API Reference
API Reference
The MobbScan API Gateway aims to simplify integration with MobbScan by abstracting the onboarding process from the integrator. This REST API allows you to:
- Create a new onboarding process
- Retrieve information about an onboarding process
- Check the status of an onboarding process
- Accept or reject an onboarding process
- Obtain various evidence related to an onboarding process
Refer to the integration guide for more details on how to integrate MobbScan into your system.
Requests format
Unless stated otherwise, request formats should be sent in JSON format:
"Content-type" : "application/json"
Authentication
The API Gateway uses token-based authentication (JWT Authentication).
To authenticate with the system, the integrator needs to provide the generated API_KEY and API_SECRET.
The obtained access token should be sent in the header of the requests made to the API Gateway.
If the access token is not included in the requests, an error code 401 Not authorized will be returned.
The configured expiration time for the access token is 15 minutes. The expiration time is configurable depending on the integrator's requirements.
curl --location 'https://{GATEWAY-HOST}/auth/token' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
"api_key": "API_KEY",
"api_secret": "API_SECRET"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://{GATEWAY-HOST}/auth/token");
request.Headers.Add("Accept", "application/json");
var json = "{\"api_key\":\"API_KEY\",\"api_secret\":\"API_SECRET\"}";
request.Content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await client.SendAsync(request);
var responseBody = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseBody);
}
}
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;
public class Main {
public static void main(String[] args) throws Exception {
HttpClient client = HttpClient.newHttpClient();
String json = "{\"api_key\":\"API_KEY\",\"api_secret\":\"API_SECRET\"}";
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://{GATEWAY-HOST}/auth/token"))
.header("Accept", "application/json")
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(json))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/auth/token"
headers = {
"Accept": "application/json",
"Content-Type": "application/json"
}
data = {
"api_key": "API_KEY",
"api_secret": "API_SECRET"
}
response = requests.post(url, json=data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/auth/token';
const headers = {
'Accept': 'application/json',
'Content-Type': 'application/json'
};
const data = {
api_key: 'API_KEY',
api_secret: 'API_SECRET'
};
axios.post(url, data, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/auth/token";
$data = json_encode(["api_key" => "API_KEY", "api_secret" => "API_SECRET"]);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Accept: application/json",
"Content-Type: application/json"
]);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
The authentication endpoint can return the following responses:
| Code | Description | Comment |
|---|---|---|
| 400 | Bad Request. Usually means one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and formatted correctly in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect. | Ensure you are using the correct credentials (API Key and Secret), and that the JWT token is valid and has not expired. |
| 403 | Forbidden. The user does not have sufficient permissions to obtain the authentication token. | Verify that the user or client has the necessary permissions. If the issue persists, contact support to review the permissions. |
Generate onboarding process
Processes in the API Gateway are called Onboarding. Each onboarding process will be generated with a unique identifier called scanId, and a unique URL will be generated to redirect the user via iFrame or direct redirection to the onboarding process.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
This endpoint allows configuring different parameters to customize the onboarding process. Below is an example of the request structure:
{
"countryId": "string",
"docSpecificType": "string",
"docType": "string",
"redirectUrl": "string",
"scanId": "string",
"verificationExtraData": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}
The following are the fields of the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
countryId | string | Country identifier in ISO 3166-1 alpha-3 format (ESP, FRA, PRT, etc.). | No | ISO 3166-1 alpha-3 |
docType | string | Document type. Possible values: IDCard, Passport, DrivingLicense | No | Text |
docSpecificType | string | Specific document type in MobbScan. This parameter is used to send the specific document type (with MobbScan's nomenclature) directly without the need to send the country and type. | No | Text |
redirectUrl | string | URL to redirect the user to after completing the process. | No | URL |
