initialize

2023-12-01 09:16

POST/api/v1/zoloz/realid/initialize

The ZOLOZ Real ID initialize API is used to initialize the identity proofing process in ZOLOZ. A unique transaction ID is generated for the identity proofing process and used in all the subsequent interactions with the ZOLOZ server. This API is not idempotent.

structure

Request parameters

Field name	Data type	Max length	Description
bizId	String	32	Required. A unique business ID for tracing purposes. For example, the sequence ID from the merchant's business-related database. Note: The ZOLOZ server does not perform uniqueness checks on the value of this field. For better tracking, it is strongly recommended to enable the merchant server to guarantee the uniqueness of the business ID.
metaInfo	String	512	Required. The meta information about the SDK and the user's device. When the App SDK mode is used, its value comes from the ZOLOZ SDK in JSON string format, for example: `"{\"apdidToken\":\"69b74bfe-bf7f-4d3b-ac59-907ee09e7955\",\"appName\":\"com.zoloz.atomic.client\",\"appVersion\":\"1.0.9\",\"bioMetaInfo\":\"3.46.0:2916352,0\",\"deviceModel\":\"MI 6\",\"deviceType\":\"android\",\"osVersion\":\"9\",\"zimVer\":\"1.0.0\"}"`. Note: Do not modify the returned value as it only needs to be passed through directly. When H5 mode is used, simply set the value as `MOB_H5`.
flowType	String	32	Required. Specifies the type of the identity proofing flow. The following values are supported: `REALIDLITE_KYC` : specify this value when the App SDK mode is used. `H5_REALIDLITE_KYC` : specify this value when the H5 mode is used.
docType	String	16	Required. Type of document. For example, if the document to be uploaded is a passport, set the value of this attribute to `00000001003`. The value of this field must not be null or an empty string. For the document types that are supported by Real ID, see Document types supported and OCR results returned.
userId	String	64	Required. Merchant user ID, or other identifiers that can be used to identify a specific user. For example, mobile phone number, email address and so on. It is strongly recommended to pre-desensitize the value of the userId field; for example, by hashing the value.
sceneCode	String	64	Optional. Specifies the business scene for data analysis purposes. If you want to distinguish the data performance of different scenes, it is recommended to set the sceneCode field to different values according to your business purposes; for example, registration, withdraw, topUp, transfer, changePassword.
serviceLevel	String	32	Optional. Specifies the service level for spoofing checks and face liveness detection. The following values are supported: `REALID0001` : If this value is set, the ZOLOZ SDK will ask users to manually take photos of the identity document. The ZOLOZ server performs basic spoofing checks, and basic liveness checks using the blink detection method. `REALID0002` : If this value is set, the ZOLOZ SDK automatically scans the identity document. The ZOLOZ server performs advanced spoofing checks, and basic liveness checks using the blink detection method. `REALID0003`: If this value is set, the ZOLOZ SDK automatically scans the identity document. The ZOLOZ server performs advanced spoofing checks, and performs a liveness check using any of the 2 user actions below randomly. This service level is only for native SDK. Multi-action detection methods include: Blink, mouth open, head up, head down, head shakes (left), head shakes (right) `REALID0004`: If this value is set, the ZOLOZ SDK automatically scans the identity document even when at an angle. The ZOLOZ server performs basic spoofing checks, and basic liveness checks using the blink detection method. `REALID0009`: If this value is set, the ZOLOZ SDK automatically scans the identity document. ZOLOZ performs an advanced spoofing checks and performs a liveness check using the blink detection method. This service level provides the ability to capture closed-eye images for native SDK. `REALID0011`: If this value is set, the ZOLOZ SDK automatically scans the identity document. ZOLOZ performs an advanced spoofing checks and performs a liveness check using the blink detection method. This service level provides the ability to capture closed-eye images for web SDK. `REALID0012`: If this value is set, the ZOLOZ SDK automatically scans the identity document. ZOLOZ performs basic spoofing checks and performs a liveness check using the blink detection method. This service level is only for Web SDK.
operationMode	String	32	Optional. Specifies the operation mode where the identity proofing process runs. The following values are supported: `CLOSED`: All the algorithms and risk control rules are not applied. You can use this operation mode in the test phase so that the algorithms and risk controls rules do not affect the test process. `STANDARD`: A standard recommended level is applied. `LOOSE`: A relatively looser level is applied. You can use this operation mode in low-risk scenarios. `STRICT`: A relatively stricter level is applied. You can use this operation mode in high-risk scenarios.
pages	String	32	Optional. Specifies the document page numbers to scan and upload, separated by commas. E.g. "1" (scan the first page), "1,2" (scan the first and second page)
pageConfig	PageConfig		Optional. Specifies the configuration settings for the embedded H5 page. For more information, see pageConfig.
h5ModeConfig	H5ModeConfig		Optional. Specifies the configuration settings for H5 Real ID flow. Set this field when the H5 mode is specified with the flowType filed as `H5_REALIDLITE_KYC`. For more information, see h5ModeConfig.
productConfig	ProductConfig		Optional. Specifies finer controls for the Real ID product. For more information, see productConfig.
allowExpiredDocument	String		Optional. Specifies whether expired documents are allowed. Only used for the docType 00000001003. The following values are supported: `Y`: Allow expired documents `N`: (default) Pause Real ID process when an expired document is detected. Note: Invalid values will fall back to the default option and pause the Real ID process when an expired document is detected.

