Authenticate with biometrics
Beta

Last updated: June 4, 2025

The Face Authentication solution enables you to confirm that an applicant requesting to access new services or an existing account is the same person whose identity you've successfully verified.

Information

To enable Face Authentication, contact your account manager or [email protected].

You must have already integrated the Identity Verification solution and verified the applicant.
The applicant must already have a profile.
You must have a non-anonymized face video from a previous successful identity verification or face authentication available for the applicant.
Prepare to handle statuses, attempts, and response codes.
Set up your webhook receiver and prepare to handle webhooks.

When you request to enable Face Authentication, your account manager provides you a configuration ID, prefixed with usj_. This is different to your Identity Verification configuration ID.

You must provide the ID every time you create an authentication. It configures the following elements of the solution:

The service level agreement for receiving the result from Checkout.com
How long to retain verification face videos to ensure you have one available for authentications
Processing type:
- Auto – Fully automated processing
- Expert – Systematic human review

The applicant captures a video of their face. Checkout.com compares the biometrics to a previous video of the applicant to check if they show the same person, and shares the result.

Follow these steps:

Create an authentication linked to the applicant's profile.
Create an attempt and redirect the applicant.
Retrieve the authentication to see the result.

Call the Create a face authentication endpoint, and provide the following fields:

applicant_id – The applicant ID
user_journey_id – Your Face Authentication configuration ID

post

https://identity-verification.sandbox.checkout.com/face-authentications


1{
2  "applicant_id": "aplt_tkoi5db4hryu5cei5vwoabr7we",
3  "user_journey_id": "usj_w41kh4hfdm86589y068qz2w2pg9"
4}


1{
2  "id": "fav_mtta050yudd54y5iqb5ijh8jtvz",
3  "created_on": "2025-07-21T17:32:28Z",
4  "modified_on": "2025-07-21T17:40:32Z",
5  "applicant_id": "aplt_tkoi5db4hryu5cei5vwoabr7we",
6  "user_journey_id": "usj_w41kh4hfdm86589y068qz2w2pg9",
7  "status": "created",
8  "response_codes": [],
9  "_links": {
10    "self": {
11      "href": "https://identity-verification.checkout.com/face-authentications/fav_mtta050yudd54y5iqb5ijh8jtvz"
12    },
13    "applicant": {
14      "href": "https://identity-verification.checkout.com/applicants/aplt_lkoi5db4hryu5cei5vwoabqere"
15    }
16  }
17}

The response returns the authentication ID in the id field, prefixed with fav. You need this to create an attempt.

The authentication status changes to created and you receive a Face authentication created webhook.

Call the Create an attempt endpoint, and provide the authentication ID from the Create an authentication response as the {face_authentication_id} path parameter.

Provide the following fields in the request body:

redirect_url field – Provide the URL to redirect the applicant to after they complete the authentication.
phone_number object – If you want to send the applicant the attempt URL via SMS, provide their phone number.
client_information.pre_selected_residence_country field – If you want to provide the applicant's country of residence, you can use this field. This shortens the verification journey and improves the experience because they do not have to select their country manually.

post

https://identity-verification.sandbox.checkout.com/face-authentications/{face_authentication_id}/attempts


1{
2  "redirect_url": "https://myweb.site?query-param=hello",
3  "phone_number": {
4    "country_code": "+1",
5    "number": "2068133616"
6  },
7  "client_information": {
8    "pre_selected_residence_country": "FR"
9  }
10}


1{
2  "id": "fatp_nk1wbmmczqumwt95k3v39mhbh2w",
3  "created_on": "2025-07-21T17:32:28Z",
4  "modified_on": "2025-07-21T17:40:32Z",
5  "phone_number": {
6    "country_code": "+1",
7    "number": "2068133616"
8  },
9  "client_information": {
10    "pre_selected_residence_country": "FR"
11  },
12  "applicant_session_information": {
13    "ip_address": "123.123.123.01"
14  },
15  "redirect_url": "https://myweb.site?query-param=hello",
16  "status": "pending_redirection",
17  "response_codes": [],
18  "_links": {
19    "verification_url": {
20      "href": "https://idv.checkout.com/4hryu5cei5/"
21    },
22    "self": {
23      "href": "https://identity-verification.sandbox.checkout.com/face-authentications/fav_mtta050yudd54y5iqb5ijh8jtvz/attempts/fatp_nk1wbmmczqumwt95k3v39mhbh2w"
24    }
25  }
26}

The response returns:

The attempt ID in the id field, prefixed with fatp
The attempt URL in the verification_url field
The attempt status pending_redirection

The authentication status changes to pending and you receive a Face authentication opened webhook.

Redirect the applicant to the attempt URL, which is valid for 15 minutes.

Note

If an attempt is unsuccessful and the applicant needs to retry, you can create new attempts.

