Search
RegisterDemoSupport
HomeServicesIntegration GuidesRelease NotesData Service & Partner API ReferenceJourney API Reference
OneID Journey API
Authentication
POSTRetrieve Token
GETRetrieve Accounts
GETRetrieve Userinfo PDF
GETRetrieve Userinfo

OneID Journey API 1.0.0

Note: This API reference is only for the following products:

  • Age Check, Age Verification, Age Assure
  • Sign-in Sign-in Refresh, Sign-up, Sign-up Plus
  • ID Live, ID Check, ID Proof, ID Assure, ID Scan, ID Scan - DBS, ID Scan - RTW

If you are integrating with the data service please use https://docs.oneid.uk/api-reference.

OIDC Configuration URLs

Server
https://controller.myoneid.co.uk

Production (Live data)

https://controller.sandbox.myoneid.co.uk

Sandbox (Test data)

Server Variables

Authentication

http Basic

Requests should be made with an Authorization header that has the value Basic base64(client_id:client_secret).

Your client_id and client_secret can be obtained from the OneID portal, or by contacting support.

http Bearer

The access_token retrieved from the Token API.

Retrieve Token

This API allows you to retrieve an access and ID token using the code that was returned when the end user was redirected back to your return URL.

Auth
Request Body
objectobject
grant_typestring

Must be set to 'authorization_code'.

Enum: authorization_code

codestring

The code that was passed to your return URL.

code_verifierstring

Required if using Proof Key for Code Exchange (PKCE).

POST /token
Copy
Responses
200

Exchange code for token.

Headers
x-request-idstring

A unique ID for the request. Please quote this ID when contacting support about a request.

Body
objectobject
access_tokenstring

The requested access token. You can use this token to authenticate to the secured APIs. You should treat this as an opaque value. Don't attempt to validate or parse the token.

token_typestring

The only type that OneID supports is Bearer.

expires_inint32

The amount of time that an access token is valid (in seconds).

id_tokenstring
Response
Copy

Retrieve Accounts

This API requires the accounts scope.

Auth
GET /accounts
Copy
Responses
200

OK

arrayarray[object]
account_idstring
statusstring

Specifies the status of account resource in code form.

  • Enabled - Account can be used for its intended purpose.
  • Disabled - Account cannot be used for its intended purpose, either temporarily or permanently.
  • Deleted - Account cannot be used any longer.
  • Proforma - Account is temporary and can be partially used for its intended purpose. The account will be fully available for use when the account servicer has received all relevant documents.
  • Pending - Account change is pending approval.

Enum: Enabled,Disabled,Deleted,Proforma,Pending

currencystring

Identification of the currency in which the account is held.

account_typestring

Enum: Personal,Business

account_sub_typestring
  • CACC, CurrentAccount - Current Account
  • SVGS, Savings - Savings
  • CARD, CreditCard - Credit Card

Enum: CACC,SVGS,CARD,CurrentAccount,Savings,CreditCard

nicknamestring

The nickname of the account, assigned by the account owner in order to provide an additional means of identification of the account.

opening_datestring

Date on which the account and related basic services are effectively operational for the account owner.

ibanstring

An identifier used internationally by financial institutions to uniquely identify the account of a customer at a financial institution, as described in the latest edition of the international standard ISO 13616.

account_numberstring
sort_codestring
bank_addressobject

Requires the accounts.bank_address scope.

bankstring
branchstring
line1string
line2string
post_townstring
postal_codestring
balanceobject

Requires the accounts.balances scope.

balancestring

The balance of the account.

currencystring

Identification of the currency in which the balance is held.

credit_linearray[object]
amountstring
currencystring

Identification of the currency of the credit limit.

default

Error

Response
Copy

Retrieve Userinfo PDF

Auth
GET /userinfo/report
Copy
Responses
200

OK

filefile
default

Error

Response
Copy

Retrieve Userinfo

The fields returned depends on the scopes that you added to the /authorize URL.

Auth
GET /userinfo
Copy
Responses
200

OK

objectobject
substring
namestring

Requires the profile scope.

The name of the end user.

given_namestring

Requires the profile scope.

