Customer ID
Overview
The Customer ID feature enables merchants to maintain a consistent reference for individual end users across multiple verification requests. By linking all verifications to a unique customer profile, merchants can track verification history, streamline repeat verifications, and improve data management across their backoffice.
What is a Customer ID?
A Customer ID is a unique, persistent identifier that represents an individual customer profile within Shufti's system. Once generated, this identifier can be used across all future verification requests for the same customer, ensuring that:
- All verifications are linked to a single customer profile.
- Verification history is maintained and easily accessible.
- Customer data remains organized and trackable.
Key Benefits
Consistent User Reference
Maintain a single identifier for returning customers across multiple verification sessions, eliminating confusion and data fragmentation.
Enhanced Verification Tracking
Associate all verification requests with the same customer profile, making it easier to review verification history and patterns.
Improved Data Management
Easily reference, retrieve, and manage customer profiles using their unique Customer ID, streamlining your operational workflows.
Fraud Prevention
Track and identify repeat verification attempts and patterns associated with the same customer, helping you detect and prevent fraudulent activities.
How It Works
First-Time Verification
When a customer undergoes verification for the first time, there are two ways the Customer ID can be assigned.
Without a Customer ID in the request
- Send a verification request without including a
customer_unique_idparameter. - Shufti automatically generates a unique
customer_unique_id. - The generated
customer_unique_idis returned in the API response. - Store this
customer_unique_idin your system for future use.
With a Customer ID in the request
- Send a verification request including your own
customer_unique_idparameter. - Shufti creates a new customer profile with the provided
customer_unique_id. - The same
customer_unique_idis returned in the API response.
Repeat Verifications
For subsequent verification requests for the same customer:
- Include the previously obtained
customer_unique_idin the request payload. - Shufti automatically associates the new verification with the existing customer profile.
- All verification data is linked to the same customer record.
- The same
customer_unique_idis returned in the response.
Customer ID Management for Existing Users
Shufti provides a dedicated API endpoint for managing Customer IDs, allowing you to generate or associate Customer IDs with existing verification records.
Endpoint
POST https://api.shuftipro.com/customer/details
Authentication
Use Basic Authentication with your Client ID and Secret Key from your Shufti back office.
Use Cases
- Generate a Customer ID for existing users: Send a reference ID from a previous verification. Shufti generates and returns a new
customer_unique_idfor that verification. - Associate your Customer ID with existing users: Send both a reference ID and your own
customer_unique_id. Shufti stores yourcustomer_unique_idand associates it with the verification record.
Request Payload
{
"reference": "{{reference_id}}",
"customer_unique_id": "{{alphanumeric_string}}"
}
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
| reference | Yes | String | The reference ID from a previous verification request. |
| customer_unique_id | No | String | Your own unique customer identifier (6 to 64 alphanumeric characters). If not provided, Shufti generates a new Customer ID. |
Managing Customers in the Backoffice
Beyond the API, every Customer ID has a customer profile in the backoffice where you can review verification history, manage the customer's status, control which data is used for future verifications, and collaborate with your team. This section covers the actions available on a customer profile.
Backoffice actions at a glance
| Action | What it does | Reversible |
|---|---|---|
| Blocklist a customer | Declines future verifications matching the blocklisted Customer ID or data. | Yes, by removing the customer from the blocklist. |
| Whitelist a customer | Accepts all future verifications for that Customer ID. | Yes, by removing the customer from the whitelist. |
| Reset a customer profile | Moves the profile to Verification Pending and deactivates past proofs so they are not used as context. | Past proofs can be reactivated. |
| Mark a customer as Inactive | Adds an INACTIVE label to the profile and to the Customer ID in related verifications. | Yes, by marking the customer active again. |
| Mark a document as Inactive | Excludes a specific document from comparison in future verifications. | Yes, by marking the document active again. |
Customer Status
Every customer profile carries a status that is derived from the customer's verification results. There are three possible statuses.
| Status | Meaning | Can transition to |
|---|---|---|
| Verification Pending | Default state. The profile exists but no verification has been completed yet. Also set after a profile reset. | Approved, Rejected |
| Approved | The customer has at least one accepted verification result and no active blocklist flag. | Verification Pending (after a reset) |
| Rejected | All completed verification attempts have failed and no accepted result exists. | Approved (if a new attempt passes), Verification Pending (after a reset) |
How the status behaves:
- When a customer's verification is accepted, the status changes to Approved, meaning the customer is accepted and onboarded. Once a profile is Approved, the status does not change to Rejected even if later verifications fail.
