Skip to main content

Generate token

Requirements
  • API key
  • Identity verification credits

Graphical representation of token generation (UML activity)

Token generation UML activity diagram

Sending request

Token generation

Authorization: API key pair
Method: POST
Endpoint: https://ivs.idenfy.com/api/v2/token

Request Parameters

clientId| Type: String| Required: Yes
Explanation:

A unique string identifying a client. Same clientId is skipping duplicates checking processes.

Constraints:
  • ASCII characters available
  • Not null
  • Max length 100
  • Also accepts legacy field name 'personScanRef'
Default value:

Example:
100000
Personal Data| Required: No
Explanation:

Optional personal data parameters to prefill and improve accuracy of verification.

firstName| Type: String| Required: No
Explanation:

A name(s) of a client to be identified.

Constraints:
  • Min length 1
  • Max length 100
  • Letters only (no digits)
  • No special characters: ~!@#$%^*()_+={}[]|:;",/?
  • Auto-converted to UPPERCASE
Default value:

Example:
John Tom
lastName| Type: String| Required: No
Explanation:

A surname(s) of a client to be identified.

Constraints:
  • Min length 1
  • Max length 100
  • Letters only (no digits)
  • No special characters: ~!@#$%^*()_+={}[]|:;",/?
  • Auto-converted to UPPERCASE
Default value:

Example:
Smith
dateOfBirth| Type: String| Required: No
Explanation:

Date of birth of a client.

Constraints:
  • Format: YYYY-MM-DD
Default value:

sex| Type: String| Required: No
Explanation:

Gender of a client.

Constraints:
  • Values: 'M', 'F'
Default value:

nationality| Type: String| Required: No
Explanation:

Nationality of a client.

Constraints:
  • ISO 3166-1 alpha-2 format (2 letters)
  • Use 'ALL' to clear
  • Auto-converted to UPPERCASE
Default value:

address| Type: String| Required: No
Explanation:

Client address provided by partner.

Constraints:
  • Max length 255
  • Used for POA (Proof of Address) verification
Default value:

externalRef| Type: String| Required: No
Explanation:

An external reference string for your internal system tracking.

Constraints:
  • Max length 40
  • ASCII characters only
Default value:

Document Data| Required: No
Explanation:

Optional prefilled document parameters for verification.

country| Type: String | Array| Required: No
Explanation:

Preselects the default document country/countries. The user cannot change this selection unless 'ALL' is used.

Constraints:
  • ISO 3166-1 alpha-2 format
  • Can be single string or array of strings
  • Use 'ALL' to allow all countries
  • If NFC is required, must be NFC-supported country
Default value:

[] (all countries allowed)

documents| Type: List[String]| Required: No
Explanation:

Supported verification documents for the client. The available document types depend on the selected country and the account's allowed document settings. Includes physical and digital ID documents.

Constraints:

Supported documents

Default value:

Set via Dashboard's settings

documentNumber| Type: String| Required: No
Explanation:

Number of a client document.

Constraints:
  • ASCII characters available
  • Min length 1
  • Max length 50
Default value:

personalNumber| Type: String| Required: No
Explanation:

Personal/national number of a client.

Constraints:
  • ASCII characters available
  • Min length 1
  • Max length 50
Default value:

dateOfExpiry| Type: String| Required: No
Explanation:

Date of expiry of a client document.

Constraints:
  • Format: YYYY-MM-DD
Default value:

dateOfIssue| Type: String| Required: No
Explanation:

Date of issue of a client document.

Constraints:
  • Format: YYYY-MM-DD
Default value:

Session Settings| Required: No
Explanation:

Optional session-level parameters controlling the verification flow and UI.

successUrl| Type: String| Required: No
Explanation:

A url where a client will be redirected after a successful verification.

Constraints:
  • Min length 5
  • Max length 2048
  • Must be valid HTTPS URL
Default value:

Partner's configured success URL

errorUrl| Type: String| Required: No
Explanation:

A url where a client will be redirected after a failed verification.

Constraints:
  • Min length 5
  • Max length 2048
  • Must be valid HTTPS URL
Default value:

Partner's configured fail URL

unverifiedUrl| Type: String| Required: No
Explanation:

A url where a client will be redirected after a not analyzed verification. E.g. user immediately cancels process.

