Skip to main content
API docs by Redocly

Customer API (2.0)

Download OpenAPI specification:Download

The Trulioo Customer API is organized around REST. Our API has predictable resource-oriented URLs and uses standard HTTP response codes, authentication, and verbs. The API provides authorization endpoints and endpoints to perform document verification and review transaction results.

Some US states impose obligations on businesses that collect and use “biometric identifiers” and/or “biometric information”, which may include facial scan data extracted from photos during a document verification transaction. One such law is the Illinois Biometric Information Privacy Act (“BIPA”). A business required to comply with BIPA is under obligations to, among other things, ensure that it informs the individual of the purpose of the collection and obtain consent. Accordingly, we require a notice and consent mechanism be implemented for all document verification transactions, and our customers using our API must provide us with confirmation via API whether an individual is located in the United States and has consented to the transaction in the prescribed manner. We also strongly encourage all of our customers to consult with legal counsel to ensure their own compliance with such laws.

For more information about the required notice and consent mechanism, please refer to our Service Specific Terms for Document Verification.

You can read more about the configuration requirements for our API related to the notice and consent mechanism here.

Authorization

Deprecated - Authorize and generate access tokens

Required initial endpoint before starting the document verification process. It generates the access tokens to be used in subsequent endpoints. Access token expire in 60 minutes.

Authorizations:
LicenseKey
header Parameters
Accept-Version
required
string

API Version

Responses

Response samples

Content type
application/json
{
  • "accessToken": "string",
  • "refreshToken": "string",
  • "tokenType": "refresh_token",
  • "expiresIn": 0
}

Authorize and generate access tokens

Required initial endpoint before starting the document verification process. It generates the access tokens to be used in subsequent endpoints. Access token expire in 60 minutes.

Authorizations:
LicenseKey
header Parameters
Accept-Version
required
string

API Version

Request Body schema: application/json

Identify the consent and if is in the US with the biometric policy agreement

consent
required
boolean

Provided consent will create a historical record with timestamp

webhook
string <uri>

Callback URL for transaction status updates. See Webhooks

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "accessToken": "string",
  • "refreshToken": "string",
  • "tokenType": "refresh_token",
  • "expiresIn": 0
}

Audit

Transaction

Create a shortcode for handoff to a SDK

Short code provides an option to pass the rest of the verification workflow to an SDK. The short code is a unique, single use code and it is valid for only 5 minutes. The verification will continue on SDK side starting with authorization using the short code. The short code locks the workflow to the same transaction identifier as the one generated earlier during authorization.

Authorizations:
AccessToken
header Parameters
Accept-Version
required
string

API Version

Responses

Response samples

Content type
application/json
{
  • "shortCode": "qWinHpfejeezSqek"
}

Create a transaction

Creates a transaction of the verification process and returns a transaction ID.

Authorizations:
AccessToken
header Parameters
Accept-Version
required
string

API Version

Responses

Response samples

Content type
application/json
{
  • "transactionId": "75906707-8c31-479c-b354-aa805c4cefbc"
}

Upload a document

Uploads an image for a verification process. It accepts images in PNG and JPG format. Maximum size of each image is 3 megabytes.

Authorizations:
AccessToken
header Parameters
Accept-Version
required
string

API Version

Request Body schema: multipart/form-data
context
required
string
Default: "front"
Enum: "front" "back" "live"

The front or back of the document, or live for selfie

body
required
string <binary>

The file of the image to be uploaded

Responses

Response samples

Content type
application/json
{
  • "imageId": "string"
}

Start to verify a transaction

Starts the verification process and returns the status.

Authorizations:
AccessToken
header Parameters
Accept-Version
required
string

API Version

Responses

Response samples

Content type
application/json
{
  • "status": "ACCEPTED"
}

Get the data of a transaction

Retrieves the detailed information of a verification process specified by a transaction identifier.

Authorizations:
AccessToken
path Parameters
transactionId
required
string
header Parameters
Accept-Version
required
string

API Version

Responses

Response samples

Content type
application/json
{
  • "transactionId": "28087e85-9c6c-4ce9-83e2-1fb3d66b8cde",
  • "dataVendorSessionId": "8005efed-e683-40ab-a803-56eba164b767",
  • "timeOfTransaction": "2023-01-01T16:00:00.000Z",
  • "status": "REVIEW",
  • "errors": [
    ],
  • "indicators": [
    ],
  • "person": {
    },
  • "document": {
    },
  • "images": {
    }
}

Get an image

Retrieves the byte array of an image of the transaction by providing the transaction identifier, the image identifier and the access token obtained from the GET /transactions/{transactionId} endpoint.

Authorizations:
ImageAccessToken
path Parameters
transactionId
required
string
imageId
required
string

Responses

Response samples

Content type
application/json
{
  • "image": "iVBORw0KGgo="
}