Authentication

Jumio Authentication helps ensure that only the rightful user can access an account — continuously confirming their identity to prevent account takeover and foster long-term trust.

For a detailed description checkout Authentication Workflow.

info

Authentication requires your integration to use either the Web Client or one of the Mobile SDKs.

Dependency

Liveness - An Authentication workflow can only be initiated if at least one Liveness check has successfully passed for the user’s accountID.

info

If your data retention policies remove existing credentials you have the option of using Authentication On-Premises.

Supported Credentials

• Facemap
• Selfie

Response

Response data is available for transactions that include,

REJECTED

    "authentication": [
     {
      "id": "1bd548ce-81bc-4f99-abbc-c4fe39b0ee1f",
      "credentials": [
          {
              "id": "fe5d9666-e451-4632-8e02-e325e0421b5c",
              "category": "FACEMAP"
          }
      ],
      "decision": {
          "type": "REJECTED",
          "details": {
              "label": "FAILED"
          }
      },
      "data": {
          "type": "JUMIO_STANDARD"
      }
    }
  ]

PASSED

    "authentication": [
        {
            "id": "78c51e8f-7378-4882-a4a5-e594b8906c94",
            "credentials": [
                {
                    "id": "27cab914-6886-405c-94f9-d2364580df8a",
                    "category": "FACEMAP"
                }
            ],
            "decision": {
                "type": "PASSED",
                "details": {
                    "label": "OK"
                }
            },
            "data": {
                "type": "JUMIO_STANDARD"
            }
        }
    ]

To get the specific rejection reason (e.g. "FACE_INVALID_DIGITAL_COPY"), make an additional call to retrieve the response from /steps

"steps": {
"href":"https://retrieval.emea-1.jumio.link/api/v1/accounts/accountId/workflow-executions/workflowExecutionId/steps"
}

Steps_REJECTED

{
    "steps": [
        {
            "id": "df7b6d9a-ee6c-43f6-8109-171ea4c647c7",
            "name": "AUTHENTICATION",
            "decision": {
                "type": "REJECTED",
                "details": {
                    "label": "REJECTED"
                },
                "reasons": [
                    {
                        "label": "FACE_INVALID_DIGITAL_COPY",
                        "type": "REJECTED"
                    }
                ]
            },
            "capabilities": [
                {
                    "id": "1bd548ce-81bc-4f99-abbc-c4fe39b0ee1f",
                    "category": "authentication"
                }
            ],
            "capabilityIds": [
                "1bd548ce-81bc-4f99-abbc-c4fe39b0ee1f"
            ]
        }
    ]
}

Steps_PASSED

{
  "steps": [
      {
          "id": "1c11905f-7667-4094-ab89-6846597ce990",
          "name": "AUTHENTICATION",
          "decision": {
              "type": "PASSED",
              "details": {
                  "label": "PASSED"
              }
          },
          "capabilities": [
              {
                  "id": "78c51e8f-7378-4882-a4a5-e594b8906c94",
                  "category": "authentication"
              }
          ],
          "capabilityIds": [
              "78c51e8f-7378-4882-a4a5-e594b8906c94"
          ]
      }
  ]
}

Decision Details Labels

note

When a WARNING result is returned, we recommend allowing the user to retry (up to 3 attempts).
In contrast, if the result is REJECTED, retries should not be offered.

Decision Type	Label	Description
NOT_EXECUTED	PRECONDITION_NOT_FULFILLED	Required data from another capability is not available.
NOT_EXECUTED	TECHNICAL_ERROR	A technical error prevented the capability from executing.
PASSED	OK	The end user is the same person who previously uploaded credentials under the same account.
WARNING	FACE_UNCLEAR_QUALITY	The detected face does not meet the required quality standards for reliable processing.
WARNING	FACE_UNCLEAR_MISSING_FACE	A face does not appear in the selfie, making authentication impossible.
WARNING	FACE_UNCLEAR_PARTIAL	The face is only partially visible in the selfie, leading to an authentication failure.
REJECTED	FAILED	The end user is not the same person who previously uploaded credentials under the same account.
REJECTED	FACE_INVALID_LIVENESS	Liveness cannot be determined, making authentication invalid.
REJECTED	FACE_INVALID_NO_MOTION	The selfie does not show any facial features or eye movement, indicating the absence of a live person.
REJECTED	FACE_INVALID_SIMILARITY	The faces in the enrolled data and the provided selfie do not match, leading to authentication failure.
REJECTED	FACE_MANIPULATED_IMAGE	The selfie provided for authentication appears to be digitally altered or manipulated.
REJECTED	FACE_MANIPULATED_PHOTOCOPY	The selfie was captured from a paper printout, indicating a spoofing attempt.
REJECTED	FACE_INVALID_DIGITAL_COPY	The selfie was captured from another screen (e.g., a mobile phone or computer), invalidating authentication.
REJECTED	FACE_INVALID_CAMERA	The selfie was captured using a suspicious or untrusted camera device, invalidating authentication.
REJECTED	FACE_INVALID_MULTIPLE_PEOPLE	More than one face appears in the selfie, preventing single-user authentication.
REJECTED	FACE_INVALID_AGE_COMPARISON	There is a significant mismatch between the estimated age from the selfie and the provided/enrolled age data.
REJECTED	FACE_MANIPULATED_MASKS	The selfie appears to be a spoof attempt using physical artifacts such as silicone masks, 3D models, or latex masks.

tip

For an overview of how Jumio handles PASSED, WARNING, and REJECTED across all capabilities, see How Jumio Handles Results.

Data

Key	Type	Description
type	string	The service that is used. Possible values: JUMIO_PREMIUM (requires additional configuration for your tenant) JUMIO_STANDARD