Constraints:
  • Min length 5
  • Max length 2048
  • Must be valid HTTPS URL
Default value:

Partner's configured unverified URL

callbackUrl| Type: String| Required: No
Explanation:

Set a callbackURL, where webhook response should be sent

Constraints:
  • Min length 5
  • Max length 2048
  • Must be valid HTTPS URL
  • Only works if callback override enabled for partner
Default value:

locale| Type: String| Required: No
Explanation:

A country code in alpha-2 format. Determines what default language a client will see in verification UI. If not supported locale is used, the default English will be displayed.

Constraints:

See Supported locales

Default value:

en

expiryTime| Type: Int| Required: No
Explanation:

Length of time in seconds after which a newly generated token will become invalid.

Constraints:
  • Min 1 second
  • Max 2592000 seconds (30 days)
Default value:

Environment variable (default 86400)

sessionLength| Type: Int| Required: No
Explanation:

Length of time in seconds where a client is given to identify himself in identification UI.

Constraints:
  • Min 60 seconds
  • Max 3600 seconds (1 hour)
Default value:

Environment variable (default 1800)

tokenType| Type: String| Required: No
Explanation:

Determines processing flow.

  • DOCUMENT: Document capturing step only
  • IDENTIFICATION: Document + Selfie steps
Constraints:
  • Values: 'IDENTIFICATION', 'DOCUMENT'
Default value:

IDENTIFICATION

showInstructions| Type: Boolean| Required: No
Explanation:

Toggle to show or hide the initial instruction screens.

Constraints:
  • true or false
Default value:

Partner's setting

generateDigitString| Type: Boolean| Required: No
Explanation:

When true, generates a digit string for mobile app access.

Constraints:
  • true or false
Default value:

false

reviewFailed| Type: Boolean| Required: No
Explanation:

Controls manual review trigger for failed sessions. Requires 'review_failed_edit' permission.

Constraints:
  • true or false
Default value:

Partner's setting

reviewSuccessful| Type: Boolean| Required: No
Explanation:

Controls manual review trigger for successful sessions. Requires 'review_successful_edit' permission.

Constraints:
  • true or false
Default value:

Partner's setting

Verification Features| Required: No
Explanation:

Optional toggles to enable specific verification steps like Banking, NFC, Contact validation, etc.

verifyEmail| Type: Boolean
Explanation:

Adds email verification step - user must click confirmation link.

Constraints:
  • true or false
Default value:

Partner's setting

verifyPhone| Type: Boolean
Explanation:

Adds phone verification step - user must enter SMS code.

Constraints:
  • true or false
Default value:

Partner's setting

verifyAddress| Type: Boolean
Explanation:

Enables address verification for POA step.

Constraints:
  • true or false
Default value:

Partner's setting

verifyBank| Type: Boolean
Explanation:

Main toggle for bank verification step. Requires partner packet permission.

Constraints:
  • true or false
Default value:

Partner's setting

verifyBankAccounts| Type: Boolean
Explanation:

Checks client's bank accounts. Requires verifyBank to be enabled.

Constraints:
  • true or false
Default value:

Partner's setting

verifyBankBalances| Type: Boolean
Explanation:

Checks client's account balances. Requires verifyBank to be enabled.

Constraints:
  • true or false
Default value:

Partner's setting

verifyBankTransactions| Type: Boolean
Explanation:

Analyzes client's transactions. Requires verifyBank to be enabled.

Constraints:
  • true or false
Default value:

Partner's setting

nfcRequired| Type: Boolean
Explanation:

Requires NFC chip reading. Failure to scan results in denial.

Constraints:
  • true or false
Default value:

Partner's setting

nfcOptional| Type: Boolean
Explanation:

Allows optional NFC scan for extra security.

Constraints:
  • true or false
Default value:

Partner's setting

driverLicenseBack| Type: Boolean
Explanation:

Requires both sides of the driver's license.

Constraints:
  • true or false
Default value:

Partner's setting

checkDriverLicense| Type: Boolean
Explanation:

Enables driver's license registry check (specific countries).

Constraints:
  • true or false
Default value:

Partner's setting

ageLimit| Type: Integer
Explanation:

Minimum age. Verification flagged as suspected if client is younger.

Constraints:
  • More than 0
Default value:

Partner's setting

ageMax| Type: Integer
Explanation:

Maximum age. Verification flagged as suspected if client is older.

Constraints:
  • More than 0
Default value:

Partner's setting

Advanced Checks & Security| Required: No
Explanation:

Optional parameters for extra checks. Many of these rely on Partner Contract settings.

idLiveFaceValidation| Type: Bool
Explanation:

Passive face liveness - detects photos/screens.

