NAV Navbar
HTTP Javascript PHP Python Ruby

Introduction

Shufti Pro has designed this Verification API document for its customers that have signed up for our next-generation service pack. This document will explain various kinds of verification services included in this service pack, how they are provided and what kind of data is required from our clients to perform these verifications successfully.

Authorization

Shufti Pro provides authorisation to clients through the Basic Auth header. Your Client ID will serve as your Username while the Secret Key will serve as your Password. The API will require this header for every request.

Fields Required Description
username Yes Enter Client ID as username.
password Yes Enter your Secret Key as password.

Off-site Verification without OCR

Every verification request received from the end-user or Shufti Pro customer is assessed on certain parameters (discussed in detail below) by Shufti Pro’s intelligent system. These parameters allow Shufti Pro to:

Request Parameters
Herein it is essential to note that each service module is independent of the other and each one of them will be activated according to the nature of the request received from Shufti Pro’s client. Services can be used in combination including document, address, face, consent and phone verification as well as AML background checks.

Each verification service is optional. Shufti Pro can provide clients with a single service or multiple services depending on their requirements.

Verification Request

Off-site without OCR Verification Request Example

POST /api/ HTTP/1.1
Host: shuftipro.com


Content-Type: application/json


Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 

{
    "reference"    : "1234567",
    "callback_url" : "http://www.example.com/",
    "email"        : "johndoe@example.com",
    "country"      : "GB",
    "language"     : "EN",

    "verification_mode" : "any",

    "document"         : {
        "proof"           : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
        "supported_types" : ["id_card","driving_license","passport"],
        "name"            : {
            "first_name" : "John",
            "last_name"  : "Liveon"
        },
        "dob"             : "1990-10-10",
        "issue_date"      : "2015-10-10", 
        "expiry_date"     : "2025-10-10",
        "document_number" : "1234-1234-ABC"
    },

    "address"         : {
        "proof"            : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
        "supported_types"  : ["id_card","bank_statement"],
        "name"            : {
            "first_name" : "John",
            "last_name"  : "Liveon"
        },
        "issue_date"       : "2015-10-10",
        "full_address"     : "Candyland Avenue",
        "address_fuzzy_match":"1"
    },

    "face" : {
        "proof"            : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII="
    },

    "consent" : {
        "proof"            : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",
        "supported_types"  : ["printed"],
        "text"             : "Hi, I am giving my consent"
    },

    "background_checks" : {
        "name" : {
            "first_name" : "John",
            "last_name"  : "Liveon"
        },
        "dob"  : "1990-10-10"
    }
}
<?php
$url = 'https://shuftipro.com/api/';

//Your Shufti Pro account Client ID
$client_id  = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';

$verification_request = [
    "reference"         => "ref-".rand(4,444).rand(4,444),
    "callback_url"      => "https://yourdomain.com/profile/notifyCallback",
    "email"             => "johndoe@example.com",
    "country"           => "GB",
    "language"          => "EN",
    "verification_mode" => "any",
];

//Use this key if you want to perform document verification without OCR
$verification_request['document'] =[
    "proof"            => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
    "supported_types" => ["id_card","driving_license","passport"],
    "name"            => [
        "first_name" => "John",
        "last_name"  => "Liveon"
    ],
    "dob"             => "1990-10-10",
    "issue_date"      => "2015-10-10",
    "expiry_date"     => "2025-10-10",
    "document_number" => "1234-1234-ABC"
];

//Use this key if you want to perform address verification without OCR
$verification_request['address'] = [
    "proof"               => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg')),
    "supported_types"     => ["id_card","bank_statement"],
    "name"            => [
        "first_name" => "John",
        "last_name"  => "Liveon"
    ],
    "issue_date"          => "2015-10-10",
    "full_address"        => "Candyland Avenue",
    "address_fuzzy_match" => "1"

];

//Use this key if you want to perform face verification
$verification_request['face'] = [
    "proof" => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-face.jpg'))
];

//Use this key if you want to perform consent verification
$verification_request['consent'] = [
    "proof"           => base64_encode(file_get_contents('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-consent-document.jpg')),
    "supported_types" => ["printed"],
    "text"            => "Hi, I am giving my consent"
];

//Use this key if you want to perform background checks
$verification_request['background_checks'] = [
    "name" => [
        "first_name" => "John",
        "last_name"  => "Liveon"
    ],
    "dob"  => "1990-10-10"
];

$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($verification_request);

//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);

//Get Shufti Pro API Response
$response_data    = $response['body'];

//Get Shufti Pro Signature
$sp_signature    = get_header_keys($response['headers'])['Signature'];

//Calculating signature for verification
$calculate_signature  = hash('sha256',$response_data.$secret_key);

$decoded_response = json_decode($response_data,true);

$event_name = $decoded_response['event'];

if($event_name == 'request.pending'){

    if($sp_signature == $calculate_signature){
        $verification_url = $decoded_response['verification_url'];

        echo "Verification url : $verification_url";
    }else{
        echo "Invalid signature :  $response_data";
    }

}else{

    echo "Error : $response_data";
}

function send_curl($url, $post_data, $headers, $auth){
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_USERPWD, $auth);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    $html_response = curl_exec($ch);
    $curl_info = curl_getinfo($ch);
    $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
    $headers = substr($html_response, 0, $header_size);
    $body = substr($html_response, $header_size);
    curl_close($ch);
    return ['headers' => $headers,'body' => $body];     
}

function get_header_keys($header_string){
    $headers = [];
    $exploded = explode("\n", $header_string);
    if(!empty($exploded)){
        foreach ($exploded as $key => $header) {
            if (!$key) {
                $headers[] = $header;
            } else {
                $header = explode(':', $header);
                $headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
            }
        }
    }    
    return $headers;
}
?>
import requests, base64, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''

url = 'https://shuftipro.com/api/'

# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'

# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'

verification_request = {
    "reference"         :   "ref-{}{}".format(randint(1000, 9999), randint(1000, 9999)),
    "callback_url"      :   "https://yourdomain.com/profile/notifyCallback",
    "email"             :   "johndoe@example.com",
    "country"           :   "GB", 
    "language"          :   "EN",
    "verification_mode" :   "any"
}

# Use this key if you want to perform document verification without OCR
verification_request['document'] = {
    "proof"            : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
    "supported_types" : ["id_card","driving_license","passport"],
    "name"            : {
        "first_name" : "John",
        "last_name"  : "Liveone"
    },
    "dob"             : "1990-10-10",
    "issue_date"      : "2015-10-10",
    "expiry_date"     : "2025-10-10",
    "document_number" : "1234-1234-ABC"
}

# Use this key want to perform address verification without OCR
verification_request['address'] = {
    "proof"               : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').read()),
    "supported_types"     : ["id_card","bank_statement"],
    "name"            : {
        "first_name" : "John",
        "last_name"  : "Liveone"
    },
    "issue_date"          : "2015-10-10",
    "full_address"        : "Candyland Avenue",
    "address_fuzzy_match" : "1"
}

# Use this key if you want to perform face verification
verification_request['face'] = {    
    "proof" : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-face.jpg').read())
}

# Use this key if you want to perform consent verification
verification_request['consent'] = {
    "proof"           : base64.b64encode(urllib2.urlopen('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-consent-document.jpg').read()),
    "supported_types" : ["printed"],
    "text"            : "Hi, I am giving my consent"
}

# Use this key if you want to perform background checks
verification_request['background_checks'] = {
    "name" : {
        "first_name" : "John",
        "last_name"  : "Liveon"
    },
    "dob"  : "1990-10-10"
}

# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url, 
                headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
                data=json.dumps(verification_request))

# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()

# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')

# Convert json string to json object
json_response = json.loads(response.content)

# Get event returned
event_name = json_response['event']
print json_response
if event_name == 'request.pending':
    if sp_signature == calculated_signature:
        verification_url = json_response['verification_url']
        print 'Verification URL: {}'.format(verification_url)
    else:
        print 'Invalid signature: {}'.format(response.content)

let payload = {
    reference         : `SP_REQUEST_${Math.random()}`,
    callback_url      : "https://yourdomain.com/profile/sp-notify-callback",
    email             : "johndoe@example.com",
    country           : "GB",
    language          : "EN",
    verification_mode : "any",
}

convertImgToBase64URL('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg').then(response=>{

    //Use this key if you want to perform document verification with OCR
    payload['document'] = {
        proof            : response,
        supported_types : ["id_card","driving_license","passport"],
        name            : {
            first_name : "John",
            last_name  : "Liveon"
        },
        dob             : "1990-10-10",
        issue_date      : "2015-10-10",
        expiry_date     : "2025-10-10",
        document_number : "1234-1234-ABC"
    }

