. Semantic versioning is used to number the versions. For more information, please refer to the article Overview.
SDK Update and Liveness Server Interaction;
Accessibility improvements.
SDK Update and Liveness Server Interaction.
SDK Update and Liveness Server Interaction.
SDK Update and Liveness Server Interaction.
SDK Update and Liveness Server Interaction.
SDK Update and Liveness Server Interaction.
SDK Update and Liveness Server Interaction.
SDK Update and Liveness Server Interaction.
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your Flutter applications for selfie capture
To get started, create an instance of the builder (generated through the UnicoCheckBuilder interface), providing the context and environment as parameters, along with the implementation of the UnicoListener class.
The implementation of this class is quite simple and can be done with just a few lines of code. All you need to do is override the callback methods with your application's business logic.
Configure the environment that will be used to run the SDK. Use the enumerated environment that contains the following enumerates:
UnicoEnvironment.PROD: for production environment;
UnicoEnvironment.UAT: for approval environment.
See how to implement it in the example below:
Note that, as shown in the previous example, the implementation of the UnicoListener class mostly involves configuring the callback methods. Each method will be called in a specific situation based on the SDK's return.
Simply override the methods demonstrated in the previous step with your application's business logic:
onErrorUnico(UnicoError error)
onUserClosedCameraManually()
This method is invoked whenever the user manually closes the camera, such as by clicking the "Back" button.
onSystemClosedCameraTimeoutSession()
This method is invoked as soon as the maximum session time is reached (without capturing any image).
It can be configured in the builder through the setTimeoutSession method. This method should receive the maximum session time in seconds. You can change the maximum session time for your user by using the face detection feature (Selfie camera with smart capture). If the user exceeds the time defined in your process to capture the photo, you can display a customizable message or instruction to the user. The default value is 40 seconds, and the minimum value is also 40 seconds.
onSystemChangedTypeCameraTimeoutFaceInference()
This method is invoked as soon as the maximum time for detecting a user's face is reached (without detecting anything). In this case, the camera mode is automatically changed to manual capture mode (without the smart capture silhouette).
The maximum capture time when using face detection (Selfie camera with smart capture) is 13 seconds. If the user has difficulty capturing the photo via face detection and exceeds the time set in your process, the capture mode automatically switches to manual to make the process easier for the user (TimeoutToFaceInference).
All of the above methods must be created as indicated in your project (even if with no logic). Otherwise, the project will not compile successfully.
The SDK has intelligent framing and automatic capture configured and enabled by default. As a result, you should configure the camera mode in your builder as follows:
The false/true values for the methods above do not alter the capture experience; they are only used for the internal logic of the SDK's functionality.
The camera opening method needs to know what to do when it successfully captures an image or encounters an error during the process. "What to do" is informed to the camera opening method by implementing listeners, which are called in cases of success or error.
Through the implementation of these listeners, you can specify what happens in your app in case of error (onErrorSelfie method) or success (onSuccessSelfie method) when capturing images.
onSucessSelfie MethodWhen successfully capturing an image, this method is invoked and returns an object of type ResultCamera, which is later used in the REST API requests:
The ResultCamera object returns 2 attributes: base64 and encrypted:
The base64 attribute can be used if you want to display a preview of the image in your app.
The encrypted attribute must be sent in the REST API calls by Client.
The encrypted attribute is strictly intended for sending the image through the by Client APIs. It should not be opened or serialized, as its characteristics can be altered without prior notice. Its use should be exclusive for interactions with the APIs to ensure data integrity and security. Unico is not responsible for any damages resulting from this practice, as modifications can occur unexpectedly.
The base64/encrypted files may vary in size depending on several factors, including the quality of the devices and the photos generated by them, as well as Unico's business rules. To avoid issues in your application, do not limit the size of the string generated by the SDK for these files in your programming logic or infrastructure.
onErrorSelfie MethodIf an error occurs during the image capture, this method is invoked and returns an object of type UnicoError:
The openCameraSelfie method is used to open the camera. This method takes as parameters the implementation of the UnicoSelfie class and the JSON with the credentials, generated in the previous step.
The following example illustrates the steps for configuring the listeners and opening the camera:
For security reasons, the interval between the generation of the encrypted and its sending via one of the available flows must be a maximum of 10 minutes. Submissions made beyond this period will be automatically rejected by the API.
In this section, you will find all the necessary information for handling errors from the Unico IDCloud SDK in your Android applications
This object is returned whenever an error occurs in the Flutter SDK.
getCode()
Method used to obtain the error code that occurred.
getDescription()
Method used to obtain the description of the error that occurred.
Below is a list of possible error codes from the Flutter SDK:
73001
Context invalid
73002
Did not grant permission to open camera
73003
The lest API is 21(LOLLIPOP)
73004
Could not find implementation interface callback iAcessoBioSelfie
73005
Could not find implementation interface callback iAcessoBioDocument
73006
Unable to open camera on emulators
73100
Unable to connect to internet
73200
Please inform the json file name
73202
Unable to parse json file
73300
Unable to get unico authentication object
73301
Unable to parse object
73302
Could not find the unico token
73303
Current host is not registered
73400
Could not initialize camera
73500
Unable to get session token, service response error
73501
Unable to parce object
73502
Could not get session token
73701
Could not find active liveness import
73702
Unable to initialize active liveness in production mode
73703
Unable to get active liveness session
73704
The user pressed the cancel button and did not complete the Session.
73705
The Session was not performed successfully and a FaceScan was not generated. In general, other statuses will be sent to the
73706
The camera access is prevented because either the user has explicitly denied permission or the user's device is configured to
73707
The Session was cancelled due to the app being terminated, put to sleep, an OS notification, or the app was placed in the
73708
The Session was cancelled because device is in landscape mode. The user experience of devices in these orientations is poor
73709
The Session was cancelled because device is in reverse portrait mode. The user experience of devices in these orientations is
73710
The Session was cancelled because the user was unable to complete a Session in the default allotted time or the timeout set
73712
The Session was cancelled due to memory pressure.
73712
The Session was cancelled because your App is not in production and requires a network connection.
73713
The Session was cancelled because your key needs to be validated again.
73714
The Session was cancelled because the developer-configured encryption key was not valid.
73715
The Session was cancelled because not all guidance images were configured.
73716
The Session was cancelled because SDK was unable to start the camera on this device.
73717
The Session was cancelled because the user was in a locked out state.
73718
The Session was cancelled because of an unknown and unexpected error. SDK leverages a variety of iOS APIs including camera,
73719
The Session cancelled because user pressed the Get Ready screen subtext message. Note: This functionality is not available by
73800
Could not build encrypted key
In this section, you will find all the necessary information for using and integrating the Unico IDCloud SDK into your Flutter applications for document capture
In this camera mode, there is a capture frame to assist the user in positioning the document correctly. Once the document is properly positioned, the user must click the button to take a photo of the document.
The SDK does not perform any validation of what is being captured.
