API Reference
API Reference
The MobbScan API Gateway aims to simplify integration with MobbScan by abstracting the onboarding process from the integrator. This REST API allows you to:
- Create a new onboarding process
- Retrieve information about an onboarding process
- Check the status of an onboarding process
- Accept or reject an onboarding process
- Obtain various evidence related to an onboarding process
Refer to the integration guide for more details on how to integrate MobbScan into your system.
Requests format
Unless stated otherwise, request formats should be sent in JSON format:
"Content-type" : "application/json"
Authentication
The API Gateway uses token-based authentication (JWT Authentication).
To authenticate with the system, the integrator needs to provide the generated API_KEY and API_SECRET.
The obtained access token should be sent in the header of the requests made to the API Gateway.
If the access token is not included in the requests, an error code 401 Not authorized will be returned.
The configured expiration time for the access token is 15 minutes. The expiration time is configurable depending on the integrator's requirements.
curl --location 'https://{GATEWAY-HOST}/auth/token' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
"api_key": "API_KEY",
"api_secret": "API_SECRET"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://{GATEWAY-HOST}/auth/token");
request.Headers.Add("Accept", "application/json");
var json = "{\"api_key\":\"API_KEY\",\"api_secret\":\"API_SECRET\"}";
request.Content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await client.SendAsync(request);
var responseBody = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseBody);
}
}
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;
public class Main {
public static void main(String[] args) throws Exception {
HttpClient client = HttpClient.newHttpClient();
String json = "{\"api_key\":\"API_KEY\",\"api_secret\":\"API_SECRET\"}";
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://{GATEWAY-HOST}/auth/token"))
.header("Accept", "application/json")
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(json))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/auth/token"
headers = {
"Accept": "application/json",
"Content-Type": "application/json"
}
data = {
"api_key": "API_KEY",
"api_secret": "API_SECRET"
}
response = requests.post(url, json=data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/auth/token';
const headers = {
'Accept': 'application/json',
'Content-Type': 'application/json'
};
const data = {
api_key: 'API_KEY',
api_secret: 'API_SECRET'
};
axios.post(url, data, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/auth/token";
$data = json_encode(["api_key" => "API_KEY", "api_secret" => "API_SECRET"]);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Accept: application/json",
"Content-Type: application/json"
]);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
The authentication endpoint can return the following responses:
| Code | Description | Comment |
|---|---|---|
| 400 | Bad Request. Usually means one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and formatted correctly in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect. | Ensure you are using the correct credentials (API Key and Secret), and that the JWT token is valid and has not expired. |
| 403 | Forbidden. The user does not have sufficient permissions to obtain the authentication token. | Verify that the user or client has the necessary permissions. If the issue persists, contact support to review the permissions. |
Generate onboarding process
Processes in the API Gateway are called Onboarding. Each onboarding process will be generated with a unique identifier called scanId, and a unique URL will be generated to redirect the user via iFrame or direct redirection to the onboarding process.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
This endpoint allows configuring different parameters to customize the onboarding process. Below is an example of the request structure:
{
"countryId": "string",
"docSpecificType": "string",
"docType": "string",
"redirectUrl": "string",
"scanId": "string",
"userId": "string",
"groupId": "string",
"verificationExtraData": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}
The following are the fields of the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
countryId | string | Country identifier in ISO 3166-1 alpha-3 format (ESP, FRA, PRT, etc.). | No | ISO 3166-1 alpha-3 |
docType | string | Document type. Possible values: IDCard, Passport, DrivingLicense | No | Text |
docSpecificType | string | Specific document type in MobbScan. This parameter is used to send the specific document type (with MobbScan's nomenclature) directly without the need to send the country and type. | No | Text |
redirectUrl | string | URL to redirect the user to after completing the process. | No | URL |
scanId | string | Unique identifier for the onboarding process. This parameter allows the integrator to define the process identifier in the system. If not provided, the system will generate a new one. The format should be UUID. | No | UUID |
userId | string | A unique user identifier (for the enrollment in MobbID). | No | Text |
groupId | string | The identifier of the group to which the user will be added upon enrollement (in MobbID). | No | Text |
⚠️ Important: If the use case has a full server-to-server integration, the docType and countryId parameters are mandatory and no docSpecificType should be sent.
curl --location --request POST 'https://{GATEWAY-HOST}/onboarding/token' \
--header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
--header 'Content-Type: application/json' \
--data-raw '{
"countryId": "ESP",
"docType": "IDCard",
"redirectUrl": "https://example.com/redirect",
"scanId": "0e76e708-1dff-47d8-80fe-12b40043f86d",
"userId": "mobbid-example-id",
"groupId": "mobbid-example-group",
"verificationExtraData": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/onboarding/token";
string accessToken = "<YOUR_ACCESS_TOKEN>";
var jsonData = @"{
\"countryId\": \"ESP\",
\"docType\": \"IDCard\",
\"redirectUrl\": \"https://example.com/redirect\",
\"scanId\": \"0e76e708-1dff-47d8-80fe-12b40043f86d\",
\"userId\": \"mobbid-example-id\",
\"groupId\": \"mobbid-example-group\",
\"verificationExtraData\": {
\"additionalProp1\": \"string\",
\"additionalProp2\": \"string\",
\"additionalProp3\": \"string\"
}
}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
var content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/onboarding/token";
String accessToken = "<YOUR_ACCESS_TOKEN>";
String jsonData = "{"
+ "\"countryId\": \"ESP\","
+ "\"docType\": \"IDCard\","
+ "\"redirectUrl\": \"https://example.com/redirect\","
+ "\"scanId\": \"xxxx-xxxx-xxxx-xxxx\","
+ "\"userId\": \"mobbid-example-id\","
+ "\"grouId\": \"mobbid-example-group\","
+ "\"verificationExtraData\": {"
+ "\"additionalProp1\": \"string\","
+ "\"additionalProp2\": \"string\","
+ "\"additionalProp3\": \"string\""
+ "}"
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/onboarding/token"
access_token = "<YOUR_ACCESS_TOKEN>"
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
json_data = {
"countryId": "ESP",
"docType": "IDCard",
"redirectUrl": "https://example.com/redirect",
"scanId": "0e76e708-1dff-47d8-80fe-12b40043f86d",
"userId": "mobbid-example-id",
"groupId": "mobbid-example-group",
"verificationExtraData": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}
response = requests.post(url, json=json_data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/onboarding/token';
const accessToken = '<YOUR_ACCESS_TOKEN>';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
};
const jsonData = {
countryId: 'ESP',
docType: 'IDCard',
redirectUrl: 'https://example.com/redirect',
scanId: '0e76e708-1dff-47d8-80fe-12b40043f86d',
userId: "mobbid-example-id",
groupId: "mobbid-example-group",
verificationExtraData: {
additionalProp1: 'string',
additionalProp2: 'string',
additionalProp3: 'string'
}
};
axios.post(url, jsonData, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/onboarding/token";
$accessToken = "<YOUR_ACCESS_TOKEN>";
$data = [
"countryId" => "ESP",
"docType" => "IDCard",
"redirectUrl" => "https://example.com/redirect",
"scanId" => "0e76e708-1dff-47d8-80fe-12b40043f86d",
"userId" => "mobbid-example-id",
"groupId" => "mobbid-example-group",
"verificationExtraData" => [
"additionalProp1" => "string",
"additionalProp2" => "string",
"additionalProp3" => "string"
]
];
$headers = [
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for generating an onboarding process will be a JSON object with the following structure:
{
"token": "xxxx-xxxx-xxxx-xxxx",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"onboardingUrl": "https://{GATEWAY-HOST}/ui/start?onboardingToken=xxxx-xxxx-xxxx-xxxx"
}
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
token | string | Authentication token for the onboarding process. | UUID |
scanId | string | Unique identifier for the onboarding process. | UUID |
onboardingUrl | string | Unique URL to redirect the user to the onboarding process. | URL |
The onboarding process generation endpoint can return the following responses:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the onboarding process identifier, the authentication token, and the unique URL to redirect the user to the process. |
| 400 | Bad Request. Usually means one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and formatted correctly in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the requested resource. | Ensure you are using the correct credentials (API Key and Secret), that the JWT token is valid and has not expired, and that the process is valid. |
Get onboarding process information
This endpoint allows you to retrieve detailed information about a specific onboarding process. This data includes:
- Process status
- Creation date
- Agent who reviewed the process
- Reason for rejection (if applicable)
- Information extracted from the document
- Validations performed
- URLs of the generated evidence
- Additional process information
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request
The endpoint for retrieving onboarding process information requires the onboarding process identifier to be sent in the URL. Below is an example of the request structure:
GET /mobbscan-agent/getVerificationProcessData/verificationId HTTP/1.1
Host: {GATEWAY-HOST}
Authorization
Content-Type: application/json
The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/getVerificationProcessData/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining information about an onboarding process will be a JSON object with the following structure:
| Field | Type | Description | Format |
|---|---|---|---|
scanId | string | Unique identifier for the onboarding process. | UUID |
verificationResult | string | Result of the verification process. | Text |
licenseId | string | License identifier. | Text |
agent | string | Agent who reviewed the process. | Text |
document | object | Information extracted from the document. | Object |
images | array | URLs of the generated images. | Array |
recordings | array | URLs of the generated recordings. | Array |
extraParameters | array | Additional process information. | Array |
extraImages | array | URLs of additional generated images. | Array |
validations | object | Validations performed. | Object |
pdfUrl | string | URL of the generated PDF. | URL |
pdfChecksum | string | Checksum of the generated PDF. | Text |
rejectionReason | string | Reason for rejection. | Text |
comment | string | Comment. | Text |
creationTime | string | Creation date of the process. | Date |
verificationTime | string | Verification date of the process. | Date |
clientInfo | string | Client information. | Text |
certificatedZipUrl | string | URL of the certified zip file. | URL |
attachments | array | List of attachments related to the onboarding process. | Array |
The document contains the following information:
| Field | Type | Description | Format |
|---|---|---|---|
documentType | string | Document type. | Text |
personalNumber | string | Personal number. | Text |
documentNumber | string | Document number. | Text |
name | string | Name. | Text |
surname | string | Surname. | Text |
firstSurname | string | First surname. | Text |
secondSurname | string | Second surname. | Text |
gender | string | Gender. | Text |
nationality | string | Nationality. | Text |
issuingState | string | Issuing state. | Text |
dateOfIssuing | string | Date of issuance. | Date |
dateOfBirth | string | Date of birth. | Date |
dateOfExpiry | string | Expiry date. | Date |
address | string | Address. | Text |
city | string | City. | Text |
region | string | Region. | Text |
cityOfBirth | string | City of birth. | Text |
regionOfBirth | string | Region of birth. | Text |
stateOfBirthName | string | Name of the state of birth. | Text |
stateOfBirthIsoCode | string | ISO code of the state of birth. | Text |
facialMatchingScore | string | Facial matching score. | Text |
facialLivenessScore | string | Facial liveness score. | Text |
mrz | string | Machine-readable zone information. | Text |
The endpoint for obtaining information about an onboarding process can return the following responses:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the detailed information of the onboarding process. |
| 400 | Bad Request. Usually means one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and formatted correctly in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the requested resource. | Ensure you are using the correct credentials (API Key and Secret), that the JWT token is valid and has not expired, and that the process is valid. |
Check onboarding process result
This endpoint allows you to check the status of an onboarding process. This endpoint allows you to verify if the onboarding process has been completed, is pending, or has been rejected.