scanId | string | Unique identifier for the onboarding process. This parameter allows the integrator to define the process identifier in the system. If not provided, the system will generate a new one. The format should be UUID. | No | UUID |
curl --location --request POST 'https://{GATEWAY-HOST}/onboarding' \
--header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
--header 'Content-Type: application/json' \
--data-raw '{
"countryId": "ESP",
"docType": "IDCard",
"redirectUrl": "https://example.com/redirect",
"scanId": "0e76e708-1dff-47d8-80fe-12b40043f86d",
"verificationExtraData": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/onboarding";
string accessToken = "<YOUR_ACCESS_TOKEN>";
var jsonData = @"{
\"countryId\": \"ESP\",
\"docType\": \"IDCard\",
\"redirectUrl\": \"https://example.com/redirect\",
\"scanId\": \"0e76e708-1dff-47d8-80fe-12b40043f86d\",
\"verificationExtraData\": {
\"additionalProp1\": \"string\",
\"additionalProp2\": \"string\",
\"additionalProp3\": \"string\"
}
}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
var content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/onboarding";
String accessToken = "<YOUR_ACCESS_TOKEN>";
String jsonData = "{"
+ "\"countryId\": \"ESP\","
+ "\"docType\": \"IDCard\","
+ "\"redirectUrl\": \"https://example.com/redirect\","
+ "\"scanId\": \"xxxx-xxxx-xxxx-xxxx\","
+ "\"verificationExtraData\": {"
+ "\"additionalProp1\": \"string\","
+ "\"additionalProp2\": \"string\","
+ "\"additionalProp3\": \"string\""
+ "}"
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/onboarding"
access_token = "<YOUR_ACCESS_TOKEN>"
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
json_data = {
"countryId": "ESP",
"docType": "IDCard",
"redirectUrl": "https://example.com/redirect",
"scanId": "0e76e708-1dff-47d8-80fe-12b40043f86d",
"verificationExtraData": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}
response = requests.post(url, json=json_data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/onboarding';
const accessToken = '<YOUR_ACCESS_TOKEN>';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
};
const jsonData = {
countryId: 'ESP',
docType: 'IDCard',
redirectUrl: 'https://example.com/redirect',
scanId: '0e76e708-1dff-47d8-80fe-12b40043f86d',
verificationExtraData: {
additionalProp1: 'string',
additionalProp2: 'string',
additionalProp3: 'string'
}
};
axios.post(url, jsonData, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/onboarding";
$accessToken = "<YOUR_ACCESS_TOKEN>";
$data = [
"countryId" => "ESP",
"docType" => "IDCard",
"redirectUrl" => "https://example.com/redirect",
"scanId" => "0e76e708-1dff-47d8-80fe-12b40043f86d",
"verificationExtraData" => [
"additionalProp1" => "string",
"additionalProp2" => "string",
"additionalProp3" => "string"
]
];
$headers = [
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for generating an onboarding process will be a JSON object with the following structure:
{
"scanId": "xxxx-xxxx-xxxx-xxxx",
"onboardingToken": "xxxx-xxxx-xxxx-xxxx",
"url": "https://{GATEWAY-HOST}/onboarding/0e76e708-1dff-47d8-80fe-12b40043f86d"
}
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
scanId | string | Unique identifier for the onboarding process. | UUID |
onboardingToken | string | Authentication token for the onboarding process. | UUID |
url | string | Unique URL to redirect the user to the onboarding process. | URL |
The onboarding process generation endpoint can return the following responses:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the onboarding process identifier, the authentication token, and the unique URL to redirect the user to the process. |
| 400 | Bad Request. Usually means one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and formatted correctly in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the requested resource. | Ensure you are using the correct credentials (API Key and Secret), that the JWT token is valid and has not expired, and that the process is valid. |
Get onboarding process information
This endpoint allows you to retrieve detailed information about a specific onboarding process. This data includes:
- Process status
- Creation date
- Agent who reviewed the process
- Reason for rejection (if applicable)
- Information extracted from the document
- Validations performed
- URLs of the generated evidence
- Additional process information
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request
The endpoint for retrieving onboarding process information requires the onboarding process identifier to be sent in the URL. Below is an example of the request structure:
GET /mobbscan-agent/getVerificationProcessData/verificationId HTTP/1.1
Host: {GATEWAY-HOST}
Authorization
Content-Type: application/json
The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining information about an onboarding process will be a JSON object with the following structure:
| Field | Type | Description | Format |
|---|---|---|---|
scanId | string | Unique identifier for the onboarding process. | UUID |
verificationResult | string | Result of the verification process. | Text |
licenseId | string | License identifier. | Text |
agent | string | Agent who reviewed the process. | Text |
document | object | Information extracted from the document. | Object |
images | array | URLs of the generated images. | Array |
recordings | array | URLs of the generated recordings. | Array |
extraParameters | array | Additional process information. | Array |
extraImages | array | URLs of additional generated images. | Array |
validations | object | Validations performed. | Object |
pdfUrl | string | URL of the generated PDF. | URL |
pdfChecksum | string | Checksum of the generated PDF. | Text |
rejectionReason | string | Reason for rejection. | Text |
comment | string | Comment. | Text |
creationTime | string | Creation date of the process. | Date |
verificationTime | string | Verification date of the process. | Date |
clientInfo | string | Client information. | Text |
certificatedZipUrl | string | URL of the certified zip file. | URL |
The document contains the following information:
| Field | Type | Description | Format |
|---|---|---|---|
documentType | string | Document type. | Text |
personalNumber | string | Personal number. | Text |
documentNumber | string | Document number. | Text |
name | string | Name. | Text |
surname | string | Surname. | Text |
firstSurname | string | First surname. | Text |
secondSurname | string | Second surname. | Text |
gender | string | Gender. | Text |
nationality | string | Nationality. | Text |
issuingState | string | Issuing state. | Text |
dateOfIssuing | string | Date of issuance. | Date |
dateOfBirth | string | Date of birth. | Date |
dateOfExpiry | string | Expiry date. | Date |
address | string | Address. | Text |
city | string | City. | Text |
region | string | Region. | Text |
cityOfBirth | string | City of birth. | Text |
regionOfBirth | string | Region of birth. | Text |
stateOfBirthName | string | Name of the state of birth. | Text |
stateOfBirthIsoCode | string | ISO code of the state of birth. | Text |
facialMatchingScore | string | Facial matching score. | Text |
facialLivenessScore | string | Facial liveness score. | Text |
mrz | string | Machine-readable zone information. | Text |
The endpoint for obtaining information about an onboarding process can return the following responses:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the detailed information of the onboarding process. |
| 400 | Bad Request. Usually means one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and formatted correctly in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the requested resource. | Ensure you are using the correct credentials (API Key and Secret), that the JWT token is valid and has not expired, and that the process is valid. |
Check onboarding process result
This endpoint allows you to check the status of an onboarding process. This endpoint allows you to verify if the onboarding process has been completed, is pending, or has been rejected.
Possible values for the verificationResult field are:
PENDING: The onboarding process is pending.VERIFIED: The onboarding process has been accepted.NOT_VERIFIED: The onboarding process has been rejected.CANCELLED: The onboarding process has been canceled.PENDING_VALIDATION: The onboarding process is pending validation.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request
The endpoint for retrieving onboarding process status requires the onboarding process identifier to be sent in the URL. Below is an example of the request structure:
GET /mobbscan-agent/checkVerificationProcessResult/verificationId HTTP/1.1
Host: {GATEWAY-HOST}
Authorization
Content-Type: application/json
The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for checking the status of an onboarding process will be a JSON object with the following structure:
{
"code": "OK",
"description": "CHECK_VERIFICATION_PROCESS_RESULT_SUCCESS",
"verificationResult": "VERIFIED|NOT_VERIFIED|PENDING|CANCELLED|PENDING_VALIDATION"
}
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
code | string | Response code. | Text |
description | string | Response description. | Text |
verificationResult | string | Result of the verification process. | Text |
Get images of onboarding process
This endpoint allows you to obtain the images generated during the onboarding process. The URLs of the available evidence are located in the images field of the response from the onboarding process information endpoint. This service allows you to retrieve the generated images in various formats:
- Plain text image in base64 format.
- JSON with the image information.
- Image in binary format.