    //Use this key if you want to perform address verification with OCR
    payload['address'] = {
        proof               : response,
        supported_types     : ["id_card","bank_statement"],
        name            : {
            first_name : "John",
            last_name  : "Liveon"
        },
        issue_date          : "2015-10-10",
        full_address        : "Candyland Avenue",
        address_fuzzy_match : "1"
    }
})

convertImgToBase64URL('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-face.jpg').then(response=>{

  //Use this key if you want to perform face verification
  payload['face'] = {
    proof : response
  }
})

convertImgToBase64URL('https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-consent-document.jpg').then(response=>{

  //Use this key if you want to perform consent verification
  payload['consent'] = {
    proof           : response,
    supported_types : ["printed"],
    text            : "Hi, I am giving my consent"
  }
})

// Use this key if you want to perform background checks
payload['background_checks'] = {
    name : {
        first_name : "John",
        last_name  : "Liveon"
    },
    dob  : "1990-10-10"
}

//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN

//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://shuftipro.com/api/', 
{
  method : 'post',
  headers : {
    'Accept'        : 'application/json',
    'Content-Type'  : 'application/json',
    'Authorization' : 'Basic ' +token
  },
  body: JSON.stringify(payload)
})
.then(function(response) {
     return response.json();
}).then(function(data) {
     console.log(data)
     return data;
});
require 'uri'
require 'net/http'
require 'base64'
require 'json'
require 'open-uri'

url = URI("https://shuftipro.com/api/")

# Your Shufti Pro account Client ID
CLIENT_ID   = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY  = "YOUR-SECRET-KEY"

# Sample images
SAMPLE_FACE_IMAGE     = "https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-face.jpg"
SAMPLE_DOCUMENT_IMAGE =  "https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-id-card.jpg"
SAMPLE_CONSENT_IMAGE  = "https://raw.githubusercontent.com/shuftipro/RESTful-API-v1.3/master/assets/real-consent-document.jpg"

verification_request = { 
    reference:          "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
    callback_url:       "https://yourdomain.com/profile/notifyCallback",
    email:              "johndoe@example.com",
    country:            "GB",
    language:           "EN",
    redirect_url:       "http://www.example.com",
    verification_mode:  "any"
}

# Use this key if you want to perform document verification with OCR
verification_request["document"] = {
    proof:           Base64.encode64(open(SAMPLE_DOCUMENT_IMAGE).read),
    supported_types: ["id_card","driving_license","passport"],
    name:            {
        first_name: "John",
        last_name:  "Liveon" 
    },
    dob:             "1990-10-10",
    issue_date:      "2015-10-10", 
    expiry_date:     "2025-10-10",
    document_number: "1234-1234-ABC"
}

# Use this key if you want to perform address verification with OCR
verification_request["address"] = {
    proof:               Base64.encode64(open(SAMPLE_DOCUMENT_IMAGE).read),
    supported_types:     ["id_card","bank_statement"],
    name:                {
        first_name: "John",
        last_name:  "Liveon" 
    },
    issue_date:          "2015-10-10",
    full_address:        "Candyland Avenue",
    address_fuzzy_match: "1"
}

# Use this key if you want to perform face verification
verification_request["face"] = {
    proof: Base64.encode64(open(SAMPLE_FACE_IMAGE).read),
}

# Use this key if you want to perform consent verification
verification_request["consent"] = {
    proof:           Base64.encode64(open(SAMPLE_CONSENT_IMAGE).read),
    supported_types: ["printed"],
    text:            "Hi, I am giving my consent"
}

# Use this key if you want to perform background checks
verification_request["background_checks"] = {
    name: {
        first_name: "John",
        last_name:  "Liveon" 
    },
    dob: "1990-10-10"
}

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)

header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")

request["Content-Type"]  = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = verification_request.to_json

response = http.request(request)
response_headers =  response.instance_variable_get("@header")
response_data    = response.read_body

sp_signature     = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY

if sp_signature == calculated_signature
   puts response_data
else
   puts "Invalid signature"
end

Off-site verification means that Shufti Pro will be provided with data to perform Identity verification.

In the verification request, Shufti Pro customer specifies the keys and data for the parameters to be verified. Next, Shufti Pro’s intelligently driven system verifies the provided documents for authenticity.

Shufti Pro offers following services in Off-site verification: (Face, Document, Address, Consent and Background Checks)

Run in Postman

Parameters Description
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
Each request is issued a unique reference ID which is sent back to Shufti Pro’s client with each response. This reference ID helps to verify the request. Only alphanumeric values can be used. The client can use this ID to check the status of already performed verifications.
country Required: No
Type: string
Length: 2 characters
You may omit this parameter if you don't want to enforce country verification. If a valid country code is provided, then the proofs for document verification or address verification must be from the same country. Country code must be a valid ISO 3166-1 alpha-2 country code. Please consult Supported Countries for country codes.
language Required: No
Type: string
Length: 2 characters
If the Shufti Pro client wants their preferred language to appear on the verification screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English.
email Required: No
Type: string
Minimum: 6 characters
Maximum: 128 characters
This field represents email of the end-user.
callback_url Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
A number of server-to-server calls are made to Shufti Pro’s client to keep them updated about the verification status. This allows the clients to keep the request updated on their end, even if the end-user is lost midway through the process.
verification_mode Required: No
Type: string
Accepted Values: any, image_only, video_only
This key specifies the types of proof that can be used for verification. In a “video_only” mode, Shufti Pro’s client can only send “Base64” of videos wherein formats of proofs should be MP4 or MOV. “any” mode can be used to send a combination of images and videos as proofs for verification.
show_results Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
If Value for this parameter is 1, verification result will be displayed. If the value of this parameter is set 0, verification results will not be shown.
In case of offsite verification if show_results is set to 0, then a request.received callback is returned in case of a valid verification.
face Required: No
Type: object
This service key corresponds to Face Verification Service in which unique facial features of end-user are identified and verified in real-time.
Example 1 { "proof" : "base_64_encoded_image"}
for more details Face Service
document Required: No
Type: object
This service key corresponds to Document verification service in which the authenticity of identity documents submitted by end-users is checked. Once verified, these identity documents serve as proof of end-user’s identity.
Example 1 {"proof" : "base_64_encoded_image" , "document_number": "ABC1234XYZ098", "issue_date": "2015-12-31", "expiry_date": "2025-12-31", "dob": "1990-12-31", "name": { "first_name" : "John", "last_name" : "Doe" } , "supported_types": ["id_card", "credit_or_debit_card", "passport"]}
for more details Document Service
address Required: No
Type: object
This service key corresponds to Address Verification service in which the authenticity of an end-user's provided address is checked with the help of an authentic Identity document, Utility bill or bank statement
Example 1 {"proof" : "base_64_encoded_image", "supported_types" : ["id_card","bank_statement"],"name" : {"first_name" : "John", "last_name" : "Doe" } ,"full_address": "Candyland Avenue" }
for more details Address Service
consent Required: No
Type: object
This service key corresponds to Consent Verification services in which the consent provided by end-user for a certain action is cross-checked with the help of a handwritten document or customized printed document
Example 1 {"proof" : "base_64_encoded_image","text" : "Hi, I am giving my consent"}
for more details Consent Service
phone Required: No
Type: object
This service key corresponds to Phone Verification service of Shufti Pro. A customized code is sent to end-user on their phone number, that is sent back by end-user to verify their identity.
Example 1 {"phone_number" : "+00000000000000","random_code" : "12345","text" : "Your Shuftipro verification code is "}
for more details Phone Service
background_checks Required: No
Type: object
This service key corresponds to AML Screening service offered by Shufti Pro. An AML background check is performed for every end-user in this service against a financial risk database compiled by Shufti Pro
Example 1 {"name" : {"first_name" : "John", "last_name" : "Doe"}, "dob" : "1990-12-31" }
for more details Background Checks service

Verification Response

Responses will contain the following parameters:

Sample Response

Content-Type: application/json


Signature: NmI4NmIyNzNmZjM0ZmNl

{
    "reference": "17374217",
    "event": "verification.accepted",
    "error": "",
    "verification_url": "",
    "verification_result": {
        "document": {
            "name": 1,
            "dob": 1,
            "expiry_date": 1,
            "issue_date": 1,
            "document_number": 1,
            "document": 1
        },
        "address": {
            "name": 1,
            "full_address": 1
        }
    },
    "verification_data": {
        "document": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "dob": "1978-03-13",
            "issue_date": "2015-10-10",
            "expiry_date": "2025-12-31",
            "document_number": "1456-0989-5567-0909",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "driving_license",
                "passport"
            ]
        },
        "address": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "full_address": "3339 Maryland Avenue, Largo, Florida",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "bank_statement"
            ]
        }
    },
    "info": {
        "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        },
        "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }
    }

}
Parameters Description
reference Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made.
events This is the request event which shows status of request. Event is changed in every response.
Please consult Events for more information.
error Whenever there is an error in your request, this parameter will have the details of that error.
token This is the unique request token of the request.
verification_result This object will be returned in case of verification.accepted or verification.declined. This includes the results of each verification.
1 means accepted
0 means declined
null means not processed
Check verification.accepted and verification.declined responses in Events section for a sample response.
verification_data This object will be returned in case of verification.accepted or verification.declined. This object will include all the gathered data in a request process.
Check verification.accepted and verification.declined responses in Events section for a sample response.
info This object will be returned in case of verification.accepted or verification.declined. It contains the following keys:
Agent provides information about the device and browser of the end-user.
Geolocation provides information about the geographical location of the end-user.
For Details on info object go to INFO
declined_reason This parameter will have the reason due to which a verification has been declined, and is only returned in this case in the callback URL.
declined_codes This array contains status codes of all declined verification reasons. It will return only for verification.declined.