Response parameters

Field name	Data type	Description
result	Result	Required. The API request result, which contains information about the result of the API request, such as status and error codes.
transactionId	String	Optional. A unique transaction ID that is generated by the ZOLOZ server for the identity proofing process. This ID will be used as an input parameter for the Real ID checkresult API request. Note: when an error occurs during the process, for example, an invalid argument, no transaction ID will be returned.
clientCfg	String	Optional. The client configuration information, including parameters about the SDK connection and behavior. The value of this field is specified only when the result.resultStatus field is `"S"`.

Result

Result process logic

For different request results, different actions will be performed. See the following for details:

If the value of the result.resultStatus is S , the ZOLOZ Real ID initialize API is invoked successfully and a unique transaction ID is returned.
If the value of the result.resultStatus is F , the invocation of the ZOLOZ Real ID initialize API fails. Check the error code and its message for more information on the possible reasons why.

Common error codes

For the full list of common error codes, see the Common error codes section in the Error handling topic.

API-specific error codes

The following table shows the possible error codes that are specific for the Real ID initialize API.

resultCode	resultStatus	Description
SUCCESS	S	The API call is successful.
HIGH_RISK	F	High risks are detected. The user account is strategically cooled down by the risk engine.
ACCOUNT_SERVICE_SUSPEND	F	The user account is blacklisted by the risk engine.
DEVICE_NOT_SUPPORT	F	The device type is not supported.
OS_NOT_SUPPORT	F	The operating system of the device is not supported.
SDKVERSION_NOT_SUPPORT	F	The version of the ZOLOZ SDK is not supported.
INVALID_ARGUMENT	F	Input parameters are invalid. For more information about which parameter is invalid, check the result message or the related log.
SYSTEM_ERROR	F	Other internal errors. For more information about the error details, check the result message that is returned and the related log.

Sample

Request sample

For different integration modes, the request structures are slightly different. When the identity proofing process is initiated in the H5 mode, additionally, an object called h5ModeConfig must be specified. Refer to the following two request samples for more detailed information.

Native RealId Request Sample

The following sample shows what a request looks like if the identity proofing process is initiated in the App SDK mode.

copy
{
  "bizId": "2017839040588699",
  "flowType": "REALIDLITE_KYC",
  "userId": "123456abcd",
  "docType": "08520000001",
  "pages": "1,2",
  "pageConfig":{
    "urlFaceGuide":"http://url-to-face-guide-page.htm"
  },
  "serviceLevel": "REALID0001",
  "operationMode": "STANDARD",
  "productConfig": {
    "cropDocImage": "Y",
    "landmarkCheck": [
      {"name":"kadPengenalan"},
      {"name":"mykadLogo"},
      {"name":"flagLogo"},
      {"name":"mscLogo"},
      {"name":"ghostFace"},
      {"name":"hibiscusLogo"},
      {"name":"coatOfArm"},
      {"name":"twinTower"}
    ],
    "hologramCheck": [
      {"name":"hologram"}
    ],
    "pageInfoCheck": [
      {"name":"id"},
      {"name":"symbol"},
      {"name":"name"}
    ],
    "preciseTamperCheck": "Y"
  },
  "metaInfo": "{
         \"deviceType\": \"deviceType\",
         \"appVersion\": \"1.0\",
         \"osVersion\": \"7.1.1\",
         \"appName\": \"com.company.wallet\",
         \"bioMetaInfo\": \"3.37.0:262144,0\",
         \"apdidToken\": \"mock-apdidToken\",
         \"deviceModel\": \"MI 6\",
         \"zimVer\": \"2.0.0\"
   }"
}

H5 RealId Request Sample

The following sample shows what a request looks like if the identity proofing process is initiated in the H5 mode.

