Loading...
Loading...
Loading...
In this section, you will find all the available REST APIs for using the by Client integration method
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find additional resources related to the by Client integration method
Loading...
Nesta seção, você encontrará todas as especificações técnicas das APIs REST do IDCloud, utilizando o meio de integração by Client
In this section, you will find how to create a process in by Client through the REST API
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
Production: https://api.id.unico.app/processes/v1.
The parameters above represent the most common usage of the API but may change depending on the capabilities you are using. Check the subsections of this section for the possibilities of capabilities and their differences.
To implement your business rules, always validate the final statuses of the processes (3, 4, 5). To validate the response from IDCloud capabilities, only consider status = 3 for your decision-making. For more information on the possible statuses, see the Parameters Specification section.
The Client API does not reject photos (meaning there is no drop). The existing returns are from the Identity Verification capability and will always be: yes, no, or inconclusive. Thus, cases of poor quality in image capture, proof of life, or non-ownership will result in an inconclusive return. The return is "yes" when it is possible to identify a live person who is the actual holder of the CPF.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
In this section, you will find the specifics of creating a process that only has the Liveness capability
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
Production: https://api.id.unico.app/processes/v1.
When creating the process, only the subject.code and imageBase64 parameters are mandatory;
In the process response, only the id, status, and liveness (result of Liveness) parameters are returned.
For this use case, there is no need to perform the GetProcess call, as the response is synchronous.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
In this section, you will find the specifics of creating a process that includes the 1:1 Validation capability
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
Production: https://api.id.unico.app/processes/v1.
In the process creation, the following are mandatory: subject.code, referenteProcessId, and imageBase64;
In the process response, we return the id, authenticated (result of the 1:1 Validation), and liveness (result of the Liveness).
For this use case, there is no need to perform the GetProcess, as the response is synchronous.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
In this section, you will find how the capture standard for the user's selfie should be if you do not use our SDKs
For optimal performance of the IDCloud platform's capabilities, we recommend using our SDKs. They will ensure the best functioning of the product as a whole, both in terms of drop rate and in validating the Liveness.
To achieve better results in image capture, a capture standard has been defined. The image should be clear with sufficient frontal lighting. The face should be straight, facing the camera, free from objects or obstructions, and with a neutral expression.
Common issues in captured images include:
Lighting behind the client: Frontal lighting must be strong enough for a clear capture of the face.
Overexposed lighting: Frontal lighting needs to be adequate for a sharp capture.
Face too close to the camera: The face should be centered in the camera frame with proper lighting.
Blurry images: The person’s face needs to be well-focused at the moment of capture.
Shaky images: Stabilize the camera during capture.
Client wearing glasses: The client should not wear glasses or objects that obstruct full visibility of the face.
For capturing and sending images, the ICAO standard is used. The ICAO (International Civil Aviation Organization) standard consists of characteristics that a photograph must comply with regarding capture and sending configurations:
Face Positioning and Additional Information:
The photo must be taken from the front—looking directly at the camera with the head upright. The face should be centered, and the shoulders must be aligned parallel to the camera's image plane.
The eyes should be naturally open—pupils and irises visible.
Glasses: The photo should be captured without glasses.
No hats, caps, or masks: The facial area must be clearly visible.
Neutral Expression: The face should maintain a neutral expression; the person should not smile, raise eyebrows, squint, or frown.
Hairstyle: Hair should not cover the eye visibility zone.
Lighting and Background:
The background should be light, smooth, and free of texture. It must not have stains, lines, or curves that are visible in the captured image. Light colors like light blue or white can be used, provided there is sufficient contrast between the face/hair area and the background.
The camera's color settings should not change based on the background color. There should be no shadows behind the face, and no visible objects in the background, such as people, furniture, patterned wallpaper, or plants.
The lighting must be adequate and uniform, evenly distributed across the face to avoid differences between the left and right sides. The photo should have brightness and good contrast between hair, face, and background. Poorly lit photos occur when lighting is only on the side, above, or below.
Images should be in JPEG, PNG, or JWT formats.
Captured images must be in color.
Recommended size: Aspect ratio 1920x1080 or 1080x1920;
Orientation: Portrait;
Size: Maximum 800kb, if necessary you can compress it to Jpeg92.
