Backend API
Please ensure that you have followed all steps as described under the Get Started section.
It is recommended that the backend API is set up, configured and hosted before starting with the UI, as the backend API is essential for the UI portion to function correctly.
The UI communicates with the backend API every step of the way. The service can be configured to make integration calls to any endpoint(s) in order to sync data of the onboarding case, either on a per-step basis or as a single call at the end of the onboarding journey.
Configuration Options
The following properties are exposed as configuration options in the appsetttings file:
Property Details
AddressAuthorizationEndpoint: Endpoint of the address extraction backend service call used to authenticate for usage. No default
AddressExtractionEndpoint: Endpoint of the backend service call used to run address extraction. No default
AddressExtractionParamName: The parameter name of the address image passed to the service that handles address extraction. Default "FrontImage"
AllowedHosts: Configure CORS.
AutomaticRedirectDelay: The amount of time, in milliseconds, that must pass after onboarding journey completion before the UI automatically redirects the user if the RedirectMode property value is set to 2. Default 5000
BiometricsApiKey: The API key used to connect to the biometrics backend service. Contact Sybrin to receive your Biometrics API key. No default
BiometricsAuthorizationEndpoint: Endpoint of the biometrics backend service call used to authenticate for usage. No default
BiometricsIncludeVideo: Whether or not a video should be recorded during liveness capture. Default false.
BiometricsTokenLifetimeMinutes: How long the internal biometrics token must be used for before a new token is requested. Default 60
CorrelationIDRequired: Whether or not a correlation ID must be passed from the UI. If this value is true and no ID is passed, an exception is thrown. If this value is false and no ID is passed, a correlation ID is automatically generated for the case. Default false
DataExtractionEndpoint: Endpoint of the identity backend service call used to run ID document OCR and data extraction. No default
DataExtractionFieldEditMode: Sets the mode in which the fields defined in the DataExtractionFieldList property should be applied. 0 = include, and means that only the fields defined in the list should be editable. 1 = exclude, and means that all fields except for the ones defined in the list should be editable. Default 0
DataExtractionFieldList: List if fields that should be editable or not editable depending on the DataExtractionFieldEditMode property value. Blank by default
DataExtractionForceWebEditing: Sets whether or not identity mobile capture should navigate the original session to the result page for editing before proceeding. Default true
DataLifetimeMinutes: The amount of time (in minutes) that data will be cached in Redis for. This property affects how long the user would need to be inactive for before onboarding data for their case is discarded entirely. Default 30
EnableFraudDetection: Whether or not the service should run fraud checks. Default false
ExtractionBackParamName: The parameter name of the data extraction back image passed to the service that handles ID document OCR. Default "BackImage"
ExtractionFrontParamName: The parameter name of the data extraction front image passed to the service that handles ID document OCR. Default "FrontImage"
FraudDetectionAuthToken: The authorization token used to connect to the fraud detection backend service. Contact Sybrin to receive your auth token. No default
FraudDetectionEndpoint: Endpoint of the backend service call used to run fraud detection. No default
IdentityApiKey: The API key used to connect to the identity backend service. Contact Sybrin to receive your Identity API key. No default
IdentityAuthorizationEndpoint: Endpoint of the identity backend service call used to authenticate for usage. No default
IdentityTokenLifetimeMinutes: How long the internal identity token must be used for before a new token is requested. Default 60
LivenessProviderType: Sets what kind of liveness provider must be used. 1 is Sybrin's provider. 2 is for third party usage. Default 1
LivenessHeaders: Sets the headers that should be passed to the biometrics service while running liveness. No default
LockMobileCountry: Whether or not the mobile number entered during verification must be locked to the country that the user is in. Default false
Logging: Configure log4net logging.
NestApiKey: Sets the API key (matching the provided username) used to log onto the Sybrin Nest service if Nest integration is being used. No default
NestBaseUrl: Sets the base URL for the Sybrin Nest service if Nest integration is being used. No default
NestTokenLifetimeMinutes: Time, in minutes, that the internal Nest token should remain cached for (if used). Default 60
NestUsername: Sets the username used to log onto the Sybrin Nest service if Nest integration is being used. No default
NitroBaseUrl: Sets the base URL for the Sybrin Nitro service if Nitro integration is being used. No default
OtpBypass: This is a development/debug property and sets an OTP value that may be used to bypass verification. No default
OtpCountdownSeconds: How long the user must wait before being able to request a new OTP. Default 60
OtpLength: The amount of digits in the OTP that gets generated during the mobile verification step. Default 4
OtpLifetimeMinutes: The amount of time (in minutes) that the OTP generated during mobile verification remains valid for. Default 5
OtpRemoteEndpoint: The endpoint of the service used to send OTPs. No default
OtpRemotePassword: The password used to log into the service that sends OTPs. No default
OtpRemoteSeparator: No default
OtpRemoteUsername: The username used to log into the service that sends OTPs. No default
OtpSmsBypassNumber: This is a development/debug property and sets a mobile number value that may be used to bypass verification. No default
PassiveLivenessEndpoint: Endpoint of the biometrics backend service call used to run passive liveness. No default
PassiveLivenessParamName: The parameter name of the passive liveness selfie image passed to the service that handles liveness processing. Default "media"
RedirectMode: This value can be 0 (None), 1 (Manual) or 2 (Automatic) and determines how redirection is handled at the end of the onboarding journey. If this value is 0, no redirection occurs. If this value is 1, the user must click the "Complete" button on the UI before redirection occurs. If this value is 2, the UI will automatically redirect the user after the amount of time specified in the AutomaticRedirectDelay property. Use the StaticRedirectUrl property to set the URL that must be redirected to. Default 0
Redis: Connection settings for Redis.
