The Onfido API helps identify users based on an identity document. Onfido supports 4,600 document types from 195 countries, offering broad geographical coverage.

This API helps verify document authenticity and reduce identity fraud. Verification can be enhanced with biometric and/or liveness checks, including facial recognition to match users to their identity document.

🚧
Onfido does not process identity documents of individuals under the age of 16.

Attribute Overview

The final result of a successful verification includes:

First name
Last name
Date of expiry
Issuing authority
Issuing country
Gender
Document number
Date of birth
Personal number
Date of issue
Document type
Nationality

Using the API

Once your account is set up, subscribe to the Onfido API. Each verification must be triggered within a Dossier, which can contain one or more verification processes.

Step 1 - Create a dossier

You start with creating a new dossier. This dossier contains all the collected evidence of the user and can be identified through unique identifiers.

To create a dossier, send the following request:

Request

The API supports the possibility to associate your own unique identifier to the dossier in order to link it to your own session.

POST https://api.rabobank.nl/openapi/ris/onfido/dossiers

{
	"externalReference":"426ab6fd-c038-404a-9249-e46cbdce8455"
}

Response

After the dossier is created, an unique dossierId is generated and associated to the Dossier. As depicted in the response, the externalReference is associated to the Dossier.

{
	"dossierId":"1da64a84-cc06-4948-959d-7942563149f9",
	"externalReference": "426ab6fd-c038-404a-9249-e46cbdce8455",
	"createdAt":"2023-11-21T07:10:57Z",
	"updatedAt":"2023-11-21T07:10:57Z"
}

Step 2 - Create a process

Next, trigger a process within the dossier. The below request illustrates a basic document verification specifying which flow should be triggered.

Request

This request triggers a unique verification to receive a URL generated for verification.

We support the following processTypes:

document - This process type verifies the identity document.
documentSelfie - This process type verifies the identity document and performs a biometric verification based on a photo of the user, this helps to match the user to the provided identity document.
documentVideo - This process type verifies the identity document and performs a biometric verification based on a video (with instructions), this helps to match the user to the provided identity document.

After the verification is complete, the user is redirected using the URL specified in the redirectUrl parameter.

To receive updates on status changes for pending verifications in your application, set up webhook notifications through a server side configuration. To set it up, sharing the endpoint (where you want to receive the notifications) with Rabobank. Our platform supports one webhook setup per environment.

🚧
Only HTTP status codes of 429 and 500-599 i.e. failures caused by network errors are retrieved, whereas failures caused by misconfiguration are not.
The time between each delivery attempt starts at approximately one second and rapidly increases towards 24 hours, for up to five days.

The sdk parameter defines which frontend application should be used to capture the document, preferred value is native.

For more information about this functionality, contact us.

POST https://api.rabobank.nl/openapi/ris/onfido/dossiers/1da64a84-cc06-4948-959d-7942563149f9/process`

{
	"processType":"document",
	"redirectUrl":"[https://developer.rabobank.nl/api-documentation](https://developer.rabobank.nl/api-documentation)",
	"sdk":"native"
}

Response

A URL is returned in the response for verification. The user should be redirected to this URL to start the verification.

This URL hosts a verification session to retrieve the required attributes from the identity document.

{
	"url":"[https://api.rabobank.nl/capture/#/artifact=2uyzimtat8kd8st8d5bvg406fpqeh8vxjafsb9e4jugeoyqfgo](https://api.rabobank.nl/capture/#/artifact=2uyzimtat8kd8st8d5bvg406fpqeh8vxjafsb9e4jugeoyqfgo)"
}

After completing the process, the user is redirected to your own platform and a unique processId is generated for the final step. The processId is added to your specified redirectURL.

Step 3 - Get the result

Request

The processId is added to the redirect URL and can be used to fetch the final response.

When the verification state shows as accepted, you can execute the below request:

GET https://api.rabobank.nl/openapi/ris/onfido/dossiers/1da64a84-cc06-4948-959d-7942563149f9/processes/c9887bb6-106f-4e20-bfb0-2434d4fb0890

Response

You should receive the following response with the data retrieved from the identity document.

In the (pre)production environments, message level encryption is applied to this specific response, due to the nature of processing sensitive PII data. For more information, read Message level encryption

Message level encryption is only applied to the following endpoints:

GET /ris/onfido/dossiers/{dossierId}/processes/{processId}
GET /ris/onfido/dossiers/{dossierId}/processes/{processId}/download

{
"processId":"c9887bb6-106f-4e20-bfb0-2434d4fb0890",
"provider":"onfido",
"processType":"document",
"status":"accepted",
"providerSpecific": {
	"documentVerification": {
		"firstName":"Willeke",
		"lastName":"de Bruin",
		"gender":"F",
		"nationality":"NLD",
		"dateOfBirth":"1965-03-10",
		"documentType":"passport",
		"documentNumber":"SPECI2014",
		"dateOfExpiry":"2024-01-15",
		"issuingCountry":"NLD",
		"dateOfIssue":"2014-01-15"
		}
	}
}

🚧

Each response contains a X-Trace-Id header which can be used for troubleshooting failed transactions

Certain fields may not be available in the response body, this depends on the availability in the source and the type of request. Read the response schema object to understand which fields can be part of the response body.

All responses are signed by Rabobank, to validate the response read Validate signed responses

Other scenarios

You can test the other scenarios using:

Scenario	Example
Biometric verification with photo	`"processType":"documentSelfie"`
Biometric verification with video	`"processType":"documentVideo"`