eKYC,Initialize - ID Verification - Alibaba Cloud Documentation Center

This topic describes how to initiate an eKYC request by calling the Initialize operation.

Initiate a verification request

Operation: Initialize

Endpoint: cloudauth-intl.cn-hongkong.aliyuncs.com

Request method: HTTPS POST

Description: Before starting the eKYC verification process, you can call this operation to obtain a transactionId , which connects all operations in the verification request.

QPS limit: This API is subject to an exclusive queries per second (QPS) limit. For more information, see ID Verification server-side API QPS limits.

Request parameters

Name	Type	Required	Description	Example
ProductCode	String	Yes	The product solution to be integrated. Valid value: eKYC: Use the eKYC product solution. Your users need to complete the entire process of document verification and liveness detection.	eKYC
SceneCode	String	No	Your custom verification scene ID, which is used to query related records by entering this scene ID in the console. The ID can be a combination of letters, digits, or underscores with a length of 10 characters.	1234567890
MerchantBizId	String	Yes	Your custom unique business identifier, which is used to locate and troubleshoot issues later. It can be a combination of letters and digits with a length of 32 characters. Make sure it is unique. Note Alibaba Cloud servers do not check the uniqueness of this field value. To better track issues, we strongly recommend that you ensure the uniqueness of this field.	e0c34a77f5ac40a5aa5e6ed20c35****
MetaInfo	String	Yes	The MetaInfo environment parameters, which need to be obtained through the client SDK. For more information, see the corresponding client integration documentation. Note No need to modify the return value, just pass it through directly.	`{ "zimVer": "3.0.0", "appVersion": "1", "bioMetaInfo": "4.1.0:1150****,0", "appName": "com.aliyun.antcloudauth", "deviceType": "h5", "osVersion": "iOS 10.3.2", "apdidToken": "", "deviceModel": "iPhone9,1" }`
MerchantUserId	String	Yes	Your custom user ID, or other identifiers that can identify specific users, such as phone numbers or email addresses. We strongly recommend that you pre-mask the value of this field, such as by hashing the value.	123456789
IdSpoof	String	No	Specifies whether to enable document tamper-proofing detection: Y: Enable N: Disable (default)	Y
DocType	String	Yes	document type. You can specify an 8-digit value to uniquely identify a document type. For more information, see the table below.	01000000
Authorize	String	No	Specifies whether to enable official database identity verification: T: Enable F: Disable (default) Note Currently only applicable to the second-generation resident ID cards in mainland China.	F
SecurityLevel	String	No	The mode representing different security levels of the authentication process. Valid values: 01: Standard mode. This mode is only applicable to low-threat scenarios with restrictions on device information collection. 02: Safe mode. A relatively strict mode (default). Note Safe mode uses the new Device Guard module in the SDK to identify the security of the face scanning environment and device. This effectively enhances interception of injection attacks. We strongly recommend selecting this mode.	02
IdThreshold	String	No	Custom OCR quality detection threshold mode: 0: Standard mode 1: Strict mode 2: Loose mode 3 (default): Disable quality detection	0
Model	String	No	The type of liveness detection to perform: LIVENESS (default): Blink action liveness detection. PHOTINUS_LIVENESS: Dual detection with blink action liveness and colorful liveness. PHOTINUS_FAR_NEAR_LIVENESS: Blink action + far/near + colorful liveness detection. (Only supported for App SDK or Flutter integrations based on the App SDK) Note For supported SDK versions, see SDK release notes. PC does not support dual detection with colorful liveness.	PHOTINUS_LIVENESS
DocVideo	String	No	Specifies whether to save a verification video. N: No (default). Y: A video of the user's face scanning process (a 1 to 2 second video file) is collected during authentication and returned through the query API operation. Note Because video files are large, the system may discard the video file if the network is unstable to prioritize the transmission of essential authentication images.	N
CallbackUrl	String	No	The callback URL for verification results. The default callback request method is GET, and the callback URL must start with https. After the verification is complete, the system sends callback requests to the callback URL and automatically adds the following fields to the callback requests: transactionId passed code subcode Warning Before the callback URL is used, the system checks whether the URL is accessible. If the URL is inaccessible over the Internet, status code 400 is returned.	https://www.aliyun.com?callbackToken=100000****&transactionId=shaxxxx&passed=Y&subCode=200
CallbackToken	String	No	The security token that is used for anti-duplication and anti-tampering verification. You can specify a custom value. If this value is set, the CallbackToken field will be included in the CallbackUrl callback.	NMjvQanQgplBSaEI0sL86WnQplB
AppQualityCheck	String	No	Specifies whether to enable strict face quality detection. Y (default): Enable N: Disable Important This configuration requires client SDK support. If you set it to Enable, but the client SDK does not integrate the face quality detection module, this configuration is treated as Disable. The client SDK version must be 1.2.5 or later.	N
DocPageConfig	String	No	JSON string array format: OCR_ID_BACK: Collect the back page Note Currently only supports mainland China ID card type	OCR_ID_BACK
ShowGuidePage	String	No	Specifies whether to display the guide page: 1 (default): Display 0: Do not display	1
DocScanMode	String	No	OCR document scanning mode: shoot (default): Take photo scan: Scan auto: Automatic switchover between photo/scan	shoot

Document types

DocType	Corresponding document
01000000	Global passport
00000006	Hong Kong Identity Card (2003 version)
00000008	Hong Kong Identity Card (2018 version)
00000007	Exit-Entry Permit for Travelling to and from Hong Kong and Macao
00000009	Mainland Travel Permits for Hong Kong and Macao Residents
000000011	Macao Identity Card
000000012	Mainland Travel Permit for Taiwan Residents
00000001	Second-generation resident ID card of mainland China

Response parameters

Name		Type	Description	Example
HTTP Status Code		Integer	HTTP status code.	200
HTTP Body	RequestId	String	The request ID.	130A2C10-B9EE-4D84-88E3-5384FF03****
	Code	String	The return code. For more information about return codes, see Return codes and messages.	success
	Message	String	The response message of the request.	success
	Result.TransactionId	String	The unique identifier for the entire authentication process. This field is used for billing statistics and for initiating CheckResult API operation requests. Important If an error occurs during the request, such as an invalid parameter, TransactionId is not returned. We recommend that you bind and store the TransactionId with your business process ID on the server. When calling CheckResult, retrieve this authentication ID from your server storage to initiate the result query. After you successfully obtain the TransactionId or TransactionUrl, you must complete the authentication within 30 minutes. After this period, the ID or URL automatically expires and cannot be used for authentication.	hksb7ba1b28130d24e015d6********

Return codes and messages

HTTP status code	Code	Message
200	Success	Request successful.
400	MissingParameter	Parameter cannot be empty.
400	InvalidParameter	Invalid parameter.
403	Forbidden.RAMUserAccessDenied	You need to grant the RAM user the AliyunAntCloudAuthFullAccess permission. For more information, see Authorize RAM users to access the service.
	Forbidden.AccountAccessDenied	Ensure that you have activated ID verification and your account has no overdue payment.
	Throttling.Api	API request is blocked due to throttling.
500	InternalError	Internal system error. Provide feedback to engineers for troubleshooting.