All Products
Search

This Product

    ID Verification:CheckResult

    Document Center

    ID Verification:CheckResult

    Last Updated:Apr 01, 2026

    This topic describes how to query authentication results by calling the CheckResult operation.

    API information

    • Operation name: CheckResult

    • Request method: HTTPS POST

    • Description: After you receive a callback notification, call this operation on your server to retrieve the corresponding authentication status and authentication data.

      Important

      By default, ID Verification stores verification results for 30 days and then automatically deletes them. Ensure you query your verification results within this 30-day period.

    • QPS limit: Each API has a dedicated QPS limit. For details, see QPS limits of ID Verification server-side APIs.

    • Service endpoints:

      Note

      • Benefits of internal network access: An internal network enables private communication between Alibaba Cloud services in the same region. If your application server is also in the same region, use the internal network endpoint to access the ID Verification service for a more secure and stable connection. 

      • Optimization for overseas access: Network conditions outside the Chinese mainland can be complex. To reduce latency and minimize request failures, optimize your integration by following the best practices in Server-side Network Latency Analysis and Optimization.

      Singapore

      • Public endpoint: cloudauth-intl.ap-southeast-1.aliyuncs.com

      • Internal endpoint: cloudauth-intl-vpc.ap-southeast-1.aliyuncs.com

      Indonesia

      • Public endpoint: cloudauth-intl.ap-southeast-5.aliyuncs.com

      • Internal endpoint: cloudauth-intl-vpc.ap-southeast-5.aliyuncs.com

      China (Hong Kong)

      • Public endpoint: cloudauth-intl.cn-hongkong.aliyuncs.com

      • Internal endpoint: cloudauth-intl-vpc.cn-hongkong.aliyuncs.com

      Malaysia (Kuala Lumpur)

      • Public endpoint: cloudauth-intl.ap-southeast-3.aliyuncs.com

      • Internal endpoint: cloudauth-intl-vpc.ap-southeast-3.aliyuncs.com

    Online Debugging and Integration

    Note

    Before you debug or integrate, read the Use OpenAPI to debug and integrate server-side APIs guide to understand how to call APIs on the OpenAPI platform and how to obtain the SDK.

    You can directly run this operation in OpenAPI Explorer to test it and generate SDK code examples for this operation. SDK code examples.

    Request parameters

    Name

    Type

    Required

    Description

    Example

    MerchantBizId

    String

    Yes

    A unique identifier that you define for your business. Use it to locate and troubleshoot issues later. The value must be a combination of up to 32 letters and digits. Ensure uniqueness.

    Note

    Alibaba Cloud does not check for uniqueness. To track requests effectively, ensure uniqueness.

    e0c34a77f5ac40a5aa5e6ed20c35****

    TransactionId

    String

    Yes

    The unique identifier for the authentication process. This value is from the response of the Initialize API.

    Important

    To prevent tampering, use the TransactionId returned by the Initialize API and stored on your server. Do not use the TransactionId from the client-side callback.

    hksb7ba1b28130d24e015d6********

    IsReturnImage

    String

    No

    Specify whether to return authentication images:

    • Y: Required

    • N: No (default)

    Y

    Response data

    Name

    Type

    Description

    Example

    HTTP Status Code

    Integer

    The HTTP status code.

    200

    HTTP Body

    RequestId

    String

    The request ID.

    130A2C10-B9EE-4D84-88E3-5384FF03****

    Code

    String

    Return to Code.

    Success

    Message

    String

    A detailed description of the returned code.

    success

    Result.Passed

    String

    The final authentication result. Valid values:

    • Y: Passed

    • N: Failed

    Y

    Result.SubCode

    String

    A description of the authentication result. For more information, see ResultObject.SubCode error codes.

    200

    Result.ExtFaceInfo

    String

    Results related to face liveness verification. For the JSON format, see the example on the right. For more information, see ExtFaceInfo.

    {
  "faceAttack": "N",
  "faceImg": "/9j/4AAQSkZJRgABAQAAAQqviV6oakp8...",
  "docVideoUrl": "https://aliyun-cloudauth.oss-aliyuncs.com/******.webm" 
}

    ExtFaceInfo

    Parameter

    Type

    Description

    Example value

    faceImg

    String

    The captured face image in Base64 format. This field is returned if the isReturnImage=Y parameter is set in the API request and the face scanning process completes successfully.

