All Products
Search

This Product

    ID Verification:Initialize

    Document Center

    ID Verification:Initialize

    Last Updated:Feb 07, 2026

    This topic describes how to initiate an eKYC-PRO request by calling the Initialize operation.

    API information

    • API name: Initialize

    • Request method: HTTPS POST

    • Description: Before you start an eKYC-PRO verification, call this operation to obtain a transactionId. This ID is used to associate all API operations in the verification request.

    • This API operation has a dedicated QPS limit. For more information, see QPS limits for ID Verification server-side API operations.

    • Service endpoint:

      Note

      • Benefits of internal network access: An internal network is a private communication network between Alibaba Cloud products within the same region. If your business server is deployed in the corresponding Alibaba Cloud region, you can use the internal same-region endpoint to access the ID Verification service. This provides more secure and stable communication.

      • Optimization suggestions for access from outside China: Network environments outside China can be complex. To optimize your integration solution, reduce network latency, and minimize request failures, see Server-side network latency analysis and optimization.

      Singapore

      • Public network: cloudauth-intl.ap-southeast-1.aliyuncs.com

      • Internal network: cloudauth-intl-vpc.ap-southeast-1.aliyuncs.com

      Indonesia

      • Public network: cloudauth-intl.ap-southeast-5.aliyuncs.com

      • Internal network: cloudauth-intl-vpc.ap-southeast-5.aliyuncs.com

      China (Hong Kong)

      • Public network: cloudauth-intl.cn-hongkong.aliyuncs.com

      • Internal network: cloudauth-intl-vpc.cn-hongkong.aliyuncs.com

      Malaysia (Kuala Lumpur)

      • Internet endpoint: cloudauth-intl.ap-southeast-3.aliyuncs.com

      • Internal endpoint: cloudauth-intl-vpc.ap-southeast-3.aliyuncs.com

    Online debugging and integration

    Note

    Before you debug and integrate an API operation, see Debug and integrate server-side API operations using OpenAPI Explorer for information about how to call API operations and obtain SDKs and sample code in OpenAPI Explorer.

    You can use OpenAPI Explorer to directly run and debug this API operation and generate SDK code examples.

    Request parameters

    Name

    Type

    Required

    Description

    Example

    ProductCode

    String

    Yes

    The product plan to use. Set the value to:

    eKYC_PRO: This plan requires your users to complete the entire process of document recognition and liveness detection.

    eKYC_PRO

    SceneCode

    String

    No

    A custom verification scenario ID. You can use this ID to query related records in the console. The ID can be a combination of up to 10 letters, digits, and underscores.

    1234567890

    MerchantBizId

    String

    Yes

    A custom unique business ID used for troubleshooting. The ID can be a combination of up to 32 letters and digits. Make sure that the ID is unique.

    Note

    Alibaba Cloud servers do not check the uniqueness of this field's value. For better tracking, we strongly recommend that you ensure the uniqueness of this field.

    e0c34a77f5ac40a5aa5e6ed20c35****

    MetaInfo

    String

    Yes

    The MetaInfo environment parameter. You must call the getMetaInfo() function through the JS file to obtain it. For more information about how to obtain MetaInfo, see the client integration document for the corresponding platform.

    Important

    • Do not modify the return value. Pass it through directly.

    • The server-side uses this parameter to identify the mobile runtime environment and sends different verification URLs. Obtain this parameter from a real runtime environment as described in the function description.

    {
  "zimVer": "3.0.0",
  "appVersion": "1",
  "bioMetaInfo": "4.1.0:1150****,0",
  "appName": "com.aliyun.antcloudauth",
  "deviceType": "ios",
  "osVersion": "iOS 10.3.2",
  "apdidToken": "",
  "deviceModel": "iPhone9,1"
}

    MerchantUserId

    String

    Yes

    A custom user ID or another identifier for a specific user, such as a mobile phone number or email address. We strongly recommend that you desensitize the value of this field in advance, for example, by hashing the value.

    123456789

    Model

    String

    No

    The type of liveness detection to perform:

    • LIVENESS: Blinking liveness detection (default).

    • PHOTINUS_LIVENESS: Blinking liveness detection and color-based liveness detection (not supported on PCs).

    • SILENT: Passive liveness detection. This feature is currently supported only for Web SDK (Mobile / PC) integrations.

    Note

    For information about the supported SDK versions, see SDK release notes.

    PHOTINUS_LIVENESS

    DocType

    String

    Yes

    The document type.

    For a list of supported document codes, see the Document type table. For details about the Optical Character Recognition (OCR) return fields for each document type, see the Document OCR field table.

    Important

    Supported certificate types vary by region due to regional model limitations.

    • Singapore region: supports recognizing documents in the document type table.

    • Indonesia region: Supports the detection of Indonesian identity cards and global passports only (certificate type codes IDN01001 and GLB03002).