- If all of the customer's verifications are declined, the status is set to Rejected. A Rejected profile can move to Approved if a future verification passes.
- A profile is set to Verification Pending when it is first created and the user has not completed verification yet. It is also set to Verification Pending whenever the profile is reset. After the next verification completes, the status updates according to the result.
Initiating a Verification for a Customer
You can create a new verification for a customer directly from their profile in the backoffice. Because the Customer ID is sent with the request, the resulting verification is tied to that specific customer.
There are two ways to start a verification from the profile:
- Create New Verification CTA.
- Initiate Re-verification CTA on a verification in the Verification History.
Using Create New Verification
When you choose this option, you can set up the verification in one of two ways:
- Verification Journey Builder: Select the journey you want the customer to verify through.
- Products: Go to the product tab, select the services you need, and configure the verification workflow.
With either method, the verification is created specifically for that customer because the Customer ID is included in the verification request.
Using Initiate Re-verification
When you click the Initiate Re-verification CTA on a verification in the Verification History, a verification request is initiated using the exact configuration of that earlier verification, and you receive a verification link for the customer.
Blocklisting a Customer
A customer can be added to the blocklist, or removed from it, manually from the backoffice. When you blocklist a customer, both the Customer ID and the data submitted by the user on their customer profile are blocklisted. As a result, any subsequent verification from the blocklisted Customer ID, or any verification that submits the blocklisted data, is declined.
The data that can be blocklisted includes:
- Customer ID
- Face image
- Document number
- Name and date of birth (as a combination)
- IP address and device fingerprint (as a combination)
- Phone number
If you remove the customer from the blocklist, their verifications are performed normally again.
Whitelisting a Customer
A customer can be added to, or removed from, the whitelist manually from the backoffice. When you add a customer to the whitelist from their profile, their Customer ID is whitelisted and all subsequent verifications from that Customer ID are accepted. Whitelisting is based on the Customer ID only.
A whitelisted Customer ID has all of its subsequent verifications accepted. Apply the whitelist deliberately and only to customers you have already established trust in.
If you remove the customer from the whitelist, their verifications are performed normally again.
Resetting a Customer Profile
You can reset a customer profile from the backoffice. When a profile is reset, the proofs and data submitted in the customer's past verifications become inactive and are no longer used as context in future verifications. You can reactivate these past proofs later if you want them used for context again.
Resetting a profile also changes the customer status to Verification Pending. The status then updates according to the result of the next verification.
Marking a Customer as Inactive
Marking a customer profile as Inactive adds an INACTIVE label to the customer profile and to the Customer ID shown in the verifications related to that Customer ID.
An Inactive status can mean, for example, that the customer is no longer active on your platform, that the Customer ID was a test, or that the user has deleted their account.
You can mark an inactive Customer ID as active again at any time from the backoffice.
Managing Verification Documents
The Verifications tab of the customer profile contains a Documents section that gathers every document the customer has submitted throughout their verification history, so you can review and analyze them in one place.
If there is a document you do not want used for comparison or context in future verifications, you can mark it as inactive. Inactive documents can be marked as active again whenever needed.
Duplicate Records
The Duplicate Records section of the customer profile lists linked records, that is, other records in which a user submitted the same data that appears in this customer profile. This helps you detect duplicate accounts in your system.
Comments
Shufti provides a comments feature so you can leave notes, communicate with team members, and upload attachments on a customer profile. If any anomaly is detected on a profile, you can use comments to raise it with your team, record your notes, and attach supporting files.
Activity Logs
Whenever an action is performed on a customer profile, an entry is created in the profile's activity logs. Logged actions include:
- Creating a verification for the customer, and the resulting verification status.
- Adding the customer to, or removing them from, the blocklist.
- Adding the customer to, or removing them from, the whitelist.
- Resetting the customer profile.
- Marking the customer as Inactive, and marking the customer as active.
Each log entry records the action along with the date and time it occurred and the person who performed it, giving you a complete audit trail for every profile.
Best Practices
- Always store Customer IDs: Implement persistent storage for Customer IDs in your database so they are available for future verification requests.
- Include Customer IDs in repeat verifications: Always include the
customer_unique_idparameter when initiating verifications for returning customers to maintain data consistency. - Monitor verification patterns: Use linked customer profiles to identify unusual verification patterns that may indicate fraudulent activity.
- Validate the Customer ID format: Before sending requests, validate that Customer IDs meet the format requirements (6 to 64 alphanumeric characters).
- Maintain a Customer ID mapping: Keep a mapping between your internal customer identifiers and Shufti Customer IDs for easy reference and troubleshooting.