uqudo
HomeCustomer PortalBook a Demo
  • KYC
    • Getting Started
      • Use Cases
        • User Enrolment
        • Face Authentication
      • Integration Options
        • Uqudo SDK
        • Uqudo API
        • No-code KYC
      • Customer Portal
        • Manage your SDK/API credentials
        • Create a new secret
        • Create a support request
    • Uqudo SDK
      • Integration
        • Android
          • Prepare Environment
          • Enrolment Flow
          • Lookup Flow
          • Face Session Flow
          • UI Customisation
            • UX & Branding
            • Dark / Night mode
            • Text & Language
              • General Strings
              • Scanning
              • Reading
              • Face Recognition
              • Background Check
              • Lookup
          • Analytics
        • iOS
          • Prepare Environment
          • Usage
          • Enrolment Flow
          • Lookup Flow
          • Face Session Flow
          • UI Customisation
            • UX & Branding
            • Dark / Night mode
            • Text & Language
          • Analytics
        • Web
          • SDK installation
            • Vanilla HTML+JS project
            • JS Frameworks (React, Angular, VueJs, etc...)
          • SDK Initialisation
          • CORS
          • Enrolment Flow
          • Face Session Flow
          • Javascript Usage
          • Typescript Usage
          • Operation Error
          • UI Customisation
            • Styles Configuration
            • Text & Language
            • Assets & Images
          • Webview Usage
          • Analytics
        • Capacitor
          • Plugin Installation
          • Enrolment Flow
          • Lookup Flow
          • Face Session Flow
        • Cordova
          • Plugin Installation
          • Enrolment Flow
          • Lookup Flow
          • Face Session Flow
        • Flutter
          • Plugin Installation
          • Enrolment Flow
          • Lookup Flow
          • Face Session Flow
        • React Native
          • Plugin Installation
          • Enrolment Flow
          • Lookup Flow
          • Face Session Flow
        • Xamarin and .NET
          • Plugin Installation
          • Enrolment Flow
          • Lookup Flow
          • Face Session Flow
          • Analytics
      • SDK result
        • Validation and Parsing
        • Data Structure
          • Common Object
          • Scan Object
          • Reading Object
            • Algerian ID
            • Bahrain ID
            • Ghana ID
            • Iraqi ID
            • Netherlands DL
            • Oman ID
            • Moroccan ID
            • Qatar ID
            • Saudi ID
            • Senegal ID
            • Turkish ID
            • UAE ID
            • Passports
          • Face Object
          • Lookup Object
            • Ghana SSNIT
            • Ghana Voter ID
            • Ghana Passport
            • Ghana Driving Licence