In this camera mode, it is possible to capture the following documents:
CPF: Capture the front of the CPF;
CNH: Capture the open CNH;
CNH Front: Capture the front of the CNH;
CNH Back: Capture the back of the CNH;
RG Front: Capture the front of the RG;
RG Back: Capture the back of the RG;
Others: Capture any other document.
To get started, create an instance of the builder (generated through the UnicoCheckBuilder interface), providing the context and the implementation of the UnicoListener class as parameters.
The implementation of this class is quite simple and can be done with just a few lines of code. All you need to do is override the callback methods with your application's business logic.
Note that, as in the previous example, the implementation work of the UnicoListener class is largely about configuring the callback methods. Each method is called in a specific situation based on the SDK's response.
Override the methods exemplified above with your application’s business logic:
onErrorUnico(UnicoError error)
When invoked, the method receives a parameter of type UnicoError, which contains details about the error. Learn more about the UnicoError type in the SDK's error handling section.
onUserClosedCameraManually()
This method is invoked whenever the user manually closes the camera, such as by clicking the "Back" button.
onSystemClosedCameraTimeoutSession()
This method is invoked as soon as the maximum session time is reached (without capturing any image).
It can be configured in the builder through the setTimeoutSession method. This method should receive the maximum session time in seconds. You can change the maximum session time for your user by using the face detection feature (Selfie camera with smart capture). If the user exceeds the time set in your process to capture the photo, you can display a customizable message or instruction to the user. The default value is 40 seconds, and the minimum value is also 40 seconds.
onSystemChangedTypeCameraTimeoutFaceInference()
This method is invoked as soon as the maximum time for detecting a user's face is reached (without detecting anything). In this case, the camera mode is automatically switched to manual capture mode (without the smart capture silhouette).
The maximum capture time when using face detection (Selfie camera with smart capture) is 13 seconds. If the user encounters difficulty capturing the photo via face detection and exceeds the time set in your process, the capture mode is automatically switched to manual, aiming to make the action easier for the user (TimeoutToFaceInference)..
All the methods above must be created as indicated in your project (even if without any logic). Otherwise, the project will not compile successfully.
The camera opening method needs to know what to do when it successfully captures an image or encounters an error during the process. "What to do" is communicated to the camera opening method by implementing listeners that are called in cases of success or error.
Through the implementation of the listeners, you can specify what happens in your app in case of error (onErrorDocument method) or success (onSuccessDocument method) when capturing images.
onSucessDocument MethodWhen successfully capturing an image, this method is invoked and returns an object of type ResultCamera, which is later used in the REST API requests:
The ResultCamera object returns 2 attributes: base64 and encrypted:
The base64 attribute can be used if you want to display a preview of the image in your app;
Both the encrypted and base64 attributes can be sent in the REST API calls to by Client.
onErrorDocument MethodIf an error occurs during the image capture, this method is invoked and returns an object of type UnicoError:
To open the camera, the openCameraDocument() method is used. This method is provided through the object generated with an instance of the UnicoCheck class.
This method takes the following parameters:
A JSON file with the credentials, generated in the credential setup step;
The listeners configured above;
The type of document to be captured, which can be:
DocumentCameraTypes.CPF
Capture the front of the CPF
DocumentCameraTypes.CNH
Capture the open CNH
DocumentCameraTypes.CNH_FRENTE
Capture the front of the CNH
DocumentCameraTypes.CNH_VERSO
Capture the back of the CNH
DocumentCameraTypes.RG_FRENTE
Capture the front of the RG
DocumentCameraTypes.RG_VERSO
Capture the back of the RG RG
DocumentCameraTypes.OUTROS("descrição")
Capture any other document
If you need to capture a document that doesn't have a specific frame (e.g., RNE, among others), use the frame DocumentCameraTypes.OUTROS("description"), which will provide a generic, rectangular frame that can be used to guide any capture.
Example using the open CNH:
In this section, you will find all the information needed to install the Unico IDCloud platform SDK in your Flutter applications
Your development environment must meet the following prerequisites:
Have the Flutter Developer SDK installed.
iOS: It is compatible with almost all devices running iOS 11.
It is compatible with the vast majority of devices running Android 5.0 (API level 21) or higher.
The following table lists the devices tested in the lab, along with the availability of vendor/manufacturer extensions. Some extensions listed may be subject to specific manufacturer APIs or SKUs. Click below to see the tested devices:
ASUS - X01BDA
10.0.0
Físico
ASUS - Z01KD
8.0.1
Físico
HUAWEY - P30 Lite
9.0.0
Físico
LG - K22
10.0.0
Físico
LG - Q6
7.0.0
Físico
MOTOROLA - Moto one macro
10.0.0
Físico
MOTOROLA - Moto G4
6.0.1
Físico
MOTOROLA - Moto G5s Plus
8.1.0
Físico
MOTOROLA - Moto G6 Play
9.0.0
Físico
MOTOROLA - Moto G7 Play
10.0.0
Físico
MOTOROLA - Moto G7 Power
10.0.0
Físico
MOTOROLA - Moto G8 Power Lite
10.0.0
Físico
SAMSUNG - A01
10.0.0
Físico
SAMSUNG - J8 SM J810M
8.1.0
Físico
SAMSUNG - Galaxy A30s SM-A307GT
10.0.0
Físico
SAMSUNG - Galaxy A51
10.0.0
Físico
SAMSUNG - Galaxy A71
11.0.0
Físico
SAMSUNG - Galaxy S20+
11.0.0
Físico
SAMSUNG - s10e
11.0.0
Físico
XIAOMI - Mi 8 Lite
9.0.0
Físico
XIAOMI - Mi 8 Lite
10.0.0
Físico
XIAOMI - Poco X3
10.0.0
Físico
XIAOMI - Redmi Note 8
10.0.0
Físico
XIAOMI - Redmi Note 8 Pro
10.0.0
Físico
XIAOMI - Redmi Note 9
10.0.0
Físico
XIAOMI - Redmi Note 9 Pro
10.0.0
Físico
GOOGLE - Pixel sailfish
8.0.0
Virtual (TestLab)
HUAWEY - ALE L23
5.0.0
Virtual (TestLab)
HUAWEY - ANE LX1
9.0.0
Virtual (TestLab)
HUAWEY - ANE LX2
9.0.0
Virtual (TestLab)
HUAWEY - COR L29
8.1.0
Virtual (TestLab)
HUAWEY - MHA L29
7.0.0
Virtual (TestLab)
HUAWEY - NEO L29
9.0.0
Virtual (TestLab)
SAMSUNG - SC 02J
8.0.0
Virtual (TestLab)
SAMSUNG - SM G891A
9.0.0
Virtual (TestLab)
SAMSUNG - SM G930AZ
8.0.0
Virtual (TestLab)
SAMSUNG - SM G935A
8.0.0
Virtual (TestLab)
SAMSUNG - SM G965N
9.0.0
Virtual (TestLab)
SAMSUNG - SM G965U1
8.0.0
Virtual (TestLab)
SAMSUNG - SM G981U1
10.0.0
Virtual (TestLab)
SAMSUNG - SM J727V
8.1.0
Virtual (TestLab)
SAMSUNG - SM N950F
9.0.0
Virtual (TestLab)
SAMSUNG - SM N950N
9.0.0
Virtual (TestLab)
SAMSUNG - SM N950U
8.0.0
Virtual (TestLab)
SAMSUNG - SM N960F
9.0.0
Virtual (TestLab)
SAMSUNG - SM N960N
9.0.0
Virtual (TestLab)
SAMSUNG - SM N960U1
8.1.0
stLab)
To implement the Flutter SDK from the Unico IDCloud platform into your Flutter app, follow the step-by-step guide listed below:
Contact the CSs and/or Onboarding team.