Headers
Since the response from this endpoint can have different formats, you need to specify the desired format in the Accept header. Below are the available formats:
| Format | Description |
|---|---|
application/json | JSON with the image information. |
image/jpeg | Image in binary format. |
text/plain | Image in plain text in base64 format. |
Additionally, the authentication token must be sent in the Authorization header in the format Bearer <YOUR_ACCESS_TOKEN>
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | Response format. You should select one of the three formats specified above. |
Request
The endpoint for retrieving images of an onboarding process requires the onboarding process identifier to be sent in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining images of an onboarding process will depend on the format selected in the Accept header.
{
"timestamp": "2021-09-01T12:00:00Z",
"imageType": "",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"image": "/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA..."
}
/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA...
binary data here
Get recording of onboarding process
This endpoint allows you to obtain the recordings generated during the onboarding process. The URLs of the available evidence can be found in the recordings field of the response from the get onboarding process information endpoint.
This service allows you to obtain the generated recordings in different formats:
- Image in plain text in base64 format.
- JSON with the image information.
- Image in binary format.
Headers
Since the response from this endpoint can have different formats, it is necessary to specify the desired format in the Accept header. The available formats are shown below:
| Format | Description |
|---|---|
application/json | JSON with the image information. |
image/jpeg | Image in binary format. |
text/plain | Image in plain text in base64 format. |
Additionally, the authentication token must be sent in the Authorization header in the format Bearer <YOUR_ACCESS_TOKEN>.
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | Response format. You must select one of the three formats specified above. |
Request
The endpoint for obtaining images from an onboarding process requires the onboarding process identifier to be included in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining images of an onboarding process will depend on the format selected in the Accept header.
{
"timestamp": "2021-09-01T12:00:00Z",
"imageType": "",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"image": "/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA..."
}
/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA...
binary data here
Get certificated zip of onboarding process
This endpoint allows you to obtain the certificated zip file generated during the onboarding process. The certificated zip consists of the information extracted from the document, the images, and the recordings generated during the process all of which are signed and ensured their integrity.
The URL for the certificated zip file can be found in the certificatedZipUrl field of the response from the get onboarding process information endpoint. This zip file will only be available if the onboarding process has been successfully completed. To generate the certificated zip file, the integrator will need to request Mobbeel’s support team to enable this functionality.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| content-type | application/zip |
Request
The endpoint for obtaining the certificated zip file of an onboarding process requires the onboarding process identifier to be included in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/api/zip/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/api/zip/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/api/zip/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/api/zip/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/api/zip/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/api/zip/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request will be a certificated zip file containing the information of the onboarding process.
Get pdf of onboarding process
This endpoint allows you to obtain the PDF file generated during the onboarding process. The URL for the PDF file can be found in the pdfUrl field of the response from the get onboarding process information endpoint.
Headers
Since the response from this endpoint can have different formats, it is necessary to specify the desired format in the Accept header. The available formats are shown below:
| Format | Description |
|---|---|
application/json | JSON with the image information. |
image/jpeg | Image in binary format. |
text/plain | Image in plain text in base64 format. |
Additionally, the authentication token must be sent in the Authorization header in the format Bearer <YOUR_ACCESS_TOKEN>.
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | Response format. You must select one of the three formats specified above. |
Request
The endpoint for obtaining images from an onboarding process requires the onboarding process identifier to be included in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining images from an onboarding process will depend on the format selected in the Accept header.
{
"timestamp": "2021-09-01T12:00:00Z",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"pdfDocument": "/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA..."
}
/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA...
binary data here
Accept onboarding process
This endpoint allows you to accept an onboarding process. Once an onboarding process is accepted, it will transition to the VERIFIED state and cannot be modified afterward.