Possible values for the verificationResult field are:
PENDING: The onboarding process is pending.VERIFIED: The onboarding process has been accepted.NOT_VERIFIED: The onboarding process has been rejected.CANCELLED: The onboarding process has been canceled.PENDING_VALIDATION: The onboarding process is pending validation.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request
The endpoint for retrieving onboarding process status requires the onboarding process identifier to be sent in the URL. Below is an example of the request structure:
GET /mobbscan-agent/checkVerificationProcessResult/verificationId HTTP/1.1
Host: {GATEWAY-HOST}
Authorization
Content-Type: application/json
The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/checkVerificationProcessResult/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for checking the status of an onboarding process will be a JSON object with the following structure:
{
"code": "OK",
"description": "CHECK_VERIFICATION_PROCESS_RESULT_SUCCESS",
"verificationResult": "VERIFIED|NOT_VERIFIED|PENDING|CANCELLED|PENDING_VALIDATION",
"comment": "Agent X verified the process.", // Optional
"rejectionReason": "DOCUMENT EXPIRED" // Optional
}
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
code | string | Response code. | Text |
description | string | Response description. | Text |
verificationResult | string | Result of the verification process. | Text |
comment | string | Information about the verification. May be present only if the process is VERIFIED. | Text |
rejectionReason | string | Information about why the process is not verified. May be present if the process is NOT_VERIFIED. | Text |
Get images of onboarding process
This endpoint allows you to obtain the images generated during the onboarding process. The URLs of the available evidence are located in the images field of the response from the onboarding process information endpoint. This service allows you to retrieve the generated images in various formats:
- Plain text image in base64 format.
- JSON with the image information.
- Image in binary format.
Headers
Since the response from this endpoint can have different formats, you need to specify the desired format in the Accept header. Below are the available formats:
| Format | Description |
|---|---|
application/json | JSON with the image information. |
image/jpeg | Image in binary format. |
text/plain | Image in plain text in base64 format. |
Additionally, the authentication token must be sent in the Authorization header in the format Bearer <YOUR_ACCESS_TOKEN>
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | Response format. You should select one of the three formats specified above. |
Request
The endpoint for retrieving images of an onboarding process requires the onboarding process identifier to be sent in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/image/{imageType}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining images of an onboarding process will depend on the format selected in the Accept header.
{
"timestamp": "2021-09-01T12:00:00Z",
"imageType": "",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"image": "/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA..."
}
/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA...
binary data here
Get recording of onboarding process
This endpoint allows you to obtain the recordings generated during the onboarding process. The URLs of the available evidence can be found in the recordings field of the response from the get onboarding process information endpoint.
This service allows you to obtain the generated recordings in different formats:
- Image in plain text in base64 format.
- JSON with the image information.
- Image in binary format.
Headers
Since the response from this endpoint can have different formats, it is necessary to specify the desired format in the Accept header. The available formats are shown below:
| Format | Description |
|---|---|
application/json | JSON with the image information. |
image/jpeg | Image in binary format. |
text/plain | Image in plain text in base64 format. |
Additionally, the authentication token must be sent in the Authorization header in the format Bearer <YOUR_ACCESS_TOKEN>.
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | Response format. You must select one of the three formats specified above. |
Request
The endpoint for obtaining images from an onboarding process requires the onboarding process identifier to be included in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/{verificationId}/recording/{recordingType}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining images of an onboarding process will depend on the format selected in the Accept header.
{
"timestamp": "2021-09-01T12:00:00Z",
"imageType": "",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"image": "/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA..."
}
/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA...
binary data here
Get certificated zip of onboarding process
This endpoint allows you to obtain the certificated zip file generated during the onboarding process. The certificated zip consists of the information extracted from the document, the images, and the recordings generated during the process all of which are signed and ensured their integrity.
The URL for the certificated zip file can be found in the certificatedZipUrl field of the response from the get onboarding process information endpoint. This zip file will only be available if the onboarding process has been successfully completed. To generate the certificated zip file, the integrator will need to request Mobbeel’s support team to enable this functionality.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| content-type | application/zip |
Request
The endpoint for obtaining the certificated zip file of an onboarding process requires the onboarding process identifier to be included in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/api/zip/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/api/zip/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/api/zip/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/api/zip/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/api/zip/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/api/zip/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request will be a certificated zip file containing the information of the onboarding process.
Get pdf of onboarding process
This endpoint allows you to obtain the PDF file generated during the onboarding process. The URL for the PDF file can be found in the pdfUrl field of the response from the get onboarding process information endpoint.
Headers
Since the response from this endpoint can have different formats, it is necessary to specify the desired format in the Accept header. The available formats are shown below:
| Format | Description |
|---|---|
application/json | JSON with the image information. |
image/jpeg | Image in binary format. |
text/plain | Image in plain text in base64 format. |
Additionally, the authentication token must be sent in the Authorization header in the format Bearer <YOUR_ACCESS_TOKEN>.
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | Response format. You must select one of the three formats specified above. |
Request
The endpoint for obtaining images from an onboarding process requires the onboarding process identifier to be included in the URL. Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.GetAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.get(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.get(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/api/pdf/{verificationId}";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request for obtaining images from an onboarding process will depend on the format selected in the Accept header.
{
"timestamp": "2021-09-01T12:00:00Z",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"pdfDocument": "/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA..."
}
/9j/4AAQSkZJRgABAQEAYABgAAD/4QA6RXhpZgAATU0AKgAAAAgAA1EQAAEAAAABAQAAAFERAAQAAAABAAABAgABAA...
binary data here
Accept onboarding process
This endpoint allows you to accept an onboarding process. Once an onboarding process is accepted, it will transition to the VERIFIED state and cannot be modified afterward.
