Backend API
Please ensure that you have followed all steps as described under the Get Started section.
It is recommended that the backend API is set up, configured and hosted before starting with the UI, as the backend API is essential for the UI portion to function correctly.
The UI communicates with the backend API every step of the way. The service can be configured to make integration calls to any endpoint(s) in order to sync data of the onboarding case, either on a per-step basis or as a single call at the end of the onboarding journey.
Configuration Options
The following properties are exposed as configuration options in the appsetttings file:
Property Details
Logging: Configure log4net logging.
AllowedHosts: Configure CORS.
Redis: Connection settings for Redis.
DataLifetimeMinutes: The amount of time (in minutes) that data will be cached in Redis for. This property affects how long the user would need to be inactive for before onboarding data for their case is discarded entirely. Default 30
IdentityTokenLifetimeMinutes: How long the internal identity token must be used for before a new token is requested. Default 60
BiometricsTokenLifetimeMinutes: How long the internal biometrics token must be used for before a new token is requested. Default 60
PassiveLivenessParamName: The parameter name of the passive liveness selfie image passed to the service that handles liveness processing. Default "media"
ExtractionFrontParamName: The parameter name of the data extraction front image passed to the service that handles ID document OCR. Default "FrontImage"
ExtractionBackParamName: The parameter name of the data extraction back image passed to the service that handles ID document OCR. Default "BackImage"
AddressExtractionParamName: The parameter name of the address image passed to the service that handles address extraction. Default "FrontImage"
OtpLength: The amount of digits in the OTP that gets generated during the mobile verification step. Default 4
OtpLifetimeMinutes: The amount of time (in minutes) that the OTP generated during mobile verification remains valid for. Default 5
OtpCountdownSeconds: How long the user must wait before being able to request a new OTP. Default 60
OtpBypass: This is a development/debug property and sets an OTP value that may be used to bypass verification. No default
OtpRemoteEndpoint: The endpoint of the service used to send OTPs. No default
OtpRemoteUsername: The username used to log into the service that sends OTPs. No default
OtpRemotePassword: The password used to log into the service that sends OTPs. No default
OtpRemoteSeparator: No default
OtpSmsBypassNumber: This is a development/debug property and sets a mobile number value that may be used to bypass verification. No default
BiometricsApiKey: The API key used to connect to the biometrics backend service. Contact Sybrin to receive your Biometrics API key. No default
IdentityApiKey: The API key used to connect to the identity backend service. Contact Sybrin to receive your Identity API key. No default
FraudDetectionAuthToken: The authorization token used to connect to the fraud detection backend service. Contact Sybrin to receive your auth token. No default
AddressAuthorizationEndpoint: Endpoint of the address extraction backend service call used to authenticate for usage. No default
BiometricsAuthorizationEndpoint: Endpoint of the biometrics backend service call used to authenticate for usage. No default
PassiveLivenessEndpoint: Endpoint of the biometrics backend service call used to run passive liveness. No default
IdentityAuthorizationEndpoint: Endpoint of the identity backend service call used to authenticate for usage. No default
DataExtractionEndpoint: Endpoint of the identity backend service call used to run ID document OCR and data extraction. No default
FraudDetectionEndpoint: Endpoint of the backend service call used to run fraud detection. No default
AddressExtractionEndpoint: Endpoint of the backend service call used to run address extraction. No default
StrictOrderStepEnforcement: Whether or not the API must strictly prevent the user from running steps out of their assigned order. Default true
SuppressSpoofSelfies: Whether or not spoof results must be silently suppressed and used to flag the case instead of throwing an error visible on the front end. Default true
TrackIdentityHashes: Whether or not the backend should keep track of identity numbers that have already been used and mark a case as high risk when one is reused. Default true
SendAuditTrail: Whether or not the audit trail should be included in any integration calls that the service makes. Default true
EnableFraudDetection: Whether or not the service should run fraud checks. Default false
CorrelationIDRequired: Whether or not a correlation ID must be passed from the UI. If this value is true and no ID is passed, an exception is thrown. If this value is false and no ID is passed, a correlation ID is automatically generated for the case. Default false
LockMobileCountry: Whether or not the mobile number entered during verification must be locked to the country that the user is in. Default false
RedirectMode: This value can be 0 (None), 1 (Manual) or 2 (Automatic) and determines how redirection is handled at the end of the onboarding journey. If this value is 0, no redirection occurs. If this value is 1, the user must click the "Complete" button on the UI before redirection occurs. If this value is 2, the UI will automatically redirect the user after the amount of time specified in the AutomaticRedirectDelay property. Use the StaticRedirectUrl property to set the URL that must be redirected to. Default 0
AutomaticRedirectDelay: The amount of time, in milliseconds, that must pass after onboarding journey completion before the UI automatically redirects the user if the RedirectMode property value is set to 2. Default 5000
StaticRedirectUrl: The URL that the UI must redirect the user to after journey completion if the RedirectMode property is set to 1 or 2. "Crocodile bracket notation" may be used for expression parsing certain values. Only "<#correlationid#>" or "<#onboardingid#>" are considered valid values for expression parsing and will be replaced with the correlation ID or the onboarding ID of the case respectively, upon execution. No default
LivenessProviderType: Sets what kind of liveness provider must be used. 1 is Sybrin's provider. 2 is for third party usage. Default 1
LivenessHeaders: Sets the headers that should be passed to the biometrics service while running liveness. No default
NitroBaseUrl: Sets the base URL for the Sybrin Nitro service if Nitro integration is being used. No default
NestBaseUrl: Sets the base URL for the Sybrin Nest service if Nest integration is being used. No default
NestUsername: Sets the username used to log onto the Sybrin Nest service if Nest integration is being used. No default
NestApiKey: Sets the API key (matching the provided username) used to log onto the Sybrin Nest service if Nest integration is being used. No default
Steps: Used to configure which steps should be available and how they should behave. See step configuration section below for details.
