FACE_VERIFY_Initialize - ID Verification - Alibaba Cloud Documentation Center

This topic describes how to call the Initialize operation to initiate a face liveness verification request.

Initiate a verification request

Operation: Initialize

Endpoint: cloudauth-intl.cn-hongkong.aliyuncs.com

Request method: HTTPS POST

Operation description: Before starting a verification process, you must call this operation to obtain a transaction ID for the different operations involved in the verification process.

QPS limit: This API is subject to an exclusive queries per second (QPS) limit. For more information, see ID Verification server-side API QPS limits.

Debug and integrate online

Note

Before you debug and integrate, read the Use OpenAPI Explorer to debug and integrate server-side API operations document. It explains how to call API operations on the OpenAPI platform and how to obtain the SDK and its sample code.

You can debug this operation in OpenAPI Explorer directly and generate SDK code examples for this operation.

Request parameters

Name	Type	Required	Description	Example
ProductCode	String	Yes	The product solution to be integrated. Valid value: FACE_VERIFY.	FACE_VERIFY
SceneCode	String	No	The custom verification scenario ID that you can use to query related records in the console. The ID can be a combination of letters, digits, and underscores. The ID can be up to 10 characters in length.	1234567890
MerchantBizId	String	Yes	The custom business ID that is used to locate and troubleshoot issues. The ID can be a combination of letters and digits. The ID can be up to 32 characters in length. Make sure that the ID is unique. Note ID Verification does not check the uniqueness of the value. For tracing purposes, we recommend that you specify a unique value.	e0c34a77f5ac40a5aa5e6ed20c35****
MetaInfo	String	Yes	The environment parameters of MetaInfo. You must obtain the parameters using the client SDK. For more information, see Android integration. Note You can pass the return value directly without modifying it.	`{ "appVersion": "1", "bioMetaInfo": "4.1.0:1150****,0", "appName": "com.aliyun.antcloudauth", "deviceType": "ios", "osVersion": "iOS 10.3.2", "apdidToken": "", "deviceModel": "iPhone9,1" }`
MerchantUserId	String	Yes	The custom user ID or other identifier that can identify a specific user, such as a mobile phone number or an email address. We strongly recommend that you desensitize the value of this parameter in advance, for example, by hashing the value.	123456789
FacePictureBase64	String	No	The Base64-encoded image. If you choose to use FacePictureBase64 to pass in the facial image, check the size of the image and avoid uploading an excessively large image.	/9j/4AAQSkZJRgABAQAASASBC****
FacePictureUrl	String	No	The URL of the facial image. The URL must be accessible over the Internet and start with HTTP or HTTPS. Note If you set ProductCode to FACE_VERIFY, you must specify at least one of the FacePictureBase64 and FacePictureUrl parameters.	https://cn-shanghai-aliyun-cloudauth-**.oss-cn-shanghai.aliyuncs.com/verify/**.jpeg
SecurityLevel	String	No	The mode representing different security levels of the authentication process. Valid values: 01: Standard mode. This mode is only applicable to low-threat scenarios with restrictions on device information collection. 02: Safe mode. A relatively strict mode (default). Note Safe mode uses the new Device Guard module in the SDK to identify the security of the face scanning environment and device. This effectively enhances interception of injection attacks. We strongly recommend selecting this mode.	02
Model	String	No	The type of liveness detection to perform: LIVENESS (default): Blink action liveness detection. PHOTINUS_LIVENESS: Dual detection with blink action liveness and colorful liveness. PHOTINUS_FAR_NEAR_LIVENESS: Blink action + far/near + colorful liveness detection. (Only supported for App SDK or Flutter integrations based on the App SDK) Note For supported SDK versions, see SDK release notes. PC does not support dual detection with colorful liveness.	PHOTINUS_LIVENESS
DocVideo	String	No	Specifies whether to save a verification video. N: No (default). Y: A video of the user's face scanning process (a 1 to 2 second video file) is collected during authentication and returned through the query API operation. Note Because video files are large, the system may discard the video file if the network is unstable to prioritize the transmission of essential authentication images.	N
CallbackUrl	String	No	The callback URL for verification results. The default request method for callbacks is GET. The callback URL must start with https. After the verification is complete, the system sends callback requests to the callback URL and automatically adds the following fields to the callback requests: transactionId passed code subcode Warning Before the callback URL is used, the system checks whether the URL is accessible. If the URL is inaccessible over the Internet, status code 400 is returned.	https://www.aliyun.com?callbackToken=100000****&transactionId=shaxxxx&passed=Y&subCode=200
CallbackToken	String	No	The security token that is used for anti-duplication and anti-tampering verification. You can specify a custom value. If you set this parameter, the CallbackToken field is included in the callback request to the CallbackUrl.	NMjvQanQgplBSaEI0sL86WnQplB
AppQualityCheck	String	No	Specifies whether to enable strict facial quality detection. Y: Enable (default) N: Disable Important This configuration requires client SDK support. If you set it to Enable, but the client SDK does not integrate the face quality detection module, this configuration is treated as Disable. The client SDK version must be 1.2.5 or later.	N

Response parameters

Name		Type	Description	Example
HTTP Status Code		Integer	The HTTP status code.	200
HTTP Body	RequestId	String	The ID of the request.	130A2C10-B9EE-4D84-88E3-5384FF039795
	Code	String	The return code. For more information about return codes, see Return codes and messages.	Success
	Message	String	The response message of the request.	success
	Result.TransactionId	String	The unique identifier for the entire authentication process. This field is used for billing statistics and for initiating CheckResult API operation requests. Important If an error occurs during the request, such as an invalid parameter, TransactionId is not returned. We recommend that you bind and store the TransactionId with your business process ID on the server. When calling CheckResult, retrieve this authentication ID from your server storage to initiate the result query. After you successfully obtain the TransactionId or TransactionUrl, you must complete the authentication within 30 minutes. After this period, the ID or URL automatically expires and cannot be used for authentication.	hksb7ba1b28130d24e015d6********

Return codes and messages

HTTP status code	Code	Message
200	Success	Request successful.
400	MissingParameter	Parameter cannot be empty.
400	InvalidParameter	Invalid parameter.
401	UnqualifiedPhoto	The uploaded image is unreadable or the image resolution does not meet requirements. We recommend changing the image. Ensure the photo is clear, has normal exposure, is complete without occlusion, and has no significant angle deviation.
	DataDuplication	Both Base64-encoded image and URL image address are provided. Choose only one of these parameters.
	ToolargeImage	The image size is too large. We recommend compressing the image or changing the upload method.
	DownloadTimeout	URL image download timeout.
	NoFaceDetected	No face detected in the uploaded image.
403	Forbidden.RAMUserAccessDenied	You need to grant the RAM user the AliyunAntCloudAuthFullAccess permission. For more information, see Authorize RAM users to access the service.
	Forbidden.AccountAccessDenied	Ensure that you have activated ID verification and your account has no overdue payment.
	Throttling.Api	API request is blocked due to throttling.
500	InternalError	Internal system error. Provide feedback to engineers for troubleshooting.