Process Flow
Access Token Request
Token request received from the end-user is assessed on specific parameters (discussed below):
- Identify Client ID & Client Secret Key.
- Check the authenticity of client’s credentials.
- Read client’s data.
- Response is sent back after generating access token.
Request Parameters
| Parameters | Description |
|---|---|
| webhook_url | Required: Yes Type: string This allows the Client to receive response of request, either success or fail. |
| language | Required: No Type: string Length: 2 characters If the Shufti Pro client wants their preferred language to appear on the authentication screens they may provide the 2-character long language code of their preferred language. The list of Supported Languages can be consulted for the language codes. If this key is missing in the request the system will select the default language as English. |
| reference | Required: Yes Type: string Minimum: 6 characters Maximum: 64 characters Each request has a unique Reference ID which is sent back to Client against each response. The Client can use the Reference ID to check status of each verification. |
| request_type | Required: Yes Type: string This parameter decides the type of verification you want to perform. Note: Use "enroll" as the value for request_type if you want end-user to sign-up, or "authenticate" if you want end-user to sign-in. |
| document | Required: No Type: boolean This option decides if End-User’s ID document is validated or not. Give value 1 if you want to validate the ID document, or 0 if you want to skip it. |
| phone | Required: No Type: boolean This option decides if End-User’s phone number is validated or not. Give value 1 if you want to validate the phone number, or 0 if you want to skip it. |
| question | Required: No Type: boolean This option decides if the end-users asked for security questions or not. Give value 1 if you want to validate security questions, or 0 if you want to skip it. |
| Required: No Type: string Minimum: 6 characters Maximum: 128 characters This field represents email address of the end-user. Note: During SignUp email is optional but will necessary in the later registration process. | |
| show_consent | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays a screen to collect consent from end-user before the verification process starts. If the value is set 1, the screen will be displayed to end-user. If the value is set 0, the consent screen will not be displayed. Under the GDPR, we are bound to get user’s consent therefore the default value is 1 but you can set it to 0 if you’ve already acquired the user’s consent for this biometric verification. |
| show_privacy_policy | Required: No Type: string Accepted Values: 0, 1 Default Value: 1 This parameter displays data privacy policy to end-user after the verification process is completed. If the value is set 1, the data privacy policy will be displayed to end-user. If the value is set 0, the data privacy policy will not be displayed. Under the GDPR, we acknowledge the end-users right to request for data deletion therefore the default value is 1 but you can set it to 0 if you’ve have another alternative mechanism in place. |
- Http
- Javascript
- PHP
- Python
- Ruby
- Java
//POST /service/biometric/auth HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU
{
"webhook_url" : "http://www.example.com/",
"reference" : "123weqwe1231",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"request_type" : "enroll",
"email" : ""
}
//We will be using two common practises for send Api calls
//Dispatch request via Jquery Ajax API
var payload = {
"async": true,
"crossDomain": true,
"url": "https://api.shuftipro.com/service/biometric/auth",
"method": "POST",
"headers": {
"Content-Type": "application/json",
"Authorization": "Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU",
"cache-control": "no-cache",
},
"processData": false,
"data": {
"webhook_url": "http://www.example.com",
"request_type": "enroll",
"language" : "EN",
"email": "",
"reference": "123abc123",
"document": 1,
"phone": 1,
"question": 1
}
}
$.ajax(payload).done(function (response) {
console.log(response);
});
<?php
$clientID = 'YOUR CLIENT ID';
$clientSecret = 'YOUR CLIENT SECRET';
$basic_auth = base64_encode ( $clientID . ":" . $clientSecret );
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.shuftipro.com/service/biometric/auth",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"webhook_url\": \"http://www.example.com\",\n \"request_type\" : \"enroll\,\n \"language\" : \"EN\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1,\n "email" : ""}",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic " . $basic_auth,
"Content-Type: application/json",
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>
import requests, base64, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
url = "https://api.shuftipro.com/service/biometric/auth"
payload = "{\n \"webhook_url\": \"http://www.example.com\",\n \"language\" : \"EN\",\n \"request_type\" : \"enroll\",\n \"email\" : \"\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1}"
headers = {
'Content-Type': "application/json",
'Authorization': "Basic %s" % b64Val
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
require 'uri'
require 'net/http'
require 'base64'
require 'json'
url = URI("https://api.shuftipro.com/service/biometric/auth")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
post_data = {
webhook_url: "http://www.example.com",
reference: "123abc123",
language: "EN",
request_type: "enroll",
email: "",
document: 1,
phone: 1,
question: 1
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
# if Access Token
# header_auth = ACCESS_TOKEN
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}" # replace "Basic" with "Bearer" in case of access token
request.body = post_data.to_json
response = http.request(request)
response_data = JSON.parse(response.read_body)
puts response_data
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.net.ssl.HttpsURLConnection;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://api.shuftipro.com/service/biometric/auth";
String CLIENT_ID = "CLIENT_ID";
String SECRET_KEY = "SECRET_KEY";
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
// Add request header
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
String basicAuth = "Basic " + Base64.getEncoder().encodeToString((CLIENT_ID + ":" + SECRET_KEY).getBytes(StandardCharsets.UTF_8));
con.setRequestProperty("Authorization", basicAuth);
String payload = "{\n \"webhook_url\" : \"http://www.example.com/\",\n \"reference\" : \"123weqwe1231\",\n \"language\" : \"EN\",\n \"document\" : 1,\n \"phone\" : 1,\n \"question\" : 1,\n \"request_type\" : \"enroll\",\n \"email\" : \"\"\n}";
// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(payload);
wr.flush();
wr.close();
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Payload : " + payload);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
System.out.println(in.toString());
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// Print the response
System.out.println(response.toString());
}
}
Loading the SDK
The Shufti Pro SDK for JavaScript doesn’t have any standalone files that need to be downloaded or installed. You simply need to include a short piece of regular JavaScript in your HTML that will asynchronously load SDK on pages. The async loading does not block any other elements of your page.