Additionally, the endpoint allows you to modify the user's information to send the updated details to the system. If the integrator only wants to modify a few fields, they can send only the fields they want to update.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
Below are the fields of the request:
| Field | Type | Description | Mandatory | Format |
|---|---|---|---|---|
personalData | object | User's personal information. | Yes | Object |
type | string | Type of verification. | Yes | Text |
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
The personalData object contains the following information:
| Field | Type | Description | Mandatory | Format |
|---|---|---|---|---|
address | string | Address. | Yes | Text |
city | string | City. | Yes | Text |
cityOfBirth | string | City of birth. | Yes | Text |
country | string | Country. | Yes | Text |
countryDocumentType | string | Document type of the country. | Yes | Text |
curp | string | CURP (Unique Population Registry Code). | Yes | Text |
dateOfBirth | string | Date of birth. | Yes | Date |
dateOfExpiry | string | Expiry date. | Yes | Date |
documentNumber | string | Document number. | Yes | Text |
gender | string | Gender. | Yes | Text |
mrz | string | Information from the machine-readable zone. | Yes | Text |
name | string | First name. | Yes | Text |
personalNumber | string | Personal number. | Yes | Text |
postCode | string | Postal code. | Yes | Text |
region | string | Region. | Yes | Text |
regionOfBirth | string | Region of birth. | Yes | Text |
firstSurname | string | First surname. | Yes | Text |
secondSurname | string | Second surname. | Yes | Text |
stateOfBirth | string | State of birth. | Yes | Text |
surname | string | Last name. | Yes | Text |
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/accept' \
--header 'Authorization: Bearer Token' \
--header 'Content-Type: application/json' \
--data-raw '{
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/accept";
string accessToken = "Token";
string jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"type\": \"AUTO\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
HttpContent content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/accept";
String accessToken = "Token";
String jsonData = String jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"type\": \"AUTO\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/accept"
access_token = "Token"
json_data = {
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.post(url, json=json_data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/accept';
const accessToken = 'Token';
const jsonData = {
personalData: {
address: "123 Fake Street",
city: "Sampletown",
cityOfBirth: "Sampletown",
country: "USA",
countryDocumentType: "Passport",
curp: "ABC123XYZ",
dateOfBirth: "1985-06-15",
dateOfExpiry: "2030-12-31",
documentNumber: "A1234567",
gender: "M",
mrz: "MRZDATAHERE",
name: "John",
personalNumber: "987654321",
postCode: "56789",
region: "Sample Region",
regionOfBirth: "Sample Region",
firstSurname: "Doe",
secondSurname: "Smith",
stateOfBirth: "Sample State",
surname: "Doe"
},
type: "AUTO",
verificationId: "{verificationId}"
};
axios.post(url, jsonData, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
})
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/accept";
$accessToken = "Token";
$jsonData = json_encode([
"personalData" => [
"address" => "123 Fake Street",
"city" => "Sampletown",
"cityOfBirth" => "Sampletown",
"country" => "USA",
"countryDocumentType" => "Passport",
"curp" => "ABC123XYZ",
"dateOfBirth" => "1985-06-15",
"dateOfExpiry" => "2030-12-31",
"documentNumber" => "A1234567",
"gender" => "M",
"mrz" => "MRZDATAHERE",
"name" => "John",
"personalNumber" => "987654321",
"postCode" => "56789",
"region" => "Sample Region",
"regionOfBirth" => "Sample Region",
"firstSurname" => "Doe",
"secondSurname" => "Smith",
"stateOfBirth" => "Sample State",
"surname" => "Doe"
],
"type" => "AUTO",
"verificationId" => "xxxx-xxxx-xxxx-xxxx"
], JSON_PRETTY_PRINT);
$headers = [ "Authorization: Bearer $accessToken", "Content-Type: application/json" ];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the request to accept an onboarding process will be a JSON object with the following structure:
{
"status": "VERIFICATION_ACCEPTED",
"description": "Verification with id={verificationId} accepted successfully"
}
Below are the fields of the request:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Outcome of the acceptance process. | Text |
description | string | Description of the outcome of the acceptance process. | Text |
The possible responses to the onboarding process rejection request are as follows:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been completed successfully. | The response will contain the result of the rejection process. |
| 400 | Bad Request. This generally means that one or more required parameters are missing or incorrect. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect, or the user does not have access to the requested resource. | Make sure to use the correct credentials (API Key and Secret), and that the JWT token is valid and hasn't expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Make sure the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be accepted. | Ensure that the onboarding process has not been previously accepted or rejected. |
Reject onboarding process
This endpoint allows you to reject an onboarding process. When rejecting an onboarding process, it will move to the NOT_VERIFIED state and cannot be modified afterwards.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
The following are the fields of the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
rejectionComment | string | Reason for the rejection | Yes | Text |
type | string | Type of verification. | Yes | Text |
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/reject' \
--header 'Authorization: Bearer Token' \
--header 'Content-Type: application/json' \
--data-raw '{
"rejectionComment": "string",
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/reject";
string accessToken = "Token";
string jsonData = "{"
+ "\"rejectionComment\": \"string\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
HttpContent content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/reject";
String accessToken = "Token";
String jsonData = "{"
+ "\"rejectionComment\": \"string\","
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/reject"
access_token = "Token"
data = {
"rejectionComment": "string",
"type": "AUTO",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.post(url, json=data, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/reject';
const accessToken = 'Token';
const data = {
rejectionComment: "string",
type: "AUTO",
verificationId: "xxxx-xxxx-xxxx-xxxx"
};
axios.post(url, data, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
})
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/reject";
$accessToken = "Token";
$data = json_encode([ "rejectionComment" => "string", "type" => "AUTO", "verificationId" => "xxxx-xxxx-xxxx-xxxx" ]);
$headers = [ "Authorization: Bearer $accessToken", "Content-Type: application/json" ];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Result of the rejection process. | Text |
description | string | Description of the result of the rejection process. | Text |
The possible responses to the rejection request of an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the rejection process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be rejected. | Ensure that the onboarding process has not been accepted or rejected previously. |
Send onboarding process to review
The API allows setting up a process for automatic validation by the integrator. Based on these validations, the integrator will be able to accept, reject, or request manual review of the process. To do this, the integrator must notify the platform support team in advance to configure the automatic validations. In this case, the process will be in the PENDING_VALIDATION state until the integrator makes a decision. To send it for manual review, the integrator must call this endpoint.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request Body
The following are the fields of the request
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/pending' \
--header 'Authorization: Bearer Token' \
--header 'Content-Type: application/json' \
--data-raw '{
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}'
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/pending";
string accessToken = "Token";
string jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
HttpContent content = new StringContent(jsonData, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync(url, content);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/pending";
String accessToken = "Token";
String jsonData = "{"
+ "\"personalData\": {"
+ "\"address\": \"123 Fake Street\","
+ "\"city\": \"Sampletown\","
+ "\"cityOfBirth\": \"Sampletown\","
+ "\"country\": \"USA\","
+ "\"countryDocumentType\": \"Passport\","
+ "\"curp\": \"ABC123XYZ\","
+ "\"dateOfBirth\": \"1985-06-15\","
+ "\"dateOfExpiry\": \"2030-12-31\","
+ "\"documentNumber\": \"A1234567\","
+ "\"gender\": \"M\","
+ "\"mrz\": \"MRZDATAHERE\","
+ "\"name\": \"John\","
+ "\"personalNumber\": \"987654321\","
+ "\"postCode\": \"56789\","
+ "\"region\": \"Sample Region\","
+ "\"regionOfBirth\": \"Sample Region\","
+ "\"firstSurname\": \"Doe\","
+ "\"secondSurname\": \"Smith\","
+ "\"stateOfBirth\": \"Sample State\","
+ "\"surname\": \"Doe\""
+ "},"
+ "\"verificationId\": \"xxxx-xxxx-xxxx-xxxx\""
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(jsonData, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/pending"
access_token = "Token"
json_data = {
"personalData": {
"address": "123 Fake Street",
"city": "Sampletown",
"cityOfBirth": "Sampletown",
"country": "USA",
"countryDocumentType": "Passport",
"curp": "ABC123XYZ",
"dateOfBirth": "1985-06-15",
"dateOfExpiry": "2030-12-31",
"documentNumber": "A1234567",
"gender": "M",
"mrz": "MRZDATAHERE",
"name": "John",
"personalNumber": "987654321",
"postCode": "56789",
"region": "Sample Region",
"regionOfBirth": "Sample Region",
"firstSurname": "Doe",
"secondSurname": "Smith",
"stateOfBirth": "Sample State",
"surname": "Doe"
},
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.post(url, json=jsonData, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/pending';
const accessToken = 'Token';
const jsonData = {
personalData: {
address: "123 Fake Street",
city: "Sampletown",
cityOfBirth: "Sampletown",
country: "USA",
countryDocumentType: "Passport",
curp: "ABC123XYZ",
dateOfBirth: "1985-06-15",
dateOfExpiry: "2030-12-31",
documentNumber: "A1234567",
gender: "M",
mrz: "MRZDATAHERE",
name: "John",
personalNumber: "987654321",
postCode: "56789",
region: "Sample Region",
regionOfBirth: "Sample Region",
firstSurname: "Doe",
secondSurname: "Smith",
stateOfBirth: "Sample State",
surname: "Doe"
},
verificationId: "{verificationId}"
};
axios.post(url, jsonData, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
})
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/pending";
$accessToken = "Token";
$jsonData = json_encode([
"personalData" => [
"address" => "123 Fake Street",
"city" => "Sampletown",
"cityOfBirth" => "Sampletown",
"country" => "USA",
"countryDocumentType" => "Passport",
"curp" => "ABC123XYZ",
"dateOfBirth" => "1985-06-15",
"dateOfExpiry" => "2030-12-31",
"documentNumber" => "A1234567",
"gender" => "M",
"mrz" => "MRZDATAHERE",
"name" => "John",
"personalNumber" => "987654321",
"postCode" => "56789",
"region" => "Sample Region",
"regionOfBirth" => "Sample Region",
"firstSurname" => "Doe",
"secondSurname" => "Smith",
"stateOfBirth" => "Sample State",
"surname" => "Doe"
],
"verificationId" => "xxxx-xxxx-xxxx-xxxx"
], JSON_PRETTY_PRINT);
$headers = [ "Authorization: Bearer $accessToken", "Content-Type: application/json" ];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
Response