WebApiKeyID: Individual API key ID as provided by Sybrin. No default
Security: Section to configure security parameters.
AuthSecret: Authentication secret used to secure the API with. Recommended to be set to a GUID that is not used anywhere else. No default
TokenValidityDays: How long (in days) a token provided by the backend service should be valid for. This value gets added to the minute value. Default 1
TokenValidityMinutes: How long (in minutes) a token provided by the backend service should be valid for. This value gets added to the days value. Default 0
Step Configuration
The following steps are available for configuration:
Terms - An introductory step to present instructions and allow the user to accept terms and conditions.
SubmitMobile - For submitting mobile number for verification.
VerifyOTP - For submitting an OTP once mobile number has been submitted.
PassiveLiveness - For running passive liveness detection.
AcceptPassiveLivenessResult - For showing and then allowing the user to either retry or accept the passive liveness result.
SelectCountry - For selecting the country that the ID document (that will be scanned in the data extraction step) belongs to.
SelectDocumentType - For selecting the type of ID document that will be scanned in the data extraction step.
DataExtraction - For running ID document OCR and data extraction.
AcceptDataExtractionResult - For showing and then allowing the user to either retry or accept the data extraction result.
Finalize - For syncing the final onboarding data and presenting the completion message once done, or to give the user the opportunity to retry upload if something goes wrong.
Dynamic - A special step that is expected to be an array, and allows the configuration of multiple dynamic steps with customizable data fields for entry/capture.
Available Properties
The following properties are available for configuration in each individual step:
Enabled - Whether or not the step should be included in the onboarding journey.
Order - The order of the step within the onboarding journey.
TimesRepeatable - The amount of times that the Onboarding product will allow a user to repeat a step. Use -1 for infinite.
HighRiskRepeatCount - The amount of times that a step must be repeated for before the Onboarding product flags the case as high risk. Use -1 for infinite.
NestProcessID - The Nest process ID to use for Nest integration when the IntegrationMode property value is set to 3.
NestMicroflowName - The Nest microflow name to use for Nest integration when the IntegrationMode property value is set to 3.
IntegrationMode - How the integration call should be handled for the given step. The options are 0 (None - no integration), 1 (Json), 2 (FormData), 3 (Nest).
None - No integration call occurs.
Json - An integration call occurs and the data is passed as Json.
FormData - An integration call occurs and the data is passed as Form Data.
Nest - An integration call occurs and the data is passed as an object that a Sybrin Nest service can interpret.
IntegrationEndpoint - The endpoint that the integration call should be made to if IntegrationMode is not 0.
Dynamic Step Properties
Dynamic steps allow for additional configuration options to set the dynamic page up with. In addition to the properties defined in the section above, dynamic steps also provide these properties:
Title - The title of the dynamic page.
Subtitle - The subtitle of the dynamic page.
ButtonText - The caption of the button to complete/post the step with.
Fields - A collection of field objects that allow for individual field configuration:
ID - Identity of the field. Should be globally unique.
Order - The display order of the field.
Label - The caption of the field.
Type - The type of field. Can be 0 (Text), 1 (Number), 2 (Decimal) or 3 (Checkbox).
Required - Whether or not the field must be completed.
Pattern - Regex pattern used to validate the value entered into the field.
Minimum - The minimum length (for text) or value (for number or decimal) of the field.
Maximum - The maximum length (for text) or value (for number or decimal) of the field.
Last updated