OneID Journey API 1.0.0

Note: This API reference is only for the following products:

Age Check, Age Verification, Age Assure
Sign-in Sign-in Refresh, Sign-up, Sign-up Plus
ID Live, ID Check, ID Proof, ID Assure, ID Scan

If you are integrating with the data service please use https://docs.oneid.uk/api-reference.

OIDC Configuration URLs

Sandbox: https://controller.sandbox.myoneid.co.uk/.well-known/openid-configuration
Production: https://controller.myoneid.co.uk/.well-known/openid-configuration

Server

https://controller.myoneid.co.uk

Production (Live data)

https://controller.sandbox.myoneid.co.uk

Sandbox (Test data)

Authentication

http Basic

Requests should be made with an Authorization header that has the value Basic base64(client_id:client_secret).

Your client_id and client_secret can be obtained from the OneID portal, or by contacting support.

http Bearer

The access_token retrieved from the Token API.

Retrieve Token

This API allows you to retrieve an access and ID token using the code that was returned when the end user was redirected back to your return URL.

Auth

Request Body

object object

grant_type

string

Must be set to 'authorization_code'.

Enum: authorization_code

code

string

The code that was passed to your return URL.

POST /token

xxxxxxxxxx
 
curl --request POST \ --url 'https://controller.myoneid.co.uk/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic {token}' \ --data 'grant_type={grant_type}' \ --data 'code={code}'
Copy

Responses

200

Exchange code for token.

Headers
x-request-id	string	A unique ID for the request. Please quote this ID when contacting support about a request.
Body
object	object
access_token	string	The requested access token. You can use this token to authenticate to the secured APIs. You should treat this as an opaque value. Don't attempt to validate or parse the token.
token_type	string	The only type that OneID supports is `Bearer`.
expires_in	int32	The amount of time that an access token is valid (in seconds).
id_token	string

Response

xxxxxxxxxx
 
{ "access_token": "{string}", "token_type": "{string}", "expires_in": "{int32}", "id_token": "{string}"}
Copy

Retrieve Accounts

This API requires the accounts scope.

Auth

GET /accounts

xxxxxxxxxx
 
curl --get \ --url 'https://controller.myoneid.co.uk/accounts' \ --header 'Authorization: Bearer {token}'
Copy

Responses

200

array	array[object]
account_id	string
status	string	Specifies the status of account resource in code form. `Enabled` - Account can be used for its intended purpose. `Disabled` - Account cannot be used for its intended purpose, either temporarily or permanently. `Deleted` - Account cannot be used any longer. `Proforma` - Account is temporary and can be partially used for its intended purpose. The account will be fully available for use when the account servicer has received all relevant documents. `Pending` - Account change is pending approval. Enum: `Enabled`,`Disabled`,`Deleted`,`Proforma`,`Pending`
currency	string	Identification of the currency in which the account is held.
account_type	string	Enum: `Personal`,`Business`
account_sub_type	string	`CACC`, `CurrentAccount` - Current Account `SVGS`, `Savings` - Savings `CARD`, `CreditCard` - Credit Card Enum: `CACC`,`SVGS`,`CARD`,`CurrentAccount`,`Savings`,`CreditCard`
nickname	string	The nickname of the account, assigned by the account owner in order to provide an additional means of identification of the account.
name	string
opening_date	string	Date on which the account and related basic services are effectively operational for the account owner.
iban	string	An identifier used internationally by financial institutions to uniquely identify the account of a customer at a financial institution, as described in the latest edition of the international standard ISO 13616.
account_number	string
sort_code	string
bank_address	object
bank	string
branch	string
line1	string
line2	string
post_town	string
postal_code	string
balance	object
balance	string	The balance of the account.
currency	string	Identification of the currency in which the balance is held.
credit_line	array[object]
amount	string
currency	string	Identification of the currency of the credit limit.