The given name of the end user.

middle_namestring

Requires the profile scope.

The middle name of the end user.

family_namestring

Requires the profile scope.

The family name of the end user.

birthdatedate

Requires the date_of_birth scope.

The date of birth of the end user.

age_over_18boolean

Requires the age_over_18 scope.

true - We have verified the user is over 18.
false - We have been unable to verify the user is over 18.

phone_numberstring

Requires the phone scope.

End-User's preferred telephone number.

emailstring

Requires the email scope.

End-User's preferred email address.

addressobject

Requires the address scope.

The address of the end user.

countrystring
postal_codestring
localitystring
regionstring
street_addressstring
fraudobject

Requires the fraud scope.

activityHistoryScoreinteger

0 means there is no match.

maximum: 4

minimum: 0

identityFraudScoreinteger

0 means there is potential ID fraud. If the score is 0 then the reason will be indicated by the fields nationalSIRAFraud, nationalSIRAVictim, disclosureOfDeathRegistrationInformationMatch, amberhillMatch and noMatch.

maximum: 3

minimum: 0

amberhillMatchboolean

This is an indication that the end-user's details matched against the Amberhill database.
Amberhill is a database held by the Metropolitan Police Service relating to fraudulent identity documents.

disclosureOfDeathRegistrationInformationMatchboolean

This is an indication that the end-user's details matched against a death registration database.

nationalSIRAFraudboolean

This is an indication that the end-user has previously attempted to commit fraud.

nationalSIRAVictimboolean

This is an indication that the end-user's details have previously been used in impersonation fraud.

noMatchboolean

We have not been able to match the end-user to any data sets. This is therefore an indication that it could be a synthetic ID.

searchPerformedboolean

We performed a search using the end-user's details.

pep_and_sanctionsobject

Requires the pep_and_sanctions scope.

search_performedboolean
watchlist_resultsarray[object]
whitelistboolean

AML whitelisting indicator.

additionalInfoURLstring

URL to a detailed PDF report.

categorystring

Enum: Sanction,PEP

deathIndexboolean

Deceased indicator.

genderstring

Gender of the individual.

otherNamesarray[string]

An array of known aliases or alternative names associated with the individual.

scanIdstring

A unique transaction identifier.

verified_claims

Requires enabling on your API client for it to be returned.
Note: This field can be a single object or an array of objects.

objectobject
verification_statusstring

Enum: PASS,FLAGGED

claimsobject
namestring
given_namestring
middle_namestring
family_namestring
birthdatestring
addressobject
countrystring
postal_codestring
verificationobject
trust_frameworkstring

The trust framework governing the identity verification process.

  • uk_diatf - UK Digital Identity and Attributes Trust Framework (DIATF)
  • eidas - EU regulation No 910/2014 (eIDAS)

Enum: uk_diatf,eidas

assurance_levelstring

The assurance level associated with the end-user claims in the verified_claims. The value range depends on the trust_framework value.
For example, the trust framework uk_diatf can have the identity assurance levels low, medium, high and very high.

Enum: low,medium,substantial,high,very_high

assurance_processobject
assurance_detailsarray[object]
evidence_refarray[object]
check_idstring
procedurestring
  • m1c - Medium confidence, 1 piece of evidence, profile C (GPG45)
  • h1a - High confidence, 1 piece of evidence, profile A (GPG45)
  • h1b - High confidence, 1 piece of evidence, profile B (GPG45)
  • h2d - High confidence, 2 pieces of evidence, profile D (GPG45)
  • h2e - High confidence, 2 pieces of evidence, profile E (GPG45)
  • v1a - Very high confidence, 1 piece of evidence, profile A (GPG45)
  • v2b - Very high confidence, 2 pieces of evidence, profile B (GPG45)
  • v2c - Very high confidence, 2 pieces of evidence, profile C (GPG45)

Enum: m1c,h1a,h1b,h2d,h2e,v1a,v2b,v2c

evidencearray[object]
typestring

Enum: electronic_record,document

check_detailsobject
check_methodstring
  • auth - Verifying the user is the owner of the claims by use of an electronic authentication process that is linked to the owner of the claims.
  • vri - Validation that physical evidence is genuine through the inspection of an image taken remotely under visible light.