RemoteCorrelationIDVerification: Section to configure remote correlation ID verification parameters.
IntegrationMode: The payload format. This value can be 0 (None - No integration happens), 1 (JSON), 2 (Form) or 3 (Nest). Default 0
Endpoint: The URL that should be hit for correlation ID verification.
NestProcessID - The Nest process ID to use for correlation ID verification when the IntegrationMode property value is set to 3.
NestMicroflowName - The Nest microflow name to use for correlation ID verification when the IntegrationMode property value is set to 3.
Security: Section to configure security parameters.
AuthSecret: Authentication secret used to secure the API with. Recommended to be set to a GUID that is not used anywhere else. No default
TokenValidityDays: How long (in days) a token provided by the backend service should be valid for. This value gets added to the minute value. Default 1
TokenValidityMinutes: How long (in minutes) a token provided by the backend service should be valid for. This value gets added to the days value. Default 0
SendAuditTrail: Whether or not the audit trail should be included in any integration calls that the service makes. Default true
ShowBanner: Toggles whether or not the onboarding banner should be shown. Default true
ShowLanguageDropdown: Toggles whether or not the button that expands the languages dropdown should be shown. Default true
StaticRedirectUrl: The URL that the UI must redirect the user to after journey completion if the RedirectMode property is set to 1 or 2. "Crocodile bracket notation" may be used for expression parsing certain values. Only "<#correlationid#>" or "<#onboardingid#>" are considered valid values for expression parsing and will be replaced with the correlation ID or the onboarding ID of the case respectively, upon execution. No default
Steps: Used to configure which steps should be available and how they should behave. See step configuration section below for details.
StrictOrderStepEnforcement: Whether or not the API must strictly prevent the user from running steps out of their assigned order. Default true
SuppressSpoofSelfies: Whether or not spoof results must be silently suppressed and used to flag the case instead of throwing an error visible on the front end. Default true
TrackIdentityHashes: Whether or not the backend should keep track of identity numbers that have already been used and mark a case as high risk when one is reused. Default true
WebApiKeyID: Individual API key ID as provided by Sybrin. No default
Step Configuration
The following steps are available for configuration:
Terms - An introductory step to present instructions and allow the user to accept terms and conditions.
SubmitMobile - For submitting mobile number for verification.
VerifyOTP - For submitting an OTP once mobile number has been submitted.
PassiveLiveness - For running passive liveness detection.
AcceptPassiveLivenessResult - For showing and then allowing the user to either retry or accept the passive liveness result.
SelectCountry - For selecting the country that the ID document (that will be scanned in the data extraction step) belongs to.
SelectDocumentType - For selecting the type of ID document that will be scanned in the data extraction step.
DataExtraction - For running ID document OCR and data extraction.
AcceptDataExtractionResult - For showing and then allowing the user to either retry or accept the data extraction result.
Finalize - For syncing the final onboarding data and presenting the completion message once done, or to give the user the opportunity to retry upload if something goes wrong.
Dynamic - A special step that is expected to be an array, and allows the configuration of multiple dynamic steps with customizable data fields for entry/capture.
Available Properties
The following properties are available for configuration in each individual step:
Enabled - Whether or not the step should be included in the onboarding journey.
Order - The order of the step within the onboarding journey.
TimesRepeatable - The amount of times that the Onboarding product will allow a user to repeat a step. Use -1 for infinite.
HighRiskRepeatCount - The amount of times that a step must be repeated for before the Onboarding product flags the case as high risk. Use -1 for infinite.
NestProcessID - The Nest process ID to use for Nest integration when the IntegrationMode property value is set to 3.
NestMicroflowName - The Nest microflow name to use for Nest integration when the IntegrationMode property value is set to 3.
IntegrationMode - How the integration call should be handled for the given step. The options are 0 (None - no integration), 1 (Json), 2 (FormData), 3 (Nest).
None - No integration call occurs.
Json - An integration call occurs and the data is passed as Json.
FormData - An integration call occurs and the data is passed as Form Data.
Nest - An integration call occurs and the data is passed as an object that a Sybrin Nest service can interpret.
IntegrationEndpoint - The endpoint that the integration call should be made to if IntegrationMode is not 0.
Please see Integration section for details on how to achieve backend integration with onboarding result.
Dynamic Step Properties
Dynamic steps allow for additional configuration options to set the dynamic page up with. In addition to the properties defined in the section above, dynamic steps also provide these properties:
Title - The title of the dynamic page.
Subtitle - The subtitle of the dynamic page.
ButtonText - The caption of the button to complete/post the step with.
Fields - A collection of field objects that allow for individual field configuration:
ID - Identity of the field. Should be globally unique.
Order - The display order of the field.
Label - The caption of the field.
Type - The type of field. Can be 0 (Text), 1 (Number), 2 (Decimal) or 3 (Checkbox).
Required - Whether or not the field must be completed.
Pattern - Regex pattern used to validate the value entered into the field.
Minimum - The minimum length (for text) or value (for number or decimal) of the field.
Maximum - The maximum length (for text) or value (for number or decimal) of the field.
Last updated