Request the SDK Key by providing the identifiers of your applications: Bundle Identifier for iOS, PackageID for Android, and Host for WEB.
The identifiers of your applications will be linked to the SDK Key by the Unico team.
You will receive your SDK Key to implement the AcessoBioConfigDataSource.
In this section, you will find all the information necessary for customizing the SDK of the Unico IDCloud platform in your Flutter applications
The Flutter SDK allows for some customizations to be made. Below are all the possible customizations for this SDK.
It is possible to configure the experience of the informational messages in the capture frames by changing their language. Use the enumerated type LocaleTypes, which contains the following values:
LocaleTypes.PT_BR: for Portuguese(Brazil);
LocaleTypes.ES_MX: for Spanish(Mexico);
LocaleTypes.ES_ES: for Spanish(Spain);
LocaleTypes.EN_US: for English(USA).
See how to implement it in the example below:
This is an optional step, but highly recommended to ensure that the capture process aligns with your company's visual identity.
It is possible to customize some objects of the frame according to the camera mode used, through the setTheme() method.
The supported types for color representation are either a Color Resource or a String containing the hexadecimal color code. For example: R.color.red or #FF0000.
All the methods are available below:
In the Android implementation, the customization of the colorCancelButtonIcon should be done by adding the desired color in the colors.xml resource file.
In this section, you will find tips and information about accessibility.
The SDK implements components prepared with HTML attributes for accessibility, such as aria-label, tabindex, role, among others, which enable keyboard navigation between elements, activate audio guidance, and are used by screen reader software.
When integrating the Web SDK into a page, there may be other interactive elements on the page that are not visible during the camera opening and image capture flow. These elements may end up causing conflicts with the information in the capture flow, disrupting the user experience. Therefore, it is important to remove or deactivate interaction with other elements while the capture is being performed.
This can be done in several ways, depending on the existing elements and frameworks used on the page. Below is an example using the aria-hidden attribute:
aria-hidden
It is important to use this attribute with caution, as it can harm the accessibility of elements on the page if applied incorrectly or not removed when the capture flow ends.
In this section, you will find all the information needed to install the Unico IDCloud platform SDK in your Web applications
The capture frame provided through the SDK is compatible with the following combinations of browsers and operating systems:
In general, the SDK supports WebRTC and the more recent versions of the browsers listed above. For compatibility and security reasons, functionality on very old versions of these browsers is not guaranteed.
It is a system component that allows Android or iOS applications to display web content directly within the app, based on the same code project. It is responsible for navigation on websites and web content within the apps.
It is necessary to have implemented the Web SDK in an application that contains a secure domain with the https protocol.
The Web SDK is compatible with webviews running on Android 8 (API 26) or higher.
For the SDK to work correctly, it is necessary to add some permissions and configurations to the AndroidManifest file, which are as follows:
The Web SDK is compatible with webviews running on iOS 13 or higher.
For the SDK to function correctly, it is necessary to add some permissions and configurations to the info.plist file, which are as follows:
The component has been approved only for native layers. To be used in hybrid frameworks (Flutter or React Native), it is necessary to implement it in the native layer of Android and/or iOS.
Our support is limited to applications developed directly on native Android and iOS platforms, using their respective native modules. Currently, we do not offer support for applications developed in hybrid frameworks such as React Native, Ionic, or other cross-platform development technologies.
The component has been approved on the Instagram and Facebook social media platforms in Liveness mode without interaction. The Liveness mode with interaction is not compatible with webviews in social media apps.
To implement the Unico IDCloud Android SDK into your Android application, follow the step-by-step guide below:
The Web SDK uses Web Workers to enhance security and performance. Therefore, it is necessary to add the following configurations to your Content Security Policy (CSP):
If your application has a CSP, this configuration is mandatory to ensure the correct functioning of the SDK.
Contact the CSs and/or Onboarding team.
Request the SDK Key by providing the identifiers of your applications. Bundle Identifier for iOS, PackageID for Android, and Host for WEB.
The identifiers of your applications will be linked to the SDK Key by the Unico team.
You will receive your SDK Key to implement the UnicoConfig.
The Web SDK is provided through an npm package or CDN. To install it, follow the steps below according to your preference:
Installation via NPM package
Or via yarn, with the command below:
Installation via CDN
To install the SDK in your project through the CDN, simply download the file below and import it into your project.
In this section, you will find all the updates for the Unico IDCloud Flutter SDK
Keep your Android SDK always up to date with the latest available version. Semantic versioning is used to number the versions. For more information, please refer to the article Overview.
Critical Update
Native SDK Update:
Native SDK Update:
Native SDK Update:
Native SDK Update:
Native SDK Update:
Native SDK Update:
Native SDK Update:
Native SDK Update:
In this section, you will find solutions to some common issues encountered during the integration of the Unico IDCloud SDK into your Flutter applications
The obfuscation material is intended to assist developers in overcoming obfuscation issues in their app.
The client's obfuscator may affect the functionality of the SDK, and it is necessary to ensure that it does not obfuscate the SDK code.
Unico disclaims any responsibility for obfuscation conflicts with the SDK.
Obfuscation is a process of transforming bytecode into a form that is less readable by humans, thus making reverse engineering more difficult.
This process involves removing debugging-related information such as variable tables, line numbers, and renaming packages, classes, and methods.
When embedding the Android SDK into the application, failures may occur.
When obfuscation is performed using DexGuard, if a failure occurs, use the following rules:
When obfuscation is performed using ProGuard, if a failure occurs, use the following rules:
After the official release of Xcode 16 on September 17, 2024, and its use for app distribution on the AppStore, we noticed a block when using the iOS SDK that signaled the use of Bitcode in two internal dependencies when using Cocoapods as the dependency manager. These dependencies are DeviceProfiling and UnicoSdkLogger. To avoid blocking new releases, you can follow the steps below until a permanent fix is included in a future iOS SDK release:
Open the Podfile.
Insert the following lines after the post_install do |installer| command and before the last end:
2.1. If there is already some code, insert it before the existing section;
2.2. If Bitcode has already been removed manually, add the paths explicitly mentioned in framework_paths.;
If the post_install do |installer| command is not present in the Podfile, insert it as follows before the last end:
Have version 15.0.1 or higher installed (the official development IDE from Apple);
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This guide has been created to help you implement the Flutter SDK quickly and easily. Below is the step-by-step process for the entire integration. After that, if you wish to customize the experience, be sure to check the section.
