Web Client
Jumio provides a turnkey web client that you can provide to your end users to guide them through the customer journey. The URL to the web client is available from the web:href value of the response from the account creation or update call, as shown in the following example:
Example Web Client URL
{
"timestamp": "2022-11-28T23:45:02.536Z",
"account": {
"id": "572ac7b5-9f83-409d-ba8e-f0014e411c7e"
},
"web": {
"href": "https://jumio-mfa.web.amer-1.jumio.ai/web/client?baseUrl=https%3A%2F%2Fweb-sdk.emea-1.jumio.ai%2Fwebsdk%2Fv4%2Fapi&authorizationToken=eyJhbGciOiJIUzUxMiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAA_5XOQQrCMBCF4auUrB3IJJMmdefSrTeYTCYg2BZiRUW8u9EbuH18PP6X0cdhM3uDkRKlhEjOBbMzLHIsfXdYYqqOwHKdgKL3wKIZMgVEjTa5NH75D9tMkiU7qCErEEuASUOG6K2WKDFh8R3fq_7D5aS165mXwtvanoPcrts6axvOy6Zt4cvQtGrTRfTLf985cHJWerdaBLLUu12cYBzH4KvnMCma9wfM2Wef_wAAAA.3O4SlXYeSJ39cEbgTpcliM2sxlC2F3eJGun5kG1R7OgkMwbhz-YMGQkh6pys11soT3-OQRX-yDqgwWtEL34T4w&locale=en-US" },
...
You need to define a subdomain in the Jumio Portal under Settings > Identity Verification > Application Settings > Domain Name in order to successfully generate a web.href. Refer: Application Settings.
URL Handling for Web Client
- Always use the exact web.href returned from the account creation API.
- Do not construct verification URLs manually. Only redirect/embed web.href after explicit user action.
- Store and log the workflowExecutionId for debugging and support.
- Treat web.href like a secret — do not expose it to untrusted contexts.
You can provide this URL to your customer in several ways:
- As a link on your web page that opens a new browser tab or window.
- As a link shared securely with the end user.
- In a native webview, refer Embedding in a WebView.
- Within an iFrame on a web page in your own application, refer Embedding in an iFrame.
What is presented to the end-user in the web client depends on the following:
- The workflow that was specified in the account creation or update API call. Different workflows require different credentials. The web client will guide the user to capture and upload the credentials that are required for the workflow.
- The Identity Verification Settings that have been configured in the Jumio Portal, checkout About the Identity Verification Settings.
- It is also possible to override some of the Identity Verification Settings on a per-transaction basis. (Checkout Overriding the Default Settings as given below) .
When the customer journey is complete,
- End-user is redirected to either the successUrl or the errorUrl (defined in the Settings or the Account request).
- Information about the transaction is appended to the URL.
- Checkout Acquisition Status and Error Codes.
See Supported Environments for details on supported browsers and operating systems.
Overriding the Default Settings
You can override some of the default configuration settings for individual transactions by including optional web-specific parameters in the request to create or update an account. Include a Web object in the Account request body, as described in Creating or Updating Accounts.
web Object Example
"overrideSettings": {
"crossDeviceOption": "QR_ONLY",
"crossDeviceOnly":"true"
},
These override, on a per-transaction basis, the cross-device option and the cross-device-only setting.
Redirect Pages
Use web.successUrl and web.errorUrl to specify how the end user will be redirected by the browser at the end of the web acquisition user journey.
If these parameters are not provided, and the values are not present in the Jumio Platform settings, the end user will be shown a success or error page instead.
Languages
Use web.locale to render the content of the client in the specified language.