Enum: auth,vri

check_idstring
recordobject

Will only be set if type is electronic_record.

typestring
  • bank_account - A record of a bank account from a recognized banking institution.
  • cra - A record from a credit reference agency.

Enum: bank_account,cra

document_detailsobject

Will only be set if type is document.

typestring
  • id_card - An identity document issued by a country's government for the purpose of identifying a citizen.
  • passport - A passport is a travel document, usually issued by a country's government, that certifies the identity and nationality of its holder primarily for the purpose of international travel.
  • driving_permit - Official document permitting an individual to operate motorized vehicles. In the absence of a formal identity document, a driver's license may be accepted in many countries for identity verification.

Enum: id_card,passport,driving_permit

unverified_claimsobject

This object contains claims that we have captured from the user but have not been able to verify.

claimsobject
namestring
given_namestring
family_namestring
birthdatedate
addressobject
street_addressstring
localitystring
regionstring
postal_codestring
countrystring
idscanobject

Requires the idscan, dbs or rtw scope.

overallstring

This is the final result of the document fraud analysis on whether the documents being presented are potentially fraudulent or not.

Enum: PASS,FAIL

documentsarray[object]
documentIdstring

A unique identifier of the captured document.

documentobject

This object contains details of the captured ID document like country, type, etc.

countrystring

The issuer country of the document, for example, "United Kingdom of Great Britain and Northern Ireland", "New Zealand", etc.

typestring

The type of the captured ID document, for example, "Passport", "Driver Licence".

typeLabelstring
calculatedDataobject
ageinteger

The calculated age of the end-user. It is determined from the date of birth mentioned on the identity document.

over18boolean

It checks whether the calculated age of the end-user is over 18 or not.

over21boolean

It checks whether the calculated age of the end-user is over 21 or not.

fraudAssessmentobject
overallstring

It identifies whether the document captured has a low or high risk of being fraudulent or tampered with.

Enum: LOW_RISK,HIGH_RISK

asfBreakDownobject

An object containing a breakdown of the overall fraud assessment result.

photoCheckboolean

Ignore this if the overall fraud assessment result is LOW_RISK.

  • false - The face photo on the ID shows inconsistencies and may not be trustworthy.
  • true - The face photo on the ID passed the check.
detailCheckboolean

Ignore this if the overall fraud assessment result is LOW_RISK.

  • false - Measurements, alignments, or security features are inconsistent with a genuine document of this template.
  • true - The details passed the check.
documentIntegrityboolean

Ignore this if the overall fraud assessment result is LOW_RISK.

  • false - The file shows file-level inconsistencies and may be digitally edited.
  • true - The file passed the check.
imageCompositionboolean

Ignore this if the overall fraud assessment result is LOW_RISK.

  • false - The document may not be physical and present. The surface of the ID document doesn’t appear original.
  • true - The image passed the check.
imagesobject
backstring

The cropped image of the back of the document. The URL is valid for 60 minutes.

facestring

The cropped image of the face from the document. The URL is valid for 60 minutes.

frontstring

The cropped image of the front of the document. The URL is valid for 60 minutes.

uncroppedobject

An object that contains the uncropped image URLs of the front and back of an ID document.

backstring

The uncropped image of the full back of the document. The URL is valid for 60 minutes.

frontstring

The uncropped image of the full front of the document. The URL is valid for 60 minutes.

captureCountinteger

The number of ID document capture attempts. It indicates how many times an user had to capture an image until it was successful.

confirmedDataobject

The end-user's ID data as edited and confirmed by themselves.
Note: The structure below will depend on the identity document selected for verification. Please do not expect any of these fields to always be present.

addressstring
addressApiCallsinteger
addressLine1string
addressLine2string
addressLine3string
birthPlacestring
buildingNumberstring
cardTypestring
citystring
classstring
countrystring
countryCodestring
countryOfIssuestring
dateOfBirthstring
documentNumberstring
engineCountryCodestring
expiryDatestring
firstNamestring
fullNamestring
genderstring
idNumberstring
issueDatestring
lastNamestring
localitystring
localityTownNamestring
locationstring
middleNamestring
passportNumberstring
regionstring
statestring
streetstring
streetFullNamestring
streetNamestring
streetTypestring
suburbstring
yearsSinceIssuestring
zipCodestring
extractedDataobject

