ID Verification offers multiple integration modes. Each mode supports a different workflow depending on your use case.
Integration modes
Alibaba Cloud offers the following four integration modes. Choose the mode that best suits your use case:
Native App SDK Mode
Provides a client-side SDK and accompanying server-side APIs. Integrate the SDK into your native app so that end users can access Alibaba Cloud services directly. For SDK download links, see Client-side SDK Release Notes.
Web SDK Mode
Provides a Web SDK and accompanying server-side APIs for web application integration. End users access the service through mobile or desktop browsers. Due to browser environment differences, PC access is currently supported only for specific solutions. For details, see the integration guide for each solution.
WebView Embedded App Mode
Provides a Web SDK and accompanying server-side APIs for integration with your native app through an embedded browser (WebView). To ensure mobile H5 SDK compatibility, configure the required permissions for the WebView in your app, such as camera access and video autoplay.
Server-Side-Only (API) Mode
Provides server-side APIs to call services directly from your application server. Suitable for backend integration scenarios that do not require client-side interaction.
SDK integration steps
-
Activate service: Before you begin, ensure you have activated the ID Verification service. For details, see Activate ID Verification.
-
Getting Started: After selecting a product solution, refer to the documents in the corresponding Development Guide to complete the service registration.
-
Server-side initialization: Call the server-side initialization API
Initializeto obtain theTransactionId(the unique ID for the ID Verification service, used to link the APIs in an authentication request).NoteIn Web SDK integration, this step also returns a verification URL for client-side access.
-
Client-side integration: Integrate the SDK with your client application.
-
Obtain the verification result: Call the server-side query API
CheckResultto retrieve the corresponding verification status and verification information.
-
App integration sequence diagram
The app integration workflow includes the following four phases:
-
Get MetaInfo: The client-side SDK collects device environment information.
-
Server-side initialization: The application server calls an API to obtain the TransactionId.
-
Client-side verification: The SDK uses the TransactionId to perform user verification.
-
Result verification: The application server retrieves the final verification result.
MetaInfo supports fixed values passed in by the business, making Phase 1 an optional step. If you do not need to integrate the client SDK to obtain MetaInfo, you can skip Phase 1 and proceed directly to Phase 2.
We recommend integrating Phase 1. The MetaInfo dynamically obtained through the SDK contains more precise device environment information, which helps the server deliver a matching verification URL and provides complete client context during troubleshooting, improving issue resolution efficiency.
|
Step |
Interaction |
Description |
|
1 |
End user → Merchant app |
The end user initiates the business flow from the merchant app. |
|
2 |
Merchant app → Verification SDK |
The merchant app calls the SDK API to obtain device environment information (MetaInfo). |
|
3 |
Verification SDK → Merchant app |
The SDK returns the MetaInfo string. |
|
4 |
Merchant app → Application server |
The merchant app sends a verification request with the MetaInfo to the application server. |
|
5 |
Application server → Alibaba Cloud |
The application server calls the Initialize API and passes in the MetaInfo. |
|
6 |
Alibaba Cloud → Application server |
Alibaba Cloud returns the TransactionId, which is the unique ID for this verification flow. |
|
7 |
Application server → Merchant app |
The application server sends the TransactionId to the merchant app. |
|
8 |
Merchant app → Verification SDK |
The merchant app starts the SDK verification flow with the TransactionId. |
|
9 |
Verification SDK → Alibaba Cloud |
The SDK collects and uploads user verification materials (such as face images and ID documents) to the Alibaba Cloud server. |
|
10 |
Alibaba Cloud → Verification SDK |
The Alibaba Cloud server completes the verification and returns the result. |
|
11 |
Verification SDK → Merchant app |
The SDK notifies the merchant app of the verification status using a callback. |
|
12 |
Merchant app → Application server |
The merchant app requests the final verification result from the application server. |
|
13 |
Application server → Alibaba Cloud |
The application server calls the CheckResult API to query the result from the Alibaba Cloud server. |
|
14 |
Alibaba Cloud → Application server |
Alibaba Cloud returns the complete verification result and verification materials. |
|
15 |
Application server → Merchant app |
The application server processes the verification information and sends non-sensitive data back to the merchant app. |
|
16 |
Merchant app → End user |
The merchant app notifies the end user that the verification flow is complete. |
API description
|
API |
When to call |
Description |
|
Initialize |
Server-side initialization phase |
Returns the TransactionId, which is the unique ID for the verification flow. |
|
CheckResult |
Verification completion phase |
Returns the final verification status and verification materials. |
Web/H5 integration sequence diagram
H5 integration supports PC and mobile browsers. The key difference from app integration is that initialization returns a TransactionUrl (a link to the authentication page), which supports two methods: page redirection or iframe embedding.
The Web/H5 integration flow has four main stages:
-
Get MetaInfo: The Web SDK collects the end user's device environment context from the merchant's H5 page.