When invoked, the method receives a parameter of type UnicoError, which contains details about the error. Learn more about the UnicoError type in the SDK's documentation.
If you need to convert base64 to bitmap, the standard method doesn't work for Android. It is necessary to perform a split at the comma (,) for it to work. If you want to know more, read the article:
Capturing the images is only the first part of the journey. After capturing the image, it is necessary to send the encrypted generated by the SDK to the REST APIs of by Client. Learn more in the section of by Client.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This guide has been designed to help you implement the Flutter SDK quickly and easily. Below, you will find a step-by-step process for the entire integration. After that, if you wish to customize the experience, be sure to check the section.
If it is necessary to convert the base64 string to a bitmap, the standard method does not work for Android. You need to perform a split at the comma (,) for it to function correctly. If you want to learn more, read the article: .
Capturing the images is only the first part of the journey. After capturing the image, it is necessary to send the base64 generated by the SDK to the REST APIs of by Client. Learn more in the section of by Client.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
You can check the list of compatible devices on Apple’s official
Done. After completing the SDK installation, proceed to the implementation by reading the following .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
It is recommended to use Chromium-based webviews with some customizations for better JavaScript performance. You can find an implementation example through our
iOS provides two ways to use webviews in applications: WKWebView and SFSafariViewController. We recommend using SFSafariViewController for better compatibility with DOM resources. You can find an implementation example through our .
To download the AI file for the Unico Check SDK Web, click .
To install the SDK in your project via , simply run the following command:
version 3.19.2.
Done. Once the SDK installation is complete, proceed to the implementation by reading the following
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Android version 5.32.0 ;
iOS version 2.16.11 .
Android version 5.31.0 ;
iOS version 2.16.10 .
Android version 5.30.1 ;
iOS version 2.16.9 .
Android version 5.29.0 ;
iOS version 2.16.8 .
Android version 5.28.0 ;
iOS version 2.16.7 .
Android version 5.27.0 ;
iOS version 2.16.5 .
Android version 5.25.0 .
Android version 5.24.0 ;
iOS version 2.16.4 .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Source: , , .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
getColorSilhouetteError()
getColorSilhouetteNeutral()
getColorBackground()
getColorBoxMessage()
getColorTextMessage()
getColorBackgroundPopupError()
getColorBackgroundButtonPopupErrorgetColorTextPopupError()
getColorBackgroundButtonPopupError()
getColorTextButtonPopupError()
getColorBackgroundTakePictureButton()
getColorIconTakePictureButton()
getColorBackgroundBottomDocument()
getColorTextBottomDocument()
getColorProgressBar()
getColorCancelButtonIcon()
Type: CNH
Content: Brazilian National Driving License
String numero;
String rgNumero;
String cpfNumero;
String nomeCivil;
List string filiacao;
Datetime dataNascimento;
Datetime data_habilitacao;
Datetime data_expiracao;
Datetime data_emissao;
String local_emissao;
String categoria;
String renachNumero;
Type: RG
Content: Brazilian General Registration
String numero;
String orgao_emissor;
String uf_emissor;
String cpfNumero;
String carteira_profissionalNumero;
String certificado_militarNumero;
String cnsNumero;
String nis_pis_pasepNumero;
String ctpsNumero;
String ctps_serie;
String ctps_uf;
String titulo_eleitorNumero;
String nomeCivil;
String nome_social;
List string filiacao;
Datetime dataNascimento;
String naturalidade;
Datetime data_emissao;
Type: CIN
Content: Brazilian national Identity Card
string rgNumero;
string cpfNumero;
string nomeCivil;
string nome_social;
List string filiacao;
Datetime dataNascimento;
Datetime data_expiracao;
Datetime data_emissao;
string orgao_emissor;
string local_emissao;
string naturalidade;
string nacionalidade;
Type: Passport
Content: Brazilian Passport
string numero;
string nome;
string sobrenome;
string pais_emissor;
string nacionalidade;
string naturalidade;
Datetime data_nascimento;
Datetime data_emissao;
Datetime data_expiracao;
string autoridade.
Type: UNKNOWN
Content: Unknown document.
Type: CNH
Content: Brazilian National Driving License
String numero;
String rgNumero;
String cpfNumero;
String nomeCivil;
List string filiacao;
Datetime dataNascimento;
Datetime data_habilitacao;
Datetime data_expiracao;
Datetime data_emissao;
String local_emissao;
String categoria;
String renachNumero;
Type: RG
Content: Brazilian General Registration
String numero;
String orgao_emissor;
String uf_emissor;
String cpfNumero;
String carteira_profissionalNumero;
String certificado_militarNumero;
String cnsNumero;
String nis_pis_pasepNumero;
String ctpsNumero;
String ctps_serie;
String ctps_uf;
String titulo_eleitorNumero;
String nomeCivil;
String nome_social;
List string filiacao;
Datetime dataNascimento;
String naturalidade;
Datetime data_emissao;
Type: CIN
Content: Brazilian national Identity Card
string rgNumero;
string cpfNumero;
string nomeCivil;
string nome_social;
List string filiacao;
Datetime dataNascimento;
Datetime data_expiracao;
Datetime data_emissao;
string orgao_emissor;
string local_emissao;
string naturalidade;
string nacionalidade;
Type: Passport
Content: Brazilian Passport
string numero;
string nome;
string sobrenome;
string pais_emissor;
string nacionalidade;
string naturalidade;
Datetime data_nascimento;
Datetime data_emissao;
Datetime data_expiracao;
string autoridade.
Type: UNKNOWN
Content: Unknown document.
Windows (desktop)
N/A
N/A
Android
N/A
iOS
N/A
MacOS (desktop)
N/A
3.18.10
3.18.9
3.18.8
3.18.7
3.18.6
3.18.5
3.18.4
3.18.0 -> 3.18.3
3.16.4 -> 3.17.0
3.16.3
3.16.2
3.14.1 -> 3.16.1
3.11.1 -> 3.14.0
3.10.2 -> 3.11.0
3.10.1
3.9.1 -> 3.10.0
3.9.0
3.8.3
3.8.2
3.8.0 -> 3.8.1
3.7.1 -> 3.7.2
3.6.5 -> 3.7.0
3.6.3 -> 3.6.4
3.6.1 -> 3.6.2
3.5.4 -> 3.6.0
3.5.3
3.5.0 -> 3.5.2
In this section, you will find a list of best practices for implementing the Unico IDCloud platform SDK
The SDKs are constantly evolving to ensure greater security and new features and functionalities. It is essential for clients to maintain a routine of updates, as well as to be agile in applying critical updates.
