Get Started

Shufti Pro's REST API offers a developer-friendly solution for seamlessly integrating Identity, Business, and Transaction Verification/Monitoring services into web or mobile applications. This API ensures secure access through Basic Authentication and Access Token-based Authentication. Developers can streamline their integration process using a single API endpoint, accessible via a single URL, simplifying the connection to all verification services. Shufti Pro provides extensive documentation that covers parameters, supported countries, languages, compatible browsers, devices, and jurisdiction codes, making integration hassle-free. Moreover, the API includes Test IDs, assisting developers in conducting thorough testing during integration to guarantee smooth functionality before deploying the services. Before getting started, make sure you have the following:

1. Setup Shufti Pro Account: This is a client account to access the Shufti Pro’s REST API and back-office. To set up your Shufti Pro account, click here.

2. API Keys: Shufti Pro API uses API keys to authenticate requests. You can view your API keys in the settings of your back office. To get your API keys, click here.

3. Get Authorized: Shufti Pro API uses API keys to authenticate requests. You can view and manage your API keys in your Shufti Pro back office. API authorization is performed via HTTP Basic Auth & Access Token. The verification request will fail without authorization.

Authentication

Basic Auth

Shufti Pro provides Authorization to clients through the Basic Auth header. Your Client ID will serve as your Username while the Secret Key will serve as your Password. The API will require this header for every request.

Fields	Required	Description
username	Yes	Enter Client ID as username.
password	Yes	Enter your Secret Key as password.

To obtain the client_id and secret_key, please navigate to the settings page in your backoffice.

caution

If you misplace the secret key, it is necessary to generate a new key from the back office. Ensure that you save the secret key when generating a new one. The generated key will not be displayed in the back office.

Http

//POST / HTTP/1.1 basic auth
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 
{
    "reference"    : "1234567",
    "callback_url" : "http://www.example.com/",
    "email"        : "[email protected]",
    "country"      : "GB",
    "language"     : "EN",
    "verification_mode" : "any",
    "face" : {
        "proof"            : ""
    }
}

Javascript

let payload = {
    reference         : `SP_REQUEST_${Math.random()}`,
    callback_url      : "https://yourdomain.com/profile/sp-notify-callback",
    email             : "[email protected]",
    country           : "GB",
    language          : "EN",
    verification_mode : "any",
}
  payload['face'] = {
    proof : ""
  }
var token = btoa("YOUR_CLIENT_ID:YOUR_SECRET_KEY");
fetch('https://api.shuftipro.com/', {  method : 'post',
  headers : {
    'Accept'        : 'application/json',
    'Content-Type'  : 'application/json',
    'Authorization' : 'Basic ' +token
  },
  body: JSON.stringify(payload)}).then(function(response) {
     return response.json();
}).then(function(data) { return data; });

PHP

<?php
$url = 'https://api.shuftipro.com/';
$client_id  = 'YOUR-CLIENT-ID';
$secret_key = 'YOUR-SECRET-KEY';
$verification_request = [
    "reference"         => "ref-".rand(4,444).rand(4,444),
    "callback_url"      => "https://yourdomain.com/profile/notifyCallback",
    "email"             => "[email protected]",
    "country"           => "GB",
    "language"          => "EN",
    "verification_mode" => "any",
];
$verification_request['face'] = [
    "proof" => ""
];
$auth = $client_id.":".$secret_key;
$headers = ['Content-Type: application/json'];
$post_data = json_encode($verification_request);
$response = send_curl($url, $post_data, $headers, $auth);
function send_curl($url, $post_data, $headers, $auth){
    $ch = curl_init();
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_USERPWD, $auth);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_HEADER, 1);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
        $html_response = curl_exec($ch);
        $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
        $headers = substr($html_response, 0, $header_size);
        $body = substr($html_response, $header_size);
        curl_close($ch);
        return json_decode($body,true);
}
echo $response['verification_url'];

Python

import requests, base64, json, hashlib 
from random import randint 
url = 'https://api.shuftipro.com/'
client_id  = 'YOUR-CLIENT-ID'
secret_key = 'YOUR-SECRET-KEY'
verification_request = {
    "reference"         :   "ref-{}{}".format(randint(1000, 9999), randint(1000, 9999)),
    "callback_url"      :   "https://yourdomain.com/profile/notifyCallback",
    "email"             :   "[email protected]",
    "country"           :   "GB", 
    "language"          :   "EN",
    "verification_mode" :   "any"
}
verification_request['face'] = {
    "proof" : ""
}
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
response = requests.post(url, 
      headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
      data=json.dumps(verification_request))
json_response = json.loads(response.content)
print('Verification URL: {}'.format(json_response))