Verification Services

Shufti Pro is performing variety of verifications for its customers. Our diverse services suite allows us to validate the identity of users through facial verification, documents verification and address verification. We can also check the authenticity of customised documents like official IDs and perform background checks for AML compliance. A mix of various service modules can also be acquired to perform multifaceted verifications like facial and document verification can help you perform a thorough KYC procedure.

Face Service

{
    "face" : {
        "proof"   : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wDAP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",

        "allow_offline" : "1"
    }
}

The face verifications of end-users are the simplest to perform.

Parameters Description
proof Required: Yes
Type: string
Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB
Video Format: MP4/MOV Maximum: 20MB
Provide valid BASE64 encoded string.

Document Service

Document service sample object

{
    "document"  : {
        "proof"              : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=", 

        "additional_proof"   : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",

        "supported_types": ["id_card","driving_license"],
        "name"  :   {
                "first_name"   : "John",
                "last_name"    :  "Liveon"
        },
        "dob"                : "1990-10-10",
        "issue_date"         : "2015-10-10", 
        "expiry_date"        : "2025-10-10",
        "document_number"    : "1234-1234-ABC",
        "allow_offline"      : "1"
    }
}

Shufti Pro provides document verification through various types of documents. The supported formats are passports, ID Cards, driving licenses and debit/credit cards. You can opt for more than 1 document type as well.

Parameters Description
proof Required: Yes
Type: string
Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB
Video Format: MP4/MOV Maximum: 20MB
Provide valid BASE64 encoded string.
additional_proof Required: No
Type: string
Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB
Video Format: MP4/MOV Maximum: 20MB
Provide valid BASE64 encoded string.
supported_types Required: Yes
Type: Array
All supported types are listed here
Example 1 ["driving_license"]
Example 2 ["id_card", "credit_or_debit_card", "passport"]
dob Required: No
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be before today.
Example 1990-12-31
document_number Required: No
Type: string
Minimum: 2 characters
Maximum: 100 chracters
Allowed Characters are numbers, alphabets, dots, dashes, spaces, underscores and commas.
Examples 35201-0000000-0, ABC1234XYZ098
issue_date Required: No
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be before today.
Example 2015-12-31
expiry_date Required: No
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be after today.
Example 2025-12-31
name Required: No
Type: object
In name object used in document service, first_name and last_name are required. Other fields are optional.
Example 1 { "first_name" : "John", "last_name" : "Doe" }
Example 2 { "first_name" : "John", "last_name" : "Doe", "fuzzy_match" : "1"}
Parameters for name are listed here:

Document Two Service

Document Two service sample object

{
    "document_two"  : {
        "proof"              : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=", 

        "additional_proof"   : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",

        "supported_types": ["id_card","driving_license"],
        "name"  :   {
                "first_name"   : "John",
                "last_name"    :  "Liveon"
        },
        "dob"                : "1990-10-10",
        "issue_date"         : "2015-10-10", 
        "expiry_date"        : "2025-10-10",
        "document_number"    : "1234-1234-ABC",
        "allow_offline"      : "1"
    }
}

Document Two Service is provided to verify the personal details of a user from more than 1 document e.g. If you have verified the DOB & Name of a user from their ID Card, you can use Document Two Service to verify the Credit Card Number of your customer.

Just like the “Document Service”, the supported formats for this service are also passports, ID Cards, driving licenses and debit/credit cards and more than one document type can be selected as well.

It goes without saying that provided document proofs should belong to the same person in order to verify the identity of the user.

Parameters Description
proof Required: Yes
Type: string
Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB
Video Format: MP4/MOV Maximum: 20MB
Provide valid BASE64 encoded string.
additional_proof Required: No
Type: string
Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB
Video Format: MP4/MOV Maximum: 20MB
Provide valid BASE64 encoded string.
supported_types Required: Yes
Type: Array
All supported types are listed here
Example 1 ["driving_license"]
Example 2 ["id_card", "credit_or_debit_card", "passport"]
dob Required: No
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be before today.
Example 1990-12-31
document_number Required: No
Type: string
Minimum: 2 characters
Maximum: 100 chracters
Allowed Characters are numbers, alphabets, dots, dashes, spaces, underscores and commas.
Examples 35201-0000000-0, ABC1234XYZ098
issue_date Required: No
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be before today.
Example 2015-12-31
expiry_date Required: No
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be after today.
Example 2025-12-31
name Required: No
Type: object
In name object used in document service, first_name and last_name are required. Other fields are optional.
Example 1 { "first_name" : "John", "last_name" : "Doe" }
Example 2 { "first_name" : "John", "last_name" : "Doe", "fuzzy_match" : "1"}
Parameters for name are listed here:

Address Service

Address service sample object

{
    "address" : {
        "proof"     : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",

        "supported_types" :     ["id_card","bank_statement"],
        "name" :   {
            "first_name": "John",
            "last_name":  "Liveon"
        },
        "issue_date"           : "2015-10-10",
        "full_address"         : "Candyland Avenue",
        "address_fuzzy_match"  : "1",
        "allow_offline"        : "1"
   }
}

For address verification, a valid identity document is required with the same address printed on it as the one claimed by the end-user. The address can also be verified with the help of Utility Bills and Bank Statements.

Parameters Description
proof Required: Yes
Type: string
Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB
Video Format: MP4/MOV Maximum: 20MB
supported_types Required: Yes
Type: Array
Following is the list of supported types for address verification is here.
Example 1 [ "utility_bill" ]
Example 2 [ "id_card", "bank_statement" ]
full_address Required: Yes
Type: string
Minimum: 2 characters
Maximum: 250 chracters
Allowed Characters are numbers, alphabets, dots, dashes, spaces, underscores, hashes and commas.
address_fuzzy_match Required: No
Type: string
Accepted Values: 0, 1
Default Value: 0
Provide 1 for enabling a fuzzy match for address verification. Enabling fuzzy matching attempts to find a match which is not 100% accurate. Default value will be 0, which means that only 100% accurate address will be verified.
issue_date Required: No
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be before today.
Example 2015-12-31
name Required: No
Type: object
In name object used in document service, first_name and last_name are required. Other fields are optional.
Example 1 { "first_name" : "John", "last_name" : "Doe" }
Example 2 { "first_name" : "John", "last_name" : "Doe", "fuzzy_match" : "1"}
Parameters for name are listed here:

Consent service sample object

{
    "consent" : {
        "proof"            : "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAALCAYAAABCm8wlAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4QoPAxIb88htFgAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAACxSURBVBjTdY6xasJgGEXP/RvoonvAd8hDyD84+BZBEMSxL9GtQ8Fis7i6BkGI4DP4CA4dnQON3g6WNjb2wLd8nAsHWsR3D7JXt18kALFwz2dGmPVhJt0IcenUDVsgu91eCRZ9IOMfAnBvSCz8I3QYL0yV6zfyL+VUxKWfMJuOEFd+dE3pC1Finwj0HfGBeKGmblcFTIN4U2C4m+hZAaTrASSGox6YV7k+ARAp4gIIOH0BmuY1E5TjCIUAAAAASUVORK5CYII=",

        "supported_types"  : ["printed"],
        "text"             : "Hi, I am giving my consent",
        "allow_offline"    : "1"
    }
}

Customised documents/notes can also be verified by Shufti Pro. Company documents, employee cards or any other personalised note can be authenticated by this module. You can choose handwritten or printed document format but only one form of document can be verified in this verification module. Text whose presence on the note/customized document is to be verified, is also needed to be provided.

Parameters Description
proof Required: Yes
Type: string
Image Format: JPG, JPEG, PNG, PDF Maximum: 16MB
Video Format: MP4/MOV Maximum: 20MB
supported_types Required: Yes
Type: Array
Text provided in the consent verification can be verified by handwritten documents or printed documents. Supported types are listed here
Example 1 ["printed"]
Example 2 ["printed", "handwritten"]
text Required: Yes
Type: string
Minimum: 2 characters
Maximum: 100 chracters
Provide text in the string format which will be verified from a given proof.
with_face Required: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter is applicable if supported_type is handwritten and default value is 1. If value of with_face is 1 then hand written note will be accepted only with face which means your customer must need to show his/her face along with the consent on a paper. If value of with_face is 0 then hand written note is accepted with or without face.