The response to the onboarding process acceptance request will be a JSON object with the following structure:
{
"status": "UPDATED_VERIFICATION",
"description": "Verification with id={verificationId} accepted successfully"
}
The response to the onboarding process rejection request will be a JSON object with the following structure:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Result of the rejection process. | Text |
description | string | Description of the result of the rejection process. | Text |
The possible responses to the request for rejecting an onboarding process are as follows:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been completed successfully. | The response will contain the result of the rejection process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Check that all required parameters are included and correctly formatted in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret), that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be rejected. | Ensure that the onboarding process has not been accepted or rejected previously. |
Delete onboarding process
This endpoint allows you to delete an onboarding process. Once the onboarding process is deleted, it cannot be recovered.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request
The endpoint for deleting onboarding process requires the onboarding process identifier to be sent in the URL. The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
Below is an example of the request structure:
curl --location --request DELETE 'https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb";
string accessToken = "Token";
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken}");
client.DefaultRequestHeaders.Add("Accept", "application/json");
HttpResponseMessage response = await client.DeleteAsync(url);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
}
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb";
String accessToken = "Token";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + accessToken)
.header("Accept", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
import requests
url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb"
access_token = "Token"
headers = {
"Authorization": f"Bearer {access_token}",
"Accept": "application/json"
}
response = requests.delete(url, headers=headers)
print(response.json())
const axios = require('axios');
const url = 'https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb';
const accessToken = 'Token';
const headers = {
'Authorization': `Bearer ${accessToken}`,
'Accept': 'application/json'
};
axios.delete(url, { headers })
.then(response => console.log(response.data))
.catch(error => console.error(error));
<?php
$url = "https://{GATEWAY-HOST}/mobbscan-agent/api/verification/d80a9694-3250-4a4c-9169-385fd95e06fb";
$accessToken = "Token";
$headers = [
"Authorization: Bearer $accessToken",
"Accept: application/json"
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode >= 200 && $httpCode < 300) {
echo "Success: " . $response;
} else {
echo "Error: " . $response;
}
?>
Response
The following are the fields of the response:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Result of the rejection process. | Text |
description | string | Description of the result of the rejection process. | Text |
The possible responses to the rejection request of an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the rejection process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 409 | Conflict. The onboarding process is not in a valid state to be rejected. | Ensure that the onboarding process has not been accepted or rejected previously. |
Add attachment to onboarding process
This endpoint allows you to add an attachment to an onboarding process. The attachment can be any file that the integrator deems necessary for the verification process. The attachment must have a valid MIME type and must not exceed the size limit set by the platform. Below are the limits for the attachment:
| Field | Value |
|---|---|
| Max File Size | 5 MB |
| Allowed file types | pdf, jpg, jpeg, png, docx, doc, txt |
| Max Files per process | 3 |
| File name restrictions | Only alphanumeric characters, underscores, and hyphens are allowed. Spaces are not allowed. |
For customized limits, please contact the platform support team.
NOTE: The attachments are located by their name in the onboarding process. If an attachment with the same name already exists, it will be replaced by the new one independently of the file type.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | multipart/form-data |
Request
The endpoint for adding an attachment to an onboarding process requires the onboarding process identifier to be sent in the URL. The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
attachment | file | File to be attached to the onboarding process. | Yes | File |
name | string | Name of the attachment. | No | Text |
Below is an example of the request structure:
curl --location --request POST 'https://{GATEWAY-HOST}/api/attchachments/d80a9694-3250-4a4c-9169-385fd95e06fb' \
--header 'Authorization: Bearer Token' \
--form 'attachment=@/path/to/your/file.pdf' \
--form 'name=attachment_name'
Response
The response to the request to add an attachment to an onboarding process will be a JSON object with the following structure:
{
"code": "OK",
"description": "ATTACHMENT_UPLOADED_SUCCESSFULLY",
"scanId": "xxxx-xxxx-xxxx-xxxx",
"fileName": "attachment_name"
}
The response to the request to add an attachment to an onboarding process will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
code | string | Result of the attachment upload process. | Text |
description | string | Description of the result of the attachment upload process. | Text |
scanId | string | Unique identifier of the attachment scan. | UUID |
fileName | string | Name of the uploaded attachment. | Text |
The possible responses to the request to add an attachment to an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the attachment upload process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. It also means that the request is exceeding the limits set by the platform. | Verify that all required parameters are included and have the correct format in the request, and that the attachment does not exceed the limits set by the platform. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 404 | Not Found. The onboarding process with the specified identifier does not exist. | Ensure that the onboarding process identifier is correct and that the onboarding process exists. |
Get attachments of onboarding process
This endpoint allows you to retrieve the attachments info of an onboarding process. The response will contain a list of attachments with their details.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | application/json |
Request
The endpoint for retrieving the attachments of an onboarding process requires the onboarding process identifier to be sent in the URL. The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/api/attchachments/d80a9694-3250-4a4c-9169-385fd95e06fb' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
Response
The response to the request to retrieve the attachments of an onboarding process will be a JSON object with the following structure:
{
"attachments": [
{
"fileName": "file1",
"url": "/api/attachments/xxxx-xxxx-xxxx-xxxx/file1",
"date": "2025-07-15 15:17:07"
},
...
]
}
The response to the request to retrieve the attachments of an onboarding process will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
attachments | array | List of attachments of the onboarding process. Each attachment contains the following fields: | Array of objects |
fileName | string | Name of the attachment. | Text |
url | string | URL to download the attachment. | Text |
date | string | Date when the attachment was uploaded. | DateTime |
The possible responses to the request to retrieve the attachments of an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the list of attachments of the onboarding process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 404 | Not Found. The onboarding process with the specified identifier does not exist. | Ensure that the onboarding process identifier is correct and that the onboarding process exists. |
Download attachment of onboarding process
This endpoint allows you to download an attachment of an onboarding process. The response will contain the file content of the requested attachment.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | */* |
Request
The endpoint for downloading an attachment of an onboarding process requires the onboarding process identifier and the attachment name to be sent in the URL. The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
name | string | Name of the attachment to be downloaded. | Yes | Text |
Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/api/attchachments/d80a9694-3250-4a4c-9169-385fd95e06fb/file1' \
--header 'Authorization: Bearer Token' \
--header 'Accept: */*'
Response
The response to the request to download an attachment of an onboarding process will be the file content of the requested attachment.
binary data here
Add extra data to onboarding process
This endpoint allows you to add extra data to an onboarding process. The extra data can be any additional information that the integrator deems necessary for the verification process.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Content-Type | application/json |
Request body
The body of the request to add extra data to an onboarding process will be a JSON object with the following structure:
{
"verificationId": "xxxx-xxxx-xxxx-xxxx",
"extraData": {
"key1": "value1",
"key2": "value2"
}
}
The following are the fields of the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
extraData | object | Object containing the extra data to be added to the onboarding process. | Yes | JSON object |
Below is an example of the request structure:
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/addExtraVerificationProcessData' \
--header 'Authorization: Bearer Token' \
--header 'Content-Type: application/json' \
--data-raw '{
"verificationId": "xxxx-xxxx-xxxx-xxxx",
"extraData": {
"key1": "value1",
"key2": "value2"
}
}'
Response
The response to the request to add extra data to an onboarding process will be a JSON object with the following structure:
{
"status": "OK",
"description": "EXTRA DATA ADDED SUCCESSFULLY"
}
The response to the request to add extra data to an onboarding process will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
status | string | Result of the extra data addition process. | Text |
description | string | Description of the result of the extra data addition process. | Text |
The possible responses to the request to add extra data to an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the extra data addition process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 404 | Not Found. The onboarding process with the specified identifier does not exist. | Ensure that the onboarding process identifier is correct and that the onboarding process exists. |
Get extra data of onboarding process
This endpoint allows you to retrieve the extra data of an onboarding process. The response will contain the extra data added to the onboarding process.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | application/json |
Request
The endpoint for retrieving the extra data of an onboarding process requires the onboarding process identifier to be sent in the URL. The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
Below is an example of the request structure:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/getExtraVerificationProcessData/d80a9694-3250-4a4c-9169-385fd95e06fb' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
Response
The response to the request to retrieve the extra data of an onboarding process will be a JSON object with the following structure:
[
{
"key": "key_name",
"value": "value",
"verificationId": "xxxx-xxxx-xxxx-xxxx"
}
...