            • India PAN card
            • India Aadhaar ID
            • Nigeria Voter ID
            • Nigeria Driving Licence
            • Nigeria NIN
            • Nigeria BVN
            • Kenya National ID
            • South Africa ID
            • Uganda Voter ID
            • UAE Emirates ID
          • Verification Object
        • Download a Resource
        • Encrypt the SDK result
        • Security & Best Practices
      • Upgrade the SDK
      • Changelog
        • Mobile SDK
        • Web SDK
    • Uqudo API
      • Authorisation API
      • Scan API
        • Passports
          • AUS (Australia)
          • BEL (Belgium)
          • BHR (Bahrain)
          • CAN (Canada)
          • CHE (Switzerland)
          • DEU (Germany)
          • EGY (Egypt)
          • FRA (France)
          • GBR (UK)
          • IND (India)
          • JOR (Jordan)
          • KWT (Kuwait)
          • LBN (Lebanon)
          • MAR (Morocco)
          • OMN (Oman)
          • PAK (Pakistan)
          • PHL (Philippines)
          • PSE (Palestine)
          • QAT (Qatar)
          • SAU (Saudi Arabia)
          • SDN (Sudan)
          • SYR (Syria)
          • TUN (Tunisia)
          • TUR (Turkey)
          • UAE (UAE)
          • USA (USA)
          • YEM (Yemen)
          • ZAF (South Africa)
        • Generic National IDs
        • Country Specific IDs
          • BHR_DL (Bahrain Driving Licence)
          • BHR_ID (Bahrain ID)
          • BHR_VL (Bahrain Vehicle License)
          • COD_DL (DRC Driving Licence)
          • COD_VOTER_ID (DRC Voter ID)
          • DZA_ID (Algerian ID)
          • EGY_ID (Egypt ID)
          • GBR DL (UK Driving License)
          • GBR_ID (UK Resident ID)
          • GHA_DL (Ghana Driving Licence)
          • GHA_ID (Ghana National ID)
          • GHA_SSNIT (Ghana Social Security and National Insurance Trust)
          • GHA_VOTER_ID (Ghana Voter ID)
          • IND_ID (India Identity Card)
          • IND_PAN (Indian PAN Card)
          • IRQ_ID (Iraqi ID)
          • JOR_VL (Jordan Vehicle License)
          • KEN_ID (Kenya ID)
          • KWT_ID (Kuwait ID)
          • LBN DL (Lebanese Driving Licence)
          • LBN_ID (Lebanese ID)
          • MAR_ID (Moroccan ID)
          • NGA_DL (Nigeria Driving Licence)
          • NGA_NIN (Nigeria Digital NIN)
          • NGA_VOTER_ID (Nigeria Voter Card)
          • NLD_DL (Netherlands Driving Licence)
          • OMN_DL (Oman Driving Licence)
          • OMN_ID (Oman ID)
          • OMN_VL (Oman Vehicle License)
          • PAK_ID (Pakistan ID)
          • PHL_DL (Philippines Driving License)
          • QAT_DL (Qatar Driving Licence)
          • QAT_ID (Qatar ID)
          • RSL_ID (Somaliland National ID)
          • RWA_ID (Rwanda ID)
          • SAU_DL (Saudi Arabia Driving Licence)
          • SAU_ID (Saudi Arabia ID)
          • SAU_VL (Saudi Vehicle License)
          • SDN_DL (Sudan Driving Licence)
          • SDN_ID (Sudan ID)