Background Checks Service

Background Checks service sample object

{
    "background_checks" : {
        "name" : {
            "first_name"  : "John",
            "middle_name" : "Middle",
            "last_name"   : "Doe"
        },
        "dob"   : "1990-10-10"
    }
}

It is a verification process that will require you to send us the full Name of end-user in addition to date of birth. Shufti Pro will perform AML based background checks based on this information.

Parameters Description
dob Required: Yes
Type: string
Format: yyyy-mm-dd
Provide a valid date. Please note that the date should be before today.
Example 1990-12-31
name Required: Yes
Type: object
In name object used in background checks service, first_name required and other fields are optional. Parameters for name are listed here:
Example 1 { "first_name" : "John", "last_name" : "Doe"
Example 2 { "first_name" : "John", "middle_name" : "Carter", "last_name" : "Doe"}
ongoing Required: No
Accepted values: 0, 1
Default: 0
This Parameter is used for Ongoing AML Screening, and is allowed only on Production Accounts. If Shufti Pro detects a change in AML statuses, then we will send you a webhook with event verification.status.changed. The new AML status can be checked using get status endpoint, or from the back-office. Use fuzzy_match = 1 in the name object for better results for Ongoing AML Screening.

Status

Status Request

Status Request Sample

POST /api/status HTTP/1.1
Host: shuftipro.com


Content-Type: application/json


Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 

{
     
    "reference" : "17374217"
}

<?php
$url = 'https://shuftipro.com/api/status';

//Your Shufti Pro account Client ID
$client_id  = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';

$status_request = [
  "reference" => "your_request_reference",
];

$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($status_request);

//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);

//Get Shufti Pro API Response
$response_data    = $response['body'];
//Get Shufti Pro Signature
$sp_signature    = get_header_keys($response['headers'])['Signature'];

//Calculating signature for verification
$calculate_signature  = hash('sha256',$response_data.$secret_key);

if($sp_signature == $calculate_signature){

  echo "Response : $response_data";
}else{
  echo "Invalid signature :  $response_data";
}

function send_curl($url, $post_data, $headers, $auth){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($ch, CURLOPT_USERPWD, $auth);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  curl_setopt($ch, CURLOPT_HEADER, 1);
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
  $html_response = curl_exec($ch);
  $curl_info = curl_getinfo($ch);
  $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
  $headers = substr($html_response, 0, $header_size);
  $body = substr($html_response, $header_size);
  curl_close($ch);
  return ['headers' => $headers,'body' => $body];     
}

function get_header_keys($header_string){
  $headers = [];
  $exploded = explode("\n", $header_string);
  if(!empty($exploded)){
    foreach ($exploded as $key => $header) {
      if (!$key) {
        $headers[] = $header;
      } else {
        $header = explode(':', $header);
        $headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
      }
    }
  }    
  return $headers;
}
?>
var payload = {
    reference : 'your_request_reference'
}

//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN

//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://shuftipro.com/api/status', 
{
  method : 'post',
  headers : {
    'Accept'        : 'application/json',
    'Content-Type'  : 'application/json',
    'Authorization' : 'Basic ' +token
  },
  body: JSON.stringify(payload)
})
.then(function(response) {
     return response.json();
}).then(function(data) {
     console.log(data)
     return data;
});
import base64, requests, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''

url = 'https://shuftipro.com/api/status'

# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'

# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'

status_request = {
  "reference" : "your_request_reference"
}

# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url, 
        headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
        data=json.dumps(status_request))

# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()

# Convert json string to json object
json_response = json.loads(response.content)
sp_signature = response.headers.get('Signature','')

if sp_signature == calculated_signature:
    print 'Response : {}'.format(json_response)
else:
  print 'Invalid Signature: {}'.format(json_response) 
require 'uri'
require 'net/http'
require 'base64'
require 'json'

url = URI("https://shuftipro.com/api/status")

# Your Shufti Pro account Client ID
CLIENT_ID  = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"

post_data = { 
     reference: "your_request_reference" 
}

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)

header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")

request["Content-Type"]  = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body             = post_data.to_json

response = http.request(request)
response_headers =  response.instance_variable_get("@header")
response_data    = response.read_body

sp_signature     = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY

if sp_signature == calculated_signature
   puts response_data
else
   puts "Invalid signature"
end

Once a verification request is completed, you may request at status end point to get the verification status. You’ll have to provide reference ID for status request and you will be promptly informed about the status of that verification.

Run in Postman

Parameter Description
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
This is the unique reference ID of request, which we will send you back with each response, so you can verify the request. Only alphanumeric values are allowed.

Status Request Response

Sample Response



Content-Type: application/json


Signature: NmI4NmIyNzNmZjM0ZmNl

{
    "reference" : "17374217",
    "event"     : "verification.accepted",
    "proof"     : {
        "face": {
            "proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/face/proof.png?access_token=1a6c9985e88051092b31d62d043"
        },
        "document": {
            "proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/document/proof.png?access_token=1a6c9985e88051092b31d62d043"
        },
        "address": {
            "proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/address/proof.png?access_token=1a6c9985e88051092b31d62d043"
        },
        "consent": {
            "proof": "https://shuftipro.com/api/storage/aZa8mncOFLrbtxXk7Ka/consent/proof.png?access_token=1a6c9985e88051092b31d62d043"
        } 
    },
    "verification_data": {
        "document": {
            "issue_date": "1990-01-01",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "passport",
                "driving_license",
                "credit_or_debit_card"
            ]
        },
        "address": {
            "full_address": "Candyland Avenue",
            "selected_type": [
                "utility_bill"
            ],
            "supported_types": [
                "utility_bill",
                "driving_license",
                "bank_statement",
                "envelope",
                "id_card",
                "passport",
                "rent_agreement",
                "employer_letter",
                "insurance_agreement",
                "tax_bill"
            ]
        },
        "consent": {
            "text": "Hi, I agree your terms",
            "selected_type": [
                "handwritten"
            ],
            "supported_types": [
                "handwritten",
                "printed"
            ]
        },
        "background_checks": {
            "dob": "1990-01-01",
            "name": {
                "last_name": "John",
                "first_name": "Doe"
            }
        },
        "aml_for_business": {
             "business_name": "Company Name",
             "business_incorporation_date": "1975-07-01",
             "aml_data": {
                 "filters": [
                     "sanction",
                     "warning",
                     "fitness-probity",
                     "pep",
                     "pep-class-1",
                     "pep-class-2",
                     "pep-class-3",
                     "pep-class-4"
                 ],
                 "hits": [
                     {
                         "name": "Company Name",
                         "entity_type": "organisation",
                         "score": 24.911245,
                         "match_types": [
                             "name_exact"
                         ],
                         "alternative_names": [
                             "Company Name"
                         ],
                         "assets": [
                             {
                                 "public_url": "http://example.s3.amazonaws.com/834refjadfkjhq4-ahfdkddfa8a.pdf",
                                 "source": "us-securities-exchange-commission-litigation-releases",
                                 "type": "pdf"
                             }
                         ],
                         "associates": [],
                         "fields": {
                             "Activation Date": [
                                 {
                                     "value": "Jul. 17, 2019",
                                     "source": "united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
                                     "tag": ""
                                 }
                             ],
                             "Adverse Media Subtypes": [
                                 {
                                     "value": "antitrust, corporate-fraud, corruption, fines, insider-trading, litigation, money-laundering, other-crime, security, tax-evasion",
                                     "source": "company-am",
                                     "tag": ""
                                 }
                             ],
                             "Date": [
                                 {
                                     "value": "2002-08-03",
                                     "source": "us-securities-exchange-commission-litigation-releases",
                                     "tag": ""
                                 }
                             ],
                             "Enforcement Agency": [
                                 {
                                     "value": "United States Securities and Exchange Commission",
                                     "source": "united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
                                     "tag": ""
                                 }
                             ],
                             "Related URL": [
                                 {
                                     "value": "http://www.sec.gov/litigation/link423.shtml",
                                     "source": "us-securities-exchange-commission-litigation-releases",
                                     "tag": "related_url"
                                 },
                                 {
                                     "value": "https://www.sec.gov/litigation/admin/2019/34-72891heq89.pdf",
                                     "source": "united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
                                     "tag": "related_url"
                                 }
                             ],
                             "Release": [
                                 {
                                     "value": "Release information about company...",
                                     "source": "us-securities-exchange-commission-litigation-releases",
                                     "tag": ""
                                 }
                             ],
                             "Release Number": [
                                 {
                                     "value": "34-46017",
                                     "source": "us-securities-exchange-commission-litigation-releases",
                                     "tag": ""
                                 }
                             ],
                             "Related Url": [
                                 {
                                     "value": "http://www.sec.gov/litigation/admin/34-234324.htm",
                                     "source": "us-securities-exchange-commission-litigation-releases",
                                     "tag": "related_url"
                                 }
                             ]
                         },
                         "media": [
                             {
                                 "date": "2019-09-15T00:00:00Z",
                                 "snippet": "The NYPD said 12 men and 75 women were charged with obstructing traffic after blocking cars outside the company's flagship shop on 5th Avenue between 53rd and 54th streets on Satur day",
                                 "title": "Dozens of ICE Protesters Arrested in Midtown - American Renaissance",
                                 "url": "https://www.amren.com/news/2019/23/dozens-of-ice-protesters-arrtedaddsa-in-midtown/"
                             },
                             {
                                 "date": "2019-09-15T00:00:00Z",
                                 "snippet": "The NYPD said 12 men and 75 women were charged with obstructing traffic after blocking cars outside the company's flagship shop on 5th Avenue between 53rd and 54th streets on Satur day",
                                 "title": "Dozens of ICE protesters arrested in Midtown",
                                 "url": "https://nypost.com/2019/10/23/dozens-of-ice-asdf-asdfd-in-midtown/"
                             }
                         ],
                         "source_notes": {
                             "company-am": {
                                 "aml_types": [
                                     "adverse-media",
                                     "adverse-media-financial-crime",
                                     "adverse-media-fraud",
                                     "adverse-media-general"
                                 ],
                                 "name": "company AM"
                             },
                             "united-states-securities-and-exchange-commission-administrative-proceedings-organisation": {
                                 "aml_types": [
                                     "warning"
                                 ],
                                 "listing_started_utc": "2019-07-25T00:00:00Z",
                                 "name": "United States Securities and Exchange Commission Administrative Proceedings - organisation",
                                 "url": "https://www.sec.gov/litigation/asddfa.shtml"
                             },
                             "us-securities-exchange-commission-litigation-releases": {
                                 "aml_types": [
                                     "warning"
                                 ],
                                 "listing_ended_utc": "2016-12-22T00:00:00Z",
                                 "name": "Warnings USA SEC Litigation Releases",
                                 "url": "http://www.sec.gov/litigation/asdfasdf.shtml"
                             }
                         },
                         "sources": [
                             "company-am",
                             "united-states-securities-and-exchange-commission-administrative-proceedings-organisation",
                             "us-securities-exchange-commission-litigation-releases"
                         ],
                         "types": [
                             "adverse-media",
                             "adverse-media-financial-crime",
                             "adverse-media-fraud",
                             "adverse-media-general",
                             "warning"
                         ]
                     }
                 ]
             }
         }
    },
    "verification_result": {
        "background_checks": 1,
        "consent": {
            "consent": 1,
            "selected_type": 1
        },
        "address": {
            "partial_address_match_with_id_and_utility_bill": 1,
            "full_address": 1,
            "address_document_visibility": 1,
            "address_document_must_not_be_expired": 1,
            "address_document": 1,
            "address_document_country": 1,
            "selected_type": 1
        },
        "document": {
            "issue_date": 1,
            "document_visibility": 1,
            "document_must_not_be_expired": 1,
            "document": 1,
            "document_country": 1,
            "selected_type": 1
        },
        "face": 1
    },
    "info": {
        "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        },
        "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }
    }
}

