Skip to main content

Best Practices

Use the Health Check API regularly to ensure Jumio services are operational before initiating transactions.
Provide feedback on transactions when Jumio’s automated decision differs from your internal evaluation—this helps improve accuracy and flags discrepancies for review.
Feedback enhances system learning and ensures alignment between Jumio outcomes and your business rules.

1.1 Environment Setup

Maintain separate Development, Staging, and Production environments.
Use unique API keys for each environment.
Test extensively in staging before deploying to production.

1.2 Secure API Key & Credential Management

Store API keys in secure locations (environment variables, secrets managers).
Never expose API keys in client-side code.
Rotate API keys periodically and revoke immediately if compromised.
Restrict API key permissions to least privilege and limit usage to specific IPs/endpoints.

1.3 Network Security

Enforce HTTPS for all API calls.
Perform strict SSL/TLS verification.
Implement certificate pinning in mobile apps.

1.4 Handling Network Errors, Timeouts & Retries

Implement retry mechanisms with exponential backoff.
Limit retry attempts and handle failures gracefully.
Define request timeouts and inform users of delays.

1.5 Version Management & Updates

Always use the latest stable API version.
Monitor Jumio documentation for updates and deprecations.
Test compatibility before upgrading.

Table of Contents

1.1 Environment Setup
1.2 Secure API Key & Credential Management
1.3 Network Security
1.4 Handling Network Errors, Timeouts & Retries
1.5 Version Management & Updates