All Products
Search

This Product

    ID Verification:CheckResult

    Document Center

    ID Verification:CheckResult

    Last Updated:Dec 25, 2025

    This topic describes how to query the verification results of the eKYC solution by using the CheckResult operation.

    API description

    • API operation: CheckResult

    • Request method: HTTPS POST

    • Description: After you receive a callback notification, call this API operation on the server to retrieve the authentication status and materials.

      Important

      ID Verification service results are stored for 30 days by default. After this period, the system automatically deletes them. You must query the authentication results within 30 days of the authentication completion.

    • The API has a dedicated queries per second (QPS) limit. For more information, see ID Verification server-side API QPS limits.

    • Endpoints:

      Note

      The internal network is the communication network between Alibaba Cloud products within the same region. If your business server is deployed in the same Alibaba Cloud region as the ID Verification service, you can access the service through an internal endpoint for more secure and stable network communication.

      China (Hong Kong)

      • Public endpoint: cloudauth-intl.cn-hongkong.aliyuncs.com

      • Internal endpoint: cloudauth-intl-vpc.cn-hongkong.aliyuncs.com

    Online testing and integration

    Note

    Before you start debugging and integration, make sure that you have read the Use OpenAPI Explorer to debug and integrate server-side API operations document to understand how to call API operations on the OpenAPI platform and how to obtain SDKs and their code.

    You can use OpenAPI Explorer to directly call and debug this API operation, and generate SDK code examples.

    Request parameters

    Name

    Type

    Required

    Description

    Example

    MerchantBizId

    String

    Yes

    A unique business ID that you customize. It is used to track and troubleshoot issues. The ID can be a combination of letters and digits, and must be 32 characters in length. Make sure that the ID is unique.

    Note

    Alibaba Cloud servers do not check the uniqueness of this field. For better tracking, we strongly recommend that you ensure the uniqueness of this field.

    e0c34a77f5ac40a5aa5e6ed20c35****

    TransactionId

    String

    Yes

    The unique identifier for the entire authentication flow. You must call the Initialize API operation to obtain this value.

    Important

    To prevent tampering threats, this value must be the TransactionId stored on your server-side when you called the Initialize API operation. We do not recommend using the TransactionId from the client-side callback.

    hksb7ba1b28130d24e015d6********

    IsReturnImage

    String

    No

    Specifies whether to return authentication image materials.

    • Yes, it is required.

    • N: No (default)

    Y

    Response parameters

    Name

    Type

    Description

    Example

    HTTP Status Code

    Integer

    The HTTP status code.

    200

    HTTP Body

    RequestId

    String

    The request ID.

    130A2C10-B9EE-4D84-88E3-5384FF039795

    Code

    String

    The response code.

    Success

    Message

    String

    The detailed description of the response code.

    success

    Result.Passed

    String

    The final authentication result. Valid values:

    • Y: Passed

    • N: Failed

    Y

    Result.SubCode

    String

    The description of the authentication result. For more information, see Error codes for ResultObject.SubCode.

    200

    Result.ExtFaceInfo

    String

    The result information about face liveness verification. For the JSON format, see the example on the right. For more information, see ExtFaceInfo.

    {
  "faceAttack": "N",
  "faceComparisonScore": 99.99,
  "faceImg": "Base64 format",
  "facePassed": "Y",
  "faceQuality": 95.45,
  "faceOcclusion": "N"
   "docVideoUrl": "https://aliyun-cloudauth.oss-aliyuncs.com/******.webm" 
}

    Result.ExtIdInfo

    String

    The result information about certificate OCR.

    For the JSON format, see the example on the right. For more information, see ExtIdInfo.

    {
 "ocrIdInfo": {
   "expiryDate": "",
   "originOfIssue": "Exit and Entry Administration of the Ministry of Public Security",
   "englishName": "LI SI",
   "sex": "M",
   "name": "Li Si",
   "idNumber": "H11111112",
   "issueDate": "2013-01-02",
   "birthDate": "1990-02-21"
 },
 "ocrIdPassed": "N",
   "spoofInfo": {
   "spoofResult": "Y",
   "spoofType": [
     "SCREEN_REMARK"
   ]
 }
}

    Response codes

    HTTP status code

    Code

    Message

    200

    Success

    Request successful.

    400

    MissingParameter

    Parameter cannot be empty.

    InvalidParameter

    Invalid parameter.

    TransactionIdInvalid

    Invalid Transaction ID.

    403

    Forbidden.RAMUserAccessDenied

    You need to grant the RAM user the AliyunAntCloudAuthFullAccess permission. For more information, see Authorize RAM users to access the service.

    Forbidden.AccountAccessDenied

    Ensure that you have activated ID verification and your account has no overdue payment.

    Throttling.Api

    API request is blocked due to throttling.

    404

    ProcessNotCompleted

    The entire authentication process is not completed.

    500

    InternalError

    Internal system error. Provide feedback to engineers for troubleshooting.

    Error codes for ResultObject.SubCode

    Error code

    Is authentication record billed

    Description and suggested reasons

    200

    Yes

    Authentication passed.

