Links

QR Code App

This feature can be used to initiate the enrolment process from a web page where an existing registration process could be required to onboard in a secure way the documents of the user.
The concept is very simple, a QR code is shown to the user during the registration process. The user uses an existing mobile application, or an application developed ad hoc that integrates the Uqudo SDK to scan the QR code. The scan of the QR code will trigger the onboarding process. Once the onboarding process is complete the user can follow up on the web page to complete the registration process.
Below you can see a high-level technical overview of what has been described in the chapter above:
From a technical point of view there are 4 main aspects of the process shown in the diagram above:
  1. 1.
    Create a session from the customer backend.
  2. 2.
    JS component to integrate with the WebSocket server and render the QR code. The JS component listens to the onboarding process.
  3. 3.
    Scan the QR code and trigger the onboarding process.
  4. 4.
    Follow up with the registration process.

Create a session

Call the following API to create a session:
$ curl -v \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{"data":"your data"}' \
https://<web socket server base url>/api/v1/session
Response:
{
"sessionId": "",
"qrCodeText": "",
"qrCodeTextWithDynamicLink": "",
}
Request:
Property
Type
Optional
Description
<token>
string
No
This is the authorization token needed to authorize the request. Is beyond the scope of this example on how to get the token. See Authorisation token for more details
data
string
No
This property can be used to pass the information to the mobile application in order to instruct the application what the onboarding process should be, e.g. what type of document to scan, enable the reading etc.
Note: If you are using the qr code reader mobile application provided by uqudo, data must be a Base64 encoded json string. Please see below for the structure of the JSON object.
Below you can find the JSON object structure that represents the value for the property data described above when using the qr code reader mobile application provided by uqudo. The definition of every field and possible values are explained in the SDK API described in the Enrollment Flow:
{
"documents": [
{
"documentType": "PASSPORT",
"reading": {
"enabled": false,
"isForceReading": false,
"isForceReadingIfSupported": false,
"timeoutInSeconds": -1
},
"isExpiredDocumentAllowed": false,
"isFrontSideReviewEnabled": false,
"isBackSideReviewEnabled": false,
"isUploadEnabled": false,
"isHelpPageDisabled": false,
"faceScanMinimumMatchLevel": 2,
"faceReadMinimumMatchLevel": 3
}
],
"generalConfig": {
"secureWindowsEnabled": true,
"isRootedDeviceAllowed": false,
"userIdentifier": null,
"returnDataForIncompleteSession": false
},
"backgroundCheck": {
"enabled": false,
"checkType": "RDC",
"disableConsent": false,
"enableMonitoring": false,
"skipView": false
},
"facialRecognition": {
"enabled": false,
"isEnrollFace": false,
"scanMinimumMatchLevel": 2,
"readMinimumMatchLevel": 3,
"maxAttempts": 3
}
}
Response:
Property
Type
Optional
Description
sessionId
string
No
The sessionId should be stored in your backend and should match the one returned by your frontend once the onboarding process is done. It should be matched even with the jti attribute value in the JWS result returned by the uqudo info API
qrCodeText
string
No
This text must be returned to your frontend in order to create the QR code and in order to authenticate the web socket channel with the uqudo web socket server. See JS component
qrCodeTextWithDynamicLink
string
No
If you use the QR code reader mobile application provided by uqudo use this value to create the QR code instead of qrCodeText. Please note that qrCodeText is still needed to authenticate the web socket channel with the uqudo web socket server as described above.
If a user opens a Dynamic Link on iOS or Android, they can be taken directly to the linked content in the uqudo QR code reader mobile app. If the app is not installed the user is taken to the store and the session can continue after installation and opening the app.

JS component

Integrating with a websocket server is very easy in Javascript and you can use the WebSocket object provided by the browser. Below you can find an example on how to manage the process described in the diagram above:
function startSession() {
var socket = new WebSocket('wss://<websocket server name>/ws/v1/session');
socket.addEventListener('open', function (event) {
socket.send('qrCodeText'); // this is required to authenticate the web socket channel
// you can create the qrCode at this stage. See example below
new QRCode(document.getElementById('qrcode_id'), {
text: 'qrCodeText or qrCodeTextWithDynamicLink',
width: 128,
height: 128,
colorDark: "#000000",
colorLight: "#ffffff",
correctLevel: QRCode.CorrectLevel.H
});
});
socket.addEventListener('message', function (event) {
var message = JSON.parse(event.data);
if (message.service && message.service == 'INFO') {
socket.close();
folloupWithRegistration(message.sessionId);
}
});
socket.addEventListener('close', function (event) {
// e.g. remove the qr code
});
}
The QR code text sent to the server after opening the WebSocket session:
Property
Type
Optional
Description
qrCodeText
string
No
Used to authenticate the web socket channel and to create the QR code if qrCodeTextWithDynamicLink is not used instead
The object received during the onboarding process
Property
Type
Optional
Description
service
string
No
Possible values:
  • SCAN
  • READ
  • FACE
  • BACKGROUND_CHECK
  • INFO
SCAN stands for document scanning. It is returned after a successful scanning of the document
READ stands for document reading, e.g. NFC for Emirates ID. It is returned after a successful read
FACE stands for facial recognition. It is returned after a successful facial recognition
BACKGROUND_CHECK stands for background check. It is returned after a successful background check
INFO is the last step of the onboarding process where the SDK retrieves the final result (JWS). It defines the end of the onboarding process
sessionId
string
No
The session is related to the onboarding session that can be used to follow up with the registration process and retrieve the data collected from the uqudo backend.

Scan the QR code

The QR code reader is used to read the QR code rendered on the web page. The text retrieved from the QR code reader is used to call the uqudo backend to retrieve the information related to the session, as described below:
$ curl -v \
-H 'Authorization: <qrCodeText>' \
<web socket server base url>/api/v1/session
Response:
{
"sessionId": "",
"token": "",
"data": ""
}
Or:
$ curl -v \
<web socket server base url>/api/v1/session/{qrCodeText}
Response:
{
"sessionId": "",
"token": "",
"data": ""
}
Request:
Property
Type
Optional
Description
<qrCodeText>
string
No
Authorization header or path variable
Response:
Property
Type
Optional
Description
sessionId
string
No
Session ID used to initialize the Uqudo Builder, see Uqudo Builder Configuration
token
string
No
Authorization token used to initialize the Uqudo Builder, see Uqudo Builder Configuration
data
string
No
Data that the application needs to parse in order to know the type of onboarding process to trigger with the uqudo SDK. It could be a JSON object for instance.
After retrieving the session information, you can start the enrolment process using the uqudo SDK. Please refer to Enrolment Flow for details.
The session information related to the qrCodeText gets automatically deleted after 30 minutes after its creation (Create a session) but you can delete it using the request below (e.g. after the KYC session is completed):
$ curl -v \
-X DELETE \
<web socket server base url>/api/v1/session/{qrCodeText}
Response status 204 No Content

Follow up with the registration process

After the enrolment process is completed, you can follow up with the registration process using the session id to retrieve the information collected during the onboarding directly from your backend. Please refer to the Info API of the API documentation for details.
Please note that the object returned by the Info API is the same object returned by the uqudo SDK after the enrolment process is completed.