All Products
Search

This Product

    ID Verification:CREDENTIAL_DETECT

    Document Center

    ID Verification:CREDENTIAL_DETECT

    Last Updated:Dec 18, 2025

    This topic describes the credential detection API operation. This service analyzes credential images to detect risks, such as forgery, tampering, screen captures, and recaptures.

    API description

    • Operation name: CredentialVerifyIntl

    • Description: Analyzes credential images to detect risks, such as forgery, tampering, screen captures, and recaptures.

    • Request method: POST

    • Transport protocol: HTTPS

    • This API is subject to an exclusive queries per second (QPS) limit. For more information, see ID Verification server-side API QPS limits.

    • Endpoints:

      Note

      An internal network is a private communication network for Alibaba Cloud products within the same region. If your application server is deployed in an Alibaba Cloud region, you can use the VPC endpoint to access the ID Verification service for a more secure and stable network connection.

      Singapore

      • Public endpoint: cloudauth-intl.ap-southeast-1.aliyuncs.com

      • VPC endpoint: cloudauth-intl-vpc.ap-southeast-1.aliyuncs.com

    Note

    1. Credential detection is an AI-based prediction product. It achieves an accuracy rate of 90% on our internal test dataset. The actual accuracy may vary based on the scenario.

    2. Detecting edits in digitally synthesized images is more difficult. The service is more effective for images taken with a native camera than for digitally synthesized images.

    3. Do not rely solely on the credential detection result to verify the authenticity of a credential. Use it to supplement your review process or to make manual reviews more efficient.

    4. Credential detection is widely used in scenarios that require electronic document review, such as finance, payment acquiring, and E-commerce merchant onboarding. It effectively improves the efficiency of manual review. If you have requirements for other scenarios, contact your account manager.

    Online debugging and integration

    Note

    Before you debug and integrate, read Use OpenAPI Explorer to debug and integrate server-side API operations. This document explains how to call API operations on the OpenAPI platform and how to obtain the SDK and its sample code.

    You can debug this operation directly in OpenAPI Explorer. You can also generate SDK sample code for this operation.

    Request parameters

    The image specified by the ImageUrl or ImageFileObject parameter must meet the following requirements:

    • Image format: PNG, JPG, JPEG, BMP, and WebP.

    • Image dimensions: The height and width must be greater than 15 pixels and less than 8192 pixels. The aspect ratio must be less than 50.

      Note

      For best detection results, use an image with a height and width both greater than 500 pixels.

    • Image size: If you use a URL, the image cannot exceed 10 MB. If you use ImageFileObject, the image cannot exceed 3 MB.

      Note

      Large images can increase the API response time. Use an image that is smaller than 3 MB.

    Name

    Type

    Required

    Description

    Example

    CredType

    String

    Yes

    Credential type:

    • 03: Business qualification

    • 04: Transactional credential

    03

    CredName

    String

    Yes

    Credential name (use the numeric code):

    • Starts with 03, business qualification:

      • 0301: Business license of the Chinese mainland

    • Starts with 04, transactional credential:

      • 0401: Bank statement

      • 0402: Payslip

      • 0403: Utility bill

      • 0405: Credit card bill

      • 0499: Other

    Note

    To support more credential types, contact your account manager.

    0301

    ProductCode

    String

    Yes

    Call mode:

    • ANTI_FAKE_CHECK: Image quality and tampering detection.

    ANTI_FAKE_CHECK

    ImageUrl

    String

    Yes

    Important

    Specify either imageUrl or ImageFileObject.

    The URL of the image.

    None

    ImageFileObject

    InputStream

    The image input stream.

    None

    Response parameters

    Name

    Type

    Description

    Example

    RequestId

    String

    The request ID.

    130A2C10-B9EE-4D84-88E3-5384********

    Code

    String

    Return code.

    Important

    • This parameter indicates whether the API operation was called successfully. For more information about return codes, see the return codes section.

    • For the business verification result, check the fields in ResultObject.

    Success

    Message

    String

    A detailed description of the return code.

    success

    ResultObject

    Result

    String

    • 0: Low risk

    • 1: High risk

    • 2: Suspicious

    1

    RiskTag

    String

    Risk tags. Multiple tags are separated by commas (,). Valid values:

    • PS: Photoshopped image

    • SCREEN_PHOTO: Recaptured screen

    • SCREENSHOT: Screen capture

    • ORIGINAL_PHOTO: Non-original image

    PS

    RiskScore

    Map<String,String>

    The risk score predicted by the algorithm for the hit tag. The value ranges from 0 to 1. A value of 1 means a risk was detected. A value of 0 means no risk was detected.

    {
  "PS": "0.0211",
  "SCREEN_PHOTO": "0.0101",
  "SCREENSHOT": "0.0521",
  "ORIGINAL_PHOTO": "0.0861"
}

    MaterialInfo

    String

    Other information. This is a reserved field.

    Return codes

    HTTP status code

    Code

    Description

    200

    Success

    The request was successful.

    400

    MissingParameter

    A parameter cannot be empty.

    400

    Forbidden.ExceptionRepeatedInvoke

    The call was repeated abnormally.

    401

    InvalidParameter

    The parameter is invalid.

    401

    UnqualifiedPhoto

    The provided image is not usable.

    401

    ToolargeImage

    The provided image is too large.

    401

    DataDuplication

    The data is duplicate.

    403

    Forbidden.AccountAccessDenied

    Make sure that you have activated ID Verification and your account has no overdue payments.

    403

    Forbidden.RAMUserAccessDenied

    The Resource Access Management (RAM) user needs the AliyunAntCloudAuthFullAccess permission.

    500

    Forbidden.ExceptionDataSource

    The authoritative data source service is abnormal.

    500

    InternalError

    An internal system error occurred. Contact engineers for troubleshooting.