It is important to ensure that you update to the most recent version available:
We understand that your application makes use of various other libraries and functionalities, often being loaded simultaneously with the Unico SDK. As a best practice for updates, avoid upgrading our SDK at the same time you update any other functionality or library. This is because, if you encounter a failure or a change in behavior, it may be challenging to identify the root cause. We recommend performing updates separately to ensure better control over validations, as well as using our staging environment.
If you are having difficulties, open a ticket in our client portal with the following information (to expedite the process):
What is the language of the SDK you are trying to update?
If it’s mobile (Android or iOS), is it a native or hybrid implementation (please provide details)?
In the case of JavaScript implementation, which framework is being used?
What is the current version of the SDK you are trying to update? (not necessary if it's a new installation);
What is the new version you are attempting to install/update?
Please provide the API Key you are using;
Does the update consist solely of upgrading the SDK, or are other components/functionalities also being changed/updated/modified? If so, please describe which additional items are being modified;
Provide a description of the steps executed and what the results/errors were;
Please attach evidence and inputs related to the failure/problem (log files containing error/failure excerpts, screenshots, and/or videos reproducing the problem).
When successfully capturing an image, the onSuccessSelfie method returns an object of type ResultCamera which has two attributes:
Base64 of the obtained image, which can be used if you want to display a preview of the image in your app;
Encrypted, which is a JWT object that must be sent in the REST API calls. The JWT (Encrypted) should be used strictly during image submission through Unico's APIs. You should not open or serialize this attribute, as its characteristics may change without prior notice. Its use should be exclusive for interactions with the APIs to ensure data integrity and security. Unico is not responsible for any damages arising from this practice, as modifications can occur unpredictably. As mentioned, the SDK already provides the Base64 attribute to obtain the image in question.
Um caso de exemplo em Swift: Método: onSuccessSelfie print("(result.encrypted)") para Encrypted print("(result.base64)") para para Base64 print("(result)") para Encrypted e Base64
In summary: never attempt to read or manipulate the Encrypted (JWT) attribute.
For security reasons, the JWT must be sent within a period of 10 minutes. If the sending exceeds this window, the package will be considered invalid. Consider this time during the user's journey in your application and avoid subsequent changes.
For security reasons, the JWT must be sent only once to Unico's backend. If there is a problem processing the image and/or an error in the response, a new biometric capture must be performed to generate a new encrypted object and then send this new file to Unico's backend.
Virtualizing devices in your application's testing dynamics can be interpreted as an attempt to bypass the security layers incorporated into the biometrics provider, potentially returning the errors:
Mobile:
73006 - Unable to open camera on emulators.
Web:
73600 - Could not find camera resource.
73400 - Could not initialize camera.
To avoid rework and incorrect error identification, tests should be conducted on physical devices.
All communication and requests are based on API Keys previously defined in the client's instance. It is very important that your implementation uses the same API Key in both the capture and submission flows, as this helps avoid integration errors, facilitates validation, and ensures traceability of processes and flows.
If you have any questions about your API Key, please contact technical support.
During testing and validation processes, it is normal to keep DevTools open to check flows and requests. However, the capture validation method should not be considered during these tests, as the SDK identifies it as a possible fraud and invalidates the submission when sent to the backend. Therefore, when performing end-to-end flows, it is essential to keep DevTools disabled and proceed with normal capture.
When uploading versions for the WEB SDK, if there is also an update for resource files, always delete the old file and insert the new ones in the Public folder. This is because files may have the same name and not be replaced. Also, ensure that there is no internal cache of the old resource files after the update and new build.
For implementation in Flutter applications, always use our specific Flutter plugin for this purpose. We reinforce that you should not try to implement the native versions of our SDK (Android, iOS) through bridges in Flutter applications, as this action often generates errors not mapped by Unico's engineering team.
The SDK implementation has 2 steps until the photo capture and generation of the encrypted:
Camera preparation;
Camera opening.
In the first step, you need to specify the type of camera to be used and the bundle with the API KEY information. If everything is correct, the authentication with the SDK backend is successfully carried out. In the second step, the camera is opened, usually triggered by a button click from the user. Authentication with the SDK backend may take a few seconds, so placing this step along with the camera opening in the user's button click can create frustration and a sense of slowness. Therefore, the ideal approach is to prepare the camera during the loading of the capture orientation page, so when the user decides to open the camera, the loading will be faster, enhancing the final experience.
This way, you will optimize your implementation and improve the speed of your application, reducing the perception of slowness in processing for your end user.
Always perform cache cleaning before building and uploading new versions. If this cleaning is not performed, you may encounter errors related to cached dependencies that may have been removed or updated in new versions. Below are some examples of how to do this:
For Flutter, use the command:
Remove the file: pubspec.lock or;
flutter pub get.
For iOS, use the command:
pod cache clean 'unicocheck-ios' –all or;
pod cache clean –all or;
Remove podfile.lock and follow up with pod install.
For Android in build Gradle, use the command:
./gradlew clean.
Obfuscation is a process of transforming bytecode into a form that is less human-readable, thus making reverse engineering more difficult. The obfuscation tool used in your application can affect the functionality of the SDK, so it is important that the SDK code is not obfuscated. A good indicator of obfuscation issues is when your application works in debug mode but fails when building in release mode, since obfuscation does not modify files in debug mode.
Therefore, it is essential that during the SDK implementation, you add the necessary obfuscation rules for the Unico SDK. Otherwise, you may face issues when trying to build the project using the iOS, Android, or Flutter SDK.
Below are the links for the obfuscation configuration for each OS:
Unico provides a staging environment for clients to perform tests and validations of their implementations before making any changes and modifications to the production environment. We emphasize the importance of this step in order to ensure greater security when performing the change window in production. Ensure that your testing plan includes as many validations and scenarios as possible that you will encounter in the production environment (such as device variations, tests with limited connectivity, etc.).
Important: remember that the staging environment has its own set of configurations/parameters, such as service account and specific API Keys (different from the production environment).
Create a script / checklist considering your company's change management plan.
Make sure you are using the correct production settings (such as the correct API Key).
Ensure that you have a rollback (recovery) plan in case of failure when deploying the new version to production.
When encountering a failure, collect all logs and relevant inputs.
Reactivate the previous functional version to mitigate impact in production.
Open a ticket on our customer portal containing all the information and inputs regarding the failure so that we can assist you.
In this section, you will find all the necessary information for using and integrating the Unico IDCloud platform SDK into your Web applications for selfie capture
To get started, follow these 3 simple steps in your project:
Instantiate a new Builder:
Specify the path of the additional files (if added to your project):
Specify the path of the AI model files, if using the Intelligent Camera feature.
It is possible to configure the environment to be used when running the SDK. Use the enumerated SDKEnvironmentTypes, which contains the following enumerations:
SDKEnvironmentTypes.PROD: for the Production environment;
SDKEnvironmentTypes.UAT: for the Staging environment.
Here is an example of how to implement it:
One of the objects that should be passed as a parameter to the method responsible for rendering the capture frame is the callback object. This object should contain callback functions for success and error cases, as exemplified below.