]
The response to the request to retrieve the extra data of an onboarding process will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
key | string | Key of the extra data added to the onboarding process. | Text |
value | string | Value of the extra data added to the onboarding process. | Text |
verificationId | string | Unique identifier of the onboarding process. | UUID |
The possible responses to the request to retrieve the extra data of an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the extra data of the onboarding process. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 404 | Not Found. The onboarding process with the specified identifier does not exist. | Ensure that the onboarding process identifier is correct and that the onboarding process exists. |
Delete attachment of onboarding process
This endpoint allows you to delete an attachment of an onboarding process. Once the attachment is deleted, it cannot be recovered.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | application/json |
Request
The endpoint for deleting an attachment of an onboarding process requires the onboarding process identifier and the attachment name to be sent in the URL. The fields of the request are detailed below:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
name | string | Name of the attachment to be deleted. | Yes | Text |
Below is an example of the request structure:
curl --location --request DELETE 'https://{GATEWAY-HOST}/api/attchachments/d80a9694-3250-4a4c-9169-385fd95e06fb/file1' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
Response
The response to the request to delete an attachment of an onboarding process will be a 204 No Content response, indicating that the attachment has been successfully deleted.
HTTP/1.1 204 No Content
The response to the request to delete an attachment of an onboarding process will not contain any content.
The possible responses to the request to delete an attachment of an onboarding process are the following:
| Code | Description | Comment |
|---|---|---|
| 204 | No Content. The request has been successfully completed and the attachment has been deleted. | The response will not contain any content. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
| 404 | Not Found. The onboarding process with the specified identifier or the attachment with the specified name does not exist. | Ensure that the onboarding process identifier and the attachment name are correct and that the onboarding process and the attachment exist. |
Search onboarding processes
This endpoint allows you to search for onboarding processes based on various criteria such as status, document number, date range and even extra data. The response will contain a list of onboarding processes that match the search criteria.
Headers
| Header | Description |
|---|---|
| Authorization | Authentication token in the format Bearer <YOUR_ACCESS_TOKEN> |
| Accept | application/json |
Request
The endpoint for searching onboarding processes will receive the filters as request parameters in the URL. The integrator will be able to filter by any of the most relevant fields of the onboarding process. To make the search as flexible as possible, the integrator can use also any of the extra data added to the onboarding process. Each filter applied will be combined with an AND operator, so the more filters applied, the more specific the search will be.
Parameters requirements
⚠️ Important: all parameters must be URL-encoded.
This request accepts multiple types of parameters and they can be categorized into three types:
- Filter parameters
- Sorting criteria parameters
- Pagination parameters
Filter parameters
Filter parameters define the criteria that the returned onboarding processes must meet. Each filter follows the structure <attributeId>[operator]=<value>, where:
attributeIdis the name of the attribute to filter by (e.g.,verificationId,creationTime).[operator]specifies the type of filter and can be[eq](equality),[in](inclusion in a set), or[between](range). If you omit this field the equality ([eq])operator will be used.<value>is the value to match, which can be a number, text, or an ISO 8601 datetime string.
Examples:
- Filter by a specific
verificationStatusvalue:verificationStatus=ACTIVATED_MANUAL, orverificationStatus[eq]=ACTIVATED_MANUALif you want to explicitly use the equallity filter. - Filter by multiple allowed
verificationStatusstatusses:verificationStatus[in]=ACTIVATED_AUTO&verificationStatus[in]=ACTIVATED_MANUAL. - Filter by a range of dates for the
verificationTimeattribute:verificationTime[between]=2024-01-1T13:30:45&verificationTime[between]=2025-01-1T13:30:45
There are two filters, creationTimeMax and creationTimeMin, that serve as an alias for creationTime[between]=<provided_datetime>&creationTime[between]=<provided_datetime>. You can use either of them.
Sorting parameters
Sorting parameters specify the ordering criteria that the server uses to return results. The format is sortingField=<attributeId>[ASC|DESC], where <attributeId> refers to the attribute used for sorting (e.g., verificationTime). [ASC] and [DESC] specify the direction: ascending or descending, respectively. If no direction is provided, descending order is assumed.
To resolve ties, you can specify additional sorting criteria. Regardless of the sorting fields you choose, you must include sorting by verificationId as the last sorting field to guarantee unique ordering and correct pagination.
⚠️ Important: The order in which you specify the
sortingField parameters directly determines the order of the results.
Examples:
- Sorting by ascending
verificationId:sortingField=verificationIdorsortingField=verificationId[ASC] - Sorting by ascending
creationTime(older first) andverificationId:sortingField=creationTime&sortingField=verificationId - Sorting by
verificationStatus, descendingcreationTimeandverificationId:sortingField=verificationStatus&sortingField=creationTime[DESC]&sortingField=verificationId
Pagination parameters
Finally, pagination parameters specify how to retrieve subsequent onboarding processes. Use the pageSize=<value> parameter to set the number of results per page, where <value> must be between 10 and 100. By default, a page size of 100 is used. Pagination is managed using cursor=<value> parameters, which work together with sortingField parameters.
For example, if you sort results by creationTime and verificationId using sortingField=creationTime&sortingField=verificationId, to get the next page you must include a cursor parameter: sortingField=creationTime&cursor=yyyy-MM-ddTHH:mm:ss&sortingField=verificationId&cursor=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx. This will return only the onboarding processes created after the specified cursors values. In practice, set each cursor parameter to the value of the corresponding field from the last item in the previous response.
Summary
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
creationTimeMax | string | Maximum creation date of the onboarding process. The date must be in ISO 8601 format (yyyy-MM-ddTHH:mm:ss). | No | DateTime (yyyy-MM-ddTHH:mm:ss) |
creationTimeMin | string | Minimum creation date of the onboarding process. The date must be in ISO 8601 format (yyyy-MM-ddTHH:mm:ss). | No | DateTime (yyyy-MM-ddTHH:mm:ss) |
sortingField | string | Specify the field to use to order the results. Multiple parameters of this kind are accepted | No | Text |
cursor | string | A cursor parameter accompanies each sortingField parameter to enable pagination. For the first page you do not need to specify it. | No | Text |
filterParam | string | The value of a specific field to filter by. | No | Text, boolean, number, ISO 8601 DateTime |
The following table shows some of the most relevant fields you can use to set filters.
| Field identifier | Type | Example |
|---|---|---|
verificationId | string (UUID) | d80a9694-3250-4a4c-9169-385fd95e06fb |
creationTime | string (DateTime) | 2025-02-07T09:54:28 |
verificationTime | string (DateTime) | 2025-02-07T09:54:28 |
verificationStatus | string (DateTime) | ACTIVATED_MANUAL |
personalNumber | string | 99999999R |
documentNumber | string | BAA000589 |
name | string | CARMEN |
surname | string | JOHN DOE |
firstSurname | string | JOHN |
secondSurname | string | DOE |
country | string (ISO 3166-1 alpha-3) | ESP |
licenseId | string (UUID) | a7366484-303f-4218-85bb-fec743f72011 |
For more specific queries regarding any other field, please consult the support team.
The attributes defined within the verificationExtraData part of the request of section Generate onboarding process can also be used as filters. Ensure you use the exact attribute names, respecting case sensitivity.
Basic examples
Request to obtain onboarding processes created between 2025-03-29T08:00:00 and 2026-03-29T08:00:00 that satify the requirement of having two verificationExtraData attributes, customerId and email, set to 123456789 and test@test.test, respectively.
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/api/verifications?creationTimeMin=2025-03-29T08:00:00&creationTimeMax=2026-03-29T08:00:00&customerId=123456789&email=test@test.test' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
Request to obtain onboarding processes created between the datetimes 2025-03-29T08:00:00 and 2026-03-29T08:00:00 whose verificationStatus is either REJECTED_MANUAL or REJECTED_AUTO.
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/api/verifications?creationTimeMin=2025-03-29T08:00:00&creationTimeMax=2026-03-29T08:00:00&verificationStatus%5Bin%5D=REJECTED_MANUAL&verificationStatus%5Bin%5D=REJECTED_AUTO' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
Example with custom sorting criteria and pagination
To retrieve onboarding processes sorted by both creationTime and verificationId, specify each field as a sortingField parameter. The last sortingField should always be verificationId because it guarantees uniqueness and, therefore, correct pagination:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/api/verifications?sortingField=creationTime&sortingField=verificationId' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
Use cursor parameters in your next request to retrieve subsequent onboarding processes. The first cursor value is the URL-encoded creationTime of the last verification from the previous response, and the second is its verificationId:
curl --location --request GET 'https://{GATEWAY-HOST}/mobbscan-agent/api/verifications?sortingField=creationTime&cursor=yyyyMM-ddTHH%3Amm%3Ass&sortingField=verificationId&cursor=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx' \
--header 'Authorization: Bearer Token' \
--header 'Accept: application/json'
Response
The response to the request to search onboarding processes will be a JSON object with the following structure:
[
{
"verificationId":"xxxx-xxxx-xxxx-xxxx",
"creationTime":"2025-08-05T12:04:27.000Z",
"verificationTime":null,
"verificationStatus":"PENDING_VERIFICATION"
}
...