Expand

Response

xxxxxxxxxx
 
[ {  "account_id": "acc_123",  "status": "Enabled",  "currency": "GBP",  "account_type": "Personal",  "account_sub_type": "CACC",  "nickname": "My Current Account",  "name": "John Smith",  "opening_date": "2018-07-15T00:00:00Z",  "iban": "GB29NWBK60161331926819",  "sort_code": "601613",  "account_number": "31926819",  "bank_address": {   "bank": "MONZO BANK LIMITED",   "branch": "Monzo",   "line1": "Broadwalk House",   "line2": "5 Appold Street",   "post_town": "London",   "postal_code": "EC2A 2AG"  },  "balance": {   "balance": "1234.5600",   "currency": "GBP"  } }]
Copy

Retrieve Userinfo

Auth

GET /userinfo

xxxxxxxxxx
 
curl --get \ --url 'https://controller.myoneid.co.uk/userinfo' \ --header 'Authorization: Bearer {token}'
Copy

Responses

200

object	object
sub	string
name	string	Requires the `profile` scope. The name of the end user.
given_name	string	Requires the `profile` scope. The given name of the end user.
middle_name	string	Requires the `profile` scope. The middle name of the end user.
family_name	string	Requires the `profile` scope. The family name of the end user.
birthdate	date	Requires the `date_of_birth` scope. The date of birth of the end user.
age_over_18	boolean	Requires the `age_over_18` scope. `true` - We have verified the user is over 18. `false` - We have been unable to verify the user is over 18.
phone_number	string	Requires the `phone` scope. End-User's preferred telephone number.
email	string	Requires the `email` scope. End-User's preferred email address.
address	object	Requires the `address` scope. The address of the end user.
country	string
postal_code	string
locality	string
region	string
street_address	string
fraud	object	Requires the `fraud` scope.
activityHistoryScore	integer	`0` means there is no match. maximum: 4 minimum: 0
identityFraudScore	integer	`0` means there is potential ID fraud. If the score is `0` then the reason will be indicated by the fields `nationalSIRAFraud`, `nationalSIRAVictim`, `disclosureOfDeathRegistrationInformationMatch`, `amberhillMatch` and `noMatch`. maximum: 3 minimum: 0
amberhillMatch	boolean	This is an indication that the end-user's details matched against the Amberhill database. Amberhill is a database held by the Metropolitan Police Service relating to fraudulent identity documents.
disclosureOfDeathRegistrationInformationMatch	boolean	This is an indication that the end-user's details matched against a death registration database.
nationalSIRAFraud	boolean	This is an indication that the end-user has previously attempted to commit fraud.
nationalSIRAVictim	boolean	This is an indication that the end-user's details have previously been used in impersonation fraud.
noMatch	boolean	We have not been able to match the end-user to any data sets. This is therefore an indication that it could be a synthetic ID.
searchPerformed	boolean	We performed a search using the end-user's details.
pep_and_sanctions	object	Requires the `pep_and_sanctions` scope.
search_performed	boolean
watchlist_results	array[object]
whitelist	boolean
additionalInfoURL	string
category	string
deathIndex	boolean
gender	string
otherNames	array[string]
scanId	string
verified_claims	object	Requires enabling on your API client for it to be returned.
verification_status	string	Enum: `PASS`,`FLAGGED`
claims	object
name	string
given_name	string
middle_name	string
family_name	string
birthdate	string
address	object
country	string
postal_code	string
verification	object
trust_framework	string	Enum: `uk_diatf`,`eidas`
assurance_level	string	Enum: `low`,`medium`,`substantial`,`high`,`very_high`
assurance_process	object
assurance_details	array[object]
evidence_ref	array[object]
check_id	string
procedure	string	`m1c` - Medium confidence, 1 piece of evidence, profile C (GPG45) `h1a` - High confidence, 1 piece of evidence, profile A (GPG45) `h1b` - High confidence, 1 piece of evidence, profile B (GPG45) `h2d` - High confidence, 2 pieces of evidence, profile D (GPG45) `h2e` - High confidence, 2 pieces of evidence, profile E (GPG45) `v1a` - Very high confidence, 1 piece of evidence, profile A (GPG45) `v2b` - Very high confidence, 2 pieces of evidence, profile B (GPG45) `v2c` - Very high confidence, 2 pieces of evidence, profile C (GPG45) Enum: `m1c`,`h1a`,`h1b`,`h2d`,`h2e`,`v1a`,`v2b`,`v2c`
evidence	array[object]
type	string	Enum: `electronic_record`,`document`
check_details	object
check_method	string	Enum: `auth`,`vri`
check_id	string
record	object
