ID Verification (Document Front/Back)
ID Verification
ID Verification (Document Front/Back)
Verify identity document (front and optional back), extract MRZ and data, get Approved or Declined in a single API call
POST
ID Verification (Document Front/Back)
Overview
ID Verification is a Gueno verification service that validates an identity document by sending the front image (required) and optionally the back image (for two-sided documents such as national IDs). The API returns Approved or Declined, plus extracted data (name, document number, date of birth, address, MRZ, etc.) and optional warnings. No hosted session is involved—you send the images and get the result in one call.When to use which
- Session-based KYC (
POST /api/kyc/validations): Full flow with hosted URL, live selfie, liveness, and document capture. Best for onboarding and regulated flows. - Face Match (
POST /api/kyc/face-match): Compare two images (document portrait + selfie) to verify they are the same person; returns match + score. - ID Verification (
POST /api/kyc/id-verification): Send document front (and optional back); get document validation, extracted data (MRZ, name, address, etc.), and Approved/Declined. Best when you already have document images and need extraction + validation only.
Prerequisites
Before using ID Verification:- ID Verification integration enabled: Your organization must have the ID Verification KYC integration activated (e.g. in Marketplace / Integrations).
- Credentials configured: The API key for the ID Verification integration must be set in your organization’s KYC settings (configured by the Gueno administrator). This provider only requires the API key (no webhook secret for this endpoint).
ID Verification is a Gueno service. All verification is performed by our infrastructure; no third-party provider names are exposed in API responses or error messages.
Request
Endpoint
Content-Type
Onlymultipart/form-data is accepted. You can send images in either of two ways (or mix):
- As file parts: attach image/files to the form fields
documentFrontand (optional)documentBack. - As base64 strings: send the same field names with base64-encoded image strings (with or without
data:image/...;base64,prefix).
Headers
Content-Type manually when using FormData; the client will set it with the correct boundary.
If your account uses organization scoping, include:
Form fields
Front image of the identity document. Send as a file part (recommended) or as a string (base64, with or without
data:image/...;base64, prefix). Formats: JPEG, PNG, WebP, TIFF, PDF. Max 5MB.Back image of the document (optional; required for two-sided documents such as national IDs). Same as
documentFront: file part or base64 string.Optional UUID of the person entity to associate with this check. Used for audit and for listing verifications by entity.
Optional reference (e.g. your user ID) for tracking. Stored with the audit record.
Whether to perform document liveness (detect screen/copy). Default
false. Send as string "true" or "false" in form.Minimum age (1–120); users below are Declined. Optional. Send as string in form.
"NO_ACTION" or "DECLINE" when expiration date is not detected. Optional."NO_ACTION" or "DECLINE" when MRZ is invalid or unreadable. Optional."NO_ACTION" or "DECLINE" when visual zone data does not match MRZ. Optional.Response
Success Response (200 OK)
| Field | Type | Description |
|---|---|---|
status | string | "approved" | "declined". |
verificationId | string (optional) | ID of the audit record in id_verification_verifications (for support and listing). |
requestId | string (optional) | Internal request ID (for support). |
extractedData | object (optional) | Extracted document data: fullName, firstName, lastName, documentNumber, documentType, dateOfBirth, expirationDate, nationality, address, issuingState, etc. |
warnings | string[] (optional) | Warnings from the verification (e.g. document expired, inconsistent data). |
Example Request
Error Responses
Responses use generic messages (no provider names). Common codes:| Code | HTTP | Meaning |
|---|---|---|
NOT_CONFIGURED | 403 | ID Verification credentials (API key) not set in organization KYC settings. |
NOT_ENABLED | 403 | ID Verification integration is not enabled for this organization. |
INVALID_REQUEST | 400 | Content-Type not multipart/form-data, or missing/invalid document front (no file and no base64, or format/size). |
FORBIDDEN | 403 | Verification could not be completed (e.g. credits). |
VERIFICATION_FAILED | 500 | Generic failure; retry or try another document. |
Audit and listing verifications
Every ID Verification request (success or failure) is stored inid_verification_verifications for audit and compliance. The response includes verificationId (the audit record ID) when persistence succeeds. All endpoints below are part of the Gueno API; no third-party provider names appear in responses or in this documentation.
Get a single verification
id — UUID of the verification (from the POST response verificationId or from the list).
Response (200): Same shape as one item in the list: id, organizationId, entityId, status, requestId, vendorData, errorMessage, warnings, extractedData, createdAt, documentFrontStoragePath, documentBackStoragePath, storageProvider, etc.404 if not found or not in your organization.
List audit records
| Parameter | Type | Description |
|---|---|---|
entityId | string (UUID) | Optional. Filter by person entity. |
withoutEntity | boolean | If true, only returns verifications with no associated entity (e.g. for the KYC page “ID Verification without entity” tab). |
status | string | Optional. Filter by status (approved, declined, failed). |
limit | number | Max items (default 50, max 100). |
offset | number | Pagination offset. |
{ "verifications": [ ... ], "pagination": { "limit", "offset", "total" } }. Each verification includes id, entityId, status, requestId, extractedData, warnings, errorMessage, createdAt, and storage paths when images were stored.
Get stored document images
If the verification has stored images (documentFrontStoragePath / documentBackStoragePath), you can stream them with:
id — UUID of the verification. Response: Image bytes (e.g. Content-Type: image/jpeg). 404 if the verification does not exist or that side was not stored.
Coexistence with other KYC flows
- Session flow creates a
kyc_validationsrecord and uses a hosted URL; the stored decision can include document, liveness, and face match from the live session. - Face Match compares document portrait + selfie and returns match + score; audit in
face_match_verifications. - ID Verification validates the document (front/back), extracts data, and returns Approved/Declined; audit in
id_verification_verifications. It does not create akyc_validationsrecord. Use it when you need document-only validation and extraction without a hosted session.