copy
{
  "bizId": "2017839040588699",
  "flowType": "H5_REALIDLITE_KYC",
  "userId": "123456abcd",
  "docType": "08520000001",
  "pageConfig":{
    "urlFaceGuide":"http://url-to-face-guide-page.htm"
  },
  "serviceLevel": "REALID0001",
  "operationMode": "STANDARD",
  "productConfig": {
    "cropDocImage": "Y",
    "landmarkCheck": [
      {"name":"kadPengenalan"},
      {"name":"mykadLogo"},
      {"name":"flagLogo"},
      {"name":"mscLogo"},
      {"name":"ghostFace"},
      {"name":"hibiscusLogo"},
      {"name":"coatOfArm"},
      {"name":"twinTower"}
    ],
    "hologramCheck": [
      {"name":"hologram"}
    ],
    "pageInfoCheck": [
      {"name":"id"},
      {"name":"symbol"},
      {"name":"name"}
    ],
    "preciseTamperCheck": "Y"
  },
  "metaInfo": "MOB_H5",
  "h5ModeConfig":{
    "completeCallbackUrl":"http://xxx.html",
    "interruptCallbackUrl":"http://xxx.html"
  }
}

Response Sample

The following sample shows what a response returned from the ZOLOZ server looks like.

copy
{
   "result": {
        "resultStatus": "S",
        "resultCode": "SUCCESS",
        "resultMessage": "Success"
    },
  "transactionId":"G000000005FID20200304000000000001570702", 
  "clientCfg": "……"   
}

More information

pageConfig

The following table shows the fields that can be specified in the pageConfig data model.

Field name	Data type	Max length	Description
urlFaceGuide	String	256	Optional. Specifies the URL to the face guide page, which is an H5 prompt page that can be customized to guide users during face scanning. For example, http://url-to-face-guide-page.html.

h5ModeConfig

The following table shows the fields that can be specified in the h5ModeConfig data model.

Field name	Data type	Max length	Description
state	String	128	Optional. An identifier that is used to recover the customer's context. You can set this field to any String value. The value is then passed as a parameter when the ZOLOZ SDK calls back to the merchant's application. If the value is not set, the value of the transactionId field is used instead.
completeCallbackUrl	String	128	Required. Specifies the callback URL where the browser is redirected when the whole identity proofing process is completed.
interruptCallbackUrl	String	128	Required. Specifies the callback URL where the browser is redirected when the process is interrupted.
locale	String	16	Optional. Language of the web page, currently supports: en (English) / zh-CN (Simplified Chinese) / zh-HK (Traditional Chinese) / jp (Japanese) / th (Thai) / es (Español) / pt (Portuguese) / fr (French) / id (Indonesian) / de (German) / kr (Korean).
isIframe	String	1	Optional. If the Web Page needs to be open in Iframe, this parameter should be set as `Y`. The following values are supported: `Y` `N`
uiCfg	String	256	Optional. Custom UI configurations in the JSON string format. Only supports `titlebarbgcolor`, `titlebartextcolor`, and `buttoncolor` for now. For example:`"{\"titlebarbgcolor\":\"#ffffff\",\"titlebartextcolor\":\"#000000\",\"buttoncolor\":\"#3696fd\"}"`.

productConfig

The following table shows the fields that can be specified in the productConfig data model.