The end-user's ID data as edited and confirmed by themselves.
Note: The structure below will depend on the identity document selected for verification. Please do not expect any of these fields to always be present.

cardTypestring
countryCodestring
countryOfIssuestring
dateOfBirthstring
documentNumberstring
engineCountryCodestring
expiryDatestring
firstNamestring
idNumberstring
lastNamestring
middleNamestring
passportNumberstring
faceMatchobject

This object is the face match results of the ID photo and the liveness attempt.

fraudAssessmentobject

The fraud assessment result breakdown of the face match check, determining whether the end-user's face image is the same as the person shown on the ID document.

overallstring

The overall fraud assessment result to check whether the face on the ID document matches the face of the person presenting themselves or not.

Enum: PASS,FAIL

detailsobject
foreheadstring

Match result.

jawstring

Match result.

leftbrowstring

Match result.

leftcheekstring

Match result.

lefteyestring

Match result.

middleForeheadstring

Match result.

mouthstring

Match result.

nosestring

Match result.

philtrumstring

Match result.

rightbrowstring

Match result.

rightcheekstring

Match result.

righteyestring

Match result.

imagesobject
faceFromDocumentstring

The image of the front of the document post-processing. The URL is valid for 60 minutes.

faceFromVideostring

A snapshot image of the face taken from the liveness video. The URL is valid for 60 minutes.

livenessobject

This object represents a liveness (video) attempt for verification.

assetsarray[object]

The details of liveness attempt assets based on the attemptCount. It consists of the video url, spoofing, and gesture results.

actionsarray[string]

The movements made while capturing the video.

Enum: SMILE,TURN HEAD LEFT,TURN HEAD RIGHT

attemptinteger

The relevant liveness capture attempt number.

gesturesstring

It checks whether the facial movements confirm that the end-user is genuine and in accordance with the requested movement instructions.

Enum: PASS,FAIL

spoofingstring

It checks if there are any factors of fraud or spoofing by end-users when taking videos.

Enum: LOW_RISK,HIGH_RISK,BAD_ENVIRONMENT

videostring

The video of the liveness attempt in the .webm format. The URL is valid for 60 minutes.

fraudAssessmentobject

The fraud assessment of liveness attempts to confirm that a live person is being presented in the application process, i.e., pre-recorded images are not being used.

detailsobject
attemptCountinteger

The number of liveness attempts made. There is a maximum of 2 attempts allowed.

gesturesstring

Checks whether the facial movements show that the end-user is genuine and in accordance with the requested movement instructions.

Enum: PASS,FAIL

spoofingstring

Spoof check results. To check if the liveness video or selfie is of a real person or any other fake material.

Enum: LOW_RISK,HIGH_RISK

overallstring

Enum: PASS,FAIL

metadataobject

This is an object containing the end-user's device information.

browserstring

The web browser the end-user used.

devicestring

The model of device the end-user used when performing verification.

geolocationstring

The coordinates for the address mapped to the geolocation taken from the end-user device in "lat", "lng" format.

ipstring

The end-user's IP address.

ipLocationstring

The coordinates for the address mapped to the IP address location taken from the internet connection in "lat", "lng" format.

ispstring

The Internet Service Provider of the end-user.

osstring

The operating system of the end-user's device used for verification.

vpnboolean

VPN detection results.

  • true - VPN was detected.
  • false - VPN was not detected.
verificationPDFstring
dataChecks
objectobject
attemptIndexinteger
documentIdsstring
overallboolean
providerstring
referencestring
resultobject
Overallinteger
Runtimestring
Statusstring
addressobject
addressTypestring
countrystring
localitystring
providerstring
amberhillstring
ddristring
documentobject
countryCodestring
documentIdstring
idTypestring
identityobject
dateOfBirthstring
firstNamestring
lastNamestring
middleNamestring
strengthstring
strengthev2string
strengthev3string
validitystring
validityev2string
validityev3string
typestring
default

Error

Response
Copy