eKYC_NDI_WEB_CheckResult - ID Verification - Alibaba Cloud Documentation Center

Call the CheckResult operation to query authentication results after receiving a callback notification.

API description

API operation name: CheckResult.
Request method: HTTPS POST
Description: After you receive a callback notification, you can call this API operation on the server-side to retrieve the authentication status and materials.
Important
By default, ID Verification stores verification results for 30 days and then automatically deletes them. Ensure you query your verification results within this 30-day period.
QPS limit: Each API has a dedicated QPS limit. For details, see QPS limits of ID Verification server-side APIs.
Endpoints:
Note
- Benefits of internal network access: An internal network enables private communication between Alibaba Cloud services in the same region. If your application server is also in the same region, use the internal network endpoint to access the ID Verification service for a more secure and stable connection.
- Optimization for overseas access: Network conditions outside the Chinese mainland can be complex. To reduce latency and minimize request failures, optimize your integration by following the best practices in Server-side Network Latency Analysis and Optimization.
China (Hong Kong)
- Public endpoint: cloudauth-intl.cn-hongkong.aliyuncs.com
- Internal endpoint: cloudauth-intl-vpc.cn-hongkong.aliyuncs.com

Online debugging and integration

Note

Before you debug or integrate, read the Debug and integrate server-side APIs with OpenAPI guide to understand how to call APIs on the OpenAPI platform and how to obtain the SDK.

You can run this API operation in OpenAPI Explorer to debug it and generate an SDK code sample.

Request parameters

Name	Type	Required	Description	Example
MerchantBizId	String	Yes	A unique business identifier that you customize. Use it to track and troubleshoot issues. The identifier must be a unique 32-character string of letters and digits. Note Alibaba Cloud servers do not check the uniqueness of this field. To improve tracking, make sure that this field is unique.	e0c34a77f5ac40a5aa5e6ed20c35****
TransactionId	String	Yes	The unique identifier for the authentication process. This value is from the response of the Initialize API. Important To prevent tampering, use the TransactionId returned by the Initialize API and stored on your server. Do not use the TransactionId from the client-side callback.	hksb7ba1b28130d24e015d6********
IsReturnImage	String	No	Specifies whether to return authentication image materials: Yes: Required N: No (default)	Y

Returned data

Name		Type	Description	Example
HTTP Status Code		Integer	The HTTP status code.	200
HTTP Body	RequestId	String	The request ID.	130A2C10-B9EE-4D84-88E3-5384FF03****
	Code	String	Return code: For more information, see Server-side HTTP status codes.	Success
	Message	String	The detailed description of the response code.	success
	Result.Passed	String	The final authentication result. Valid values: Y: Passed N: Failed	Y
	Result.SubCode	String	The description of the authentication result. For more information, see Error codes for ResultObject.SubCode.	200
	Result.ExtFaceInfo	String	The result of the face liveness verification. For information about the JSON format, see the example on the right. For more information, see ExtFaceInfo.	`{ "faceAttack": "N", "faceImg": "/9j/4AAQSkZJRgABAQAAAQqviV6oakp8...", "faceQuality": 95.45, "faceOcclusion": "N", "docVideoUrl": "https://aliyun-cloudauth.oss-aliyuncs.com/******.webm" }`

ExtFaceInfo

Parameter	Type	Description	Example value
facePassed	String	The result of the liveness detection. Valid values: Y: Pass N: Fail	Y
faceImg	String	The Base64-encoded image of the captured face. This field is returned if the `isReturnImage=Y` parameter is set in the request and the face scan succeeds.	base64 format
faceAttack	String	Indicates whether a liveness attack was detected. Y indicates a detected attack, while N indicates no attack was detected.	N
faceQuality	Double	The quality score of the face for liveness detection. The value ranges from 0 to 100.	99.99
faceOcclusion	String	Indicates whether face occlusion was detected. Y indicates that occlusion is present, while N indicates it is not.	N
docVideoUrl	String	The OSS download URL for the forensics video. Note The URL for the forensics video is valid for 15 minutes. You can retrieve the URL multiple times within 30 minutes after the verification completes. After 30 minutes, the system automatically deletes the forensics video file. This file cannot be restored. Please download and save it promptly.	https://aliyun-cloudauth.oss-aliyuncs.com/******.webm
faceAge	String	The predicted age of the person. This field may not be returned if the prediction fails.	30
faceGender	String	The predicted gender based on the face image. This field may not be returned if the prediction fails. M: Male F: Female	M
authorityComparisonScore	Double	The comparison score between the captured face and the image from the authoritative data source. The value ranges from 0 to 100. Note A higher score indicates a higher probability that the two faces belong to the same person. The default threshold is 75. You can customize this threshold based on your business data samples.	99.99
faceAttackScore	Double	The predicted likelihood of a spoofing attack. A higher score indicates a greater likelihood of an attack. The value ranges from 0 to 100.	80
guardRiskScore	Double	The predicted likelihood of device risk, as determined by the Face Guard algorithm. A higher score indicates a greater device risk. The value ranges from 0 to 100.	90
deviceToken	String	The `DeviceToken` for Device Helper. This field is returned when the Device Helper module is fully integrated into the SDK. You can use this token to call the server-side APIs of Device Helper to get device risk details. Device Helper is a paid service. For more information, see product billing. This token is valid for 7 days and is not unique.	e0c34a77f5ac40a5aa5e6ed20c35****

Error codes for ResultObject.SubCode

Error code	Are authentication records billed?	Description, Cause, and Recommendation
200	Yes	The authentication passed.
201	Yes	The name and ID card number do not match the information in the official database. The user information may be incorrect or fake. Advise the user to confirm the information and try again. Note This error code is returned only when the certificate type verified by the product is a Chinese ID card and the authoritative verification feature is enabled.
202	Yes	The identity information cannot be found in the official database. Reserve an entry for manual review. Note This error code is returned only when the certificate type verified by the product is a Chinese ID card and the authoritative verification feature is enabled.
205	Yes	Liveness detection involves risks.
206	Yes	Limited by a business policy. After you enable safe mode, the system performs security checks on the authentication environment, such as the device. If a potential threat is detected, the authentication fails. You can troubleshoot the issue as follows: Advise the user to uninstall software or plug-ins such as multi-account, app-cloning, or virtual environment applications from the device. Then, restore the device to its initial secure environment and retry. Check whether you are using the package name of the test demo. If so, change it to your business package name. This prevents the request from being blocked by the security policy of the project or service.
207	Yes	Facial recognition against the official database failed. The person may not be the same, or the quality of the live photo is low. Note This error code is returned only when the certificate type verified by the product is a Chinese ID card and the authoritative verification feature is enabled.