    • Malaysia region: supports only the detection of Malaysian ID cards and global passports (document type codes MYS01001 and GLB03002).

    GLB03001

    SecurityLevel

    String

    No

    The mode that represents different security levels of the verification flow. Valid values:

    • 01: Standard mode. This mode is applicable only to low-threat scenarios with restrictions on device information collection.

    • 02: Safe mode. A relatively strict mode (default).

      Note

      • Safe mode uses the new Device Guard module in the SDK to identify the security of the face-scanning environment based on device information. This effectively enhances the ability to intercept injection attacks. Enable this mode.

      • During development and testing, the environmental characteristics of a test device may cause Device Guard to assess it as a threat, which triggers a verification failure (Subcode 206). To improve testing efficiency, set the mode to '01 Standard mode' during the testing phase. When you go live, switch to '02 Safe mode' to enhance verification security.

    02

    IdThreshold

    String

    No

    The custom OCR quality detection threshold mode:

    • 0: Standard mode

    • 1: Strict mode

    • 2: Loose mode

    • 3: Disable quality detection (default)

    0

    IdSpoof

    String

    No

    Specifies whether to enable the document anti-spoofing feature:

    • Y: Enable

    • N: Disable (default)

    Y

    DocVideo

    String

    No

    Specifies whether to save a verification video.

    • N: No (default).

    • Y: A video of the user's face-scanning process (a 1 to 2 second video file) is collected during the verification and returned through the query API operation.

    Note

    Because the video file is large, the system may discard it if the network is unstable to prioritize the transmission of essential verification images.

    N

    CallbackUrl

    String

    No

    The webhook address for verification result notifications. The callback request method is GET by default. The webhook address must start with https. After the verification is complete, the platform sends a callback to this address and automatically adds the following fields:

    • transactionId

    • passed

    • subcode

    Warning

    • The system checks whether this address is accessible before the API operation is called. If the address is not accessible over the public network, a 400 error is returned.

    • The callback is executed immediately after the verification is complete, but may be delayed due to network issues. We recommend that you first receive the verification completion notification on the client and then call the query API operation to obtain the verification details.

    https://www.aliyun.com?callbackToken=100000****&transactionId=shaxxxx&passed=Y&subCode=200

    CallbackToken

    String

    No

    A security token that you generate for anti-replay and tamper-proofing checks.

    If you set this parameter, the CallbackToken field is included in the CallbackUrl webhook.

    NMjvQanQgplBSaEI0sL********

    AppQualityCheck

    String

    No

    Specifies whether to enable strict quality detection for faces.

    • Y: Enable (default)

    • N: Disable

    Important

    • This configuration requires client SDK support. If you enable this feature but the client SDK does not have the face quality detection module integrated, this configuration is treated as disabled.

    • The client SDK must be version 1.2.5 or later.

    N

    Pages

    String

    No

    The page collection configuration. Use a comma (,) to separate multiple pages. Valid values:

    • 01: The portrait side of the document (default).

    • 01,02: The portrait and back sides of the document.

      Note

      Only some certificate types support multi-page collection. For details, see Certificate types.

    01

    ShowGuidePage

    String

    No

    Specifies whether to display the guide page:

    • 1: Display (default)

    • 0: Do not display

    1

    LanguageConfig

    String

    No

    The custom language configurations. Convert the language configurations that you want to add to a JSON string based on the configuration template. Then, specify this parameter to add the custom language configurations. For more information, see Internationalization language and custom text support.

    Note

    This parameter is applicable only to the mobile integration mode of Web SDK. The PC mode is not supported.

    {
  "languageContent": {****},
  "ocrResultContent": {****},
  "supportedLanguage": [****],
  "titleTranslate": {****},
}

    StyleConfig

    String

    No

    The custom UI configurations. Convert the UI configurations that you want to add to a JSON string based on the configuration template. Then, specify this parameter to add the custom UI configurations. For more information, see IDV UI style customization.

    Note

    This parameter is applicable only to the mobile integration mode of Web SDK. The PC mode is not supported.

    {
  "guidepage:": {****}, 
  "ocrPage": {****},
  "ocrResultPage": [****],
  "facePage": {****},
}

    ReturnUrl

    String

    No

    The target address to which the user is redirected from the business page.

    Important

    This parameter is optional only when you use an iframe for encapsulation.

    https://www.alibabacloud.com

    ShowBlbumIcon

    String

    No

    In the document OCR step, specifies whether to display the album upload entry:

    • 1: Display (default)

    • 0: Do not display

    1

    ShowOcrResult

    String

    No

    In the document OCR step, specifies whether to display the recognition result page:

    • 1: Display (default)

    • 0: Do not display

    1

    ProcedurePriority

    String

    No

    When a compatibility issue occurs during verification on a mobile H5 page, specifies whether to allow a degraded processing method to be displayed.