          • SDN_VL (Sudan Vehicle License)
          • SEN_ID (Senegal ID)
          • SOM_ID (Somali ID)
          • TUN_ID (Tunisian ID)
          • TUR_ID (Turkish ID)
          • UAE_DL (UAE Driving Licence)
          • UAE_ID (UAE Emirates ID)
          • UAE_ID_DIGITAL (UAE Emirates ID digital version)
          • UAE_VISA (UAE Visa)
          • UAE_VL (UAE Vehicle Licence)
          • UAE_EVISA (UAE e-visa)
          • UAE_ID_APPLICATION_FORM (UAE ID application form)
          • UAE_PASSPORT_DIGITAL (Digital Emirates Passport)
          • UGA_ID (Uganda ID)
          • UGA_VOTER_ID (Uganda Voter ID)
          • USA_DL (USA Driving Licence)
          • ZAF_DL (South Africa Driving License)
          • ZAF_ID (South Africa ID)
        • MRZ only (TD1 or TD3)
      • Info API
      • Face API
      • Lookup API
        • Ghana
        • India
        • Kenya
        • Nigeria
        • South Africa
        • Uganda
        • UAE
      • Background Check API
    • No-code KYC
      • Workflow Settings
      • Text Settings
      • Other Settings
      • Onboard Users
  • KYB
    • Getting Started
      • Use Cases
        • Low-complexity
        • Medium-complexity
        • High-complexity
      • Integration Options
        • Uqudo API
    • Uqudo API
      • Company API
      • Screening API
      • Data Matching API
      • Session API
  • Coverage
    • Middle East
      • 🇧🇭Bahrain
      • 🇮🇷Iran
      • 🇮🇶Iraq
      • 🇮🇱Israel
      • 🇯🇴Jordan
      • 🇰🇼Kuwait
      • 🇱🇧Lebanon
      • 🇴🇲Oman
      • 🇵🇸Palestine
      • 🇶🇦Qatar
      • 🇸🇦Saudi Arabia
      • 🇸🇾Syria
      • 🇹🇷Turkey
      • 🇦🇪United Arab Emirates
      • 🇾🇪Yemen
    • Africa
      • 🇩🇿Algeria
      • 🇦🇴Angola
      • 🇧🇯Benin
      • 🇧🇼Botswana
      • 🇧🇫Burkina Faso
      • 🇧🇮Burundi
      • 🇨🇲Cameroon
      • 🇨🇻Cape Verde
      • 🇨🇫Central African Republic
      • 🇹🇩Chad
      • 🇰🇲Comoros
      • 🇨🇩Democratic Republic of Congo
      • 🇩🇯Djibouti
      • 🇪🇬Egypt
      • 🇬🇶Equatorial Guinea
      • 🇪🇷Eritrea
      • 🇸🇿Eswatini
      • 🇪🇹Ethiopia
      • 🇬🇦Gabon
      • 🇬🇲Gambia
      • 🇬🇭Ghana
      • 🇬🇳Guinea
      • 🇬🇼Guinea-Bissau
      • 🇨🇮Ivory Coast
      • 🇰🇪Kenya
      • 🇱🇸Lesotho
      • 🇱🇷Liberia
      • 🇱🇾Libya
      • 🇲🇬Madagascar
      • 🇲🇼Malawi
      • 🇲🇱Mali
      • 🇲🇷Mauritania
      • 🇲🇺Mauritius
      • 🇲🇦Morocco
      • 🇲🇿Mozambique
      • 🇳🇦Namibia
      • 🇳🇪Niger
      • 🇳🇬Nigeria
      • 🇨🇩Republic of Congo
      • 🇷🇼Rwanda
      • 🇸🇹Sao Tome and Principe
      • 🇸🇳Senegal
      • 🇸🇨Seychelles
      • 🇸🇱Sierra Leone
      • 🇸🇴Somalia
      • 🇸🇴Somaliland
      • 🇿🇦South Africa
      • 🇸🇸South Sudan
      • 🇸🇩Sudan
      • 🇹🇿Tanzania
      • 🇹🇬Togo
      • 🇹🇳Tunisia
      • 🇺🇬Uganda
      • 🇿🇲Zambia
      • 🇿🇼Zimbabwe
    • Asia
      • 🇦🇫Afghanistan
      • 🇦🇲Armenia
      • 🇦🇿Azerbaijan
      • 🇧🇩Bangladesh
      • 🇧🇹Bhutan
      • 🇧🇳Brunei
      • 🇰🇭Cambodia
      • 🇨🇳China
      • 🇹🇱East Timor
      • 🇬🇪Georgia