Additionally, the endpoint allows you to modify the user's information to send the updated details to the system. If the integrator only wants to modify a few fields, they can send only the fields they want to update.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
Below are the fields of the request:
| Field | Type | Description | Mandatory | Format |
|---|---|---|---|---|
personalData | object | User's personal information. | Yes | Object |
type | string | Type of verification. | Yes | Text |
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
The personalData object contains the following information:
| Field | Type | Description | Mandatory | Format |
|---|---|---|---|---|
address | string | Address. | Yes | Text |
city | string | City. | Yes | Text |
cityOfBirth | string | City of birth. | Yes | Text |
country | string | Country. | Yes | Text |
countryDocumentType | string | Document type of the country. | Yes | Text |
curp | string | CURP (Unique Population Registry Code). | Yes | Text |
dateOfBirth | string | Date of birth. | Yes | Date |
dateOfExpiry | string | Expiry date. | Yes | Date |
documentNumber | string | Document number. | Yes | Text |
gender | string | Gender. | Yes | Text |
mrz | string | Information from the machine-readable zone. | Yes | Text |
name | string | First name. | Yes | Text |
personalNumber | string | Personal number. | Yes | Text |
postCode | string | Postal code. | Yes | Text |
region | string | Region. | Yes | Text |
regionOfBirth | string | Region of birth. | Yes | Text |
firstSurname | string | First surname. | Yes | Text |
secondSurname | string | Second surname. | Yes | Text |
stateOfBirth | string | State of birth. | Yes | Text |
surname | string | Last name. | Yes | Text |
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/accept' \
--header 'Authorization: Bearer Token' \
--header 'Content-Type: application/json' \
--data-raw '{
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/accept";
string accessToken = "Token";
string jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"type\": \"AUTO\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
HttpContent content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/accept";
String accessToken = "Token";
String jsonData = String jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"type\": \"AUTO\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/accept"
access_token = "Token"
json_data = {
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.post(url, json=json_data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/accept';
const accessToken = 'Token';
const jsonData = {
personalData: {
address: "123 Fake Street",
city: "Sampletown",
cityOfBirth: "Sampletown",
country: "USA",
countryDocumentType: "Passport",
curp: "ABC123XYZ",
dateOfBirth: "1985-06-15",
dateOfExpiry: "2030-12-31",
documentNumber: "A1234567",
gender: "M",
mrz: "MRZDATAHERE",
name: "John",
personalNumber: "987654321",
postCode: "56789",
region: "Sample Region",
regionOfBirth: "Sample Region",
firstSurname: "Doe",
secondSurname: "Smith",
stateOfBirth: "Sample State",
surname: "Doe"
},
type: "AUTO",
verificationId: "{verificationId}"
};
axios.post(url, jsonData, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
})
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/accept";
$accessToken = "Token";
$jsonData = json_encode([
"personalData" => [
"address" => "123 Fake Street",
"city" => "Sampletown",
"cityOfBirth" => "Sampletown",
"country" => "USA",
"countryDocumentType" => "Passport",
"curp" => "ABC123XYZ",
"dateOfBirth" => "1985-06-15",
"dateOfExpiry" => "2030-12-31",
"documentNumber" => "A1234567",
"gender" => "M",
"mrz" => "MRZDATAHERE",
"name" => "John",
"personalNumber" => "987654321",
"postCode" => "56789",
"region" => "Sample Region",
"regionOfBirth" => "Sample Region",
"firstSurname" => "Doe",
"secondSurname" => "Smith",
"stateOfBirth" => "Sample State",
"surname" => "Doe"
],
"type" => "AUTO",
"verificationId" => "xxxx-xxxx-xxxx-xxxx"
], JSON_PRETTY_PRINT);
$headers = [ "Authorization: Bearer $accessToken", "Content-Type: application/json" ];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request to accept an onboarding process will be a JSON object with the following structure:
{
"status": "VERIFICATION_ACCEPTED",
"description": "Verification with id={verificationId} accepted successfully"
}
Below are the fields of the request:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Outcome of the acceptance process. | Text |
description | string | Description of the outcome of the acceptance process. | Text |
The possible responses to the onboarding process rejection request are as follows:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been completed successfully. | The response will contain the result of the rejection process. |
| 400 | Bad Request. This generally means that one or more required parameters are missing or incorrect. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect, or the user does not have access to the requested resource. | Make sure to use the correct credentials (API Key and Secret), and that the JWT token is valid and hasn't expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Make sure the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be accepted. | Ensure that the onboarding process has not been previously accepted or rejected. |
