Responses
Sample Response
//Content-Type: application/json
//Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference":"17374217",
"event":"request.pending",
"verification_url":"https://ra.shuftipro.com/risk-api/process/verification/RPQ8hwPE3cdHKho2wjK7CVQJCQxNx5Rwmb81k3ediXLSWhQM5QibGBWOSgCVjZJd"
}
The Shufti Pro Verification API will send you two types of responses if a request for verification is made. First is the HTTP response sent against your request, and the second is the callback response. Both HTTP and callback responses will be in JSON format with a header. application/json The response header also includes a Key Signature. This key is used for validating the source of the response. Be sure to validate the request by generating signature and matching it with the Signature value from the response header.
Verification Response
Responses will contain the following parameters:
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| events | This is the request event which shows status of request. Event is changed in every response. |
| Which you provided us at the time of request. | |
| country | Which you provided us at the time of request. |
| verification_result | It is only returned in case of a valid verification. This includes results of each verification. 1 means accepted 0 means declined null means not processed. |
| verification_data | It is only returned in case of a valid verification. This object will include the all the gathered data in a request process. |
| info | This object will be returned in case of verification.accepted or verification.declined. It contains the following keys: Agent provides information about the device and browser of the end-user. Geolocation provides information about the geographical location of the end-user. |
Status Response
Sample Response
//Content-Type: application/json
//Signature: NmI4NmIyNzNmZjM0ZmNl
{
"reference" : "17374217",
"event" : "verification.accepted",
"country" : "GB",
"services_proofs": [
{
"service": "face",
"proof": "https://st-ns.shuftiapps.com/api/pea/4fb217ae0a129ca950ff03d7fc563d0596550173"
},
{
"service": "document",
"proof": "https://st-ns.shuftiapps.com/api/pea/99bd9abbd46258ff3652c21057ddf1413fbc196c",
"additional_proof": "https://st-ns.shuftiapps.com/api/pea/99bd9abbd46258ff3652c21057ddf1413fbc196c"
},
{
"service": "face",
"proof": "https://st-ns.shuftiapps.com/api/pea/0c2a86b82eb929f23ed9bc054a5fea25e4495328"
}
]
"verification_data": {
"risk_assessment": {
"title": "testing one",
"fraud_prevention": [
{
"point_name": "No of successful verifications in last month",
"point_score": "50"
},
{
"point_name": "No of failed verifications in last month",
"point_score": "50"
}
],
"questionnaire": [
{
"title": "testing one",
"questions": [
{
"question": "what is your name?",
"answer": "Hamza",
"type": "radio"
},
{
"question": "enter the percentage you acquired in your last exam",
"answer": "10.4",
"type": "float"
},
{
"question": "please upload your face img",
"answer": "https://ra.shuftipro.com/questionnaire-api/storage/ySeL5tlefCGEkc0vOxalD905MZXulo0XGcOvaN1yUmrnE7xk3V2G1CRRZIAPfSge/questionnaire/filedVXKGo1669969793.png?access_token=97dc9f2de58a2639c1915f7cdcd7d6f67ce466fb",
"type": "file"
}
]
}
],
"risk_score": {
"range_name": "low",
"total_assessment_score": "12",
"fraud_prevention_score": null,
"questionnaire_score": "12"
},
"services": [
{
"service_name": "phone",
"status": "verification.declined"
},
{
"service_name": "face",
"status": "verification.accepted"
},
{
"service_name": "background_checks",
"status": "verification.accepted"
}
]
}
},
"verification_result": {
"risk_assessment": 1
},
"info": {
"agent": {
"is_desktop": true,
"is_phone": false,
"useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
"device_name": "Macintosh",
"browser_name": "",
"platform_name": "OS X - 10_14_0"
},
"geolocation": {
"host": "212.103.50.243",
"ip": "212.103.50.243",
"rdns": "212.103.50.243",
"asn": "9009",
"isp": "M247 Ltd",
"country_name": "Germany",
"country_code": "DE",
"region_name": "Hesse",
"region_code": "HE",
"city": "Frankfurt am Main",
"postal_code": "60326",
"continent_name": "Europe",
"continent_code": "EU",
"latitude": "50.1049",
"longitude": "8.6295",
"metro_code": "",
"timezone": "Europe/Berlin"
}
}
}
The Shufti Pro Verification API will send a JSON response if a status request is made. Make sure to validate the request by generating signature and matching it with the Signature value from the response header.
| Parameters | Description |
|---|---|
| reference | Your unique request reference, which you provided us at the time of request, so that you can identify the response in relation to the request made. |
| event | This is the request event which shows status of request. Event is changed in every response. |
| country | This contains country code sent by the merchant at the time of request. Country code in the format of ISO 3166-1 alpha-2. Please consult Supported Countries for country codes. Type: string Example: DE null if not provided by merchant. |
| services_proofs | This contains all the proofs that were used to verify data. The Proof URLs returned are temporary and valid for 15 minutes only. Note: verification_video It contains the video URL and will be returned only for the video recorded on-site. |
| verification_data | This contains all the data used for verification. This will only be returned in case of verification.accepted or verification.declined. |
| verification_result | This is the complete result of the verification. 1 stands for verified, 0 for not verified and null for no verification performed. This will only be returned in case of verification.accepted or verification.declined. |
| info | This object will be returned in case of verification.accepted or verification.declined. It contains the following keys: Agent provides information about the device and browser of the end-user. Geolocation provides information about the geographical location of the end-user. |
Response Signature
Every HTTP and Callback response will be in application/JSON with a key Signature in the header. It can be used to validate the source of the request. Make a signature using the following procedure:
- Concatenate Secret Key at the end of the raw response string. (i.e. response + secret_key).
- Take SHA256 of concatenated string.
- Match the SHA256 string with Signature value from the header of the response.
In short, make signature as mentioned format and match it with the signature provided in the header in Signature key.
hash('sha256', response . your_secret_key)
The clients who are registered with shuftipro after 15th March, 2023. They need to make the signature using the following procedure.
- Take SHA256 of Secret Key string.
- Concatenate hashed Secret Key at the end of the raw response string. (i.e. response + hash('sha256', secret_key)).
- Take SHA256 of concatenated string.
- Match the SHA256 string with Signature value from the header of the response.
hash('sha256', response . hash('sha256', secret_key))