      • 🇭🇰Hong-Kong (China)
      • 🇮🇳India
      • 🇮🇩Indonesia
      • 🇯🇵Japan
      • 🇰🇿Kazakhstan
      • 🇰🇬Kyrgyzstan
      • 🇱🇦Laos
      • 🇲🇴Macau (China)
      • 🇲🇾Malaysia
      • 🇲🇻Maldives
      • 🇲🇳Mongolia
      • 🇲🇲Myanmar
      • 🇳🇵Nepal
      • 🇰🇵North Korea
      • 🇵🇰Pakistan
      • 🇵🇭Philippines
      • 🇸🇬Singapore
      • 🇰🇷South Korea
      • 🇱🇰Sri Lanka
      • 🇹🇼Taiwan (China)
      • 🇹🇯Tajikistan
      • 🇹🇭Thailand
      • 🇹🇲Turkmenistan
      • 🇺🇿Uzbekistan
      • 🇻🇳Vietnam
    • Europe
      • 🇦🇱Albania
      • 🇦🇩Andorra
      • 🇦🇹Austria
      • 🇧🇾Belarus
      • 🇧🇪Belgium
      • 🇧🇦Bosnia and Herzegovina
      • 🇧🇬Bulgaria
      • 🇭🇷Croatia
      • 🇨🇾Cyprus
      • 🇨🇿Czech Republic
      • 🇩🇰Denmark
      • 🇪🇪Estonia
      • 🇫🇴Faroe Islands (Denmark)
      • 🇫🇮Finland
      • 🇫🇷France
      • 🇩🇪Germany
      • 🇬🇮Gibraltar (UK)
      • 🇬🇷Greece
      • 🇬🇱Greenland (Denmark)
      • 🇬🇬Guernsey (UK)
      • 🇭🇺Hungary
      • 🇮🇸Iceland
      • 🇮🇪Ireland
      • 🇮🇲Isle of Man (UK)
      • 🇮🇹Italy
      • 🇯🇪Jersey (UK)
      • 🇽🇰Kosovo
      • 🇱🇻Latvia
      • 🇱🇮Liechtenstein
      • 🇱🇹Lithuania
      • 🇱🇺Luxembourg
      • 🇲🇹Malta
      • 🇲🇩Moldova
      • 🇲🇨Monaco
      • 🇲🇪Montenegro
      • 🇳🇱Netherlands
      • 🇲🇰North Macedonia
      • 🇨🇾Northern Cyprus
      • 🇳🇴Norway
      • 🇵🇱Poland
      • 🇵🇹Portugal
      • 🇷🇴Romania
      • 🇷🇺Russia
      • 🇸🇲San Marino
      • 🇷🇸Serbia
      • 🇸🇰Slovakia
      • 🇸🇮Slovenia
      • 🇪🇸Spain
      • 🇸🇪Sweden
      • 🇨🇭Switzerland
      • 🇺🇦Ukraine
      • 🇬🇧United Kingdom
      • 🇻🇦Vatican City
    • North America
      • 🇦🇮Anguilla (UK)
      • 🇦🇬Antigua and Barbuda
      • 🇧🇸Bahamas
      • 🇧🇧Barbados
      • 🇧🇿Belize
      • 🇧🇲Bermuda (UK)
      • 🇻🇬British Virgin Islands (UK)
      • 🇨🇦Canada
      • 🇰🇾Cayman Islands (UK)
      • 🇨🇷Costa Rica
      • 🇨🇺Cuba
      • 🇩🇲Dominica
      • 🇩🇴Dominican Republic
      • 🇸🇻El Salvador
      • 🇬🇩Grenada
      • 🇬🇹Guatemala
      • 🇭🇹Haiti
      • 🇭🇳Honduras
      • 🇯🇲Jamaica
      • 🇲🇽Mexico
      • 🇲🇸Montserrat (UK)
      • 🇵🇦Panama
      • 🇰🇳Saint Kitts and Nevis
      • 🇱🇨Saint Lucia
      • 🇻🇨Saint Vincent and the Grenadines
      • 🇹🇨Turks and Caicos Islands (UK)
      • 🇺🇸United States of America
    • South America
      • 🇦🇷Argentina
      • 🇧🇴Bolivia
      • 🇧🇷Brazil
      • 🇨🇱Chile
      • 🇨🇴Colombia
      • 🇪🇨Ecuador
      • 🇬🇾Guyana
      • 🇳🇮Nicaragua
      • 🇵🇾Paraguay
      • 🇵🇪Peru
      • 🇸🇷Suriname
      • 🇹🇹Trinidad and Tobago
      • 🇺🇾Uruguay
      • 🇻🇪Venezuela
    • Oceania
      • 🇦🇺Australia
      • 🇫🇯Fiji
      • 🇵🇫French Polynesia (France)
      • 🇰🇮Kiribati
      • 🇲🇭Marshall Islands
      • 🇫🇲Micronesia
      • 🇳🇷Nauru
      • 🇳🇨New Caledonia (France)
      • 🇳🇿New Zealand
      • 🇵🇼Palau
      • 🇵🇬Papua New Guinea
      • 🇸🇭Saint Helena (UK)
      • 🇼🇸Samoa
      • 🇸🇧Solomon Islands
      • 🇹🇴Tonga
      • 🇹🇻Tuvalu
      • 🇻🇺Vanuatu
Powered by GitBook
On this page

