Synchronous call - CREDENTIAL_RECOGNITION - ID Verification

This topic describes the Credential Recognition API operation. This operation uses AI to extract key information from a credential image and detect forgery. This is a synchronous call, and the result is returned immediately after the operation is complete.

API information

API operation name: CredentialRecognition
Description: Extracts key information from a credential image and detects forgery using AI.
Request method: POST
Protocol: HTTPS
QPS limit: This API is subject to an exclusive queries per second (QPS) limit. For more information, see ID Verification server-side API QPS limits.
Endpoints:
Note
An internal network is a private communication network between Alibaba Cloud products in the same region. If your application server is deployed in an Alibaba Cloud region, you can use the internal endpoint to access the ID Verification service. This provides a more secure and stable network connection.
Singapore
- Public endpoint: cloudauth-intl.ap-southeast-1.aliyuncs.com
- Internal same-region endpoint: cloudauth-intl-vpc.ap-southeast-1.aliyuncs.com

Note

The credential forgery detection feature is an AI-based prediction product. It achieves a 90% accuracy rate on internal test datasets. The actual accuracy may vary because of differences in sample scenarios.
Detecting tampering in digitally synthesized images, such as those edited with software, is difficult. The detection is more effective for images captured by a native camera than for digitally synthesized images.
Do not use forgery detection as the sole method to verify credential authenticity. Use it as an auxiliary tool for review or to improve the efficiency of manual review.
Forgery detection is widely used in electronic document review scenarios, such as financial payment acquisition and e-commerce merchant onboarding, to improve manual review efficiency. If you require this feature for other scenarios, contact your account manager.

Online debugging and integration

Note

Before you debug and integrate, read the Use OpenAPI Explorer to debug and integrate server-side API operations document. It explains how to call API operations on the OpenAPI platform and how to obtain the SDK and its sample code.

You can debug this operation directly in OpenAPI Explorer, and generate SDK sample code for this operation.

Request parameters

The image provided for the CredentialOcrPictureBase64 or CredentialOcrPictureUrl parameter must meet the following requirements:

Image format: PNG, JPG, JPEG, BMP, and WebP.
Image dimensions: The width and height must each be greater than 15 pixels and less than 8192 pixels. The aspect ratio must be less than 50.
Note
For optimal results, we recommend that both the image width and height are greater than 500 pixels.
Image size: The image cannot exceed 10 MB if you use the CredentialOcrPictureUrl parameter, or 3 MB if you use the CredentialOcrPictureBase64 parameter.
Note
Large images can increase the response time. We recommend using images smaller than 3 MB.

Name	Type	Required	Description	Example
ProductCode	string	Yes	The value is fixed to CREDENTIAL_RECOGNITION.	CREDENTIAL_RECOGNITION
CredentialOcrPictureBase64	string	No	The Base64-encoded image. If you use this method, check the image size to ensure it is not too large.	-
CredentialOcrPictureUrl	string	No	The URL of the image. The URL must be an HTTP or HTTPS link that is accessible from the public network.	https://***
DocType	string	Yes	The credential type: 01: Transaction receipt. This includes images of various electronic bills, such as water, electricity, gas, and credit card bills. 03: Transaction record for a transfer.	01
OcrArea	string	Yes	The extraction type: 0101: Address and name module from an electronic bill. The address and name modules are extracted through intelligent analysis. 0301: Amount from a transaction record for a transfer.	0101
FraudCheck	string	Yes	Specifies whether to enable tampering detection. true: Enable false: Disable	true

Response parameters

Name		Type	Description	Example
HTTP Status Code		Integer	The HTTP status code.	200
HTTP Body	RequestId	String	The request ID.	130A2C10-B9EE-4D84-88E3-5384FF039****
	Result.TransactionId	String	The unique ID for the entire process.	hksb7ba1b28130d24e015d694361b****
	Code	String	Return codes. Important This parameter indicates whether the operation was called successfully. For more information about return codes, see Error codes. For the business verification result, see the fields in ResultObject.	Success
	Message	String	The response message.	success
	Result.Success	String	The extraction result: S: Success F: Failed	S
	Result.SubCode	String	A description of the verification result. For more information, see ResultObject.SubCode error codes.	200
	Result.ExtIdInfo	String	For the JSON format, see the example on the right. For more information, see Result.ExtIdInfo.	If the `OcrArea` request parameter is set to `0101`: `{ // If tampering detection is enabled (FraudCheck = true), spoofInfo is returned. "spoofInfo": { "spoofResult": "Y", "spoofType": "PS,SCREEN_PHOTO,ORIGINAL_PHOTO" }, "recInfo": { "address": "Yingfeng Street, Xiaoshan District, Hangzhou, Zhejiang Province***", "name": "John Doe" } }` If the `OcrArea` request parameter is set to `0301`: `{ // If tampering detection is enabled (FraudCheck = true), spoofInfo is returned. "spoofInfo": { "spoofResult": "Y", "spoofType": "PS,SCREEN_PHOTO,ORIGINAL_PHOTO" }, "recInfo": { "money": "$41.41" } }`

Return codes

HTTP status code	Code	Message description
200	Success	The request was successful.
400	MissingParameter	A parameter is empty.
400	InvalidParameter	The parameter is invalid.
403	Forbidden.RAMUserAccessDenied	The RAM user must be granted the AliyunAntCloudAuthFullAccess permission. For more information, see Grant permissions to a RAM user to access the service.
403	Forbidden.AccountAccessDenied	Your account has an overdue payment. Add funds to your account and try again.
403	Throttling.Api	The request is blocked by API throttling.
500	InternalError	An internal system error occurred. Contact engineers for troubleshooting.

ResultObject.SubCode error codes

Error code	Billed	Description and suggestion
200	Yes	Extraction successful.
213	Yes	No text was extracted.

Result.ExtIdInfo

Name

Type

Description

Example

recInfo

String

The extracted key information.

Note

If the extraction fails, this field is empty.

If the OcrArea request parameter is set to 0101:

{
  "address": "Yingfeng Street, Xiaoshan District, Hangzhou, Zhejiang Province, ***",
  "name": "Zhang San"
}

If the OcrArea request parameter is set to 0301:
```
{
  "money": "$41.41"
}
```

spoofInfo

String

The result of the credential anti-spoofing check. It includes the risk assessment result and risk type:

spoofResult:
- Y: Risk detected
- N: Normal
spoofType:
- PS: The image was edited with software.
- SCREEN_PHOTO: The image is a photo of a screen.
- SCREENSHOT: The image is a screenshot.
- ORIGINAL_PHOTO: The image is not the original one.

This result is returned when tampering detection is enabled (the FraudCheck request parameter is set to true).

{
  "spoofResult": "Y",
  "spoofType": [
    "PS"
  ]
}

API information

Singapore

Online debugging and integration

Request parameters

Response parameters

Return codes

ResultObject.SubCode error codes

Result.ExtIdInfo