Field name	Data type	Max length	Description	Notes
cropDocImage	String	1	Optional. Specify whether to crop the background of the captured DOC image. Valid values include: `Y`: Return an additional doc image cropped from the original captured doc image Note: A second additional doc image may be returned if two sides are captured i.e. front and back `N`: Default value. Do not crop
cropFaceImage	String	1	Optional. Specify whether to crop the face area of the captured FACE image. Valid values include: `Y`: Return an additional face image cropped from the original captured face image `N`: Default value. Do not crop
landmarkCheck	Array		Optional. Specify whether to perform landmark checks within a DOC spoofing check. Landmark checks are only applicable for selected documents. E.g. (MyKad) An array of supported landmark components needs to be specified if landmark check is expected. To understand the valid values for this field, please refer to DOC spoofing check details.
hologramCheck	Array		Optional. Specify whether to perform hologram checks within a DOC spoofing check. Hologram checks are only applicable for selected documents. E.g. (MyKad) An array of supported hologram check components needs to be specified if hologram check is expected. To understand the valid values for this field, please refer to DOC spoofing check details.
pageInfoCheck	Array		Optional. Specify whether to perform information checks within a DOC spoofing check. information checks are only applicable for selected documents. An array of supported information check components needs to be specified if information check is expected. To understand the valid values for this field, please refer to DOC spoofing check details.
preciseTamperCheck	String	1	Optional. Specify whether to perform a precise tamper check. Precise tamper checks are only applicable for selected documents. The following values are supported: `Y`: Yes `N`: Default value. Do not perform a precise tamper check
docUiType	String	20	Optional. This parameter refers to methods for taking ID photos. The values are as follows: 1: `Self-capture`, default value for Web SDK. Users need to manually take ID photos, and it only has basic anti-spoofing capabilities. 2: `Deep-scan`, default value for Native SDK and only for Native SDK. ZOLOZ SDK automatically aligns and captures ID photos, and it has advanced anti-spoofing capabilities such as intercepting printed color images. 3: `Auto-scan`, only for Web SDK. ZOLOZ SDK automatically aligns and captures ID photos, and it only has basic anti-spoofing capabilities. 4: `Trace-scan`, only for Native SDK. ZOLOZ SDK automatically captures ID photos when the document is detected within the camera range. It can improve user experience, but it only has basic anti-spoofing capabilities. 5: `Multi-angle`, only for HKID in Web SDK. Users need to take two document photos from different angles. For the first photo, make the camera directly face the ID document and captures its photo. For the second, incline the ID document 30° against the camera and capture its photo.	The following parameters take precedence over `serviceLevel` and `operationMode`. If any of these parameters is passed in, the default values of other parameters take effect. In this case, `serviceLevel` and `operationMode` do not take effect, even if their values are passed in. docUiType spoofMode livenessMode antiInjectionMode actionCheckItems actionRandom actionFrame riskMode idnThreshold
spoofMode	String	10	Optional. This parameter refers to document anti-spoofing levels, defined as follows: `CLOSED`: All algorithms are not applied. You can use this anti-spoofing detection mode in the test phase so that the algorithms and risk control rules do not affect the testing process. `STANDARD`: Default value. A standard recommended level is applied. `LOOSE`: Reserved value, not currently supported for use. `STRICT`: Reserved value, not currently supported for use.
livenessMode	String	10	Optional. Specifies the liveness level for face liveness detection check. The following values are supported: `CLOSED`: All algorithms are not applied. You can use this liveness detection mode in the test phase so that the algorithms and risk control rules do not affect the testing process. `STANDARD`: Default value. A standard recommended level is applied. `LOOSE`: A relatively looser level is applied. You can use this liveness detection mode in low-risk scenarios. `STRICT`: A relatively stricter level is applied. You can use this liveness detection mode in high-risk scenarios.
antiInjectionMode	String	10	Optional. Specifies the anti-injection level for injection attack detection. Injection attack detection can effectively resist injection attacks using deepfakes i.e. face-swapping pictures or videos. The following values are supported: `CLOSED`: Default value. All the anti-injection algorithms are not applied. If the business scenario does not require injection attack detection, you do not need to enable it. `STANDARD`: A standard recommended level is applied. `LOOSE`: Reserved value, not currently supported for use. `STRICT`:Reserved value, not currently supported for use. Note: Enabling injection attack detection will slightly increase false rejection rate and runtime. Please contact ZOLOZ technical support team before turning on this function.
actionCheckItems	List<String>		Optional. User actions to be detected. For better user experience, it is not recommended to use two or more actions. The following values are supported: `FACEBLINK`: Default value. Requires the user to blink their eyes. `MOUTHOPEN`: Requires the user to open their mouth once. `HEADSHAKE`: Requires the user to shake their head. Left or right headshake will be specified for the user to perform. `HEADLOWER`: Requires the user to lower their head once. `HEADRAISE`: Requires the user to raise their head once.
actionRandom	String	1	Optional. Specifies whether user actions specified in `actionCheckItems` are in random order to be detected. Valid values include: `Y`: Random `N`: Default value. Not random, action detection is performed following the order in actionCheckItems.
actionFrame	List<String>		Optional. This parameter refers to capturing other frame pictures, defined as follows: `EYECLOSE`: Set this value to return closed-eye frames collected during the blink detection method.
riskMode	String	10	Optional. This parameter refers to multi-dimensional risk control rule verification in RealID. It is used to intercept suspicious transactions. The values are as follows: `CLOSED`: All algorithms are not applied. You can use this risk detection mode in the test phase so that the algorithms and risk control rules do not affect the testing process. `STANDARD`: Default value. A standard recommended level is applied. `LOOSE`: A relatively looser level is applied. You can use this risk detection mode in low-risk scenarios. `STRICT`: A relatively stricter level is applied. You can use this risk detection mode in high-risk scenarios.
idnThreshold	Integer		Optional. The default threshold is `3`. This parameter is used to check transactions in which one user uses different ID documents or one ID document is used by different users. When the number of such transactions (from different `userId`) exceeds the threshold, the current transaction will be intercepted. Any integer larger than 0 is supported.

Change log

Date	Change log
22 November, 2023	Added new fields for the productConfig parameter.
22 May, 2022	A new parameter, productConfig, is added in the request.
8 September，2020	Two more types of identity documents are supported: Malaysia MyKad and Macau identity card. A new parameter, h5ModeConfig, is added in the request.
9 June, 2020	A new parameter, pageConfig, is added in the request.
27 December, 2019	The parameter productLevel is renamed to serviceLevel, and the related description is updated.
20 December, 2019	The following two request parameters are added: productLevel operationMode
06 December, 2019	Released.