Skip to main content
POST https://ivs.idenfy.com/api/v2/token
Authorization: Basic {API_KEY}:{API_SECRET}
Content-Type: application/json

Common Examples

Start with these, then customize using the full parameter reference below.
The only required field is clientId:
{
  "clientId": "user-123"
}
Everything else uses your Dashboard defaults.

Code Examples

curl -X POST https://ivs.idenfy.com/api/v2/token \
  -u "YOUR_API_KEY:YOUR_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"clientId": "user-123", "firstName": "John", "lastName": "Doe"}'

Response

{
  "message": "Token created successfully",
  "authToken": "pgYQX0z2T8mtcpNj9I20uWVCLKNuG0vgr12f0wAC",
  "scanRef": "ec6a7108-8c26-11e9-9758-309c231b1bac",
  "clientId": "user-123",
  "firstName": "JOHN",
  "lastName": "DOE",
  "redirectUrl": "https://ivs.idenfy.com/api/v2/redirect?authToken=pgYQX0z2T8...",
  "digitString": null,
  "expiryTime": 3600,
  "sessionLength": 600
}
Key response fields:
FieldUse it for
authTokenPass to iFrame, SDK, or redirect URL
redirectUrlRedirect user here for hosted verification
scanRefUnique verification ID — store this in your database
digitString8-digit code for mobile app (only if generateDigitString: true)

What to Do Next

After generating the token, send your user to verification:
MethodCodeWhen to use
Redirectwindow.location.href = token.redirectUrlSimplest. User leaves your site.
iFrame<iframe src="https://ui.idenfy.com/?authToken=TOKEN">Embedded. User stays on your site. Details →
Android SDKIdenfyController.startIdentification(activity, token.authToken)Native Android. Details →
iOS SDKIdenfyController.shared.startIdentification(authToken: token.authToken)Native iOS. Details →
Then set up webhooks to receive the result.

All Parameters

Most of these can be set as defaults in your Dashboard. Only pass parameters via API when you need per-session customization.

Personal Data optional

ParameterTypeDescription
clientIdstring requiredUnique client identifier. ASCII, max 100 chars.
firstNamestringClient name. Letters only, max 100, auto-uppercased.
lastNamestringClient surname. Letters only, max 100, auto-uppercased.
dateOfBirthstringFormat: YYYY-MM-DD.
sexstringM or F.
nationalitystringISO 3166-1 alpha-2 (e.g., US, DE).
addressstringMax 255 chars. Used for Proof of Address verification.
externalRefstringYour internal reference. ASCII, max 40 chars.

Document Data optional

ParameterTypeDescription
countrystring or string[]ISO alpha-2. Restricts accepted countries. Default: all.
documentsstring[]Accepted document types: PASSPORT, ID_CARD, DRIVER_LICENSE, RESIDENCE_PERMIT, etc.
documentNumberstringExpected document number. Triggers mismatch check.
personalNumberstringExpected personal/national code.
dateOfExpirystringFormat: YYYY-MM-DD.
dateOfIssuestringFormat: YYYY-MM-DD.
The country parameter sets the expected document country but does not limit the document selection options shown to your user. To restrict which document types and countries are available for selection, adjust the allowed documents settings — see Document Configuration.If you need an option to deny users based on country, contact tech support via the portal.

Session Settings optional

ParameterTypeDefaultDescription
successUrlstringDashboard settingRedirect after approval. HTTPS, max 2048.
errorUrlstringDashboard settingRedirect after denial.
unverifiedUrlstringDashboard settingRedirect if user cancels.
callbackUrlstringOverride webhook URL for this session.
localestringenUI language. ISO alpha-2.
expiryTimeinteger86400Token validity (seconds). Max: 2,592,000 (30 days).
sessionLengthinteger1800Time to complete once started (seconds). Max: 3,600.
tokenTypestringIDENTIFICATIONIDENTIFICATION = doc + selfie. DOCUMENT = doc only.
showInstructionsbooleanDashboardShow instruction screens before capture.
generateDigitStringbooleanfalseGenerate 8-digit mobile code.

Verification Features optional

ParameterTypeDescription
verifyEmailbooleanAdd email verification step.
verifyPhonebooleanAdd phone verification step (SMS).
verifyAddressbooleanEnable address/PoA verification.
verifyBankbooleanEnable bank verification.
nfcRequiredbooleanRequire NFC chip reading (high assurance).
nfcOptionalbooleanOptional NFC scan.
ageLimitintegerMinimum age. Below = SUSPECTED.
ageMaxintegerMaximum age. Above = SUSPECTED.
driverLicenseBackbooleanRequire both sides of driver’s license.

Security & Fraud Detection optional

ParameterTypeDescription
checkLivenessbooleanActive 3D liveness (head movement).
idLiveFaceValidationbooleanPassive face liveness (detects screens/photos).
idLiveDocumentValidationbooleanPassive document liveness (detects copies).
checkAmlbooleanAuto-add to AML monitoring.
checkIpProxybooleanDetect VPN/proxy usage.
checkFaceBlacklistbooleanCheck selfie against blacklist.
checkDocFaceBlacklistbooleanCheck document face against blacklist.
checkDuplicateFacesbooleanDetect same face in previous verifications.
checkDuplicateDocFacesbooleanDetect same document face.
checkDuplicatePersonalDatabooleanDetect same personal data.
checkBlurAndGlarebooleanImage quality checks.
autoFaceMatchingbooleanDisabling this turns off all face-related checks.

Customization optional

ParameterTypeDescription
additionalStepsobjectRequest extra documents. See Additional Steps →
additionalDataobjectData for COMPARE-type additional steps.
utilityBillbooleanEnable utility bill verification.
questionnairestringQuestionnaire key. null to disable.
riskAssessmentProfileintegerRisk Assessment profile ID.
reviewFailedbooleanTrigger manual review for failed sessions.
reviewSuccessfulbooleanTrigger manual review for successful sessions.
Don’t waste credits. Don’t create new sessions for the same clientId until you receive the final webhook result. Each session consumes a verification credit.