Was this helpful?

  1. KYC
  2. Uqudo SDK
  3. SDK result

Security & Best Practices

PreviousEncrypt the SDK resultNextUpgrade the SDK

Last updated 5 months ago

Was this helpful?

Below you can find a list of best practices to validate the result returned by our SDK:

  • Validate the signature as described in chapter .

  • Optional: enable JWS result encryption (JWE) as described in chapter .

  • Set the nonce in the SDK (see ). The nonce should be generated server side and then compared with the nonce property value you can find in the JWS result.

  • Set your own sessionId in the SDK (see ). The sessionId should be compared with the jti property value in the JWS result. As outlined in the documentation, always generate a new session ID each time you initiate the SDK.

  • Enable the Analytics functionality within the SDK to gain deeper insights into the KYC session. Analytics is crucial for several reasons:

    • Performance Monitoring: Track and measure the SDK’s performance.

    • Troubleshooting: Events are linked to the session ID, allowing you to diagnose issues if a user encounters problems. This data can also support the development of a robust support system.

    • Security Enhancements: Analytics tracks critical events, such as screen and print detection or ID photo tampering. Frequent triggers of such events could indicate attempts to bypass the system. You can flag suspicious sessions for review based on these triggers.

  • Activate the functionality within the SDK to retrieve data of an uncomplete KYC session in cases where either the user or the SDK terminates the session. This capability is crucial for troubleshooting scenarios, such as when the SDK terminates the session due to excessive failed facial recognition attempts.

  • Make sure to enable and enforce the reading step (NFC) when supported by the document type you request for the KYC session. Reading step is the safest way to avoid fraudulent attempts. It can be enforced in two ways: overall, meaning a device that doesn't support NFC would not be able to perform the KYC session, or only if supported, meaning the reading step would be enforced only if the device supports NFC. For the latter case make sure to flag incoming sessions that didn't perform the reading step for an internal review. Note: from mobile SDK version 3.x and above the reading step, when enabled, is not optional anymore and is enforced if the device supports NFC.

  • Cross check the data between different steps to validate the consistency. The data are available to you and you can perform this process in your backend. Note: from mobile SDK version 3.x and above you have the data consistency check result straight in the SDK result, see the for details.

  • Make sure the documentType property value inside the JWS result matches the document type actually requested by your onboarding process.

  • Make sure the reading object is not null if your onboarding process requires the reading step (NFC) to be performed.

  • Make sure the face object is not null if your onboarding process requires the facial recognition step to be performed.

  • When the face object is not null check the following properties:

    • The match property value must be true.

    • The matchLevel property value must be equals or above the match level defined by you or the SDK default ones (2 if photo taken from the optical scanning or 3 if photo taken from the chip of the document).

  • Make sure the backgroundCheck object is not null if your onboarding process requires the background check step to be performed.

  • Age verification: If the SDK is configured to permit only users above a certain age, ensure that the date of birth in the SDK result aligns with the expected age.

  • Document expiry: If expired documents are not allowed, ensure that the expiry date in the SDK result meets the expected criteria.

  • Verification object: Ensure that you parse and validate the object included in the SDK result. It is essential to design your business logic around this object to assess the KYC session effectively. If specific thresholds are not met, you can trigger an internal manual review process as needed.

Enable result encryption
verification object
verification object
JWS validation and parsing
Uqudo Builder Enrolment Configuration
Uqudo Builder Enrolment Configuration