Reject onboarding process
This endpoint allows you to reject an onboarding process. When rejecting an onboarding process, it will move to the NOT_VERIFIED state and cannot be modified afterwards.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
The following are the fields of the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
rejectionComment | string | Reason for the rejection | Yes | Text |
type | string | Type of verification. | Yes | Text |
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/reject' \
--header 'Authorization: Bearer Token' \
--header 'Content-Type: application/json' \
--data-raw '{
"rejectionComment": "string",
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/reject";
string accessToken = "Token";
string jsonData = "{"
+ "\"rejectionComment\": \"string\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
HttpContent content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/reject";
String accessToken = "Token";
String jsonData = "{"
+ "\"rejectionComment\": \"string\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/reject"
access_token = "Token"
data = {
"rejectionComment": "string",
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.post(url, json=data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/reject';
const accessToken = 'Token';
const data = {
rejectionComment: "string",
type: "AUTO",
verificationId: "xxxx-xxxx-xxxx-xxxx"
};
axios.post(url, data, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
})
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/reject";
$accessToken = "Token";
$data = json_encode([ "rejectionComment" => "string", "type" => "AUTO", "verificationId" => "xxxx-xxxx-xxxx-xxxx" ]);
$headers = [ "Authorization: Bearer $accessToken", "Content-Type: application/json" ];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Result of the rejection process. | Text |
description | string | Description of the result of the rejection process. | Text |
The possible responses to the rejection request of an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the rejection process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be rejected. | Ensure that the onboarding process has not been accepted or rejected previously. |
Send onboarding process to review
The API allows setting up a process for automatic validation by the integrator. Based on these validations, the integrator will be able to accept, reject, or request manual review of the process. To do this, the integrator must notify the platform support team in advance to configure the automatic validations. In this case, the process will be in the PENDING_VALIDATION state until the integrator makes a decision. To send it for manual review, the integrator must call this endpoint.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
The following are the fields of the request
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/pending' \
--header 'Authorization: Bearer Token' \
--header 'Content-Type: application/json' \
--data-raw '{
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/pending";
string accessToken = "Token";
string jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
HttpContent content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/pending";
String accessToken = "Token";
String jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/pending"
access_token = "Token"
json_data = {
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.post(url, json=jsonData, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/pending';
const accessToken = 'Token';
const jsonData = {
personalData: {
address: "123 Fake Street",
city: "Sampletown",
cityOfBirth: "Sampletown",
country: "USA",
countryDocumentType: "Passport",
curp: "ABC123XYZ",
dateOfBirth: "1985-06-15",
dateOfExpiry: "2030-12-31",
documentNumber: "A1234567",
gender: "M",
mrz: "MRZDATAHERE",
name: "John",
personalNumber: "987654321",
postCode: "56789",
region: "Sample Region",
regionOfBirth: "Sample Region",
firstSurname: "Doe",
secondSurname: "Smith",
stateOfBirth: "Sample State",
surname: "Doe"
},
verificationId: "{verificationId}"
};
axios.post(url, jsonData, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
})
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/pending";
$accessToken = "Token";
$jsonData = json_encode([
"personalData" => [
"address" => "123 Fake Street",
"city" => "Sampletown",
"cityOfBirth" => "Sampletown",
"country" => "USA",
"countryDocumentType" => "Passport",
"curp" => "ABC123XYZ",
"dateOfBirth" => "1985-06-15",
"dateOfExpiry" => "2030-12-31",
"documentNumber" => "A1234567",
"gender" => "M",
"mrz" => "MRZDATAHERE",
"name" => "John",
"personalNumber" => "987654321",
"postCode" => "56789",
"region" => "Sample Region",
"regionOfBirth" => "Sample Region",
"firstSurname" => "Doe",
"secondSurname" => "Smith",
"stateOfBirth" => "Sample State",
"surname" => "Doe"
],
"verificationId" => "xxxx-xxxx-xxxx-xxxx"
], JSON_PRETTY_PRINT);
$headers = [ "Authorization: Bearer $accessToken", "Content-Type: application/json" ];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the onboarding process acceptance request will be a JSON object with the following structure:
{
"status": "UPDATED_VERIFICATION",
"description": "Verification with id={verificationId} accepted successfully"
}