    201

    Yes

    The name and ID card do not match in the official database. The user's information may be incorrect or false. Suggest the user verify and retry.

    202

    Yes

    Identity information not found in the official database. We recommend providing a manual review option.

    204

    Yes

    The liveness face and certificate photo do not match. This may be due to person-certificate mismatch or low quality of the liveness photo.

    205

    Yes

    Liveness detection indicates risk.

    206

    Yes

    Business policy restriction. When safe mode is enabled, security checks are performed on the authentication device and environment. If risks are detected, the authentication result will fail.

    You can troubleshoot using the following methods:

    1. Remind users to uninstall any multiple-instance, clone, virtual environment software or plugins on their device, restore the device to its initial secure state, and try again.

    2. Check if you are using a test demo package name. If so, change it to your business package name to avoid being blocked by engineering or service security policies.

    207

    Yes

    Face verification failed in the official database. This may be a different person or low quality of the liveness photo.

    209

    Yes

    Authoritative comparison source exception.

    212

    Yes

    Certificate anti-counterfeiting detection indicates risk. There may be high-risk operations such as rephotographing, tampering, or photocopying.

    ExtFaceInfo

    Name

    Type

    Description

    Example

    facePassed

    String

    Indicates whether the customer passes the face liveness verification. Valid values:

    • Y: Passed

    • N: Failed

    Y

    faceComparisonScore

    Double

    The similarity score between the captured face image and the face image on the document. The score ranges from 0 to 100.

    Note

    A higher score indicates a higher probability that the two faces belong to the same person. The default threshold is 90. You can customize the threshold based on your business sample data.

    99.99

    faceImg

    String

    The captured face image in the Base64 format. This parameter is returned if you set isReturnImage=Y in the request and the face scanning process is completed.

    Base64-encoded image

    faceAttack

    String

    Indicates whether a liveness attack was detected during face capture.

    Valid values:

    • Y: An attack was detected.

    • N: No attack was detected.

    N

    faceQuality

    Double

    The quality score of the face image. The score ranges from 0 to 100.

    99.99

    faceOcclusion

    String

    Indicates whether the face is occluded. Valid values:

    • Y: The face is occluded.

    • N: The face is not occluded.

    N

    docVideoUrl

    String

    The download URL of the evidence video in Object Storage Service (OSS).

    Note

    • The validity period for the URL of the evidence video is 15 minutes.

    • You can repeatedly query and obtain the evidence video within 30 minutes after the verification is complete. After 30 minutes, the system automatically deletes the video file and the video file cannot be restored. Download and save the video within the validity period.

    https://aliyun-cloudauth.oss-aliyuncs.com/******.webm

    faceAge

    String

    The predicted age of the individual based on the face image. If the prediction fails, this parameter is not returned.

    30

    faceGender

    String

    The predicted gender of the individual based on the face image. If the prediction fails, this parameter is not returned. Valid values:

    • M: Male

    • F: Female

    M

    authorityComparisonScore

    Double

    The similarity score between the captured face image and the face image from the official authoritative data source. The score ranges from 0 to 100.

    Note

    • A higher score indicates a higher probability that the two faces belong to the same person. The default threshold is 75. You can customize the threshold based on your business sample data.

    • This parameter is returned only if all the following conditions are met:

      • The document type is the second-generation resident identity card of the Chinese mainland.

      • The Authorize parameter is set to T in the Initialize operation request.

    99.99

    faceAttackScore

    Double

    The probability of a fake face attack predicted by the facial recognition algorithm. A higher score indicates a higher probability of a fake face.

    The score ranges from 0 to 100.

    80

    guardRiskScore

    Double

    The probability of device risk predicted by the face guard algorithm. A higher score indicates a higher device risk.

    The score ranges from 0 to 100.

    90

    ExtIdInfo

    Name

    Type

    Description

    Example

    ocrIdPassed

    String

    The final result of the certificate OCR phase.

    • Y: Passed

    • N: Failed

    N

    idImage

    String

    The certificate OCR photo in Base64 format. This field is returned if you set the isReturnImage parameter to Y in the request and the certificate OCR process is completed.

    Base64 format

    ocrIdInfo

    String

    The certificate OCR field information.

    Note

    If the certificate OCR process fails, this field is empty.

    {
   "expiryDate": "",
   "originOfIssue": "Exit and Entry Administration of the Ministry of Public Security",
   "englishName": "LI SI",
   "sex": "M",
   "name": "Li Si",
   "idNumber": "H11111112",
   "issueDate": "2013-01-02",
   "birthDate": "1990-02-21"
 }

    spoofInfo

    String

    The result of anti-counterfeiting detection, including the risk identification result and risk type:

    Note

    Card detection is enabled only when you set IdSpoof = Y in the Initialize operation.

    Otherwise, spoofResult returns N by default, and spoofType is empty.

    • spoofResult:

      • Y: Risk exists

      • N: Normal

    • spoofType:

      • SCREEN_REMARK: Recapture

      • PHOTO_COPY: Photocopy

      • TAMPER: Photoshop tampering

    {
 "spoofResult": "Y",
 "spoofType": ["SCREEN_REMARK"]
}

    ocrIdEditInfo

    String

    The certificate OCR field information submitted by the user after editing it on the OCR result page. This is returned when the client is configured to enable the OCR result editing page (ShowOcrResult).