-
Server-side initialization: The application server calls the Alibaba Cloud initialization API to obtain the
TransactionIdthat identifies this authentication and the authentication page link (TransactionUrl) for frontend redirection or embedding. -
Client-side authentication: The merchant's H5 page loads the authentication link using page redirection or an iframe and guides the user through the authentication flow.
-
Result verification: The application server calls the result query API to retrieve the final authentication status and materials.
MetaInfo supports fixed values passed in by the business, making Phase 1 an optional step. If you do not need to integrate the client SDK to obtain MetaInfo, you can skip Phase 1 and proceed directly to Phase 2.
We recommend integrating Phase 1. The MetaInfo dynamically obtained through the SDK contains more precise device environment information, which helps the server deliver a matching verification URL and provides complete client context during troubleshooting, improving issue resolution efficiency.
|
Step |
Interaction |
Description |
|
1 |
End user → Merchant H5 page |
The end user starts the verification flow from a PC or mobile H5 page. |
|
2 |
Merchant H5 page → Verification SDK |
The merchant H5 page calls the Web SDK to obtain device environment information (MetaInfo). |
|
3 |
Verification SDK → Merchant H5 page |
The SDK returns the MetaInfo string. |
|
4 |
Merchant H5 page → Application server |
The merchant H5 page sends the MetaInfo to the application server. |
|
5 |
Application server → Alibaba Cloud |
The application server calls the Initialize API and passes in the MetaInfo. |
|
6 |
Alibaba Cloud → Application server |
Alibaba Cloud returns the TransactionId (the unique ID for the verification flow) and TransactionUrl. If you use iframe embedding, the Protocol is also returned. |
|
7 |
Application server → Merchant H5 page |
The application server sends the TransactionId and TransactionUrl to the merchant H5 page. |
|
8 |
Merchant H5 page → Verification SDK |
The merchant H5 page starts the SDK verification flow with the TransactionId (supports page redirection or iframe embedding). |
|
9 |
Verification SDK → Alibaba Cloud |
The SDK collects and uploads the user verification materials. |
|
10 |
Alibaba Cloud → Verification SDK |
Alibaba Cloud completes the verification and returns the result. |
|
11 |
Verification SDK → Merchant H5 page |
The SDK notifies the merchant H5 page of the verification status using a callback. |
|
12 |
Merchant H5 page → Application server |
The merchant H5 page requests the final verification result from the application server. |
|
13 |
Application server → Alibaba Cloud |
The application server calls the CheckResult API to query the verification result. |
|
14 |
Alibaba Cloud → Application server |
Alibaba Cloud returns the complete verification result and verification materials. |
|
15 |
Application server → Merchant H5 page |
The application server processes the verification information and sends non-sensitive data back to the merchant H5 page. |
API description
|
API |
When to call |
Description |
|
Initialize |
Server-side initialization phase |
|
|
CheckResult |
Verification completion phase |
Returns the final verification status and verification materials. |
App vs. web integration
|
Item |
App integration |
Web integration |
|
Initialization return value |
|
|
|
SDK integration method |
Native SDK (iOS/Android) |
Web SDK (JS) |
|
Verification page host |
Native app page |
PC/Mobile H5 webpage |
|
Page display method |
Rendered within the SDK |
Page redirection or iframe embedding |
|
Core server-side APIs |
|
|
API-only integration
-
Activate the ID Verification service. For details, see Activate ID Verification.
-
Integrate a solution by following the API documentation for the relevant product. The server-side-only mode supports the following solutions:
-
FACE_LIVENESS_MIN_PRO: liveness detection
-
FACE_IDU_MIN: liveness verification
-
FACE_COMPARE: face comparison
-
ID_OCR_MAX: ID document OCR
-
API basics
-
Request method: HTTPS POST
-
QPS limit: Each API has a dedicated QPS limit. For details, see QPS limits of ID Verification server-side APIs.
-
Service endpoints:
NoteBenefits of internal network access: An internal network is a private communication network between Alibaba Cloud products in the same region. If your application server is deployed in the same region, use the internal network endpoint for more secure and stable connectivity.
Singapore
Public endpoint:
cloudauth-intl.ap-southeast-1.aliyuncs.comInternal endpoint:
cloudauth-intl-vpc.ap-southeast-1.aliyuncs.com
Indonesia (Jakarta)
Public endpoint:
cloudauth-intl.ap-southeast-5.aliyuncs.comInternal endpoint:
cloudauth-intl-vpc.ap-southeast-5.aliyuncs.com
China (Hong Kong)
Public endpoint:
cloudauth-intl.cn-hongkong.aliyuncs.comInternal endpoint:
cloudauth-intl-vpc.cn-hongkong.aliyuncs.com
Malaysia (Kuala Lumpur)
Public endpoint:
cloudauth-intl.ap-southeast-3.aliyuncs.comInternal endpoint:
cloudauth-intl-vpc.ap-southeast-3.aliyuncs.com
Online debugging and integration
Before you debug or integrate, read the Use OpenAPI guide to understand how to call APIs on the OpenAPI platform and how to obtain the SDK.
You can run and debug the APIs directly in OpenAPI Explorer and generate SDK example code.