Recommended size: HD aspect ratio - 1280x720 or 720x1280;
Minimum size: VGA aspect ratio - 640x480 or 480x640;
Orientation: There is no restriction regarding portrait or landscape orientation;
Size: Maximum 800kb, if necessary you can compress it to Jpeg92.
The photo must include:
Color
Proper framing
Sharp and clear focus, free of ink marks or creases.
Look directly at the camera.
Show the natural skin tone.
Have appropriate brightness and contrast.
Neutral expression and eyes clearly visible.
No hair covering the eyes.
Facing the camera directly, without looking over the shoulder or tilted, and showing both edges of the face clearly.
With a simple light-colored background, preferably white.
With even lighting, no shadows or flash reflections on the face, and without red-eye.
No colored contact lenses.
No makeup.
The use of glasses is not recommended; however, if necessary:
The eyes must be clear, without reflections from flash or ambient light on the glasses, and without colored lenses.
The frame must not cover any part of the eyes.
Note: Images taken from the guide "ICAO Guide for MRTD Photo Guidelines. ICAO. Icao guide for mrtd photo guidelines. http://www.icao.int/Security/mrtd/Downloads/TechnicalReports/Annex_A-Photograph_Guidelines.pdf
Add instructions before capturing for the user:
Use capture "frames" to guide the client's positioning in front of the camera:
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
In this section, you will find the specifics of creating a process that has Identity Verification as a capability, along with its complements
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
Production: https://api.id.unico.app/processes/v1.
During the process creation, the required fields are subject.code, subject.name, and imageBase64.
In the process response, the responses from the capabilities may arrive at different times, since IDCloud has both synchronous and asynchronous capabilities. Therefore, you should implement the GetProcess method depending on the combination of these capabilities.
The Identity Verification capability can be combined with other capabilities, such as Risk Score or Fraud Profile Detection. For more information on the possible responses, refer to the sections on Response Scenarios and Parameter Specifications.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
In this section, you will find how to retrieve a document for reuse in by Client via the REST API
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
Production: https://api.id.unico.app/documents/v1.
The documentId obtained in the API response should be used in the payload when creating the document capture process. Learn more in the Document Capture section.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
In this section, you will find all the technical specifications for By Client REST APIs
By Client is a channel that provides complete freedom for clients to leverage the IDCloud platform’s identity validation solutions. It aims to offer a wide range of possibilities in using IDCloud platform capabilities, delivering a solution that can be integrated with your back-end and allowing clients to control the user experience with their own front-end (for this, see Capture Standard) or through our SDKs.
By Client is an integration method for Unico IDCloud that allows clients to integrate as they see fit, combining or not combining capabilities as needed. This integration method provides the necessary resources for performing Proof of Life, Fraud Profile Detection, Identity Verification, and Document Capture and Reuse validation.
You can combine capabilities as desired and use them in various cases; however, API Keys configured with the desired capabilities are required.
o request specific capabilities for an API Key, please contact your integration project manager or Unico’s support team for assistance with the configuration.
You can also use the above capabilities without the Liveness Detection if you already have a Liveness provider in your operation. I
f you use the Identity Verification capability, regardless of any other combinations, it’s also possible to retrieve the Serpro similarity result (click here to learn more).
In by Client, there are capabilities with synchronous responses (meaning the response is provided immediately upon process creation) and asynchronous capabilities (where data processing requires that you "retrieve" the result through a GET method on the REST API).
In your operation, you can combine capabilities as you see fit, but each capability has its own communication method. For example:
You might operate with both Identity Verification and Fraud Profile Detection capabilities.
When creating the process, the response for Identity Verification will be synchronous and included in the API response.
Fraud Profile Detection, however, will operate asynchronously, requiring a wait for processing and then a separate GET request to obtain the final result.
Below are the synchronous and asynchronous capabilities:
Just like the Identity Verification capability is a "synchronous" capability, it can also be configured for "asynchronous" use.
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.
In this section, you will find instructions on how to retrieve the result of a process in by Client using the REST API
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
To implement your business rules, always validate the final statuses of the processes (3, 4, 5). To validate the response from IDCloud capabilities, only consider status = 3 for your decision-making. For more information on the possible statuses, see the Parameters Specification section.
The parameters above represent the most common usage of the API but may change depending on the capabilities you are using.
In the v2 endpoint (/processes/v2/{id}), we also return additional user information, as shown in the example below:
In this section, you will find the specific details on creating a process that includes Document Capture as a capability
Your API requests are authenticated using an access token. Any request that does not include a valid access token will return an error.
