Skip to main content

Authorization

Shufti Pro API uses API keys to authenticate requests. You can view and manage your API keys in your Shufti Pro Backoffice. Authorization to API is performed via HTTP Basic Auth. The verification request will fail without authorization.

BASIC AUTH

Shufti Pro API uses API keys to authenticate requests. You can view and manage your API keys in your Shufti Pro Backoffice. Authorization to API is performed via HTTP Basic Auth. The verification request will fail without authorization.

BASIC AUTH

//POST / HTTP/1.1 basic auth
//Host: ra.shuftipro.com/risk-api
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference" : "1234567",
"callback_url" : "http://www.example.com/",
"email" : "[email protected]",
"country" : "GB",
"language" : "EN",
"verification_mode" : "any",
"risk_assessment" : {
"risk_reference" : "123456",
"phone_number" : "+4400000000"
}
}

Shufti Pro provides Authorization to clients through the Basic Auth header. Your Client ID will serve as your Username while the Secret Key will serve as your Password. The API will require this header for every request.

FieldsRequiredDescription
usernameYesEnter Client ID as username.
passwordYesEnter your Secret Key as password.

Request

Before getting started, make sure you have the following:

Common Parameters

The parameters mentioned below are applicable for onsite verifications in risk assessment service.

ParametersDescription
referenceRequired: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
Each request is issued a unique reference ID which is sent back to Shufti Pro’s client with each response. This reference ID helps to verify the request. The client can use this ID to check the status of already performed verifications.
countryRequired: No
Type: string
Length: 2 characters
You may omit this parameter if you don't want to enforce country verification. If a valid country code is provided, then the proofs (images/videos) for document verification or address verification must be from the same country. Country code must be a valid ISO 3166-1 alpha-2 country code. Please consult Supported Countries for country codes.
languageRequired: No
Type: string
Length: 2 characters
If the Shufti Pro client wants their preferred language to appear on the verification screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English.
emailRequired: Yes
Type: string
Minimum: 6 characters
Maximum: 128 characters
This field represents email of the end-user.
callback_urlRequired: No
Type: string
Minimum: 6 characters
Maximum: 250 characters
A number of server-to-server calls are made to Shufti Pro’s client to keep them updated about the verification status. This allows the clients to keep the request updated on their end, even if the end-user is lost midway through the process.
redirect_urlRequired: No
Type: string
Minimum: 6 characters
Maximum: 250 characters
Once an on-site verification is complete, User is redirected to this link after showing the results.
verification_modeRequired: No
Type: string
Accepted Values: any, image_only, video_only
This key specifies the types of proof that can be used for verification. In a “video_only” mode, Shufti Pro’s client can only send “Base64” of videos wherein formats of proofs should be MP4 or MOV. “any” mode can be used to send a combination of images and videos as proofs for verification.
show_consentRequired: No
Type: string
Accepted Values: 0, 1
Default Value: 1
If enabled, it shows the Shufti Pro terms and conditions to the user at the start of the verification.
allow_na_ocr_inputsRequired: No
Type: string
Accepted Values: 0, 1
Default Value: 0
In onsite with ocr verification request, it allows the end-user to select N/A on the OCR form and the verification step will be accepted.
allow_offlineRequired: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter allows users to upload images or videos in case of non-availability of a functional webcam.If value: 0, users can capture photos/videos with the camera only.
allow_onlineRequired: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter allows users to capture image or videos in real-time when internet is available. If value: 0 users can upload already captured images or videos.
Note: if allow_offline: 0 priority will be given to allow_offline
show_privacy_policyRequired: No
Type: string
Accepted Values: 0, 1
Default Value: 1
This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve another alternative mechanism in place.
ttlRequired: No
Type: int
Minimum: 60
Give a numeric value for minutes that you want the verification url to remain active.

Onsite Verification

On-site verification means that Shufti Pro will be interacting directly with end-user and will be responsible for data collection in order to perform Identity verification. Shufti Pro customer will only be notified about the verification status via Shufti Pro Back Office.

Shufti Pro offers following services in On-site verification: Risk Assessment

Risk Assessment Service

Risk Assessment service sample

"risk_assessment": {
"risk_reference": "37rNhl",
"phone_number": "+4400000000"
}

Risk assessment service helps businesses in verifying onboarding customers via risk scores. These risk scores are provided by the client during the onboarding process.. The service enables you to select numerous checks to prevent fraud, create customized risk questionnaires, and configure journeys for consumers with Low, Medium, High, and Prohibited risk levels.

The four primary components of risk assessment are:

  • Setting up risk ranges.
  • Fraud prevention checks.
  • Customising questionnaire.
  • Setting up the customised verification journey.

The Risk Assessment Service includes two parts:


1. Creation of a Risk Assessment
2. Calling a Risk Assessment via API

1. Creation of a Risk Assessment

To create a risk assessment, the client needs to follow these steps:

  • Setup the risk assessment title and risk ranges according to the business requirements.
  • Select the checks from the fraud prevention - data points section to avoid fraud by checking the customer’s PhoneNo, IP, Email, and Velocity risk.
  • Create multiple customized risk questionnaires with several answer types by adding scores against each answer option.
  • Configure KYC journeys for consumers with Low, Medium, High, and Prohibited risk levels based on the defined risk ranges and requirements.

2. Calling a Risk Assessment via API

To use the risk assessment service and ask the end-users to fill in the risk assessment, clients need to send an API Request to the server with the following parameters:

ParametersDescription
risk_referenceRequired: Yes
Type: string
Maximum: 6 characters
The “risk_reference” parameter is a string that takes one risk_reference in the string to execute the risk assessment service for your end users.
phone_numberRequired: Yes
Type: string
Minimum: 6 characters
Maximum: 64 characters
The “phone_number” parameter is a string that takes one phone_number in the string along with risk_reference to execute the risk assessment service for your end users.

Status Request

Status Request Sample

//POST /status HTTP/1.1
//Host: ra.shuftipro.com/risk-api/status
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
//replace "Basic" with "Bearer in case of Access Token"
{
"reference" : "17374217"
}

Once a risk assessment request is completed, you may request at the status endpoint to get the verification status. You’ll have to provide the reference ID for the status request and you will be promptly informed about the status of that verification.

Run in Postman

ParameterDescription
referenceRequired: Yes
Type: string
Minimum: 6 characters
Maximum: 250 characters
This is the unique reference ID of request, which we will send you back with each response, so you can verify the request.