The Shufti Pro Verification API will send a JSON response if a status request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.

Parameters Description
reference Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made.
event This is the request event which shows status of request. Event is changed in every response.
Please consult Events for more information.
proof This contains all the proofs that were used to verify data. The Proof URLs returned are temporary and valid for 15 minutes only.
verification_result This object will be returned in case of verification.accepted or verification.declined. This includes the results of each verification.
1 means accepted
0 means declined
null means not processed
Check verification.accepted and verification.declined responses in Events section for a sample response.
verification_data This object will be returned in case of verification.accepted or verification.declined. This object will include all the gathered data in a request process.
Check verification.accepted and verification.declined responses in Events section for a sample response.
info This object will be returned in case of verification.accepted or verification.declined. It contains the following keys:
Agent provides information about the device and browser of the end-user.
Geolocation provides information about the geographical location of the end-user.
For Details on info object go to INFO
declined_reason This parameter will have the reason due to which a verification has been declined, and is only returned in this case in the callback URL.
declined_codes This array contains status codes of all declined verification reasons. It will return only for verification.declined.

Delete

Delete Request

Delete Request Sample

POST /api/delete HTTP/1.1
Host: shuftipro.com


Content-Type: application/json


Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 

{
     
    "reference" : "17374217",
    "comment"   : "Customer asked to delete his/her data"
}

<?php
$url = 'https://shuftipro.com/api/delete';

//Your Shufti Pro account Client ID
$client_id  = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';

$delete_request = [
  "reference" => "your_request_reference",
  "comment"   => "Customer asked to delete his/her data"
];

$auth = $client_id . ":" . $secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($delete_request);

//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth);

//Get Shufti Pro API Response
$response_data    = $response['body'];

//Get Shufti Pro Signature
$sp_signature    = get_header_keys($response['headers'])['Signature'];

//Calculating signature for verification
$calculate_signature  = hash('sha256',$response_data.$secret_key);

if($sp_signature == $calculate_signature){
  echo "Response : $response_data";
}else{
  echo "Invalid signature :  $response_data";
}

function send_curl($url, $post_data, $headers, $auth){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($ch, CURLOPT_USERPWD, $auth);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  curl_setopt($ch, CURLOPT_HEADER, 1);
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
  $html_response = curl_exec($ch);
  $curl_info = curl_getinfo($ch);
  $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
  $headers = substr($html_response, 0, $header_size);
  $body = substr($html_response, $header_size);
  curl_close($ch);
  return ['headers' => $headers, 'body' => $body];     
}

function get_header_keys($header_string){
  $headers = [];
  $exploded = explode("\n", $header_string);
  if(!empty($exploded)){
    foreach ($exploded as $key => $header) {
      if (!$key) {
        $headers[] = $header;
      } else {
        $header = explode(':', $header);
        $headers[trim($header[0])] = isset($header[1]) ? trim($header[1]) : '';
      }
    }
  }    
  return $headers;
}
?>
var payload = {
    reference : 'your_request_reference',
    comment   : 'Customer asked to delete his/het data'
}

//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY"); //BASIC AUTH TOKEN

//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://shuftipro.com/api/delete', 
{
  method : 'post',
  headers : {
    'Accept'        : 'application/json',
    'Content-Type'  : 'application/json',
    'Authorization' : 'Basic ' +token
  },
  body: JSON.stringify(payload)
})
.then(function(response) {
     return response.json();
}).then(function(data) {
     console.log(data)
     return data;
});
import base64, requests, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''

url = 'https://shuftipro.com/api/delete'

# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'

# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'

delete_request = {
  "reference" : "your_request_reference",
  "comment"   : "Customer asked to delete his/her data"
}

# Calling Shufti Pro request API using python requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth)
response = requests.post(url, 
        headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
        data=json.dumps(delete_request))

# Calculating signature for verification
calculated_signature = hashlib.sha256('{}{}'.format(response.content, secret_key)).hexdigest()

# Convert json string to json object
json_response = json.loads(response.content)

if 'Signature' in json_response.keys():
  sp_signature = response.headers['Signature']
  if sp_signature == calculated_signature:
    print 'Response : {}'.format(json_response)
else:
  print 'Invalid Signature: {}'.format(json_response) 
require 'uri'
require 'net/http'
require 'base64'
require 'json'

url = URI("https://shuftipro.com/api/delete")

# Your Shufti Pro account Client ID
CLIENT_ID   = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY  = "YOUR-SECRET-KEY"

post_data = { 
     reference: "your_request_reference",
     comment: "Customer asked to delete his/her data"
}

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)

header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")

request["Content-Type"]  = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = post_data.to_json

response = http.request(request)
response_headers =  response.instance_variable_get("@header")
response_data    = response.read_body

sp_signature     = response_headers['signature'].join(',')
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY

if sp_signature == calculated_signature
   puts response_data
else
   puts "Invalid signature"
end

Once a verification request is completed, you may request at delete request endpoint to delete the verification data. You’ll have to provide reference ID for that request and you will be promptly informed about the deletion of the request.

Run in Postman

Parameter Description
reference Required: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
This is the unique reference ID of request which needs to be deleted.
comment Required: Yes
Type: string
Minimum: 5 characters
Maximum: 200 characters
Add a comment why the request is deleted for your future reference

Delete Request Response

Sample Response

Content-Type: application/json


Signature: NmI4NmIyNzNmZjM0ZmNl

{
    "reference": "17374217",
    "event": "request.deleted"
}

The Shufti Pro Verification API will send a JSON response if a delete request is made. Make sure to validate the request by generating signature and matching it with Signature value from response header.