You can learn more about generating an access token here.
In creating the process, the following fields are required: subject.code, subject.name, document.Purpose, document.files.id or document.files.data, and imageBase64;
In the process response, we return the id, status, and document.id. The capability's response is always asynchronous; therefore, the GetProcess method must be implemented.
In this section, you will find the Postman collection for the by Client REST APIs
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
In this section, you will find the possible responses for the combinations of capabilities separated by their methods to facilitate your understanding of the by Client integration
Understanding how the return of each parameter works is essential for implementing the best decision-making. To see in detail the meaning of each parameter, see the section Parameter Specification
In all the combinations described below, if an error occurs during processing, the process will return a status = 5. For this reason, the scenarios below do not display responses related to this condition. Example:
For the scenarios where the response in CreateProcess is the same as the response from GetProcess, optimize your application and make your decision synchronously.
For the scenarios where the response in CreateProcess is the same as the response from GetProcess, optimize your application and make your decision synchronously.
For the scenarios where the response in CreateProcess is the same as the response from GetProcess, optimize your application and make your decision synchronously.
In this section, you will find the specification of all the parameters for the by Client integration REST API
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
| Nome | Tipo | Descrição |
|---|
| Nome | Tipo | Descrição |
|---|
Still need help?
Didn't find something or still need help? If you're already a client or partner, you can reach out through our .
01.
Liveness
02.
Liveness + Identity Verification
03.
Liveness + Validation (1:1)
04.
Liveness + Identity Verification + Fraud Profile Detection
05.
Liveness + Identity Verification + Risk Scoring
06.
Liveness + Identity Verification + Document Capture and reuse
07.
Liveness + Identity Verification + Fraud Profile Detection + Risk Scoring
08.
Liveness + Identity Verification + Fraud Profile Detection + Document Capture and reuse
09.
Liveness + Identity Verification + Risk Scoring + Document Capture and reuse
10.
Liveness + Identity Verification + Fraud Profile Detection + Risk Scoring + Document Capture and reuse
| string | Indicates the ID of the process created with the photo submission. |
| integer | Indicates the status of the process. It can receive the values:
For the correct development of your business rule, only validate the results of the IDCloud capabilities when the status = 3. |
| string | Indicates the ID of the document created. |
| string | Indicates the type of document returned by the classification. |
| string | Returns whether the provided CPF is equal to the one contained in the document. If the submitted CPF is invalid (e.g., 123.456.789-12), this field is automatically returned as false before the comparison. |
| list | List of information contained in the document. It will always be returned when the quality of the document allows for data extraction.
The content returned in |
| integer | Signed URLs of the files that make up the document. To access the document images, simply use these URLs, which have a 10-minute expiration time. |
| string | Type of document found. |
| string | ID of the document found. To reuse, this ID must be used in the Create Process request. |
| string | Mandatory | Valid CPF of the user |
| string | Mandatory | User's name. |
| string | Optional | User's email. |
| string | Optional | User's phone number.Ex.: |
| string | Optional | It is the use case for the biometric operation. E.g., "Account opening." |
| string | Mandatory | It is the user's selfie. The image must be in base64 (png, jpg, jpeg). If you use the Liveness Check with Unico's SDK, the file must be sent encrypted. The encrypted file must be sent within 10 minutes to avoid image expiration. This .jwt can only be used once. |
| string | Mandatory | Identificador do processo que foi Identifier of the process that was generated during the creation of the biometric transaction, whose photo will be used for comparison. This parameter is mandatory only when using the Validation (1:1) capability. |
| The identifier of the process. |
| string | Indicates the status of the process. It can receive the values:
For the correct development of your business rule, only validate the results of the IDCloud capabilities when the status = 3. |
| string | Indicates the result of the Identity Verification capability. It can receive the values:
|
| integer | Indica o resultado da capacidade Prova de viIndicates the result of the Liveness capability. It can receive the values:
If the solution is used without the Liveness capability, the return will always be 1. |
| integer | Indicates the result of the Risk Score capability. It can receive values between -90 and +95. The score will only return in the API response if the API key is properly configured with the capability and the response of the Identity Verification capability is affirmative. |
| string | Indicates the result of the Fraud Profile Detection capability. It can receive the values:
If used together with the Risk Score, a "yes" response will prevent the registration from being passed to the score. |
| boolean | It is the result of the authentication when using the Validation (1:1) capability. It can be true or false. |
| integer | Indicates the result of the similarity score from Serpro. |
| string | Indicates the transaction ID of the created process. This ID is related to the user's selfie and is not the same as the process ID (first item related in this description). |
| string | Indicates the name of the user of the created process |
| string | Indicates the identification document of the user of the created process. |
| string | Indicates the image of the user of the created process. |
| string | Indicates the date and time of the completion of the created process. |
Endpoint to create a new identity verification process by Client.