Ruby

require 'uri'
require 'net/http'
require 'base64'
require 'json'
require 'open-uri'
url = URI("https://api.shuftipro.com/")
CLIENT_ID   = "YOUR-CLIENT-ID"
SECRET_KEY  = "YOUR-SECRET-KEY"
verification_request = { 
    reference:          "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
    callback_url:       "https://yourdomain.com/profile/notifyCallback",
    email:              "[email protected]",
    country:            "GB",
    language:           "EN",
    redirect_url:       "http://www.example.com",
    verification_mode:  "any"
}
verification_request["face"] = {
    proof: ""
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
request["Content-Type"]  = "application/json"
request["Authorization"] = "Basic #{header_auth}"
request.body = verification_request.to_json
response = http.request(request)
puts response.read_body

Java

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

import javax.net.ssl.HttpsURLConnection;

public class Main {
    public static void main(String[] args) throws Exception {
        String url = "https://api.shuftipro.com/";
        String CLIENT_ID = "CLIENT_ID";
        String SECRET_KEY = "SECRET_KEY";
        URL obj = new URL(url);
        HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();

        // Add request header
        con.setRequestMethod("POST");
        con.setRequestProperty("Content-Type", "application/json");
        String basicAuth = "Basic " + Base64.getEncoder().encodeToString((CLIENT_ID + ":" + SECRET_KEY).getBytes(StandardCharsets.UTF_8));    
        con.setRequestProperty("Authorization", basicAuth);

        String payload = "{\n    \"reference\"    : \"1234567\",\n    \"callback_url\" : \"http://www.example.com/\",\n    \"email\"        : \"[email protected]\",\n    \"country\"      : \"GB\",\n    \"language\"     : \"EN\",\n    \"verification_mode\" : \"any\",\n    \"face\" : {\n        \"proof\"            : \"\"\n    }\n}";

        // Send post request
        con.setDoOutput(true);
        DataOutputStream wr = new DataOutputStream(con.getOutputStream());
        wr.writeBytes(payload);
        wr.flush();
        wr.close();

        int responseCode = con.getResponseCode();
        System.out.println("\nSending 'POST' request to URL : " + url);
        System.out.println("Payload : " + payload);
        System.out.println("Response Code : " + responseCode);

        BufferedReader in = new BufferedReader(
                new InputStreamReader(con.getInputStream()));
        System.out.println(in.toString());
        String inputLine;
        StringBuffer response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();

        // Print the response
        System.out.println(response.toString());
    }
}

cURL

curl --location --request POST 'https://api.shuftipro.com' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==' \
--data-raw '{
    "reference"    : "1234567",
    "callback_url" : "http://www.example.com/",
    "email"        : "[email protected]",
    "country"      : "GB",
    "language"     : "EN",
    "verification_mode" : "any",
    "face" : {
        "proof"            : ""
    }
}'

C#

var client = new RestClient("https://api.shuftipro.com");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==");
var body = @"{" + "\n" +
@"    ""reference"": ""1234567""," + "\n" +
@"    ""callback_url"": ""http://www.example.com/""," + "\n" +
@"    ""email"": ""[email protected]""," + "\n" +
@"    ""country"": ""GB""," + "\n" +
@"    ""language"": ""EN""," + "\n" +
@"    ""verification_mode"": ""any""," + "\n" +
@"    ""face"": {" + "\n" +
@"        ""proof"": """"" + "\n" +
@"    }" + "\n" +
@"}";
request.AddParameter("application/json", body,  ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

Go

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "https://api.shuftipro.com"
  method := "POST"

  payload := strings.NewReader(`{
    "reference": "1234567",
    "callback_url": "http://www.example.com/",
    "email": "[email protected]",
    "country": "GB",
    "language": "EN",
    "verification_mode": "any",
    "face": {
        "proof": ""
    }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

Access Token

Shufti Pro provides Bearer Access Token Authorization method. Clients can generate temporary access token using new access token endpoint. The shared token will be used to authorize API requests.

caution

The token shared with the client will be valid for 1 hour and can be used once only.

Field	Required	Description
Authorization	Yes	Enter your authorization token.

info

Shufti Pro uses following BASE URL for every request: https://api.shuftipro.com/