Parameters Description
reference Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made.
event This is the request event which shows status of request. Event is changed in every response.
Please consult Events for more information.

Account Info Request

Run in Postman

Sample Account Info Request

GET /api/account/info/ HTTP/1.1
Host: shuftipro.com


Content-Type: application/json


Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 

Sample Account Info Response

{
    "account": {
        "name": "your account name",
        "status": "production",
        "balance": {
            "amount": "99.85",
            "currency": "USD"
        }
    }
}
{
    "account": {
        "name": "your account name",
        "status": "trial",
        "balance": {
            "amount": "99.85",
            "currency": "USD"
        }
    }
}

This end-point will provide information to the customer about their account balance and status of their account that whether they are in production or trial mode.

Appendix

Name

name is an object and contains the following parameters

Name sample object

{
    "name" : {
        "first_name"  : "John",
        "middle_name" : "Carter",
        "last_name"   : "Doe",
        "fuzzy_match" : "1"
    }
}
{
    "name" : {
        "full_name"   : "John Carter Doe",
        "fuzzy_match" : "1"
    }
}
Parameters Description
first_name Required: No
Type: string
Minimum: 1 character
Maximum: 32 chracters
Allowed Characters are alphabets, - (dash), comma, space, dot and single quotation mark.
Example John'O Harra
middle_name Required: No
Type: string
Minimum: 1 character
Maximum: 32 chracters
Allowed Characters are alphabets, - (dash), comma, space, dot and single quotation mark.
Example Carter-Joe
last_name Required: No
Type: string
Minimum: 1 character
Maximum: 32 chracters
Allowed Characters are alphabets, - (dash), comma, space, dot and single quotation mark.
Example John, Huricane Jr.
fuzzy_match Required: No
Type: string
Value Accepted: 1
Provide 1 for enabling a fuzzy match of the name. Enabling fuzzy matching attempts to find a match which is not a 100% accurate.
full_name Required: No
Type: string
Minimum: 1 character
Maximum: 64 characters
Some countries don't have the identity document holder name as their first, middle or last name instead its written in full. In such cases, you may provide the full name.

Response Signature

Every HTTP and Callback responses will be in application/json with a key Signature in the header. It can be used to validate the source of the request. Make a signature using the following procedure:

  1. Concatinate Secret Key at the end of the raw response string. (i.e. response + secret_key).
  2. Take SHA256 of concatinated string.
  3. Match the SHA256 string with Signature value from the header of the response.

In short, make signature as hash('sha256', response . your_secret_key) and match it with the signature provided in the header in Signature key.

HTTP Status Codes and Events

Instant Capture & Verification API uses conventional HTTP response codes to indicate the success or failure of an API request. Every response is generated in JSON with a specific HTTP code. Go to Status Codes for a complete list of status codes. Events are sent in responses which show the status of request. These events are sent in both HTTP and callback responses. Please consult Events for a complete list of events.

Status Codes

Shufti Pro Verification API uses conventional HTTP response codes to indicate the success or failure of an API request. Every response is generated in JSON with a specific HTTP code.

HTTP Codes

Following is a list of HTTP codes which are generated in responses by Shufti Pro Verification API.

HTTP code HTTP message Message
200 OK success
400 Bad Request bad request: one or more parameter is invalid or missing
401 Unauthorized unauthorized: invalid signature key provided in the request
402 Request Failed invalid request data: missing required parameters
403 Forbidden forbidden: service not allowed
404 Not Found resource not found
409 Conflict conflicting data: already exists
500 Server Error internal server error
429 Too Many Requests Too Many Attempts.

Response Events

Events are sent in responses which show the status of request. These events are sent in both HTTP and callback responses.

request.received

{
    "reference": "17374217",
    "event": "request.received",
    "email": "johndoe@example.com",
    "country": "UK"
}

request.invalid

{
    "reference": "17374217",
    "event": "request.invalid",
    "error": {
        "service": "document",
        "key": "dob",
        "message": "The dob does not match the format Y-m-d."
    },
    "email": null,
    "country": null"
}

request.deleted

{
    "reference": "17374217",
    "event": "request.deleted"
}

request.timeout

{
    "reference": "17374217",
    "event": "request.timeout",
    "error": "",
    "verification_url": ""
}

request.unauthorized

{
    "reference": "",
    "event": "request.unauthorized",
    "error": {
        "service": "",
        "key": "",
        "message": "Authorization keys are missing/invalid."
    },
    "email": null,
    "country": null"
}

verification.accepted

{
    "reference": "17374217",
    "event": "verification.accepted",
    "error": "",
    "verification_url": "",
    "verification_result": {
        "document": {
            "name": 1,
            "dob": 1,
            "expiry_date": 1,
            "issue_date": 1,
            "document_number": 1,
            "document": 1
        },
        "address": {
            "name": 1,
            "full_address": 1
        }
    },
    "verification_data": {
        "document": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "dob": "1978-03-13",
            "issue_date": "2015-10-10",
            "expiry_date": "2025-12-31",
            "document_number": "1456-0989-5567-0909",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "driving_license",
                "passport"
            ]
        },
        "address": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "full_address": "3339 Maryland Avenue, Largo, Florida",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "bank_statement"
            ]
        }
    },
    "info": {
        "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        },
        "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }
    }
}

verification.declined

{
    "reference": "95156124",
    "event": "verification.declined",
    "error": "",
    "verification_url": "",
    "verification_result": {
        "document": {
            "name": 0,
            "dob": 1,
            "expiry_date": 1,
            "issue_date": 1,
            "document_number": 1,
            "document": null
        },
        "address": {
            "name": null,
            "full_address": null
        }
    },
    "verification_data": {
        "document": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "dob": "1978-03-13",
            "issue_date": "2015-10-10",
            "expiry_date": "2025-12-31",
            "document_number": "1456-0989-5567-0909",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "driving_license",
                "passport"
            ]
        },
        "address": {
            "name": {
                "first_name": "John",
                "middle_name": "Carter",
                "last_name": "Doe"
            },
            "full_address": "3339 Maryland Avenue, Largo, Florida",
            "selected_type": [
                "id_card"
            ],
            "supported_types": [
                "id_card",
                "bank_statement"
            ]
        }
    },
    "info": {
        "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        },
        "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }
    }, 
     "declined_reason": "Name on the document doesn't match",
     "declined_codes":[
        "SPDR07",
        "SPDR06",
        "SPDR23"
     ]
}

verification.status.changed

{
    "reference": "17374217",
    "event": "verification.status.changed"
}
Event description HTTP Response Callback Response
request.received Request has been received. Yes Yes
request.invalid Request parameters provided in request are invalid. Yes No
request.deleted Request has been deleted. Yes Yes
request.timeout Request has timed out after a specific period of time. No Yes
request.unauthorized Request is unauthorized. The information provided in authorization header is invalid. Yes No
verification.accepted Request was valid and accepted after verification. Yes Yes
verification.declined Request was valid and declined after verification. Yes Yes
verification.status.changed Request status has been updated. No Yes

Supported Types

Document Supported Types

All supported types are listed below.

Supported Types
passport
id_card
driving_license
credit_or_debit_card

Address Supported Types

All supported types are listed below.

Supported Types
id_card
passport
driving_license
utility_bill
bank_statement
rent_agreement
employer_letter
insurance_agreement
tax_bill

Supported types are listed below.

Supported Types
handwritten
printed

Rate Limiting

Production Account

For the production account, Shufti Pro allows 60 requests per min. This limit is per IP.

Trial Account

For the trial account, Shufti Pro allows 3 requests per minute. This limit is per account.

Info

This object will be returned in case of verification.accepted or verification.declined. It contains the following keys:
Agent provides information about the device and browser of the end-user.
Geolocation provides information about the geographical location of the end-user.

Agent

agent is an object and contains the following parameters

Agent sample object

{
    "agent": {
            "is_desktop": true,
            "is_phone": false,
            "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "device_name": "Macintosh",
            "browser_name": "",
            "platform_name": "OS X - 10_14_0"
        }

}
Parameters Description
is_desktop Type: Boolean
Example true
Shows empty string “” if not detected.
is_phone Type: Boolean
Example false
Shows empty string “” if not detected.
useragent Type: string
Example Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Shows empty string “” if not detected.
device_name Type: string
Example Macintosh
Shows empty string “” if not detected.
browser_name Type: string
Example Chrome - 70.0.3538.80
Shows empty string “” if not detected.
platform_name Type: string
Example OS X - 10_14_0
Shows empty string “” if not detected.

