The results of the verification go to the Callback URL.
Callback URL can be set in the My Cabinet of the CRM – API Access
An example of the callback:
- user_id - user’s ID.
- user_hash - user’s unique hash.
- status - user’s verification results status (10 - a user is confirmed; 11 - a user is declined).
- autocheck_bad_reasons - the reason for the user to be automatically declined.
- signature - the signature of the request.
Your request is signed with BASIS_API_SECRET2 (CRM - My Cabinet - API Access). To verify that the callback is an authetic BASIS ID's callback you need to check the signature. Signature is a sha256 hash from the concatenation of the following line:
Java signature example:
PHP signature example:
In response to the callback, you have to send the status “200 OK” with any text, for example, “OK”.
If a response has not been received or it did not contain “200 OK”, the system stops sending requests for 3 minutes. After 3 minutes it retries to send a request. And so on.
The reasons for the user's application to be automatically declined.
You can have one or many commas separated reasons in "autocheck_bad_reasons" field:
- pep - politically exposed person.
- law enforcement
- regulatory enforcement
- other bodies
- sanctions - government etc sanctions.
- black_list - A person with the same name is mentioned in sanction lists.
- card - a credit card is not valid (problem with cc check).
- video - The passport/ID picture and face on the video are not similar. No match in facial recognition.
- mrz - The first name/surname/middle name/date of birth do not match with passport's machine-readable zone (MRZ). Or document is not valid.
An example of the callback script written on php:
<?php
define('BASIS_API_SECRET2', 's2-QcwwlnRHaCBKQvtVDUGtlhxwMzotfcTK');
define('LOG_PATH', './result.txt');
$input_json = file_get_contents('php://input');
if (empty($input_json)) {
echo 'error';
exit();
}
$inp = json_decode($input_json, true);
if (empty($inp)) {
echo 'error';
exit();
}
$signature = hash('sha256', BASIS_API_SECRET2 . $inp['user_id'].$inp['user_hash'].$inp['status'].
(isset($inp['autocheck_bad_reasons']) ? $inp['autocheck_bad_reasons'] : '').
(isset($inp['screening_status']) ? $inp['screening_status'] : ''));
if (file_exists(LOG_PATH)) {
file_put_contents(LOG_PATH, print_r($inp, 1). " ". $signature, FILE_APPEND | LOCK_EX);
} else {
file_put_contents(LOG_PATH, print_r($inp, 1). " ". $signature);
}
if ($signature == $inp['signature']) {
echo 'OK';
} else {
echo 'error';
}
?>
Comments
0 comments
Please sign in to leave a comment.