We recommend sharing guidance from the response codes returned in webhooks to help the next attempt succeed. For example, if the applicant's data connection is poor, let them know so they can try to improve it.

The following table describes the process of a successful attempt:

A successful attempt proceeds as follows:

Step Description

Step	Description
Applicant starts the attempt	The authentication and attempt statuses change to `capture_in_progress`. You receive a Face authentication started webhook. When successfully completed, the attempt status changes to `completed`. You receive a Face authentication capture completed webhook.
Checkout.com processes the authentication	The authentication status changes to `checks_in_progress`. When processing is complete, you receive a Face authentication checks completed webhook. You may receive the checks completed webhook simultaneously with the capture completed webhook.
Result is available	The authentication status changes to either `approved` or `declined`. If the applicant is declined, you can create a new authentication.

Applicant starts the attempt

The authentication and attempt statuses change to capture_in_progress.

You receive a Face authentication started webhook.

When successfully completed, the attempt status changes to completed.

You receive a Face authentication capture completed webhook.

Checkout.com processes the authentication

The authentication status changes to checks_in_progress.

When processing is complete, you receive a Face authentication checks completed webhook.

You may receive the checks completed webhook simultaneously with the capture completed webhook.

Result is available

The authentication status changes to either approved or declined.

If the applicant is declined, you can create a new authentication.

An attempt may be unsuccessful due to the following scenarios:

Scenario	Description
Attempt URL expires	The attempt status changes to `expired`. You receive a Face authentication link expired webhook. You need to create a new attempt.
Applicant refuses the authentication	The authentication status changes to `refused`. The attempt status changes to `capture_refused`. You receive a Face authentication capture refused webhook. Suggest an alternative authentication method to the applicant.
Applicant drops out of the attempt	The attempt status changes to `capture_aborted`. You receive a Face authentication capture aborted webhook. You can create a new attempt.
Applicant needs to retry	The authentication status changes to `retry_required`. You receive a Face authentication retry requested webhook. When you create a new attempt, the status of the previous attempt changes to `terminated`. You receive a Face authentication closed webhook, followed by an Face authentication reset webhook. Redirect the applicant to the new attempt URL.
Result is inconclusive	The authentication status changes to `inconclusive`. The attempt status changes to `checks_inconclusive`. You receive a Face authentication checks inconclusive webhook. You can create a new attempt.

You can manage attempts using the following endpoints:

List attempts – Retrieve all attempts for an authentication.
Retrieve an attempt – Retrieve the details about a specific attempt.

You can retrieve the authentication at any time. For example, to check the status or details about an attempt. When the result is available, it is returned in the response.

Call the Retrieve a face authentication endpoint, and provide the authentication ID as the {face_authentication_id} path parameter.

get

https://identity-verification.sandbox.checkout.com/face-authentications/{face_authentication_id}


1{
2    "id": "fav_mtta050yudd54y5iqb5ijh8jtvz",
3    "created_on": "2025-07-21T17:32:28Z",
4    "modified_on": "2025-07-21T17:40:32Z",
5    "applicant_id": "aplt_tkoi5db4hryu5cei5vwoabr7we",
6    "user_journey_id": "usj_w41kh4hfdm86589y068qz2w2pg9",
7    "status": "declined",
8    "response_codes": [
9      {
10        "code": 62311,
11        "summary": "face_face_mismatch"
12      }
13    ],
14    "face": {
15      "image_signed_url": "https://storage-b.env.ubble.ai/ubble-ai/NDYOOVHGZPAQ/a54b3393-f02a-47c9-a9c5-2f6ee73560e1/bb603e2f-5de9-40f2-9631-8285a33c24c0/live_face/bb603e2f-5de9-40f2-9631-8285a33c24c0-1679921946714.png?response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=V9jgOdpOdeVSFTkA4ZsG%2F20230327%2Feu-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231006T174223Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=2b7d87fec4f11f0df949da7beade2519cf1a51ce70fe9cc1cf0470d73f5340e4"
16    },
17    "_links": {
18      "self": {
19        "href": "https://identity-verification.checkout.com/face-authentications/fav_mtta050yudd54y5iqb5ijh8jtvz"
20      },
21      "applicant": {
22        "href": "https://identity-verification.checkout.com/applicants/aplt_tkoi5db4hryu5cei5vwoabr7ou"
23      }
24    }
25  }

The response returns:

The authentication status
One or more response codes
A URL to download a still from the face video, if the result is available

If an applicant requests that you remove their personal data under the GDPR, you can use the Anonymize a face authentication endpoint.

You receive an Face authentication anonymized webhook.

If the authentication is later audited and the status updated, you receive an Face authentication audit completed webhook.

Authenticate with biometrics
Beta

Information

Before you begin

Configuration

How it works

Create an authentication

Request example

Response example

Create an attempt

Request example

Response example

Redirect the applicant

Note

Manage attempts

Retrieve the authentication

Response example

Remove personal data

Audits