The values are hyphenated combinations of ISO 639-1:2002alpha-2 language code plus ISO 3166-1 alpha-2 country (where applicable), as shown in the following table:
| Value | Locale |
|---|---|
| sq | Albanian |
| ar | Arabic |
| az | Azerbaijani |
| bn | Bengali |
Expand the list below,
Supported Languages
| Value | Locale |
|---|---|
| sq | Albanian |
| ar | Arabic |
| az | Azerbaijani |
| bn | Bengali |
| bn-IN | Bengali (India) |
| bg | Bulgarian |
| ms | Burmese |
| my-MM | Burmese (Myanmar) |
| ca | Catalan |
| ceb | Cebuano |
| ceb-PH | Cebuano (Philippines) |
| zh | Chinese (default) |
| zh-CN | Simplified Chinese |
| zh_CN | Simplified Chinese |
| zh-HK | Traditional Chinese |
| zh_HK | Traditional Chinese |
| hr | Croatian |
| cs | Czech |
| da | Danish |
| nl | Dutch |
| en | American English (default) |
| en-GB | English (United Kingdom) |
| en_GB | English (United Kingdom) |
| et | Estonian |
| fi | Finnish |
| fil-PH | Filipino (Philippines) |
| fi | Filipino |
| fr | French |
| fr-CA | French (Canada) |
| ka-GE | Georgian |
| ka_GE | Georgian |
| de | German |
| el | Greek |
| iw | Hebrew |
| hi | Hindi |
| hi-IN | Hindi (India) |
| hu | Hungarian |
| is | Icelandic |
| id | Indonesian |
| ga | Irish |
| it | Italian |
| ja | Japanese |
| jv | Javanese |
| jv-ID | Javanese (Indonesia) |
| kk | Kazakh |
| km | Khmer |
| ko | Korean |
| lv | Latvian |
| lt | Lithuanian |
| ms | Malay |
| no | Norwegian |
| pl | Polish |
| pt | Portuguese |
| pt-BR | Brazilian Portuguese |
| pt_BR | Brazilian Portuguese |
| ro | Romanian |
| ru | Russian |
| sr | Serbian (default) |
| sr_Latn | Serbian (Latin) |
| sr-Latn | Serbian (Latin) |
| sr-Cyrl | Serbian (Cyrillic) |
| sr_Cyrl | Serbian (Cyrillic) |
| sk | Slovak |
| sl | Slovenian |
| es | Spanish |
| es_MX | Mexican Spanish |
| es-MX | Mexican Spanish |
| sv | Swedish |
| sw | Swahili |
| th | Thai |
| tr | Turkish |
| ur | Urdu |
| uz | Uzbek |
| uk | Ukrainian |
| vi | Vietnamese |
Acquisition Status and Error Codes
At the end of the web acquisition customer journey, the following query parameters are appended by the web client to the success or error URL before the end-user is redirected by the browser.
Required items appear in bold type.
| Name | Description |
|---|---|
| accountId | UUID of the account |
| workflowExecutionId | UUID of the workflow |
| acquisitionStatus | Possible values
|
| customerInternalReference | Customer internal reference for a request to link it in the customer backend |
| errorCode (deprecated; will no longer be sent starting 15/12/25) | Possible value
|
| publicErrorCode (available starting 15/9/25) | Refer to the table below |
Predefined list of errorCode and publicErrorCodes, only appended to errorUrl when acquisitionStatus is ERROR.
publicErrorCodes
| Code Pattern | Message | Description |
|---|---|---|
| A[xx][yyyy] | We have encountered a network communication problem | Retry possible, user decided to cancel |
| B[xx][yyyy] | Authentication failed | Secure connection could not be established, retry impossible |
| C[xx]0401 | Authentication failed | API credentials invalid, retry impossible |
| H[xx]0000 | The camera is currently not available | Camera cannot be initialized, retry impossible |
| J[xx]0000 | Transaction already finished | User did not complete SDK journey within session lifetime |
| M[xx]0000 | Transaction cannot be completed | User did not complete the transaction. |
| N[xx]0000 | Scanning not available at this time, please contact the app vendor | Required images are missing to finalize the acquisition |
Token Usage & Security
- Always generate SDK tokens and access tokens server-side.
- Never hard-code tokens in the frontend or share API secrets in the browser.
- Tokens are single-use and time-limited — do not reuse them.
- Ensure all communication is over HTTPS.