Skip to main content

Overview

The ID Verification, Face Match, and Liveness APIs return a warnings field when the verification service signals non-blocking issues or risk flags. Session-based KYC (POST /api/kyc/validations, GET /api/kyc/validations/:id) stores a top-level warnings array on the validation record by merging risk codes from document verification, liveness, face match, and AML screening, and may add Gu1-internal codes (e.g. blocklist or sandbox). Clients can use these codes for:
  • Display: Map each code to a human-readable message (e.g. your own i18n, or the descriptions below — the gu1 dashboard resolves labels in the same order as keys under warningRisks and rejectionReasonCodes in the product locale files).
  • Logic: Branch on specific codes (e.g. DOCUMENT_EXPIRED vs POSSIBLE_DUPLICATED_USER), or pass allowed codes in omitWarnings when creating a validation.
The codes are per service for standalone APIs; the session validation record uses the union of services plus internal codes. Below are the documented values.
If the service returns a code not listed here, you may still receive it in warnings. Treat unknown codes as generic warnings and display the code or a fallback message.

Session-Based KYC Validation

For GET /api/kyc/validations/:id (and list endpoints), the validation’s top-level warnings array contains risk code strings collected from:
  • Document (ID) verification step
  • Liveness step
  • Face match step
  • AML screening objects in the session decision
  • Device & IP analysis objects in the session decision (ip_analyses[] / ip_analysis)
Additional codes may be appended by Gu1 rules (e.g. organization blocklist enforcement). Optional omitWarnings on POST /api/kyc/validations references the same code strings documented in the tables below.

ID Verification

Returned in POST /api/kyc/id-verification and GET /api/kyc/id-verification/verifications/:id in the warnings array. The same codes can appear on session validations from the document step.

Face Match

Returned in POST /api/kyc/face-match and GET /api/kyc/face-match/verifications/:id in the warnings array.

Liveness (Session-Based KYC)

Returned in session-based KYC validation responses (e.g. current validation, list validations) when liveness checks are performed. The warnings array in the validation payload may contain these codes.

AML (Session-Based KYC)

When AML screening runs inside a session, risk codes from screening warnings are merged into the validation’s top-level warnings array.

Device & IP Analysis (Session-Based KYC)

When device and IP analysis runs inside a session, risk codes from ip_analyses[].warnings[] (or legacy ip_analysis.warnings) are merged into the validation’s top-level warnings array. These codes follow the provider’s Device & IP analysis warning taxonomy.

Internal (Gu1)

These codes may be added by Gu1 logic (entity vs OCR checks, name policy, sandbox mocks, etc.) and appear in the session validation warnings array where applicable.
Cross-entity duplicates: Provider codes such as DUPLICATED_FACE or POSSIBLE_DUPLICATED_USER are kept only when Gu1 resolves a match on a different entity. Otherwise they may be suppressed (metadata.kycCrossEntityDuplicates.suppressedWarnings). GUENO_CROSS_ENTITY_DUPLICATED is never omit-eligible.

Registry Cross-Check (Argentina / RENAPER)

When RENAPER double-check is enabled and a registry-related issue is surfaced as a warning code, the same strings may appear in warnings. Product locales map them under rejectionReasonCodes (in addition to warningRisks fallbacks where configured).

Example Response (ID Verification)

Example Response (Face Match)

ID Verification

Verify document front/back and extract data

Face Match

Compare document portrait and selfie