]
The response to the request to search onboarding processes will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | UUID |
creationTime | string | Date and time when the onboarding process was created. | DateTime (yyyy-MM-ddTHH:mm:ss.sssZ) |
verificationTime | string | Date and time when the onboarding process was verified. | DateTime (yyyy-MM-ddTHH:mm:ss.sssZ) |
verificationStatus | string | Status of the onboarding process. Possible values are: CREATED, PENDING, PENDING_VALIDATION, ACTIVATED_AUTO, ACTIVATED_MANUAL, REJECTED_AUTO, REJECTED_MANUAL. | Text |
The possible responses to the request to search onboarding processes are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the list of onboarding processes that match the search criteria. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The credentials used to obtain the authentication token are incorrect or the user does not have access to the required resource. | Make sure to use the correct credentials (API Key and Secret) and that the JWT token is valid and has not expired, and that the process is valid. |
| 403 | Forbidden. The user does not have permission to perform the action. | Ensure that the user has the necessary permissions to perform the action. |
Notification Status Change
The integrator can receive notifications of the status change of an onboarding process through a webhook. To do so, they need to configure the URL of their server where the notifications will be sent.
Request Body
The body of the status change notification request will be a JSON object with the following structure:
{
"verificationId": "xxxx-xxxx-xxxx-xxxx",
"status": "xxxx",
}
Below are the fields for the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
verificationId | string | Unique identifier of the onboarding process. | Yes | UUID |
status | string | New status of the onboarding process. | Yes | Text |
This webhook can include any headers that the integrator desires, such as Authorization, Content-Type, etc.
Below is an example of integrating a webhook on the integrator's server:
from flask import Flask, request
app = Flask(__name__)
@app.route('/webhook', methods=['POST'])
def webhook():
data = request.json
verificationId = data['verificationId']
status = data['status']
print(f"Verification Id: {verificationId}")
print(f"Status: {status}")
return '', 204
if __name__ == '__main__':
app.run(port=5000)
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class WebhookController {
@PostMapping("/webhook")
public ResponseEntity<Void> webhook(@RequestBody WebhookRequest request) {
String verificationId = request.getVerificationId();
String status = request.getStatus();
System.out.println("Verification Id: " + verificationId);
System.out.println("Status: " + status);
return ResponseEntity.noContent().build();
}
}
const express = require('express');
const app = express();
app.use(express.json());
app.post('/webhook', (req, res) => {
const { verificationId, status } = req.body;
console.log(`Verification Id: ${verificationId}`);
console.log(`Status: ${status}`);
// send 204 No Content status
res.status(204).end();
});
app.listen(5000, () => {
console.log('Server running on port 5000');
});
using Microsoft.AspNetCore.Mvc;
[Route("api/[controller]")]
[ApiController]
public class WebhookController : ControllerBase
{
[HttpPost("webhook")]
public IActionResult Webhook([FromBody] WebhookRequest request)
{
string verificationId = request.VerificationId;
string status = request.Status;
Console.WriteLine("Verification Id: " + verificationId);
Console.WriteLine("Status: " + status);
return NoContent();
}
}
public class WebhookRequest
{
public string VerificationId { get; set; }
public string Status { get; set; }
}
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class WebhookController extends Controller
{
public function webhook(Request $request)
{
$verificationId = $request->input('verificationId');
$status = $request->input('status');
\Log::info("Verification Id: " . $verificationId);
\Log::info("Status: " . $status);
return response()->noContent();
}
}
The possible states to which the integrator can subscribe are the following:
| State | Description |
|---|---|
PENDING_VERIFICATION | The onboarding process is pending verification. |
PENDING_VALIDATION | The onboarding process is pending validation by the integrator. This allows the integrator to decide whether to accept or reject the process automatically based on their defined criteria, before sending it for manual review if applicable. |
VERIFIED | The onboarding process has been successfully verified. |
NOT_VERIFIED | The onboarding process has been rejected. |
VIDEO_AVAILABLE | The onboarding process video is available. |
S2S Integration
This section describes the S2S (Server-to-Server) integration specific endpoints for the Mobbscan API. S2S integration allows integrators to fully control the user experience, from the UI to the data capture process, without relying on Mobbscan's frontend.
Authentication
To authenticate the scan, detect and identity verification requests to the Mobbscan API, you need to use the onboarding-token obtained from the create onboarding process[#create-onboarding-process] endpoint. This token is used to authenticate the scan process steps and must be included in the headers of each request.
Start Scan Process
This endpoint allows you to start a new scan process for an onboarding process. With this endpoint, the integrator will send the necessary parameters for configuring the scan process.
Headers
| Header | Description |
|---|---|
| onboarding-token | Authentication token obtained from the create onboarding process endpoint in the format xxxx-xxxx-xxxx-xxxx |
| Accept | application/json |
Request
The endpoint for scanning a document will receive the following fields in the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
scanId | string | Unique identifier of the scan process. The scanId is generated when creating the onboarding process. | Yes | UUID |
clientVersion | string | Version of the client that is making the request. This is used for logging and debugging purposes. This client version should contain the sdk version, platform, browser, and operating system information for making easier detecting issues or getting statistics. | No | Text |
Below is an example of the request structure:
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/scan/start' \
--header 'onboarding-token: xxxx-xxxx-xxxx-xxxx' \
--header 'Accept: application/json' \
--form 'scanId="xxxx-xxxx-xxxx-xxxx"' \
--form 'clientVersion="sdk3.0.0_Web_PC_Chrome_111_Mac_10.15.7_Macintosh"'
Response
The response to the request to start a new scan process will be a JSON object with the following structure:
{
"code": "OK",
"description": "START_SCAN_SUCCESS",
"scanId": "xxxx-xxxx-xxxx-xxxx",
}
The response to the request to start a new scan process will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
code | string | Result of the scan process start. Possible values are: OK, ERROR. | Text |
description | string | Description of the result of the scan process start. Possible values are: START_SCAN_SUCCESS, ERROR_START_SCAN_FAILED. | Text |
scanId | string | Unique identifier of the scan process. The scanId is generated when creating the onboarding process. | UUID |
The possible responses to the request to start a new scan process are the following:
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the scan process start. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The token used to authenticate the request is incorrect or has expired. | Make sure to use the correct token and that it has not expired. |
| 500 | Internal Server Error. An error occurred on the server while processing the request. | This is a generic error and can be caused by various issues on the server side. |
Scan document
This endpoint allows you to scan a document for an onboarding process. The integrator should send both parties of the document (front and back) in the request (or just the back side in case of passports). The document will be scanned and the result will be returned in the response.
Headers
| Header | Description |
|---|---|
| onboarding-token | Authentication token obtained from the create onboarding process endpoint in the format xxxx-xxxx-xxxx-xxxx |
| Accept | application/json |
Request
The endpoint for scanning a document will receive the following fields in the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
scanId | string | Unique identifier of the scan process. The scanId is generated when creating the onboarding process. | Yes | UUID |
front | file | Front side of the document to be scanned. The file must be in PNG or JPEG format. | Yes | Image file (PNG or JPEG) |
back | file | Back side of the document to be scanned. The file must be in PNG or JPEG format. | Yes | Image file (PNG or JPEG) |
isDocumentCropped | boolean | Indicates whether the document is cropped or not. If the document is cropped, the integrator should set this field to true. Recommended to set this field to false and let the MobbScan server crop the document automatically. | Yes | Boolean (true or false) |
Below is an example of the request structure:
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/scan' \
--header 'onboarding-token: xxxx-xxxx-xxxx-xxxx' \
--form 'scanId="xxxx-xxxx-xxxx-xxxx"' \
--form 'front=@"/path/to/front/image.png"' \
--form 'back=@"/path/to/back/image.png"' \
--form 'isDocumentCropped="true"'
Response
The response to the request to scan a document will be a JSON object with the following structure:
{
"code": "OK",
"description": "SCAN_DOCUMENT_SUCCESS",
"scanId": "41191176-cc2b-433f-9950-685bad58fbbc",
"document": {
"personalNumber": "99999999R",
"documentNumber": "BAA000431",
"documentType": "ESPIDCardV3",
"name": "CARMEN",
"surname": "ESPAÑOLA ESPAÑOLA",
"firstSurname": "ESPAÑOLA",
"secondSurname": "ESPAÑOLA",
"gender": "F",
"dateOfExpiry": "01/01/2025",
"dateOfBirth": "01/01/1980",
"nationality": "ESP",
"issuingState": "ESP",
"mrz": "IDESPBAA000431599999999R<<<<<<8001010F2501018ESP<<<<<<<<<<<6ESPANOLA<ESPANOLA<<CARMEN<<<<<",
"dateOfIssuing": null,
"validationFrontAppearance": "NOT_VALID",
"validationBackAppearance": "VALID",
"validationBothSidesMatch": "VALID",
"validationBothSidesMatchScore": "100",
"validationMRZ": "NOT_VALID",
"validationMRZCheckDocumentNumber": "VALID",
"validationMRZCheckPersonalNumber": "VALID",
"validationMRZCheckDateOfBirth": "NOT_VALID",
"validationMRZCheckDateOfExpiry": "NOT_VALID",
"validationMRZCheckComposite": "VALID",
"validationDocumentNumber": "VALID",
"validationPersonalNumber": "VALID",
"validationMRZNameSurnameSeparator": "VALID",
"validationMRZSurnameSeparator": "VALID",
"validationSex": "VALID",
"validationGender": "VALID",
"validationNationality": "VALID",
"validationFrontAppearanceScore": 0.0,
"validationBackAppearanceScore": 100.0,
"validationFacialMatchingScore": -1.0,
"validationDateOfBirth": "VALID",
"validationDateOfExpiry": "VALID",
"validationDocumentNotExpired": "NOT_VALID",
"validationLegalAge": "VALID",
"validationAllowedIssuingState": "NOT_CHECKED",
"validationIssuingState": "VALID",
"validationFrontNotPhotocopy": "VALID",
"validationBackNotPhotocopy": "VALID",
"validationFrontPhotocopyScore": 0.0,
"validationBackPhotocopyScore": 0.0,
"validationDocument": "NOT_VALID",
"validationDocumentContent": "NOT_VALID",
"validationDocumentForensics": "NOT_CHECKED",
"validationNotSpecimen": "NOT_VALID",
"validationDateOfIssuing": "NOT_CHECKED",
"validationDatesRelationship": "VALID",
"mrzData": {
"dateOfExpiry": "01/01/2025",
"gender": "F",
"nationality": "ESP",
"surname": "ESPANOLA ESPANOLA",
"documentNumber": "BAA000431",
"name": "CARMEN",
"dateOfBirth": "01/01/1980",
"personalNumber": "99999999R"
},
"vizData": {
"dateOfExpiry": "01/01/2025",
"gender": "F",
"nationality": "ESP",
"surname": "ESPAÑOLA ESPAÑOLA",
"documentNumber": "BAA000431",
"name": "CARMEN",
"dateOfBirth": "01/01/1980",
"personalNumber": "99999999R"
},
"validationFaceLaserMarkScore": -1.0,
"parents": "JUAN / CARMEN",
"region": "MADRID",
"regionOfBirth": "MADRID",
"countryOfBirth": "ESPAÑA",
"address": "DOMICIO",
"city": "AVDA DE MADRID S-N",
"cityOfBirth": "MADRID",
"laserMark": null,
"validationNameBothSidesMatch": "VALID",
"validationSurnameBothSidesMatch": "VALID",
"validationPersonalNumberBothSidesMatch": "VALID",
"validationDocumentNumberBothSidesMatch": "VALID",
"validationDateOfBirthBothSidesMatch": "VALID",
"validationDateOfExpiryBothSidesMatch": "VALID",
"validationSexBothSidesMatch": "VALID",
"validationGenderBothSidesMatch": "VALID",
"validationNationalityBothSidesMatch": "VALID",
"validationPersonalNumberFormat": "VALID",