This object is mandatory, and if it is not correctly implemented (covering all success or error events), it will generate an exception, which, if not handled, will be displayed in the user's console.
The encrypted attribute is strictly intended for sending the image through the by Client APIs. This attribute should not be opened or serialized, as its characteristics may be altered without prior notice. Its use should be exclusive in interactions with the APIs to ensure the integrity and security of the data. Unico is not responsible for any damage resulting from this practice, as modifications may occur unexpectedly.
The base64/encrypted files may vary in size depending on several variables, including the quality of the devices and the photos generated by them, and Unico's business rules. To avoid issues in your application, do not limit the size of the string generated by the SDK for these files in your programming logic or infrastructure.
To start the camera with the settings made so far, you need to create an instance of the builder using the build() method.
Then, with the camera "assembled", you need to configure the camera's capture mode.
The camera preparation will be done using the prepareSelfieCamera() method, provided by the builder. This method takes 2 parameters:
The desired camera mode, which can be one of the following:
SelfieCameraTypes.NORMAL for the normal camera mode;
SelfieCameraTypes.SMART for the smart camera mode.
This method returns a promise, which, when resolved, returns an object used to effectively open the camera via the open method. The open method takes as parameters the callback functions configured in the previous step.
If you wish to use automatic capture, pass the parameter Unico.SelfieCameraTypes.SMART to the prepareSelfieCamera method.
For smart capture, the computer vision models should also be loaded through the setModelsPath method, as explained in the first step of this guide.
Using the UnicoConfig class:
It is possible to use the Web SDK with embedded Interactive Liveness in an iFrame. To do this, you need to implement a process similar to the previous section when preparing the camera.
The camera preparation will be done through the method prepareSelfieCameraForIFrame(), also provided by the builder. This method takes the same parameters as prepareSelfieCamera():
TThe method prepareSelfieCameraForIFrame() only works if the implementation is inside an iFrame. Using it outside of an iFrame will result in error 73724. Similarly, using the method prepareSelfieCamera() inside an iFrame will also result in error 73724.
For the capture to work correctly, it is necessary to implement the <iframe> element as shown in the example below:
To perform the capture, it is required to be in full-screen mode in the browser so that the SDK can resize automatically. Therefore, when performing the capture, the SDK will display a screen requesting that the frame be opened in full-screen mode. See the following example:
After allowing fullscreen usage, the capture frame will open normally:
Apple restricts the use of full-screen APIs specifically on iPhones (iPads are acceptable). Therefore, for captures on iPhones, it is necessary to manually configure the positioning of the iFrame.
For security reasons, the interval between generating the encrypted data and sending it via one of the available flows should be no more than 10 minutes. Submissions made beyond this period will be automatically rejected by the API.
In this section, you will find all the information necessary for customizing the SDK of the Unico IDCloud platform in your Web applications
The Web SDK allows for some customizations to be made. Below are all the possible customizations for this SDK.
It is possible to configure the experience of the informational messages in the capture frames by changing their language. Use the enumerated type LocaleTypes, which contains the following values:
LocaleTypes.PT_BR: for Portuguese(Brazil);
LocaleTypes.ES_MX: for Spanish(Mexico);
LocaleTypes.ES_ES: for Spanish(Spain);
LocaleTypes.EN_US: for English(USA).
See how to implement it in the example below:
This is an optional step, but highly recommended to ensure the capture process aligns with your company's visual identity.
To customize the capture frame using the Theme Builder, simply create an instance of the UnicoThemeBuilder class and invoke the methods that customize each of the properties of the capture frame, as demonstrated in the example below:
After generating the theme object, as demonstrated above, it must be passed as a parameter to the setTheme method of the unicoCameraBuilder.
In this section, you will find all the updates for the Unico IDCloud Web SDK
Keep your Android SDK always up to date with the latest available version. Semantic versioning is used to number the versions. For more information, please refer to the article Overview.
Update of the Liveness SDK and server with interaction;
Fix for handling issues when using LocalStorage.
Updated Liveness SDK and Interactive Server.
New method to customize fonts in the class UnicoThemeBuilder;
Internal product improvements. These improvements do not directly affect the end-user experience, keeping the interface and external functionality unchanged.
Internal product improvements. These improvements do not directly affect the end-user experience, keeping the interface and external functionality unchanged.
Updated Liveness SDK and Interactive Server;
Add frame OTHERS_V2;
Internal product improvements. These improvements do not directly affect the end-user experience, keeping the interface and external functionality unchanged.
Updated Liveness SDK and Interactive Server;
Internal product improvements. These improvements do not directly affect the end-user experience, keeping the interface and external functionality unchanged.
Updated Liveness SDK and Interactive Server;
Accessibility improvements to the Liveness stream with interaction.
Updated Liveness SDK and Interactive Server.
Updated Liveness SDK and Interactive Server;
Resolution of conflicts between observability tools.
SDK Update and Liveness Server Interaction.
In this section, you will find the list of all available SDK PoCs to support your implementation
The following project examples are provided to facilitate the understanding of how each SDK works. Please request them from your Project Manager.
Kotlin
PoC in Kotlin that implements the Android SDK
Swift
PoC in Swift that implements the iOS SDK
ObjC
PoC in ObjC that implements the iOS SDK
React Native
PoC in React Native that implements the iOS and Android SDK
SFTP
Flutter
PoC in Dart that implements the Flutter SDK
Our support is limited to applications developed directly on the native Android and iOS platforms, using their respective native modules, as well as the Flutter framework (if the implementation uses our plugin). At the moment, we do not offer support for applications developed with hybrid frameworks, such as React Native, Ionic, or other cross-platform development technologies.
Angular
PoC in Angular that implements the Web SDK
JS Vanilla
PoC in JS Vanilla (JS) that implements the Web SDK
Next JS
PoC in Next that implements the Web SDK
React JS with TypeScript
PoC in React with TypeScript that implements the Web SDK
React JS with JavaScript
PoC in React with JavaScript that implements the Web SDK
React JS with Webpack + Babel
PoC in React JS with Webpack + Babel that implements the Web SDK
SFTP
Vue JS
PoC in Vue JS that implements the Web SDK
Android
PoC in an Android Webview that runs the Web SDK
SFTP
Android x Web Flow
PoC of communication flow between web application and native Android Webview
SFTP
iOS
PoC in an iOS Webview that runs the Web SDK
SFTP
iOS x Web Flow
PoC of communication flow between web application and native iOS Webview
SFTP
In this section, you will find all the necessary information for using and integrating the Unico IDCloud SDK into your Web applications for document capture
In this camera mode, there is a capture frame to assist the user in positioning the document correctly. Once the document is positioned properly, the user must click the button to capture the document photo.
The SDK does not perform any kind of validation on what is being captured.
In this camera mode, it is possible to capture the following documents:
CPF: Capture the front of the CPF;
CNH: Capture the open CNH;
CNH Front: Capture the front of the CNH;
CNH Back: Capture the back of the CNH;
RG Front: Capture the front of the RG;
RG Back: Capture the back of the RG;
Others: Capture any other document.