    {
  "expiryDate": "2026-01-02",
  "originOfIssue": "Exit and Entry Administration of the Ministry of Public Security",
  "englishName": "ZHANG SAN",
  "sex": "M",
  "name": "Zhang San",
  "idNumber": "H11111115",
  "issueDate": "2013-01-02",
  "birthDate": "1990-02-21"
}

    idBackImage

    String

    The OCR photo of the back of the certificate, in Base64 format.

    Note

    This field is returned if you set the isReturnImage = Y parameter in the request and the certificate OCR process is completed.

    base64

    ocrIdBackInfo

    String

    The OCR field information from the back of the certificate.

    Important

    If the certificate OCR process fails, this field is empty. 

    {
   "originOfIssue": "Tanghe County Public Security Bureau",
   "issueDate": "20230102",
   "expireDate": "20330102"
 }

    spoofBackInfo

    String

    The result of certificate anti-spoofing detection, including the threat decision result and threat type:

    • spoofResult:

      • Y: Threat exists

      • N: Normal

    • spoofType:

      • SCREEN_REMARK: Screen recapture

      • PHOTO_COPY: Photocopy

      • TAMPER: PS tampering

    Note

    This is an algorithm prediction result. This field may not be returned. We recommend that you avoid setting necessary dependencies on it in your business.

    {
   "spoofResult": "Y",
   "spoofType": ["SCREEN_REMARK"]
}

    Field returned by document recognition

    Hong Kong (China) Identity Card

    Note

    Both the 2003 and 2018 versions of smart identity cards are supported.

    Field

    Type

    Description

    name

    String

    The name.

    englishName

    String

    The name in English.

    nameCode

    String

    The Chinese name code.

    sex

    String

    The gender. Valid values:

    • M: Male

    • F: Female

    birthDate

    String

    The date of birth.

    idNumber

    String

    The ID card number.

    currentIssueDate

    String

    The date of registration.

    firstIssueDate

    String

    The month and year of first registration.

    isPermanent

    String

    Indicates whether the identity card is a permanent resident identity card. Valid values:

    • Y: Yes

    • N: No

    symbols

    String

    The remarks. Example: "***AZ".

    Exit-Entry Permit for Traveling to and from Hong Kong and Macao

    Field

    Type

    Description

    name

    String

    The name.

    englishName

    String

    The romanized name.

    sex

    String

    The gender.

    birthDate

    String

    The date of birth.

    idNumber

    String

    The ID card number.

    issueDate

    String

    The issuance date.

    expiryDate

    String

    The expiration date.

    placeOfIssue

    String

    The issuance place.

    originOfIssue

    String

    The issuance authority.

    Mainland Travel Permit for Hong Kong and Macao Residents

    Field

    Type

    Description

    name

    String

    The name.

    englishName

    String

    The romanized name.

    sex

    String

    The gender.

    birthDate

    String

    The date of birth.

    idNumber

    String

    The ID card number.

    issueDate

    String

    The issuance date.

    expiryDate

    String

    The expiration date.

    originOfIssue

    String

    The issuance authority.

    Mainland Travel Permit for Taiwan Residents

    Field

    Type

    Description

    name

    String

    The name.

    englishName

    String

    The romanized name.

    sex

    String

    The gender.

    birthDate

    String

    The date of birth.

    idNumber

    String

    The ID card number.

    issueDate

    String

    The issuance date.

    expiryDate

    String

    The expiration date.

    originOfIssue

    String

    The issuance authority.

    placeOfIssue

    String

    The issuance place.

    Global passport

    Field

    Type

    Description

    surname

    String

    The surname.

    givenname

    String

    The given name.

    sex

    String

    The gender.

    birthDate

    String

    The date of birth.

    passportNo

    String

    The passport number.

    nationality

    String

    The nationality.

    expiryDate

    String

    The expiration date.

    countryCode

    String

    The country code.

    Macao (China) Resident Identity Card

    Field

    Type

    Description

    surnameCN

    String

    The surname in Chinese.

    givennameCN

    String

    The given name in Chinese.

    surname

    String

    The surname in English.

    givenname

    String

    The given name in English.

    sex

    String

    The gender.

    birthDate

    String

    The date of birth.

    idNumber

    String

    The ID card number.

    expiryDate

    String

    The expiration date.

    placeOfBirth

    String

    The code of the birthplace. Example: "AS".

    People's Republic of China Resident Identity Card

    Field

    Type

    Description

    name

    String

    The name.

    sex

    String

    The gender.

    ethnicity

    String

    The ethnicity.

    birthDate

    String

    The date of birth.

    idNumber

    String

    The ID card number.

    address

    String

    The address.

    province

    String

    The province of residence.

    Note

    This is a reserved field and is empty by default.

    city

    String

    The city of residence.

    Note

    This is a reserved field and is empty by default.

    originOfIssue

    String

    The issuance authority.

    issueDate

    String

    The issuance date.

    expiryDate

    String

    The expiration date.