"validationDocumentNumberFormat": "VALID",
"validationNameNotEmpty": "VALID",
"validationSurnameNotEmpty": "VALID",
"validationLaserMark": "NOT_CHECKED",
"validationNameBothSidesMatchScore": "100",
"validationSurnameBothSidesMatchScore": "100"
},
"clientVersion": "sdk3.0.0_Web_PC_Chrome_111_Mac_10.15.7_Macintosh",
"scanProcessValidationResult": {
"enabledProcess": true,
"scanProcessValidationResult": "NOT_VALID",
"scanProcessFailedValidations": [
"validationDocumentNotSpecimen",
"validationMRZ",
"validationDocumentNotExpired"
]
}
}
The response to the request to scan a document will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
code | string | Result of the scan process. Possible values are: OK, ERROR. | Text |
description | string | Description of the result of the scan process. Possible values are: SCAN_DOCUMENT_SUCCESS, ERROR_SCAN_DOCUMENT_FAILED. | Text |
scanId | string | Unique identifier of the scan process. The scanId is generated when creating the onboarding process. | UUID |
document | object | Object containing the scanned document data. The fields of the document object are detailed below. | Object |
clientVersion | string | Version of the client that is making the request. This is used for logging and debugging purposes. This client version should contain the sdk version, platform, browser, and operating system information for making easier detecting issues or getting statistics. | Text |
scanProcessValidationResult | object | Object containing the scan process validation result. The fields of the scan process validation result object are detailed below. | Object |
The fields of the document object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
personalNumber | string | Personal number of the document holder. | Text |
documentNumber | string | Document number of the document holder. | Text |
documentType | string | Specific type of the document. | Text |
name | string | Name of the document holder. | Text |
surname | string | Full surname of the document holder. | Text |
firstSurname | string | First surname of the document holder. | Text |
secondSurname | string | Second surname of the document holder. | Text |
gender | string | Gender of the document holder. Possible values are: M, F. | Text |
dateOfExpiry | string | Date of expiry of the document. | DateTime (dd/MM/yyyy) |
dateOfBirth | string | Date of birth of the document holder. | DateTime (dd/MM/yyyy) |
nationality | string | Nationality of the document holder. | Text |
issuingState | string | Issuing state of the document. | Text |
mrz | string | Machine Readable Zone (MRZ) of the document. | Text |
dateOfIssuing | string | Date of issuing of the document. | DateTime (dd/MM/yyyy) |
validationFrontAppearance | string | Validation result of the front appearance of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationBackAppearance | string | Validation result of the back appearance of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationBothSidesMatch | string | Validation result of the both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationBothSidesMatchScore | string | Score of the validation of the both sides match of the document. | Text |
validationMRZ | string | Validation result of the MRZ of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationMRZCheckDocumentNumber | string | Validation result of the MRZ document number check of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationMRZCheckPersonalNumber | string | Validation result of the MRZ personal number check of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationMRZCheckDateOfBirth | string | Validation result of the MRZ date of birth check of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationMRZCheckDateOfExpiry | string | Validation result of the MRZ date of expiry check of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationMRZCheckComposite | string | Validation result of the MRZ composite check of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDocumentNumber | string | Validation result of the document number of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationPersonalNumber | string | Validation result of the personal number of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationMRZNameSurnameSeparator | string | Validation result of the MRZ name surname separator of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationMRZSurnameSeparator | string | Validation result of the MRZ surname separator of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationSex | string | Validation result of sex of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationGender | string | Validation result of gender of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationNationality | string | Validation result of nationality of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationFrontAppearanceScore | number | Score of the validation of the front appearance of the document. | Number |
validationBackAppearanceScore | number | Score of the validation of the back appearance of the document. | Number |
validationFacialMatchingScore | number | Score of the facial matching of the document. If the facial matching is not performed, the value will be -1. | Number |
validationDateOfBirth | string | Validation result of the date of birth of the document holder. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDateOfExpiry | string | Validation result of the date of expiry of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDocumentNotExpired | string | Validation result of the document not expired. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationLegalAge | string | Validation result of the legal age of the document holder. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationAllowedIssuingState | string | Validation result of the allowed issuing state of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationIssuingState | string | Validation result of the issuing state of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationFrontNotPhotocopy | string | Validation result of the front not photocopy of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationBackNotPhotocopy | string | Validation result of the back not photocopy of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationFrontPhotocopyScore | number | Score of the validation of the front photocopy of the document. If the document is not a photocopy, the value will be 0. | Number |
validationBackPhotocopyScore | number | Score of the validation of the back photocopy of the document. If the document is not a photocopy, the value will be 0. | Number |
validationDocument | string | Validation result of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDocumentContent | string | Validation result of the document content. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDocumentForensics | string | Validation result of the document forensics. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationNotSpecimen | string | Validation result of the document not being a specimen. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDateOfIssuing | string | Validation result of the date of issuing of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDatesRelationship | string | Validation result of the dates relationship of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
mrzData | object | Object containing the MRZ data of the document. The fields of the mrzData object are detailed below. | Object |
vizData | object | Object containing the VIZ (visual) data of the document. The fields of the vizData object are detailed below. | Object |
validationFaceLaserMarkScore | number | Score of the validation of the face laser mark of the document. If the face laser mark is not present, the value will be -1. | Number |
parents | string | Parents of the document holder. | Text |
region | string | Region of the document holder. | Text |
regionOfBirth | string | Region of birth of the document holder. | Text |
countryOfBirth | string | Country of birth of the document holder. | Text |
address | string | Address of the document holder. | Text |
city | string | City of the document holder. | Text |
cityOfBirth | string | City of birth of the document holder. | Text |
laserMark | string | Laser mark of the document. If the laser mark is not present, the value will be null. | Text |
validationNameBothSidesMatch | string | Validation result of the name both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationSurnameBothSidesMatch | string | Validation result of the surname both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationPersonalNumberBothSidesMatch | string | Validation result of the personal number both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDocumentNumberBothSidesMatch | string | Validation result of the document number both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDateOfBirthBothSidesMatch | string | Validation result of the date of birth both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDateOfExpiryBothSidesMatch | string | Validation result of the date of expiry both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationSexBothSidesMatch | string | Validation result of the sex both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationGenderBothSidesMatch | string | Validation result of the gender both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationNationalityBothSidesMatch | string | Validation result of the nationality both sides match of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationPersonalNumberFormat | string | Validation result of the personal number format of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationDocumentNumberFormat | string | Validation result of the document number format of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationNameNotEmpty | string | Validation result of the name not being empty of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationSurnameNotEmpty | string | Validation result of the surname not being empty of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationLaserMark | string | Validation result of the laser mark of the document. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
validationNameBothSidesMatchScore | string | Score of the validation of the name both sides match of the document. | Text |
validationSurnameBothSidesMatchScore | string | Score of the validation of the surname both sides match of the document. From 0 to 100. | Text |
The fields of the mrzData object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
dateOfExpiry | string | Date of expiry of the document extracted from the MRZ. | DateTime (dd/MM/yyyy) |
gender | string | Gender of the document holder extracted from the MRZ. Possible values are: M, F. | Text |
nationality | string | Nationality of the document holder extracted from the MRZ. | Text |
surname | string | Full surname of the document holder extracted from the MRZ. | Text |
documentNumber | string | Document number of the document holder extracted from the MRZ. | Text |
name | string | Name of the document holder extracted from the MRZ. | Text |
dateOfBirth | string | Date of birth of the document holder extracted from the MRZ. | DateTime (dd/MM/yyyy) |
personalNumber | string | Personal number of the document holder extracted from the MRZ. | Text |
The fields of the vizData object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
dateOfExpiry | string | Date of expiry of the document extracted from the visual data. | DateTime (dd/MM/yyyy) |
gender | string | Gender of the document holder extracted from the visual data. Possible values are: M, F. | Text |
nationality | string | Nationality of the document holder extracted from the visual data. | Text |
surname | string | Full surname of the document holder extracted from the visual data. | Text |
documentNumber | string | Document number of the document holder extracted from the visual data. | Text |
name | string | Name of the document holder extracted from the visual data. | Text |
dateOfBirth | string | Date of birth of the document holder extracted from the visual data. | DateTime (dd/MM/yyyy) |
personalNumber | string | Personal number of the document holder extracted from the visual data. | Text |
Depending of the use case, the integrator can use the a personalized validation process to determine if the process is valid or not. For configuring the validation matrix, please contact with the MobbScan support team for analyzing the use case and configuring the validation matrix with the best validations for the use case.