Geo location

geolocation is an object and contains the following parameters

geolocation sample object

{

    "geolocation": {
            "host": "212.103.50.243",
            "ip": "212.103.50.243",
            "rdns": "212.103.50.243",
            "asn": "9009",
            "isp": "M247 Ltd",
            "country_name": "Germany",
            "country_code": "DE",
            "region_name": "Hesse",
            "region_code": "HE",
            "city": "Frankfurt am Main",
            "postal_code": "60326",
            "continent_name": "Europe",
            "continent_code": "EU",
            "latitude": "50.1049",
            "longitude": "8.6295",
            "metro_code": "",
            "timezone": "Europe/Berlin"
        }

}
Parameters Description
host Type: string
Example 212.103.50.243
Shows empty string “” if not detected.
ip Type: string**
Example 212.103.50.243
Shows empty string “” if not detected.
rdns Type: string
Example 212.103.50.243
Shows empty string “” if not detected.
asn Type: string
Example 9009
Shows empty string “” if not detected.
isp Type: string
Example M247 Ltd
Shows empty string “” if not detected.
country_name Type: string
Example Germany
Shows empty string “” if not detected.
country_code Type: string
Example DE
Shows empty string “” if not detected.
region_name Type: string
Example Hesse
Shows empty string “” if not detected.
region_code Type: string
Example HE
Shows empty string “” if not detected.
city Type: string
Example Frankfurt am Main
Shows empty string “” if not detected.
postal_code Type: string
Example 60326
Shows empty string “” if not detected.
continent_name Type: string
Example Europe
Shows empty string “” if not detected.
continent_code Type: string
Example EU
Shows empty string “” if not detected.
latitude Type: string
Example 50.1049
Shows empty string “” if not detected.
longitude Type: string
Example 50.1049
Shows empty string “” if not detected.
metro_code Type: string
Example 501
Shows empty string “” if not detected.
timezone Type: string
Example Europe/Berlin
Shows empty string “” if not detected.

Declined Reasons

Face

Description
Face is not verified.
Face not found on document
Image is altered or photoshopped
Image found on web

Document

Description
Document originality not verified.
Name in the document didn't match.
DOB in the document didn't match.
Expiry Date in the document didn't match.
Issue date in the document didn't match.
Document Number in the document didn't match.
Document originality is not verified.
Document country is not verified.
Document is not one of the Selected Types(s).
Age not Verified.
Face on Document not matched with face image
document has expired.
Document not clearly visible.
Face not found on document
Image found on web
Image is altered or photoshopped
Proof and Additional Proof does not belong to the same document

Document Two

Description
Document originality not verified.
Name in the document didn't match.
DOB in the document didn't match.
Expiry Date in the document didn't match.
Issue date in the document didn't match.
Document Number in the document didn't match.
Document originality is not verified.
Document country is not verified.
Document is not one of the Selected Types(s).
Age not Verified.
Face on Document not matched with face image
document has expired.
Document not clearly visible.
Face not found on document
Image found on web
Image is altered or photoshopped
Proof and Additional Proof does not belong to the same document
Both Documents do not belong to the same person
Names on both the documents do not match

Address

Description
Name on the Address Document didn't match.
Address wasn't verified.
Address Document type didn't match.
Address document country is not verified.
Address Document is not one of the Selected Types(s).
Address document has expired.
Address document not clearly visible.
Address on Identity Document and Utility Bill did not match.
Document is not one of the Selected Types(s).
Issue date in the address document didn't match.
Image found on web
Image is altered or photoshopped
Proof and Additional Proof does not belong to the same document
Description
Consent is not verified.
Consent is not one of the Selected Types(s).
Image found on web
Image is altered or photoshopped

background_checks

Description
User failed the background checks.

phone_number

Description
Phone number is not verified.

Declined Status Code

Face Status Codes

Status Code Description
SPDR01 Face could not be verified
SPDR19 Face not found on the document
SPDR03 Image is altered or photoshopped
SPDR04 Copy of the image found on web

Document Status Code

Status Code Description
SPDR02 Image of the face not found on the document
SPDR06 Document originality could not be verified
SPDR07 Name on the document doesn't match
SPDR08 DOB on the document doesn't match
SPDR16 Expiry date on the document doesn't match
SPDR10 Issue date on the document doesn't match
SPDR09 Date on the document doesn't match
SPDR11 Number on the document doesn't match
SPDR12 Country on the document could not be verified
SPDR13 Document doesn't match the provided options
SPDR14 Age could not be verified
SPDR15 Face on the document doesn't match with camera image
SPDR17 Document has expired
SPDR18 Document is not clearly displayed
SPDR19 Face not found on the document
SPDR03 Image is altered or photoshopped
SPDR04 Copy of the image found on web
SPDR21 Proof and Additional Proof are of different documents

Document Two Status Code

Status Code Description
SPDR02 Image of the face not found on the document
SPDR06 Document originality could not be verified
SPDR07 Name on the document doesn't match
SPDR08 DOB on the document doesn't match
SPDR16 Expiry date on the document doesn't match
SPDR10 Issue date on the document doesn't match
SPDR09 Date on the document doesn't match
SPDR11 Number on the document doesn't match
SPDR12 Country on the document could not be verified
SPDR13 Document doesn't match the provided options
SPDR14 Age could not be verified
SPDR15 Face on the document doesn't match with camera image
SPDR17 Document has expired
SPDR18 Document is not clearly displayed
SPDR19 Face not found on the document
SPDR03 Image is altered or photoshopped
SPDR04 Copy of the image found on web
SPDR21 Proof and Additional Proof are of different documents
SPDR36 Both Documents do not belong to the same person
SPDR05 Names on both the documents do not match

Address Status Code

Status Code Description
SPDR02 Image of the face not found on the document
SPDR22 Name on the Address Document doesn't match
SPDR23 Address could not be verified
SPDR24 Document type is different from the provided options
SPDR25 Country on the address document could not be verified
SPDR26 Addresses on the Identity Document and Utility Bill do not match
SPDR27 Address document has expired
SPDR28 Address document is not clearly displayed
SPDR13 Document doesn't match the provided options
SPDR30 Issue date on the address document doesn't match
SPDR03 Image is altered or photoshopped
SPDR04 Copy of the image found on web
SPDR21 Proof and Additional Proof are of different documents
SPDR31 Address proof and document proof are of different persons
Status Code Description
SPDR02 Image of the face not found on the document
SPDR32 Consent could not be verified
SPDR33 Consent type is different from provided options
SPDR03 Image is altered or photoshopped
SPDR04 Copy of the image found on web

background_checks Status Code

Status Code Description
SPDR34 AML screening failed

phone_number Status Code

Status Code Description
SPDR35 Phone number could not be verified

Supported Countries

Shufti Pro provides support for all countries. The country code for each country of the world is stated below. Make sure to you use them accordingly.