The response to the onboarding process rejection request will be a JSON object with the following structure:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Result of the rejection process. | Text |
description | string | Description of the result of the rejection process. | Text |
The possible responses to the request for rejecting an onboarding process are as follows:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been completed successfully. | The response will contain the result of the rejection process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and correctly formatted in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret), that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be rejected. | Ensure that the onboarding process has not been accepted or rejected previously. |
Delete onboarding process
This endpoint allows you to delete an onboarding process. Once the onboarding process is deleted, it cannot be recovered.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request
The endpoint for deleting onboarding process requires the onboarding process identifier to be sent in the URL. The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
Below is an example of the request structure:
curl --location --request DELETE 'https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.DeleteAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.delete(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.delete(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
echo "Success: " . $response;
} else {
echo "Error: " . $response;
}
?>
Response
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Result of the rejection process. | Text |
description | string | Description of the result of the rejection process. | Text |
The possible responses to the rejection request of an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the rejection process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be rejected. | Ensure that the onboarding process has not been accepted or rejected previously. |
Notification Status Change
The integrator can receive notifications of the status change of an onboarding process through a webhook. To do so, they need to configure the URL of their server where the notifications will be sent.
Request Body
The body of the status change notification request will be a JSON object with the following structure:
{
"verificationId": "xxxx-xxxx-xxxx-xxxx",
"status": "xxxx",
}
Below are the fields for the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
status | string | New status of the onboarding process. | Yes | Text |
This webhook can include any headers that the integrator desires, such as Authorization, Content-Type, etc.
Below is an example of integrating a webhook on the integrator's server:
from flask import Flask, request
app = Flask(__name__)
@app.route('/webhook', methods=['POST'])
def webhook():
data = request.json
verificationId = data['verificationId']
status = data['status']
print(f"Verification Id: {verificationId}")
print(f"Status: {status}")
return '', 204
if __name__ == '__main__':
app.run(port=5000)
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class WebhookController {
@PostMapping("/webhook")
public ResponseEntity<Void> webhook(@RequestBody WebhookRequest request) {
String verificationId = request.getVerificationId();
String status = request.getStatus();
System.out.println("Verification Id: " + verificationId);
System.out.println("Status: " + status);
return ResponseEntity.noContent().build();
}
}
const express = require('express');
const app = express();
app.use(express.json());
app.post('/webhook', (req, res) => {
const { verificationId, status } = req.body;
console.log(`Verification Id: ${verificationId}`);
console.log(`Status: ${status}`);
// send 204 No Content status
res.status(204).end();
});
app.listen(5000, () => {
console.log('Server running on port 5000');
});
using Microsoft.AspNetCore.Mvc;
[Route("api/[controller]")]
[ApiController]
public class WebhookController : ControllerBase
{
[HttpPost("webhook")]
public IActionResult Webhook([FromBody] WebhookRequest request)
{
string verificationId = request.VerificationId;
string status = request.Status;
Console.WriteLine("Verification Id: " + verificationId);
Console.WriteLine("Status: " + status);
return NoContent();
}
}
public class WebhookRequest
{
public string VerificationId { get; set; }
public string Status { get; set; }
}
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class WebhookController extends Controller
{
public function webhook(Request $request)
{
$verificationId = $request->input('verificationId');
$status = $request->input('status');
\Log::info("Verification Id: " . $verificationId);
\Log::info("Status: " . $status);
return response()->noContent();
}
}
The possible states to which the integrator can subscribe are the following:
| State | Description |
|---|---|
PENDING_VERIFICATION | The onboarding process is pending verification. |
PENDING_VALIDATION | The onboarding process is pending validation by the integrator. This allows the integrator to decide whether to accept or reject the process automatically based on their defined criteria, before sending it for manual review if applicable. |
VERIFIED | The onboarding process has been successfully verified. |
NOT_VERIFIED | The onboarding process has been rejected. |
VIDEO_AVAILABLE | The onboarding process video is available. |