Valid access-token.
Valid APIKEY with the capabilities you will use.
User's CPF.
"12345678909"User's name.
"Luke Skywalker"User's email.
"luke@unico.io"User's phone.
"551972557070"Use case of the operation.
"Onboarding"Encrypted generated by the SDK or base64.
"/9j/4AAQSkZJR..."Process created successfully (YES from Identity Verification).
Process ID.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Process status.
3Result of the identity verification.
"yes"Endpoint to create a new 1:1 validation process by Client.
Valid access-token.
Valid APIKEY with 1:1 validation capability.
User's CPF.
"12345678909"Identifier of the process generated during the biometric transaction creation, whose photo will be used for comparison.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Encrypted generated by the SDK.
"/9j/4AAQSkZJR..."Process created successfully (User authenticated).
Process ID.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Authentication result.
trueResult of the liveness test.
1Endpoint to create a new liveness process by Client.
Valid access-token.
Valid APIKEY with liveness capability.
User's CPF.
"12345678909"User's name.
"Luke Skywalker"Encrypted generated by the SDK.
"/9j/4AAQSkZJR..."Process created successfully (User alive).
Process ID.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Process status.
3Result of the liveness.
1Endpoint to retrieve a user's documents for reuse in by Client.
User identifier value (e.g., CPF value).
12345678909Document type (e.g., BR_CPF).
"BR_CPF"Valid access-token.
Valid APIKEY.
Process information retrieved successfully.
List of documents associated with the process.
Document type.
"unico.moja.dictionary.br.rg.v2.Rg"Document ID.
"2aaf6037-0153-415d-b9fe-cf7e8198408f"Endpoint to create a new identity verification process by Client.
Valid access-token.
Valid APIKEY with the capabilities you will use.
User's CPF.
"12345678909"User's name.
"Luke Skywalker"User's email.
"luke@unico.io"User's phone.
"551972557070"Use case of the operation.
"Onboarding"Encrypted generated by the SDK or base64.
"/9j/4AAQSkZJR..."Process created successfully (INCONCLUSIVE from Identity Verification).
Process ID.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Process status.
2Result of the identity verification.
"inconclusive"Endpoint to retrieve the result of a verification identity process by Client.
Process ID.
Valid access-token.
Valid APIKEY.
Process information retrieved successfully.
Process ID.
"2b034568-dfaf-463f-94fb-18ed93c312e8"Process status.
3Identity verification result.
Identity verification result.
"inconclusive"Liveness test result, where: '1' is LIVE and '2' is NOT LIVE.
1Risk score result.
50Endpoint to create a new document process by Client.
Valid access-token.
Valid APIKEY with document capture and reuse capability.
User's CPF.
"12345678909"User's name.
"Luke Skywalker"User's email.
"luke@unico.io"User's phone.
"551972557070"Information about the document to be captured.
Indicates the purpose of sharing the document. Can receive values: creditprocess, carpurchase, paybypaycheck, onboarding, or fgts.
"creditprocess"ID of the biometrics process that must have been carried out previously. The ID must be from a completed process with valid biometrics.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Identifier of the document to be reused. You will find it when using the GetReusableDocuments API. If you do not find a document to be reused, you must capture the document and send the base64 in the data.files parameter.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Base64 of the user's document if no reusable document is found in the GetReusableDocuments API. The array can contain 1 file (e.g., full CNH) or 2 files (e.g., CNH front and CNH back).
Image of the document encoded in base64.
"/9j/4AAQSkZJR..."Base64 of the user's selfie.
"/9j/4AAQSkZJR..."Document process created successfully.
Process ID.
"80371b2a-3ac7-432e-866d-57fe37896ac6"Process status.
3ID of the document that was created.
"80371b2a-3ac7-432e-866d-57fe37896ac6"