type	string	Enum: `bank_account`,`cra`
document_details	object
type	string	Enum: `id_card`,`passport`,`driving_permit`
unverified_claims	object	This object contains claims that we have captured from the user but have not been able to verify.
claims	object
name	string
given_name	string
family_name	string
birthdate	date
address	object
street_address	string
locality	string
region	string
postal_code	string
country	string
idscan	object	Requires the `idscan`, `dbs` or `rtw` scope.
overall	string	This is the final result of the document fraud analysis on whether the documents being presented are potentially fraudulent or not. Enum: `PASS`,`FAIL`
documents	array[object]
documentId	string	A unique identifier of the captured document.
document	object	This object contains details of the captured ID document like country, type, etc.
country	string	The issuer country of the document, for example, "United Kingdom of Great Britain and Northern Ireland", "New Zealand", etc.
type	string	The type of the captured ID document, for example, "Passport", "Driver Licence".
typeLabel	string
calculatedData	object
age	integer	The calculated age of the end-user. It is determined from the date of birth mentioned on the identity document.
over18	boolean	It checks whether the calculated age of the end-user is over 18 or not.
over21	boolean	It checks whether the calculated age of the end-user is over 21 or not.
fraudAssessment	object
overall	string	It identifies whether the document captured has a low or high risk of being fraudulent or tampered with. Enum: `LOW_RISK`,`HIGH_RISK`
asfBreakDown	object	An object containing a breakdown of the overall fraud assessment result.
photoCheck	boolean	Ignore this if the overall fraud assessment result is `LOW_RISK`. `false` - The face photo on the ID shows inconsistencies and may not be trustworthy. `true` - The face photo on the ID passed the check.
detailCheck	boolean	Ignore this if the overall fraud assessment result is `LOW_RISK`. `false` - Measurements, alignments, or security features are inconsistent with a genuine document of this template. `true` - The details passed the check.
documentIntegrity	boolean	Ignore this if the overall fraud assessment result is `LOW_RISK`. `false` - The file shows file-level inconsistencies and may be digitally edited. `true` - The file passed the check.
imageComposition	boolean	Ignore this if the overall fraud assessment result is `LOW_RISK`. `false` - The document may not be physical and present. The surface of the ID document doesn’t appear original. `true` - The image passed the check.
images	object
back	string	The cropped image of the back of the document. The URL is valid for 60 minutes.
face	string	The cropped image of the face from the document. The URL is valid for 60 minutes.
front	string	The cropped image of the front of the document. The URL is valid for 60 minutes.
uncropped	object	An object that contains the uncropped image URLs of the front and back of an ID document.
back	string	The uncropped image of the full back of the document. The URL is valid for 60 minutes.
front	string	The uncropped image of the full front of the document. The URL is valid for 60 minutes.
captureCount	integer	The number of ID document capture attempts. It indicates how many times an user had to capture an image until it was successful.
confirmedData	object	The end-user's ID data as edited and confirmed by themselves. Note: The structure below will depend on the identity document selected for verification. Please do not expect any of these fields to always be present.
address	string
addressApiCalls	integer
addressLine1	string
addressLine2	string
addressLine3	string
birthPlace	string
buildingNumber	string
cardType	string
city	string
class	string
country	string
countryCode	string
countryOfIssue	string
dateOfBirth	string
documentNumber	string
engineCountryCode	string
expiryDate	string
firstName	string
fullName	string
gender	string
idNumber	string
issueDate	string
lastName	string
locality	string
localityTownName	string
location	string
middleName	string
passportNumber	string
region	string
state	string
street	string
streetFullName	string
streetName	string
streetType	string
suburb	string
yearsSinceIssue	string
zipCode	string
extractedData	object	The end-user's ID data as edited and confirmed by themselves. Note: The structure below will depend on the identity document selected for verification. Please do not expect any of these fields to always be present.
cardType	string
countryCode	string