The following snippet of code will give the basic version of the SDK where the options are set to the most common defaults.
You can use one of the two methods below to load the SDK asynchronously. Put the following code in the HTML of pages where you want to load the SDK.
Script Tag
Insert this directly after the opening body tag on every page where you want to load it.
<script async defer src="https://app.shuftipro.com/biometric/sdk/shuftipro.min.js"></script>
Function Call
<script>
( function ( d, s, id ) {
if ( d.getElementById ( id ) ) return;
let js, fjs = d.getElementsByTagName ( s )[ 0 ];
js = d.createElement ( s );
js.id = id;
js.src = "https://app.shuftipro.com/biometric/sdk/shuftipro.min.js";
fjs.parentNode.insertBefore ( js, fjs );
} ( document, 'script', 'shuftipro-jssdk' ) );
</script>
Custom Iframe
SDK will append & launch an iframe. If you want to customize the iframe for your website or application then include it according to your requirements. If no iframe is provided in the HTML then Shufti Pro will render default from the SDK.
info
The ID of the custom iFrame must be "shuftipro-iframe".
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>
Initializing the SDK
After getting the access_token from the server, put it in SP's init method to initialize the SDK.
SP.init ( callback, access_token );
With above mentioned command, SDK will initialize and will be ready to get the SignUp and Login requests.
Request Parameters
| Parameters | Description |
|---|---|
| callback method | Required: Yes Type: Function The Client will pass the callback function. Shufti Pro will use this to return response data of verification. |
| access_token | Required: Yes Type: string Please put the access token you received from server to server call. |
Register Request
To request for SignUp, you have to make server to server call with these parameters:
enroll-request
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : "enroll",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : ""
}
You have the option to put end-user's email.
enroll-request
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : "enroll",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "[email protected]",
}
Login Request
To request for Login, you have to make server to server call with these parameters:
register-request
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : "authenticate",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : ""
}
You have the option to put end-user's email.
reqister-request
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : "authenticate",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "[email protected]"
}
Full Example
This code will load and initialize the JavaScript SDK in your HTML page. It is advised to not put the Client Credentials in your javascript code. Make a server to server request to get the access_token. We use JavaScript Fetch method to request our server, and then make server to server request to get the SDK access_token. Use the example on the right for guidance.
Example
In order to initialize the SDK, we use these tags:
<input id="email" placeholder="Email..." type="email">
<label>
<input name="request_type" type="radio" value="enroll">
Enroll
</label>
<label>
<input name="request_type" type="radio" value="authenticate" checked>
Authenticate
</label>
<button onclick="spInit()">Init</button>
<br />
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>
And a script tag to load the SDK asynchronously with a call to SP's server for access token and Initialize the SDK with the access token.