Default value:

As set in the dashboard

idLiveDocumentValidation| Type: Bool
Explanation:

Passive face liveness - detects photos/screens.

Default value:

As set in the dashboard

checkLiveness| Type: Bool
Explanation:

Active 3D face liveness (head movement required).

Default value:

As set in the dashboard

autoFaceMatching| Type: Bool
Explanation:

When disabled, also disables:

  • checkLiveness
  • checkFaceBlacklist
  • checkDuplicateDocFaces
  • checkDocFaceBlacklist
  • checkDuplicateFaces.
Default value:

As set in the dashboard

checkBlurAndGlare| Type: Bool
Explanation:

Enables quality checks for blur and glare on uploaded images.

Default value:

As set in the dashboard

checkAml| Type: Bool
Explanation:

An option to automatically add the verified person to AML monitoring.

Default value:

As set in the dashboard

checkIpProxy| Type: Bool
Explanation:

An option to check if an IP proxy was used for verification.

Default value:

As set in the dashboard

checkFaceBlacklist| Type: Bool
Explanation:

Check selfie against your environment's face blacklist.

Default value:

As set in the dashboard

checkDocFaceBlacklist| Type: Bool
Explanation:

Check document photo against your environment's face blacklist.

Default value:

As set in the dashboard

checkDuplicateFaces| Type: Bool
Explanation:

Check if there is already a verification of the same person's face in your environment.

Default value:

As set in the dashboard

checkDuplicateDocFaces| Type: Bool
Explanation:

Check if there is already a verification of the same person's document face in your environment.

Default value:

As set in the dashboard

checkDuplicatePersonalData| Type: Bool
Explanation:

Detects if same personal data used in multiple verifications.

Default value:

As set in the dashboard

registryCentersCountries| Type: List[String]
Explanation:

Array of country codes to enable Registry Center checks for.

Constraints:
  • Country codes (strings)
Default value:

Partner's configured list

Customization| Required: No
Explanation:

Custom steps, questionnaires, and risk profiles.

additionalSteps| Type: Object| Required: No
Explanation:

Require your users to upload photo with additional information:

  • Proof of Address
  • Another doucment
  • Specific information

Full explanation in Additional step section

Default value:

As set in the dashboard

additionalData| Type: Object| Required: No
Explanation:

Additional data taht can be provided alongside additionalSteps, if using COMPARE type.

Constraints:
  • Structure: { stepName: { fieldName: fieldValue } }
  • All keys and values must be strings
Default value:

{}

utilityBill| Type: Bool| Required: No
Explanation:

Enables utility bill verification step.

Constraints:
  • true or false
Default value:

questionnaire| Type: String| Required: No
Explanation:

Questionnaire key to use for this session.

Constraints:
  • Must be an active questionnaire configured for the partner
  • Pass null to disable
Default value:

Partner's default KYC questionnaire

questionnaireRequired| Type: Bool| Required: No
Explanation:

Force the questionnaire to be mandatory.

Constraints:
  • true or false
Default value:

true

riskAssessmentProfile| Type: Integer| Required: No
Explanation:

ID of the specific Risk Assessment profile to apply.

Constraints:
  • Risk Assessment profile ID must be provided
Default value:

Overriding Default Parameters

Most parameters and features can be set as defaults in the dashboard. While it’s possible to override these settings during token generation, we strongly recommend pre-configuring tokens through the dashboard UI.

Use API parameters only if your flow requires high flexibility or involves complex conditions.

Parameters you can set as defaults in the dashboard
  • From Document Data: documents, country
  • Session Settings (except expiryTime and sessionLength)
  • All parameters under Advanced Checks
  • All parameters under Customization
Limitation

You can only override features, parameters, and variables available in your environment.

for best outcome
  • While clientId is the only mandatory parameter, we recommend also providing the client's firstName and lastName when possible. This enables our system to perform an Information Comparison, where we cross-check the data you provide against the information extracted from the ID document.

Note: The more data you provide, the more thorough the check becomes. This increases verification accuracy but also means that typos or discrepancies between the data in your system and the data on the document can cause the verification to be flagged. For the highest success rate, ensure the data you pass is accurate.

{
  "clientId": "100000",
  "firstName": "John Tom",
  "lastName": "Smith"
}
Be aware

  • Avoid unnecessary credit usage - do not generate new tokens for the same user with same clientId until you have received the final results via the webhooks.