    Base64 format

    faceAttack

    String

    Indicates whether a liveness attack was detected. Valid values:

    • Y: Attack detected

    • N: No attack detected

    N

    docVideoUrl

    String

    The OSS download URL for the evidence preservation video.

    Note

    • The URL is valid for 15 minutes.

    • You can retrieve the URL multiple times within 30 minutes after authentication completes. After this period, the system automatically deletes the evidence video, which cannot be recovered. Download and save the file promptly.

    https://aliyun-cloudauth.oss-aliyuncs.com/******.webm

    faceAge

    String

    The estimated age of the person. This field is omitted if the prediction fails.

    30

    faceGender

    String

    The predicted gender based on the face image. This field is omitted if the prediction fails. Valid values:

    • M: Male

    • F: Female

    M

    faceAttackScore

    Double

    The likelihood of a fake face attack, predicted by the face recognition algorithm. A higher score indicates a greater likelihood of such an attack.

    The value ranges from 0 to 100.

    80

    guardRiskScore

    Double

    The likelihood of device risk, predicted by the Face Guard algorithm. A higher score indicates greater device risk.

    The value ranges from 0 to 100.

    90

    faceComparisonScore

    Double

    The face comparison score. This field is returned only when verification mode is used.

    The score ranges from 0 to 100. The system's default threshold is 90, but you can implement custom logic based on your business needs.

    90

    faceRegistrationResult

    String

    Indicates whether the face registration was successful. Valid values:

    • 1: Success

    • 0: Failure

    1

    faceRegistrationID

    String

    The face registration ID.

    This field is returned only if automatic registration is enabled and the face registration is successful.

    f5a9219aefd6*******c84c8f0ca592a

    duplicateFace

    String

    Information about any duplicate faces detected.

    If a duplicate face is found, this field contains the corresponding face ID, user ID, and comparison score from the face database.

    [
  {
    "faceGroupCode": "sg7****uzt",
    "faceId": "f5a921*******9e792ec84c8f0ca592a"
    "merchantUserId":"face0005",
    "score":93.26
  }
]

    deviceToken

    String

    The deviceToken for the Device Assistant. This field is returned when you fully integrate the Device Assistant module with the SDK. You can use this token to query the Device Assistant's server-side APIs to get device risk details.

    • Device Assistant is a paid service. For more information, see product billing.

    • This token is valid for 7 days and is not unique.

    e0c34a77f5ac40a5aa5e6ed20c35****

    Response codes

    HTTP status code

    Code

    Message description

    200

    Success

    Request successful.

    400

    MissingParameter

    Parameter cannot be empty.

    InvalidParameter

    Invalid parameter.

    TransactionIdInvalid

    Invalid Transaction ID.

    403

    Forbidden.RAMUserAccessDenied

    You need to grant the RAM user the AliyunAntCloudAuthFullAccess permission. For more information, see Authorize RAM users to access the service.

    Forbidden.AccountAccessDenied

    Ensure that you have activated ID verification and your account has no overdue payment.

    Throttling.Api

    API request is blocked due to throttling.

    404

    ProcessNotCompleted

    The entire authentication process is not completed.

    500

    InternalError

    Internal system error. Provide feedback to engineers for troubleshooting.

    503

    ServiceUnavailable

    The service is unavailable. Contact engineers for troubleshooting.

    ResultObject.SubCode error codes

    Error code

    Is the authentication record billed?

    Description and recommendations

    200

    Yes

    Authentication passed.

    204

    Yes

    The face comparison failed. The person may be different or the liveness photo is of low quality.

    205

    Yes

    There are risks associated with liveness detection.

    206

    Yes

    Business policy restriction.

    Note

    If safe mode is enabled, the service performs security checks on the device and environment used for authentication. If a potential threat is detected, the authentication fails. Remind the user to uninstall software or plug-ins such as multi-instance applications, app cloners, or virtual environments from their device. After the device is restored to its initial secure environment, ask the user to retry.

    233

    Yes

    A similar face was detected.