To get started, you need to perform 2 simple steps in your project:
Instantiate a new Builder:
Specify the path for additional files (if added to your project):
It is recommended that you configure the size of the frame within your application to optimize the capture area within your WebApp. Below is how to make this configuration for Web Desktop or Mobile.
In the Web Desktop versions, it is possible to restrict the size of the frame so that it doesn't use the entire dimension of your WebApp. To do this, simply wrap the frame (id="box-camera") in another HTML tag, as shown in the example below:
Ideally, you should aim to maintain a proper ratio between height and width, as this will make it easier to frame the user's face. Here's an example:
Following the example above, the frame respects the size of the "parent" element, in this case represented by the container. This way, you have the flexibility to implement the frame in the most convenient way for your application (e.g., inside a modal).
Tests involving resizing the screen through your browser's developer mode will not work as expected. It is recommended to perform this type of test by resizing your browser window instead.
For a Web Mobile view, it is recommended that the capture frame occupy 100% of the screen to avoid issues with computer vision algorithms. If the capture area is distorted, the automatic capture feature (Smart Camera) may face issues in tracking the user's face.
Therefore, for the Web Mobile view:
The capture frame should occupy 100% of the device screen (100vw/vh);
Avoid horizontal or vertical scrolling (this can be minimized by using a modal).
You can check an example of implementation through a project on this page (Angular).
Testing devices using the developer mode in your browser won't work, as the camera used by your browser is the same as on your desktop, which has a resolution vastly different from a mobile device camera. We recommend that such tests be done directly on the device.
One of the objects that must be passed as a parameter to the method responsible for rendering the capture frame is the callback object. This object should contain callback functions for success and error cases, as exemplified below:
This object is mandatory, and if not properly implemented (covering all success or error events), it raises an exception, which, if not handled, is displayed in the user's console.
To start the camera with the settings made so far, it is necessary to create an instance of the builder through the build() method.
Then, with the camera "assembled," the capture mode of the camera must be configured.
The camera preparation is carried out using the prepareDocumentCamera() method, available from the builder. This method takes two parameters:
The type of document to be captured, which are:
DocumentCameraTypes.CPF
Capture the front of the CPF
DocumentCameraTypes.CNH
Capture the open CNH
DocumentCameraTypes.CNH_FRENTE
Capture the front of the CNH
DocumentCameraTypes.CNH_VERSO
Capture the back of the CNH
DocumentCameraTypes.RG_FRENTE
Capture the front of the RG
DocumentCameraTypes.RG_VERSO
Capture the back of the RG
DocumentCameraTypes.RG_FRENTE_NOVO
Capture the front of the new RG
DocumentCameraTypes.RG_VERSO_NOVO
Capture the back of the new RG
DocumentCameraTypes.OTHERS("descrição")
Capture any other document
This method returns a promise that, when resolved, returns an object that is used to actually open the camera through the open method, which takes as a parameter the callback functions configured in the previous step.
Below is an example using the CNH capture:
Using the UnicoConfig class:
If you need to capture a document for which there is no specific frame (e.g., RNE, among others), use the If you need to capture a document that does not have a specific frame (e.g., RNE, among others), use the frame DocumentCameraType.None, which will provide you with a generic, rectangular frame that can be used to guide any capture.
In this section, you will find all the necessary information for handling errors from the Unico IDCloud SDK in your Web applications
Here you will find a list of terms, words, or technical expressions used in this documentation, along with their respective descriptions.
Unico provides a set of POCs (Proof of Concept) that are implementations in the various languages supported by the SDK. These POCs present functional code examples with flows and methods in the context of the SDK, for educational purposes, making it easier to understand the expected sequence and how to adapt it to the code to be implemented by our clients. You can consult the available POCs through and request them by opening a ticket with our support team via the
For more details, please refer to the SDK
Android: [];
iOS: [];
Flutter: [];
Web: [].
Android: ;
iOS: .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This guide has been designed to help you quickly and easily implement the Web SDK. Below, you'll find the step-by-step process for the complete integration. If you wish to customize the experience further, check out the section.
Starting from version 3.18.0, for the SDK to automatically fetch the additional resources, simply do not implement the setResourceDirectory method and ensure that the are applied correctly.
The UnicoConfig class obtained in
Capturing the images is only the first part of the journey. After capturing the image, it is necessary to send the encrypted data generated by the SDK to the by Client REST APIs. For more information, refer to the section of by Client.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
This guide has been designed to help you implement the Web SDK quickly and easily. Below, you will find a step-by-step process for the entire integration. After that, if you wish to customize the experience, be sure to check the section.
The UnicoConfig class obtained in
Capturing the images is just the first part of the journey. After capturing the image, it is necessary to send the base64 generated by the SDK to the REST APIs of by Client. Learn more in the section of by Client.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
getCode()
Method used to obtain the error code that occurred.
getDescription()
Method used to obtain the description of the error that occurred.
73000
Unknown and unexpected error. Unico SDK leverages a variety of APIs including camera, storage, security, networking, and more. This return value is a catch-all for errors experienced during normal usage of these APIs.
73001
<property> is required
73002
<property> must be an instance of <class>
73003
<class> with name <name> is not available to inject.
73004
Class type must be a function or a class.
73005
Could not find the <locale> locale.
73006
Could not find text: <text>.
73100
Unable to connect to internet.
73200
Could not find the Unico SDK JSON file.
73201
Could not load the Unico SDK JSON file.
73202
Unico SDK JSON file is invalid.
73204
Unable to initialize the SDK, please configure the environment on setEnviroment method of build.
73300
Could not authenticate this application.
73301
Could not authenticate this application.
73302
Authentication token not found.
73303
Current host is not registered.
73400
Could not initialize camera.
73401
Could not load ML models for this camera.
73402
The Key could not be verified due to connectivity issues on the user's device.
73403
This device/platform/browser/version combination is not supported by SDK.
73404
Device is in landscape display orientation. The SDK can only be used in portrait display orientation.
73405
Device blocked due to multiple failed attempts.
73406
The Session was cancelled, the SDK was opened in an IFrame.
73407
The SDK was not fully loaded.
73500
Could not get session.
73501
Could not get session.
73502
Session token not found.
73600
Could not find camera resource.
73601
Could not start camera in production mode.
74000
Invalid hexadecimal.
74001
Object is not a UnicoTheme
73700
Could not parse camera response.
73704
The user pressed the cancel button and did not complete the session.
73706
The camera access is prevented because either the user has explicitly denied permission or the user's device is configured to not allow access by a device policy.
73707
The session was canceled due to the app being terminated, put to sleep, an OS notification, or the app was placed in the background.
73708
The session was cancelled because device is in landscape mode. The user experience of devices in these orientations is poor and thus portrait is required.
73710
The session was cancelled because the user was unable to complete a Session in the default allotted time or the timeout set by the developer.