Country Name Country Code
Afghanistan AF
Aland Islands AX
Albania AL
Algeria DZ
American Samoa AS
Andorra AD
Angola AO
Anguilla AI
Antarctica AQ
Antigua and Barbuda AG
Argentina AR
Armenia AM
Aruba AW
Australia AU
Austria AT
Azerbaijan AZ
Bahamas BS
Bahrain BH
Bangladesh BD
Barbados BB
Belarus BY
Belgium BE
Belize BZ
Benin BJ
Bermuda BM
Bhutan BT
Bolivia BO
Bosnia and Herzegovina BA
Botswana BW
Bouvet Island BV
Brazil BR
British Indian Ocean Territory IO
Brunei BN
Bulgaria BG
Burkina Faso BF
Burma (Myanmar) MM
Burundi BI
Cambodia KH
Cameroon CM
Canada CA
Cape Verde CV
Cayman Islands KY
Central African Republic CF
Chad TD
Chile CL
China CN
Christmas Island CX
Cocos (Keeling) Islands CC
Colombia CO
Comoros KM
Congo, Dem. Republic CD
Congo, Republic CG
Cook Islands CK
Costa Rica CR
Croatia HR
Cuba CU
Cyprus CY
Czech Republic CZ
Denmark DK
Djibouti DJ
Dominica DM
Dominican Republic DO
East Timor TL
Ecuador EC
Egypt EG
El Salvador SV
Equatorial Guinea GQ
Eritrea ER
Estonia EE
Ethiopia ET
Falkland Islands FK
Faroe Islands FO
Fiji FJ
Finland FI
France FR
French Guiana GF
French Polynesia PF
French Southern Territories TF
Gabon GA
Gambia GM
Georgia GE
Germany DE
Ghana GH
Gibraltar GI
Greece GR
Greenland GL
Grenada GD
Guadeloupe GP
Guam GU
Guatemala GT
Guernsey GG
Guinea GN
Guinea-Bissau GW
Guyana GY
Haiti HT
Heard Island and McDonald Islands HM
Honduras HN
HongKong HK
Hungary HU
Iceland IS
India IN
Indonesia ID
Iran IR
Iraq IQ
Ireland IE
Israel IL
Italy IT
Ivory Coast CI
Jamaica JM
Japan JP
Jersey JE
Jordan JO
Kazakhstan KZ
Kenya KE
Kiribati KI
Korea, Dem. Republic of KP
Kuwait KW
Kyrgyzstan KG
Laos LA
Latvia LV
Lebanon LB
Lesotho LS
Liberia LR
Libya LY
Liechtenstein LI
Lithuania LT
Luxemburg LU
Macau MO
Macedonia MK
Madagascar MG
Malawi MW
Malaysia MY
Maldives MV
Mali ML
Malta MT
Man Island IM
Marshall Islands MH
Martinique MQ
Mauritania MR
Mauritius MU
Mayotte YT
Mexico MX
Micronesia FM
Moldova MD
Monaco MC
Mongolia MN
Montenegro ME
Montserrat MS
Morocco MA
Mozambique MZ
Namibia NA
Nauru NR
Nepal NP
Netherlands NL
Netherlands Antilles AN
New Caledonia NC
New Zealand NZ
Nicaragua NI
Niger NE
Nigeria NG
Niue NU
Norfolk Island NF
Northern Mariana Islands MP
Norway NO
Oman OM
Pakistan PK
Palau PW
Palestinian Territories PS
Panama PA
Papua New Guinea PG
Paraguay PY
Peru PE
Philippines PH
Pitcairn PN
Poland PL
Portugal PT
Puerto Rico PR
Qatar QA
Reunion Island RE
Romania RO
Russian Federation RU
Rwanda RW
Saint Barthelemy BL
Saint Kitts and Nevis KN
Saint Lucia LC
Saint Martin MF
Saint Pierre and Miquelon PM
Saint Vincent and the Grenadines VC
Samoa WS
San Marino SM
Saudi Arabia SA
Senegal SN
Serbia RS
Seychelles SC
Sierra Leone SL
Singapore SG
Slovakia SK
Slovenia SI
Solomon Islands SB
Somalia SO
South Africa ZA
South Georgia and the South Sandwich Islands GS
South Korea KR
Spain ES
Sri Lanka LK
Sudan SD
Suriname SR
Svalbard and Jan Mayen SJ
Swaziland SZ
Sweden SE
Switzerland CH
Syria SY
São Tomé and Príncipe ST
Taiwan TW
Tajikistan TJ
Tanzania TZ
Thailand TH
Togo TG
Tokelau TK
Tonga TO
Trinidad and Tobago TT
Tunisia TN
Turkey TR
Turkmenistan TM
Turks and Caicos Islands TC
Tuvalu TV
Uganda UG
Ukraine UA
United Arab Emirates AE
United Kingdom GB
United States US
Uruguay UY
Uzbekistan UZ
Vanuatu VU
Vatican City State VA
Venezuela VE
Vietnam VN
Virgin Islands (British) VG
Virgin Islands (U.S.) VI
Wallis and Futuna WF
Western Sahara EH
Yemen YE
Zambia ZM
Zimbabwe ZW

Supported Languages

Shufti Pro offers worldwide language coverage. Use the appropriate language code from below list.

Country Name Language Code
Afrikaans AF
Albanian SQ
Amharic AM
Arabic AR
Armenian HY
Azerbaijani AZ
Basque EU
Belarusian BE
Bengali BN
Bosnian BS
Bulgarian BG
Burmese MY
Catalan CA
Chichewa NY
Chinese ZH
Corsican CO
Croatian HR
Czech CS
Danish DA
Dutch NL
English EN
Esperanto EO
Estonian ET
Filipino TL
Finnish FI
French FR
Frisian FY
Galician GL
Georgian KA
German DE
Greek (modern) EL
Gujarati GU
Haitian, Haitian Creole HT
Hausa HA
Hebrew (modern) HE
Hindi HI
Hungarian HU
Indonesian ID
Irish GA
Igbo IG
Icelandic IS
Italian IT
Japanese JA
Javanese JV
Kannada KN
Kazakh KK
Khmer KM
Kirghiz, Kyrgyz KY
Korean KO
Kurdish KU
Latin LA
Luxembourgish, Letzeburgesch LB
Lao LO
Lithuanian LT
Latvian LV
Macedonian MK
Malagasy MG
Malay MS
Malayalam ML
Maltese MT
Maori MI
Marathi MR
Mongolian MN
Nepali NE
Norwegian NO
Punjabi PA
Persian FA
Polish PL
Pashto PS
Portuguese PT
Romanian RO
Russian RU
Sindhi SD
Samoan SM
Serbian SR
Scottish Gaelic GD
Shona SN
Sinhala SI
Slovak SK
Slovenian SL
Somali SO
Sesotho ST
Spanish ES
Sundanese SU
Swahili SW
Swedish SV
Tamil TA
Telugu TE
Tajik TG
Thai TH
Turkish TR
Ukrainian UK
Urdu UR
Uzbek UZ
Vietnamese VI
Welsh CY
Xhosa XH
Yiddish YI
Yoruba YO
Zulu ZU

Supported Browsers and Devices

In case of on-site verification, a verification page is shown to users. This page is supported on the following list of browsers.

Browsers Minimum Version/SDK
Chrome (Recommended) 65
Firefox (Recommended) 58
Safari 8
Opera 52
Internet Explorer 11
Edge 16

Here a list of supported operating systems on mobile devices.

Mobile OS Minimum Version/SDK
Android 6.0 (Marshmallow)
iOS 10

Test IDs

Shufti Pro provides the users with a number of test documents. Customers may use these to test the demo, instead of presenting their actual information.

Real face

Fake face

Real id

Fake id

Real consent

Fake consent

Revision History

Date Description
21 Dec 2018 Corrected the get status request url
20 Dec 2018 Corrected verification.cancelled event name from events listing
06 Dec 2018 Minimum characters limit is set to 1 for first, middle and last name
29 Nov 2018 Updated POSTMAN collection link, removed format key and added supported_types key for consent service in POSTMAN collection.
29 Oct 2018 Changed format key to Supported_types in consent Service.
29 Oct 2018 Allowed PDF documents as proofs in image_only and any verification modes.
26 Nov 2018 Added allow_offline key in request parameters.
22 Oct 2018 Added declined reason key in response.
17 Oct 2018 Updated Test IDs for demo/test verifications.
09 Oct 2018 1. Last name field made optional in all name objects.
2. Added signature in response headers to validate the source of responses.
24 Jan 2019 Added a new callback with event verification.status.changed. It is sent to clients whenever a verification status is updated.
28 Jan 2019 1. Added a new endpoint /api/delete to delete a request data.
2. Added a new event request.deleted which is returned whenever a request is deleted.
3. Status response now returns proofs also.
4. Added show_results key in request which allows end-users to see verification results.
18 Feb 2019 Signature key added into SP Http, Callback headers for signature validation.
19 Feb 2019 1. Added show_consent and show_privacy_policy parameters in verification request.
2. Added address_fuzzy_match parameter in address service.
3. Added allow_offline parameter in face, document, address and consent services.
20 Feb 2019 Added selected_type key in address, document, consent services webhook/callback response.
7 Mar 2019 Added issue_date key in address service request parameters.
11 Mar 2019 1. Added new params verification_data, verification_result and declined_reason in verification status endpoint.
2. Added a new event request.received
05 Apr 2019 country key updated.
09 Apr 2019 Added a new endpoint /api/account/info/ to get account info.
16 Apr 2019 Added Fuzzy match in Background checks.
03 May 2019 Added Declined Reasons of verificatiton Request.
22 May 2019 Added with_face key in consent service.
24 May 2019 Update declined reason.
12 Jun 2019 Added Document Two Service for verification.
02 Jul 2019 Added Rate Limiting for requests.
04 Jul 2019 Added declined reasons for document, document two and address services.
04 Jul 2019 Added info object key in responses just in API documentation. (Shufti Pro API will send this object in response from 15 Jul 2019 )
15 Jul 2019 Added info object key in responses date has been extended to 18 Jul 2019.
16 Jul 2019 Added Ongoing in Background checks.
20 Jul 2019 Added request time out time.
20 Jul 2019 Updated declined reasons.
27 Aug 2019 Added full_name key to name object.
09 Sep 2019 Declined reasons description updated and added status code for each reason.
09 Sep 2019 Added declined_codes in verification response. Note: This Feature is currently available for trial accounts and will be available for production accounts from "24 Sep 2019"
11 Sep 2019 Old declined reason added in appendix
24 Sep 2019 Added declined_codes in verification response, for all accounts.
09 Oct 2019 Added the show_feedback_form in verification request.
10 Oct 2019 Updated Onsite verification javascript code.
24 Oct 2019 Introduced new service for Businesses AML checks(AML for Businesses).
31 Oct 2019 Introduced new service Know Your business (KYB).
11 Nov 2019 updated KYB request response
14 Nov 2019 Request status response sample updated.
18 Nov 2019 HTTP status code updated.