  • If provided information is incorrect or different from document information, cross-matching will be triggered, and verification overall status will be SUSPECTED with specific mismatchTags: NAME, SURNAME, DATE_OF_BIRTH

  • Malformation in JSON or API key/secret issues will trigger a standard iDenfy API error response, detailed at iDenfy's error messages.

digitString

If you're generating an 8 digit mobile code, please keep in mind that for security purposes, expiryTime cannot be longer than generateDigitString default value(must be the value as default expiryTime). If you need to increase the maximum default value of the mobile code expiration, please contact sales@idenfy.com or our technical support team via dashboard.

Request example

{
  "clientId": "100000",
  "firstName": "John Tom",
  "lastName": "Smith",
  "successUrl": "https://www.my-company.com/idenfy/success",
  "errorUrl": "https://www.my-company.com/idenfy/fail",
  "unverifiedUrl": "https://www.my-company.com/idenfy/unverified",
  "callbackUrl": "https://mywebsite.com/idenfy/webhookendpoint",
  "locale": "en",
  "showInstructions": true,
  "expiryTime": 600,
  "sessionLength": 600,
  "country": "lt",
  "documents": ["PASSPORT"],
  "dateOfBirth": "1990-12-20",
  "dateOfExpiry": "1990-12-20",
  "dateOfIssue": "1990-12-20",
  "nationality": "lt",
  "personalNumber": "123456789",
  "documentNumber": "123456",
  "sex": "M",
  "address": "Address",
  "tokenType": "IDENTIFICATION",
  "externalRef": "reference",
  "utilityBill": false,
  "additionalSteps": null,
  "additionalData": null,
  "questionnaire": "c8QgVx5xzspjVnQ4nJ7MCf"
}

Response example

{
  "message": "Token created successfully",
  "authToken": "pgYQX0z2T8mtcpNj9I20uWVCLKNuG0vgr12f0wAC",
  "scanRef": "ec6a7108-8c26-11e9-9758-309c231b1bac",
  "clientId": "100000",
  "firstName": "JOHN TOM",
  "lastName": "SMITH",
  "successUrl": "https://www.my-company.com/idenfy/success",
  "errorUrl": "https://www.my-company.com/idenfy/fail",
  "unverifiedUrl": "https://www.my-company.com/idenfy/unverified",
  "callbackUrl": "https://mywebsite.com/idenfy/webhookendpoint",
  "locale": "en",
  "showInstructions": true,
  "country": "lt",
  "expiryTime": 600,
  "sessionLength": 600,
  "documents": ["PASSPORT"],
  "allowedDocuments": {
    "ALL": ["ID_CARD", "PASSPORT", "DRIVER_LICENSE", "RESIDENCE_PERMIT"]
  },
  "dateOfBirth": "1990-12-20",
  "dateOfExpiry": "1990-12-20",
  "dateOfIssue": "1990-12-20",
  "nationality": "lt",
  "personalNumber": "123456789",
  "documentNumber": "123456",
  "sex": "M",
  "digitString": "4823657",
  "address": "Address",
  "tokenType": "IDENTIFICATION",
  "externalRef": "reference",
  "questionnaire": null,
  "utilityBill": false,
  "additionalSteps": null,
  "additionalData": null,
  "riskAssessmentProfile": "e8cadb52-d429-4dc2-b788-99dfbbe8a4ab"
}

The response JSON mirrors the fields provided during token generation, includes default values for any unspecified optional fields, and contains the following additional response-specific fields:

message
Explanation:

A message for a developer about the status of generated token. Constraints: Max length 100

Example:
Token created successfully
authToken
Explanation:

A unique string for verification process (will be passed as a url parameter when redirecting a client to verification platform). Constraints: Length ≤ 40

Example:
3FA5TFPA2ZE3LMPGGS1EGOJNJE
scanRef
Explanation:

A unique string identifying a client verification on iDenfy’s side. Constraints: Length ≤ 40

Example:
d2714c8a-ec05-11e8-834f-067891e3383a
clientId
Explanation:

A unique string identifying a client on your company's side. (The same value when requesting to generate a token)

Example:
5F7E4FR14
digitString
Explanation:

A unique string identifying the token that can be used by the client in our mobile application. Will be null if generateDigitString is not true. Constraints: Length = 8

Example:
89567412

Try out Identity verification

Authentication

Required Parameters

Unique identifier for the end-user.

Request Body

{}

Response