countryOfIssue	string
dateOfBirth	string
documentNumber	string
engineCountryCode	string
expiryDate	string
firstName	string
idNumber	string
lastName	string
middleName	string
passportNumber	string
faceMatch	object	This object is the face match results of the ID photo and the liveness attempt.
fraudAssessment	object	The fraud assessment result breakdown of the face match check, determining whether the end-user's face image is the same as the person shown on the ID document.
overall	string	The overall fraud assessment result to check whether the face on the ID document matches the face of the person presenting themselves or not. Enum: `PASS`,`FAIL`
details	object
forehead	string	Match result.
jaw	string	Match result.
leftbrow	string	Match result.
leftcheek	string	Match result.
lefteye	string	Match result.
middleForehead	string	Match result.
mouth	string	Match result.
nose	string	Match result.
philtrum	string	Match result.
rightbrow	string	Match result.
rightcheek	string	Match result.
righteye	string	Match result.
images	object
faceFromDocument	string	The image of the front of the document post-processing. The URL is valid for 60 minutes.
faceFromVideo	string	A snapshot image of the face taken from the liveness video. The URL is valid for 60 minutes.
liveness	object	This object represents a liveness (video) attempt for verification.
assets	array[object]	The details of liveness attempt assets based on the attemptCount. It consists of the video url, spoofing, and gesture results.
actions	array[string]	The movements made while capturing the video. Enum: `SMILE`,`TURN HEAD LEFT`,`TURN HEAD RIGHT`
attempt	integer	The relevant liveness capture attempt number.
gestures	string	It checks whether the facial movements confirm that the end-user is genuine and in accordance with the requested movement instructions. Enum: `PASS`,`FAIL`
spoofing	string	It checks if there are any factors of fraud or spoofing by end-users when taking videos. Enum: `LOW_RISK`,`HIGH_RISK`,`BAD_ENVIRONMENT`
video	string	The video of the liveness attempt in the .webm format. The URL is valid for 60 minutes.
fraudAssessment	object	The fraud assessment of liveness attempts to confirm that a live person is being presented in the application process, i.e., pre-recorded images are not being used.
details	object
attemptCount	integer	The number of liveness attempts made. There is a maximum of 2 attempts allowed.
gestures	string	Checks whether the facial movements show that the end-user is genuine and in accordance with the requested movement instructions. Enum: `PASS`,`FAIL`
spoofing	string	Spoof check results. To check if the liveness video or selfie is of a real person or any other fake material. Enum: `LOW_RISK`,`HIGH_RISK`
overall	string	Enum: `PASS`,`FAIL`
metadata	object	This is an object containing the end-user's device information.
browser	string	The web browser the end-user used.
device	string	The model of device the end-user used when performing verification.
geolocation	string	The coordinates for the address mapped to the geolocation taken from the end-user device in "lat", "lng" format.
ip	string	The end-user's IP address.
ipLocation	string	The coordinates for the address mapped to the IP address location taken from the internet connection in "lat", "lng" format.
isp	string	The Internet Service Provider of the end-user.
os	string	The operating system of the end-user's device used for verification.
vpn	boolean	VPN detection results. `true` - VPN was detected. `false` - VPN was not detected.
verificationPDF	string
dataChecks
object	object
attemptIndex	integer
documentIds	string
overall	string
provider	string
reference	string
result	object
Overall	integer
Runtime	string
Status	string
address	object
addressType	string
country	string
locality	string
provider	string
amberhill	string
ddri	string
document	object
countryCode	string
documentId	string
idType	string
identity	object
dateOfBirth	string
firstName	string
lastName	string
middleName	string
strength	string
strengthev2	string
strengthev3	string
validity	string
validityev2	string
validityev3	string
type	string

Expand

Response

xxxxxxxxxx
 
{
 "sub": "{string}", "name": "{string}", "given_name": "{string}", "middle_name": "{string}", "family_name": "{string}", "birthdate": "{date}", "age_over_18": "{boolean}", "phone_number": "{string}", "email": "{string}", "address": {...},
 "fraud": {...},
 "pep_and_sanctions": {...},
 "verified_claims": {...},
 "unverified_claims": {...},
 "idscan": {...}
}
Copy