If the validation matrix is configured, the integrator should check the scanProcessValidationResult field to get the result of the scan process validation. The scanProcessValidationResult field will contain the result of the scan process validation and the scanProcessFailedValidations field will contain the names of the validations that have failed in the scan process validation. With this information, the integrator can determine what to do next in the onboarding process.
The fields of the scanProcessValidationResult object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
enabledProcess | boolean | Indicates whether the scan process matrix validation is enabled or not. If the scan process matrix validation is enabled, the integrator should check the scanProcessValidationResult field to get the result of the scan process validation. | Boolean |
scanProcessValidationResult | string | Result of the scan process validation. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
scanProcessFailedValidations | array | Array of strings containing the names of the validations that have failed in the scan process validation. If the scan process validation is NOT_VALID, this array will contain the names of the validations that have failed. If the scan process validation is VALID, this array will be empty. | Array of strings |
Possible Responses
| Code | Description | Comment |
|---|---|---|
| 200 | OK. The request has been successfully completed. | The response will contain the result of the document scan. |
| 400 | Bad Request. Generally means that one or more required parameters are missing or incorrect in the request. | Verify that all required parameters are included and have the correct format in the request. |
| 401 | Unauthorized. The token used to authenticate the request is incorrect or has expired. | Make sure to use the correct token and that it has not expired. |
| 500 | Internal Server Error. An error occurred on the server while processing the request. | This is a generic error and can be caused by various issues on the server side. |
Identity verification
This endpoint allows you to verify the identity of an user against the scanned document and perform the liveness check. The integrator should send the scanId obtained from the scan document endpoint and a video of the user performing the liveness check. The video will be processed and the result will be returned in the response.
Headers
| Header | Description |
|---|---|
| onboarding-token | Authentication token obtained from the create onboarding process endpoint in the format xxxx-xxxx-xxxx-xxxx |
| Accept | application/json |
Request
The endpoint for verifying the identity will receive the following fields in the request:
| Field | Type | Description | Required | Format |
|---|---|---|---|---|
scanId | string | Unique identifier of the scan process. The scanId is generated when creating the onboarding process. | Yes | UUID |
livenessMethod | integer | Method to perform the liveness check. Possible values are: 0 -> Head Movement (deprecated), 1 -> No Movement. | Yes | Integer |
returnFaceImages | boolean | Indicates whether to return the face images or not. If the integrator wants to receive the face images, this field should be set to true. | No | Boolean |
video | file | Video of the user performing the liveness check. The file must be in MP4 format. | Yes | Video file (MP4) |
Below is an example of the request structure:
curl --location --request POST 'https://{GATEWAY-HOST}/mobbscan-agent/identityVerification?scanId=xxxx-xxxx-xxxx-xxxx&livenessMethod=1&returnFaceImages=true' \
--header 'onboarding-token: xxxx-xxxx-xxxx-xxxx' \
--form 'video=@"/path/to/video.mp4"'
Response
The response to the request to verify the identity will be a JSON object with the following structure:
{
"code": 0,
"description": "Identity verification transaction finished successfully",
"timestamp": "2025-09-16 16:13:15.063",
"scanId": "22fc6001-ed8f-471f-a013-3ad1254852f0",
"scores": {
"liveness": 1.0,
"faceMatching": 0.77,
"identityVerification": 0.89
},
"validations": {
"liveness": "VALID",
"faceMatching": "VALID",
"identityVerification": "VALID"
},
"faceDocument": "/9j/4AA...",
"faceSelfie": "/9j/4AAQ...",
"resultScanProcessValidation": {
"enabledProcess": true,
"scanProcessValidationResult": "VALID",
"scanProcessFailedValidations": []
},
"mobbIdRegistration": {
"result": "DISABLED_MOBB_ID_REGISTRATION",
"completed": false
}
}
The response to the request to verify the identity will be a JSON object with the following fields:
| Field | Type | Description | Format |
|---|---|---|---|
code | integer | Result of the identity verification process. If the identity verification process was successful, the value will be 0. Otherwise, it will be a negative value indicating an error. | Integer |
description | string | Description of the result of the identity verification process. | Text |
timestamp | string | Timestamp of the identity verification process. | DateTime (yyyy-MM-dd HH:mm:ss.SSS) |
scanId | string | Unique identifier of the scan process. The scanId is generated when creating the onboarding process. | UUID |
scores | object | Object containing the scores of the identity verification process. The fields of the scores object are detailed below. | Object |
validations | object | Object containing the validations of the identity verification process. The fields of the validations object are detailed below. | Object |
faceDocument | string | Base64 encoded image of the face extracted from the document. If the returnFaceImages parameter is set to true, this field will contain the face image extracted from the document. If the returnFaceImages parameter is set to false, this field will be empty. | Base64 encoded string |
faceSelfie | string | Base64 encoded image of the face extracted from the selfie. If the returnFaceImages parameter is set to true, this field will contain the face image extracted from the selfie. If the returnFaceImages parameter is set to false, this field will be empty. | Base64 encoded string |
resultScanProcessValidation | object | Object containing the result of the scan process validation. The fields of the resultScanProcessValidation object are detailed below. | Object |
mobbIdRegistration | object | Object containing the result of the MobbID registration process in case of being enabled. The fields of the mobbIdRegistration object are detailed below. | Object |
The fields of the scores object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
liveness | number | Score of the liveness check. The score is a value between 0 and 1, and the threshold can be configured depending on the use case. | Number |
faceMatching | number | Score of the face matching. The score is a value between 0 and 1, and the threshold can be configured depending on the use case. | Number |
identityVerification | number | Score of the identity verification. The score is a value between 0 and 1, and the threshold can be configured depending on the use case. | Number |
The fields of the validations object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
liveness | string | Validation result of the liveness check. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
faceMatching | string | Validation result of the face matching. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
identityVerification | string | Validation result of the identity verification. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
In the same way as in the scan document endpoint, the integrator can use a personalized validation process to determine if the identity verification is valid or not. For configuring the validation matrix, please contact with the MobbScan support team for analyzing the use case and configuring the validation matrix with the best validations for the use case.
The fields of the resultScanProcessValidation object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
enabledProcess | boolean | Indicates whether the scan process matrix validation is enabled or not. If the scan process matrix validation is enabled, the integrator should check the resultScanProcessValidation field to get the result of the scan process validation. | Boolean |
scanProcessValidationResult | string | Result of the scan process validation. Possible values are: VALID, NOT_VALID, NOT_CHECKED. | Text |
scanProcessFailedValidations | array | Array of strings containing the names of the validations that have failed in the scan process validation. If the scan process validation is NOT_VALID, this array will contain the names of the validations that have failed. If the scan process validation is VALID, this array will be empty. | Array of strings |
The fields of the mobbIdRegistration object are detailed below:
| Field | Type | Description | Format |
|---|---|---|---|
result | string | Result of the MobbID registration process. Possible values are: DISABLED_MOBB_ID_REGISTRATION, SUCCESSFUL_MOBB_ID_REGISTRATION, NOT_REACHED_MOBB_ID_REGISTRATION. | Text |
completed | boolean | Indicates whether the MobbID registration process was completed or not. If the MobbID registration process was completed, this field will be true. If the MobbID registration process was not completed, this field will be false. |