The Identity Solution API is available in multiple programming languages and it provides the toolset for handling customer workflows. You can use just a single API call and execute it once or multiple times, passing additional information as required by your business logic. For ease of explanation the functionality available in the API can be split into different areas:
- Data verification. This is used most commonly for data field verification, whereby a customer’s details in text form (for example typed by the customer when a document scanner or camera is not available) can be submitted to the Identity Solution. This is known as the Verify People API functionality.
- Document verification. The Verify Document functionality is used to upload image data (such as JPEGs) for automated examination of the document, extraction of details and verification. This process reduces the manual text entry workload for customers and staff, and it enables regulatory compliant checks to be automatically performed on the document without requiring staff to be familiar with the hundreds of different documents they may encounter.
- Simplified Address Handling. The Address function is used to allow for customer addresses to be speedily captured as they type, by providing auto-completion when reduced information is available.
- Computer Vison and Video Handling. The Face Match feature and Liveness capability can be used for multiple purposes. The technology allows for deeper verification based on photographs or photo ID cards, and for determining the live presence of users; the latter can be useful for remote, unattended or machine-to-machine (M2M) applications to grant access to resources based on the presence of particular users or customers.
- Audit Information. The Verify History API feature can be useful for seeing detail on the API calls or checks that were carried out by your application. It is handy for debug or administrative purposes. Another use for Verify History is to search historical data for a customer and to check on the results of previous API calls that were executed, without needing to retain copies of their personal documents.
- Screening. This provides the ability to ensure that customers are absent from databases. This is useful for regulatory purposes.
AUTHENTICATION AND AUTHORIZATION METHODS
There are several methods for accessing the APIs securely. All of the authentication methods result in an access token being provided, that authorizes the application for GBG Identity Solution access for a period of time, until the authentication and authorization is renewed.
- Browser-Based Log-in
If the customer workflow involves direct interaction with a staff member then that employee could log in to any application using the Identity Solution with Single Sign-On, so that no additional username or password is required beyond what the employees may already use for their corporate applications. This technique is based on the OAuth OpenID Connect standard. For more information, see the Browser-Based Authorization Overview.
- Machine-to-Machine (M2M) and other Automated Applications
For self-service customer workflows and remote interactions, it is possible to use a client secret or signed certificate stored on the server providing the interaction. The signed certificate method is recommended. The client secret method is only recommended if the server or device making the API calls has special on-board storage designed for retaining and making use of client secrets. There is also a method that can use a username and password. Please note that this method is not recommended and can only be considered for situations where the hardware and software supports a secure way of retaining and using these credentials.
For more information on the popular browser-based login method, please see the Browser-Based Authorization Overview in the Get Started guides. The accompanying downloadable examples for this guide uses an M2M authentication method just to automate the demo code. All of the Identity Solution API calls are accessible in the same manner regardless of the authentication method.