- Http
- Javascript
- PHP
- Python
- HTML
- Ruby
- Java
//POST /service/biometric/auth HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic 961551694eef2a4dc24e6367184d8e9f1191e6d
{
"webhook_url" : "https://example.com/",
"reference" : "rAnd0mStr1ng",
"request_type" : "enroll",
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : "[email protected]"
}
//We will be using two common practises for send Api calls
//Dispatch request via Jquery Ajax API
var payload = {
"async": true,
"crossDomain": true,
"url": "https://api.shuftipro.com/service/biometric/auth",
"method": "POST",
"headers": {
"Content-Type": "application/json",
"Authorization": "Basic WU9VUiBDTElFTlQgSUQ6WU9VUiBDTElFTlQgU0VDUkVU",
"cache-control": "no-cache",
},
"processData": false,
"data": {
"webhook_url": "http://www.example.com",
"request_type": "enroll",
"language" : "EN",
"email": "",
"reference": "123abc123",
"document": 1,
"phone": 1,
"question": 1
}
}
$.ajax(payload).done(function (response) {
console.log(response);
});
<?php
$clientID = 'YOUR CLIENT ID';
$clientSecret = 'YOUR CLIENT SECRET';
$basic_auth = base64_encode ( $clientID . ":" . $clientSecret );
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.shuftipro.com/service/biometric/auth",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"webhook_url\": \"http://www.example.com\",\n \"request_type\" : \"enroll\",\n \"language\" : \"EN\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1,\n "email" : ""}",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic " . $basic_auth,
"Content-Type: application/json",
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>
import requests, base64, json, hashlib
from random import randint
'''
Python 2
--------
import urllib2
Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
# Your Shufti Pro account Client ID
client_id = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
url = "https://api.shuftipro.com/service/biometric/auth"
payload = "{\n \"webhook_url\": \"http://www.example.com\",\n \"request_type\" : \"enroll\",\n \"language\" : \"EN\",\n \"email\" : \"\",\n \"reference\": \"123abc123\",\n \"document\": 1,\n \"phone\": 1,\n \"question\": 1}"
headers = {
'Content-Type': "application/json",
'Authorization': "Basic %s" % b64Val
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>BiometricSDK Setup Example</title>
</head>
<body>
<input id="email" placeholder="Email..." type="email">
<label>
<input name="request_type" type="radio" value="enroll">
Enroll
</label>
<label>
<input name="request_type" type="radio" value="authenticate" checked>
Authenticate
</label>
<button onclick="spInit()">Init</button>
<br />
<iframe src="" id="shuftipro-iframe" allow="camera" frameborder="0"></iframe>
<script>
// Load the SDK asynchronously
( function ( d, s, id ) {
if ( d.getElementById ( id ) ) return;
let js, fjs = d.getElementsByTagName ( s )[ 0 ];
js = d.createElement ( s );
js.id = id;
js.src = "https://app.shuftipro.com/biometric/sdk/shuftipro.min.js";
fjs.parentNode.insertBefore ( js, fjs );
} ( document, 'script', 'shuftipro-jssdk' ) );
spInit = function () {
let email = document.getElementById ( 'email' ).value;
let request_type = document.querySelector ( 'input[name="request_type"]:checked' ).value;
fetch ( 'https://api.shuftipro.com/service/biometric/auth', {
headers : {
'Authorization' : `Basic ${ btoa ( '22f1d49c01e52ddb7875b4b:E08UVMDwFnCiqtu338JH' ) }`,
'Accept' : 'application/json',
'Content-Type' : 'application/json'
},
body : JSON.stringify ( {
"webhook_url" : "https://api.shuftipro.com/biometric/test",
"reference" : Math.random ().toString ( 36 ).substring ( 4 ),
"request_type" : request_type,
"language" : "EN",
"document" : 1,
"phone" : 1,
"question" : 1,
"email" : email
} ),
mode : 'cors',
method : "POST"
} )
.then ( res => res.json () ).then ( data => {
if ( data.error !== "" ) {
alert ( data.error.message );
return;
}
let callback = function (response) {
console.log ( response )
};
SP.init ( callback, data.access_token )
} );
}
</script>
</body>
</html>
require 'uri'
require 'net/http'
require 'base64'
require 'json'
url = URI("https://api.shuftipro.com/service/biometric/auth")
# Your Shufti Pro account Client ID
CLIENT_ID = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY = "YOUR-SECRET-KEY"
post_data = {
webhook_url: "http://www.example.com",
reference: "123abc123",
language: "EN",
request_type: "enroll",
email: "[email protected]",
document: 1,
phone: 1,
question: 1
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
# if Access Token
# header_auth = ACCESS_TOKEN
request["Content-Type"] = "application/json"
request["Authorization"] = "Basic #{header_auth}" # replace "Basic" with "Bearer" in case of access token
request.body = post_data.to_json
response = http.request(request)
response_data = JSON.parse(response.read_body)
puts response_data
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.net.ssl.HttpsURLConnection;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://api.shuftipro.com/service/biometric/auth";
String CLIENT_ID = "CLIENT_ID";
String SECRET_KEY = "SECRET_KEY";
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
// Add request header
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
String basicAuth = "Basic " + Base64.getEncoder().encodeToString((CLIENT_ID + ":" + SECRET_KEY).getBytes(StandardCharsets.UTF_8));
con.setRequestProperty("Authorization", basicAuth);
String payload = "{\n \"webhook_url\" : \"https://example.com/\",\n \"reference\" : \"rAnd0mStr1ng\",\n \"request_type\" : \"enroll\",\n \"language\" : \"EN\",\n \"document\" : 1,\n \"phone\" : 1,\n \"question\" : 1,\n \"email\" : \"[email protected]\"\n}";
// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(payload);
wr.flush();
wr.close();
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Payload : " + payload);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
System.out.println(in.toString());
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// Print the response
System.out.println(response.toString());
}
}