Callback

The results of the verification go to the Callback URL.

Callback URL can be set in the My Cabinet of the CRM – API Access

An example of the callback:

• user_id - user’s ID.
• user_hash - user’s unique hash.
• status - user’s verification results status (10 - a user is confirmed; 11 - a user is declined).
• autocheck_bad_reasons - the reason for the user to be automatically declined.
• signature - the signature of the request.

Your request is signed with BASIS_API_SECRET2 (CRM - My Cabinet - API Access). To verify that the callback is an authetic BASIS ID's callback you need to check the signature. Signature is a sha256 hash from the concatenation of the following line:

Java signature example:

PHP signature example:

In response to the callback, you have to send the status “200 OK” with any text, for example, “OK”.

If a response has not been received or it did not contain “200 OK”, the system stops sending requests for 3 minutes. After 3 minutes it retries to send a request. And so on.

The reasons for the user's application to be automatically declined.

You can have one or many commas separated reasons in "autocheck_bad_reasons" field:

• pep - politically exposed person.
• law enforcement
• regulatory enforcement
• other bodies
• sanctions - government etc sanctions.
• black_list - A person with the same name is mentioned in sanction lists.
• card - a credit card is not valid (problem with cc check).
• video - The passport/ID picture and face on the video are not similar. No match in facial recognition.
• mrz - The first name/surname/middle name/date of birth do not match with passport's machine-readable zone (MRZ). Or document is not valid.

 

An example of the callback script written on php:

 

<?php

define('BASIS_API_SECRET2', 's2-QcwwlnRHaCBKQvtVDUGtlhxwMzotfcTK');

define('LOG_PATH', './result.txt');

$input_json = file_get_contents('php://input');

if (empty($input_json)) {

  echo 'error';

  exit();

}

$inp = json_decode($input_json, true);

if (empty($inp)) {

  echo 'error';

  exit();

}

$signature = hash('sha256', BASIS_API_SECRET2 . $inp['user_id'].$inp['user_hash'].$inp['status'].

              (isset($inp['autocheck_bad_reasons']) ? $inp['autocheck_bad_reasons'] : '').

              (isset($inp['screening_status']) ? $inp['screening_status'] : ''));

if (file_exists(LOG_PATH)) {

    file_put_contents(LOG_PATH, print_r($inp, 1). "     ". $signature, FILE_APPEND | LOCK_EX);

} else {

    file_put_contents(LOG_PATH, print_r($inp, 1). "     ". $signature);

}

 if ($signature == $inp['signature']) {

    echo 'OK';

} else {

    echo 'error';

}

?>