    • url: Supports degradation. The verification URL is displayed on the page. The user can copy the URL to open it or switch to another browser to continue the verification (default).

    • keep: Does not support degradation. The error cause is returned directly, and the verification process ends.

    Note

    • This switch is not supported on PCs.

    • If the application scenario is to complete verification on a web page embedded in an app, we recommend that you set this parameter to keep to disallow URL degradation.

    url

    EditOcrResult

    String

    No

    Specifies whether users can edit information on the OCR recognition result page.

    • 1: Supported

    • 0: Not supported (default)

    0

    Authorize

    String

    No

    Specifies whether to enable authoritative data source verification to enhance document anti-spoofing. This parameter applies only when IdSpoof is set to Y.

    • T: Enable

    • F: Disable (default)

    Note

    • Supported document types: Chinese resident identity card (CHN01001), driver's license issued in the Chinese mainland (CHN02001), and Indonesian identity card (IDN01001). For Indonesian identity card data source verification, this feature works only when the document type is IDN01001 and the API is called from Indonesia. This feature is in public preview and is not yet available for direct integration. Contact us to get a demo.

    • Data transmission statement: Enabling this parameter means you agree to transmit the user's name and document number to authoritative data sources in the Chinese mainland or Indonesia (if the conditions above apply) for consistency verification.

    • Performance impact: Enabling this feature increases response time by about 1–2 seconds for Chinese resident identity card and driver's license APIs, and by 10–30 seconds for Indonesian identity card APIs. Adjust your timeout settings accordingly.

    • Verification results:

      • Subcode 212: Applies to Chinese resident identity card and driver's license APIs. Returned when verification results are inconsistent.

      • Subcode 202, 207, 209, 214, 215, 216, 217, 218: Apply to Indonesian identity card APIs. Indicate inconsistencies between personal information and submitted information. For details and recommendations, see ResultObject.SubCode error codes.

    T

    Mobile

    String

    No

    An Indonesian phone number. Must start with +62 followed by 9–11 digits. This parameter takes effect only when Authorize=T.

    Note

    This parameter is required only when Indonesian data sources are enabled.

    +6281293671234

    Return data

    Name

    Type

    Description

    Example

    HTTP status code

    Integer

    The HTTP status code.

    200

    HTTP body

    RequestId

    String

    The request ID.

    130A2C10-B9EE-4D84-88E3-5384FF0****

    Code

    String

    Return codes.

    Success

    Message

    String

    The detailed description of the return code.

    success

    Result.TransactionId

    String

    The unique identifier for the entire verification flow. This field is used for billing statistics and to initiate a CheckResult API operation request.

    Important

    • If an error occurs during the request, such as an invalid parameter, TransactionId is not returned.

    • Attach the TransactionId to the business ID of your current business flow and store it on the server-side. When calling CheckResult, retrieve this verification ID from your server-side storage to initiate the result query.

    • After you obtain the TransactionId or TransactionUrl, you must complete the verification within 30 minutes. After this period, the ID or URL will automatically become invalid and cannot be used for verification.

    hksb7ba1b28130d24e015d6********

    Result.TransactionUrl

    String

    The web verification URL. After verification, the user is redirected to the ReturnUrl specified in the request.

    Important

    • During integration, do not modify the TransactionUrl. Modifying it may cause the verification to fail.

    • To ensure a secure and effective verification process, the TransactionUrl can be used only once. Reusing the URL causes the verification to fail.

    • After you obtain the TransactionId or TransactionUrl, you must complete the verification within 30 minutes. The ID or URL expires after this period.

    https://www.alibabacloud.com/index.html?clientcfg=****

    Result.Protocol

    String

    The standard encryption protocol for verification.

    We recommend that you get this parameter and pass it to the client SDK. The SDK uses this parameter to reduce network interactions and support dynamic network switching, improving user experience.

    Note

    This field is required for H5 web integration using iframe embedding.

    hksb7ba1b28130d24e015d*********

    Return codes

    HTTP status code

    Code

    Description

    200

    Success

    Request successful.

    400

    MissingParameter

    Parameter cannot be empty.

    InvalidParameter

    Invalid parameter.

    401

    Forbidden.ExceptionRepeatedInvoke

    The number of repeated abnormal calls exceeds the limit.

    403

    Forbidden.RAMUserAccessDenied

    You need to grant the RAM user the AliyunAntCloudAuthFullAccess permission. For more information, see Authorize RAM users to access the service.

    Forbidden.AccountAccessDenied

    Ensure that you have activated ID verification and your account has no overdue payment.

    Throttling.Api

    API request is blocked due to throttling.

    500

    InternalError

    Internal system error. Provide feedback to engineers for troubleshooting.

    503

    ServiceUnavailable

    The service is unavailable. Contact engineers for troubleshooting.