Enrollment
Enrollment Process Initiated from Client
This section provides details regarding Enrollment Process Initiated from Client.
Base URL
www.awareid.aware-apis.com
To perform a successful enroll using the Face SDK and AwareID there are two possible work flows. The first workflow is the most flexible and involves initiating the enrollment from the client. The second workflow option involves the use of a secondary application to initiate the enrollment and generate a QR code encoded with the session token necessary to proceed with the enrollment. The QR code is scanned from the client application and then proceeds with enrollment using the data encoded in the QR code.
To enroll by initiating from the client we have to follow 5 steps. These steps include:
- Retrieve an access token. This token allows communication between the client application and the AwareID servers.
- Get Public Key - Public Key for face data encryption
- Initiate an enrollment.
- Add device
- Enroll face
Enrollment Initiated from Client Step 1 - Get Access Token
Our first step is to retrieve an “access_token”. This token will be used in our next api call to retrieve an enrollment token to proceed with enrollment.
Get Access Token¶
POST /auth/realms/{{customer_name}}-consumers/protocol/openid-connect/token Content-Type: 'application/x-www-form-urlencoded', "client_id": client_id "client_secret": client_secret "scope": openid "grant_type" : client_credentials
Urlencoded¶
This is the only call whose content type of this call is “application/x-www-form-urlencoded”
Response - openid-connect
Response - openid-connect¶
STATUS CODE 200 { "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCY2IxNXZJQkZsY2JYazVmQUdJZFZXV2pTUEtTaWpsazNydmFwMHp0ekN3In0.eyJleHAiOjE2NzM5OTExMjksImlhdCI6MTY3Mzk5MDgyOSwianRpIjoiN2MzYmY1MmItNjdlMC00ODNlLWFhZjAtYjlkNWJhODE3ZWJiIiwiaXNzIjoiaHR0cHM6Ly9hd2FyZWlkLWRldi5hd2FyZS1hcGlzLmNvbS9hdXRoL3JlYWxtcy9hbmRyYWUtY29uc3VtZXJzIiwic3ViIjoiOTU3ZWMyYmYtZTczOS00YjFjLWEyN2QtMTczMjQzMDIyYTE5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYmltYWFzLWIyYyIsImFjciI6IjEiLCJzY29wZSI6Im9wZW5pZCIsImNsaWVudElkIjoiYmltYWFzLWIyYyIsImNsaWVudEhvc3QiOiIzOC4xNDAuNTkuMjI2IiwiY2xpZW50QWRkcmVzcyI6IjM4LjE0MC41OS4yMjYifQ.OzggQ--Gl4w3NWZPg1BukkEg0fmsSyGgN-ag8eW0FARWl0Ic5fkrnrEdnIgsq5Molq0R52oe4Hy-8Tp4cOn9iCD51kPCPfTt15zVBIAYOvb5M5XZ0uPTygh02KjuFqsxIhbhH8CCUjHkpu3OhoWByc8bC8c9D_cFp3BFE-XIhNPaPxXdTLZOcJOqpdSVxsgxB66-xukI7AA8PWt10huO47l6TSBSnJIjUxNbEqR48ILfnkYY2bmyfoo-laKDv9XSSZ8hXU9sDkiGfpXOl112_f3L1sc6n1-UbRTJGFMd4fgntuanwEvN68TsyS5pz0izGlW-1T3fFJ3D2pGPefsWNA", "expires_in": 300, "refresh_expires_in": 0, "token_type": "Bearer", "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCY2IxNXZJQkZsY2JYazVmQUdJZFZXV2pTUEtTaWpsazNydmFwMHp0ekN3In0.eyJleHAiOjE2NzM5OTExMjksImlhdCI6MTY3Mzk5MDgyOSwiYXV0aF90aW1lIjowLCJqdGkiOiJkYWNiNTc1NS1jMGEyLTQxZTEtYjMwMi05ZGEzOWRiNGNiYmUiLCJpc3MiOiJodHRwczovL2F3YXJlaWQtZGV2LmF3YXJlLWFwaXMuY29tL2F1dGgvcmVhbG1zL2FuZHJhZS1jb25zdW1lcnMiLCJhdWQiOiJiaW1hYXMtYjJjIiwic3ViIjoiOTU3ZWMyYmYtZTczOS00YjFjLWEyN2QtMTczMjQzMDIyYTE5IiwidHlwIjoiSUQiLCJhenAiOiJiaW1hYXMtYjJjIiwiYXRfaGFzaCI6IlcwbXNUU05WQUo1MG9oQ2JOR3dlTmciLCJhY3IiOiIxIiwiY2xpZW50SWQiOiJiaW1hYXMtYjJjIiwiY2xpZW50SG9zdCI6IjM4LjE0MC41OS4yMjYiLCJjbGllbnRBZGRyZXNzIjoiMzguMTQwLjU5LjIyNiJ9.MOgJ3giF0ikQnUAOBgK6eHpC0Tz3pCjhTX4IjHSjh3kzxx0KCLiWd494Fl3JSHiyvnNP7Ty1SXl4Bhq19f7y_lpGp4yLkbV9I1xsfC7m2D-EIf73D1LEluf1y97ISbh8668VqnGRG8U1FtXuwQGPZb7cgMiTbprECwLFj44_vM2qmLxFpOkOuVaqPmpgjt6MAmUbcWV8GDMAdxVnlZDZuzFkwOlb6S_WypNSYKHA6TFIe_FsA2EoxMu_9MAP3OLX7LIwX3jYIsT4z-TnUmyKC5RFzx6oc9D9Fr2eSTRBxC6QKGJrFAPt40p9_U3YFFi6VpzaGK9YQvCvdw70CVBe5Q", "not-before-policy": 0, "scope": "openid" }
Enrollment Initiated from Client Step 2 - Initiate An Enrollment
With the method type we start onboarding with accessToken, sessionToken, apikey
Initiate An Enrollment¶
POST /onboarding/enrollment/enroll Authorization: 'Bearer AccessToken' apikey: 'apikey' { "username": "username", "firstName": "first name", //optional "lastName": "last name" //optional "email": "user email", "phoneNumber": "user phonenumber" }
Response - Initiate An Enrollment
Response - Initiate An Enrollment¶
STATUS CODE 200 { "enrollmentToken": "enrollmentToken", "userExistsAlready": false, "requiredChecks": [ "addDevice", "addFace" ] }
Enrollment Initiated from Client Step 3 - Add Device
The device ID is checked when performing an authentication to confirm the device enrolled is the same as the device attempting.
Device Id¶
This can be retrieved in Android by using the following code Settings.Secure.getString(getContentResolver(), Settings.Secure.ANDROID_ID);
Add Device¶
POST /onboarding/enrollment/adddevice Authorization: 'Bearer AccessToken' apikey: 'apikey' { "enrollmentToken": "enrollmentToken", "deviceId": "deviceID" }
Response - Add Device
Response - Add Device¶
{ "enrollmentStatus": 1, "registrationCode": "" }
From here the response will include a registration code and enrollment status.
There are 3 enrollment statuses:
Enrollment Statuses¶
0 = Enrollment Failed 1 = Enrollment Pending 2 = Enrollment Complete
Enrollment Initiated from Client Step 4 - Add device security check session code
The device security API call requires the a-session String generated by the Threat Metrix SDK.
Add apSession Code¶
POST /onboarding/enrollment/deviceProfile/checkDevice
Authorization: 'Bearer AccessToken'
apikey: 'apikey'
{
"reEnrollmentToken": reEnrollmentToken,
"apSessionId": sessionID,
}