API

Introduction

Mob.id API is developed for secured identification of a person.

This API is a part of Mob.id API family for Mob.id SDK.

For security purposes, business logic API is implemented as REST API over TLS v1.2 protocol.

More info about TLS on Wiki: https://en.wikipedia.org/wiki/Transport_Layer_Security 

Any client should get their own client certificate before using business logic API.

Client certificates can be provided as JKS or PKCS12 format.

Important: 

  • Keep your certificate in secured storage!
  • Nobody should get access to your client certificate!
  • Do not keep certificates in RAM in plain mode, encode its memory buffer!
    • Decode certificate if needed for your business logic.
    • Do not trust the standard Garbage Collector, clear memory buffer with plain certificate after usage!
  • Use a specific cypher mechanism for encoding/decoding certificates (for example, HSM), nobody should access your cypher keys!

Also TTL of client certificates can be short, i.e. certificates will expire soon. Thus any request to the business logic API should be checked firstly on client certificate expiration date, and a new client certificate should be requested if needed. 

Details of REST API endpoints are presented in Postman collection and environment files.

NFC data for the verification
To arrange verification, you need to make sure that your current app is gathering the following info through NFC:

private byte[] com;
private byte[] cvca;
private byte[] dg1;
private byte[] dg2;
private byte[] dg3;
private byte[] dg5;
private byte[] dg7;
private byte[] dg11;
private byte[] dg12;
private byte[] dg14;
private byte[] dg15;
private byte[] sod;

private boolean isAAPassed;
private boolean isAASupported;
private boolean isBACPassed;
private boolean isBACSupported;
private boolean isSACPassed;
private boolean isSACSupported;
private boolean isCASupported;
private boolean isCAPassed;

 

API Description

Request for Client Certificate

The /api/v1/auth/login REST API endpoint is responsible for generation of new client certificates. This is the one endpoint which uses one way SSL (not TLS) thus it can be requested as a regular HTTPS request.

This is the starting point of the Mob.id API. Also the next client certificate can be requested through this endpoint.

Passport Chip Verification

The /api/v1/tcc/passport/verify/base64 REST API endpoint is responsible for verification data from Passport Chip.

Any error in this method means that the passport chip has a problem. More details about the verification process can be found in the Customer Dashboard.

Face Verification

The /api/v1/face/compare REST API endpoint is responsible for face detection, recognition and comparison. 

By default, strong comparison is turned on. It takes more time to handle faces, but results are very precise. This mode is recommended for financial structures, passport border services, etc.

No need to send pictures with thousands of pixels in width and height. Remember, that Passport Chip has a person photo about 200 x 300 pixels with 96 dpi and this is enough for face recognition. Smaller size of photo means less time to handle it.

Passport Page Detailed Verification

The /api/v1/native/detail REST API endpoint is responsible for detailed verification of passport page photo, i.e. first plastic page with printed text, photo and MRZ.

Please be sure that person’s photo, text and MRZ are in the picture with good quality and good lighting. Bad quality photos lead to longer processing time.

Contact Us

For any questions please contact us by email support@mob.id