73715
The session was cancelled because not all guidance images were configured.
73716
The session was cancelled because SDK was unable to start the camera on this device.
73717
The session was cancelled because the user was in a locked out state.
73718
The session was cancelled because of an unknown and unexpected error. SDK leverages a variety of iOS APIs including camera, storage, security, networking, and more. This return value is a catch-all for errors experienced during normal usage of these APIs.
73720
The developer programmatically called the session cancel API.
73721
The session was cancelled due to a device orientation change during the session.
73722
The session was cancelled because the document is not ready.
73723
The session was cancelled because there was another session in progress.
73724
The session was cancelled because the camera was opened in an iFrame.
73728
Connection error, please use HTTPS to connect.
73729
Browser not supported, please open in another browser.
73730
Unable to initialize an active liveness session because of an unknown and unexpected license error.
73731
Unable to initialize an active liveness session because the license has expired.
73732
Unable to initialize an active liveness session because Origin is not permitted.
73800
Could not encrypt response.
73900
Could not get system information.
APIKey
Key created in the Unico portal, used mandatorily in the interface between systems, carrying configurations that will be applied in the integrations. Unique for each operation/flow and always linked to the branch and service account.
File .pem
It is a file containing the private key used for OAuth2 authentication.
Bundle
It is a package containing the credentials for using the SDK.
Service account
It is a non-personal account that belongs to the application and not to an individual user, used for OAuth2 authentication.
Branch
Identification of the client's branch or operation, linked to the service account and all users who will have access to the system.
Instance
URL of the page for accessing Unico's product portal.
Encrypted
An JWT file generated by our SDK, which will be used in the integration. It has a 10-minute expiration and can only be used once
IDCloud Portal
Local Access point to Unico's product.
ProcessID
Identification generated after the process is created.
SDK
It is a set of tools or packages provided by Unico to facilitate the capture of face images and/or documents.
Flow
It is an attribute that carries configurations and defines the end customer's journey in the biometrics process in by Unico.
TenantID
It is a unique identifier for your company within Unico.
Capabilities
These are the functionalities that can be utilized on the IDCloud platform.
Drop
É quando uma foto é recusada pelo motor de bioIt occurs when a photo is rejected by the biometrics engine due to low quality and/or some error from the engine.
Endpoint to create a new process at Unico.
Defines where the user will be redirected at the end of the process. Possible values are: A URL (e.g., https://developers.unico.io/callback), a Schema URL for redirection in native mobile applications (e.g., br.com.meupacote.app://callback - the callback must be registered in your mobile app), or no redirection (just include '/').
/Flow type. See flow details in the 'Overview' section of this documentation.
iddocssignAvailable options: The ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aBiometric token identification. Mandatory for the "idtoken" flow and must use an ID from a completed process of any other identity verification flow.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aUser information.
Purpose of the process.
creditprocessAvailable options: Expiration time of the process in seconds from its creation. The value must be in the format "10080s", with "s" at the end. If not provided, the default value of 7 days will be used.
3600sContextual information about the process. These fields are presented in the user journey, improving conversion by contextualizing the reason for biometric capture.
Array containing document information. All items in the array become mandatory if using any flow with electronic signature.
Endpoint to create a new Liveness + Identity Verification process via by Client.
Valid access token.
Valid APIKEY with Liveness + Identity Verification capabilities enabled.
User information.
Operation use case.
OnboardingThe ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aEncrypted file generated by the SDK or base64 (if not using Liveness).
/9j/4AAQSkZJR...
Endpoint to get the result of an Liveness + Identity Verification + Risk Score process by Client.
Process ID.
Valid access token.
Valid APIKEY with Liveness + Identity Verification + Risk Score capabilities enabled.
Endpoint to get the result of a Liveness + Identity Verification + Behavior Alert + Risk Score process by Client.
Process ID.
Valid access token.
Valid APIKEY with the capabilities Liveness + Identity Verification + Behavior Alert + Risk Score enabled.
Endpoint to create a new process for Liveness + Identity Verification + Behavior Alert + Risk Score in the by Client.
Valid access token.
Valid APIKEY with the capabilities Liveness + Identity Verification + Behavior Alert + Risk Score enabled.
User information.
Use case of the operation.
OnboardingThe ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aEncrypted file generated by the SDK or Base64 (if not using liveness).
/9j/4AAQSkZJR...Endpoint to create a new process for Liveness + Identity Verification + Risk Score by Client.
Valid access token.
Valid APIKEY with the capabilities Liveness + Identity Verification + Risk Score enabled.
User information.
Use case of the operation.
OnboardingThe ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aEncrypted file generated by the SDK or base64 (if not using Liveness).
/9j/4AAQSkZJR...Endpoint to create a new Document process via Client.
Valid access token.
Valid APIKEY with the capabilitie Document Capture and Reuse enabled.
User information.
Information about the document to be captured.
Endpoint to get a user's documents for reuse in by Client.
User identifier value (e.g., CPF value).
12345678909Document type (e.g., BR_CPF).
BR_CPFValid access-token.
Valid APIKEY with the capabilitie Document Capture and Reuse enabled.
Endpoint to create a new process for Liveness + 1:1 Validation by Client.
Valid access token.
Valid APIKEY with the capabilities Liveness + 1:1 Validation enabled.
User information.
Identifier of the process generated during the biometric transaction creation, whose photo will be used for comparison.
80371b2a-3ac7-432e-866d-57fe37896ac6The ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aEncrypted file generated by the SDK or base64 (if not using Liveness).
/9j/4AAQSkZJR...
Endpoint to retrieve the selfie from the Unico process.
Process ID.
Optional flag to return the raw selfie file.
trueEndpoint to create a new process for Liveness + Identity Verification + Behavior Alert in by Client.
Valid access token.
Valid APIKEY with Liveness + Identity Verification + Behavior Alert capabilities enabled.
User information.
Use case for the operation.
OnboardingThe ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aEncrypted file generated by the SDK or Base64 (if not using Liveness).
/9j/4AAQSkZJR...Endpoint to create a new isolated Liveness process via by Client.
Valid access token.
Valid APIKEY with the Liveness capability enabled.
User information.
The ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
60837cd3-ed3c-4038-ad7c-0a85ad64b03aEncrypted file generated by the SDK.
/9j/4AAQSkZJR...Endpoint to create a new process for liveness + 1:1 validation + behavior alert in the by Client.
Access-token válido.
Valid APIKEY with the capabilities Liveness + 1:1 Validation + Behavior Alert.
User information.
Identifier of the process generated during the biometric transaction creation, whose photo will be used for comparison.
80371b2a-3ac7-432e-866d-57fe37896ac6The ID of the branch where the process will be created. If there is only one branch associated with the service account, this parameter is not required. If there is a separation of processes by branch, you will receive the branch IDs from the Unico team.
35d734c4-7fbb-4b2f-a1dc-7e1575514819Encrypted file generated by the SDK or base64 (if not using Liveness).
/9j/4AAQSkZJR...