Liveness detection HTML5 (H5) version, is a critical security feature designed to thwart spoofing attacks during digital authentication processes.
This technology is employed in various web and mobile applications to ensure that the entity attempting access is a live human being rather than a photograph, video, mask, or another form of replicated biometric attack.
The liveness detection H5 leverages the capabilities of modern web browsers, allowing seamless integration into online platforms without the need for additional plugins or software installations. It utilizes sophisticated algorithms that analyze real-time video feeds for subtle movements, texture, and other indicators of physical presence.
Throughout the process, end users are instructed to perform gestures based on prompts like "open your mouth" and "blink your eyes." The outcome of the liveness detection could be retrieved from the backend, and a selfie is provided if it detects a live person.
Integration Steps
There are 3 steps to integrate H5 Liveness Detection:
- Use the "Retrieve token API" to configure redirect URLs and other settings, which will generate the liveness detection token and H5 liveness detection URL.
- The user completes the liveness detection process through the H5 liveness detection URL.
- Use the "Retrieve result API" to obtain a selfie if the liveness detection is successful, or receive detailed results in case of failure.
Retrieve token API
Base URL
API
| URL | Request Methods | Content Type | Output Format | Character Set |
|---|---|---|---|---|
| api-base-url?partner_code=xxx&partner_key=xxx | POST | application/json | JSON | UTF-8 |
Authentication
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| partner_code | String | Partner Code | Required | Assigned by TD |
| partner_key | String | Partner Key | Required | Assigned by TD |
Request
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| success_redirect | String | Page redirected after successful liveness detection | Required | |
| failure_redirect | String | Page redirected after liveness detection failure | Required | |
| language | String | Page prompt language Enumeration value: en: English id: Indonesian es: Espanol ar: Arabic tl: Filipino ko: Korean pt: Portuguese ru: Russian th: Thai tr: Turkish vi: Vietnamese zh-Hans: Simplified Chinese zh-Hant: Traditional Chinese | Optional | 1. If a specific language is specified, it will display the prompt in that language. 2. If no language is specified, it will retrieve the browser's language and display the corresponding language prompt. 3. If the language is not retrieved in Step 2, or in other exceptional circumstances, it will display the prompt in English (en) as default. |
| audio | Boolean | Play action prompt audio | Optional | Default false. If set to true: 1. Play the corresponding prompt sound based on the language result. 2. If the language is not retrieved in Step 1, or in other exceptional circumstances, it will play the English prompt sound as default. Currently, we support audios in the following languages: English, Spanish, and Indonesian. |
Response Parameters
| Parameter | Type | Description | Notes |
|---|---|---|---|
| code | Integer | API status code | Please refer to below API Code list |
| message | String | Status Information | Detailed reasons will be provided about API status |
| sequence_id | String | Unique response code | A unique ID used to track each request |
| token | String | Liveness detection token | The token is used to generate the liveness detection URL and to subsequently query the result of this liveness detection process. |
| url | String | Liveness detection url | The H5 liveness detection URL will be provided, incorporating any necessary redirect URLs and configurations in the following format: url = https://static.tongdun.net/liveness/index.html#/progress?code=token&success_redirect=[successURL]&failure_redirect=[failureURL]&language=xx&audio=true& |
Response Example
-
Request
{ "success_redirect": "http://www.google.com", "failure_redirect": "http://www.facebook.com", "language": "en", "audio": true } -
Success
{
"code": 200,
"message": "success",
"sequence_id": "17119500882*****29",
"token": "a41701e4-b2a2-4f62-8cd4-9******3",
"url": "https://static.tongdun.net/liveness/index.html#/progress?code=a41701e4-b2a2-4f62-8cd4-9******3&success_redirect=http%3A%2F%2Fwww.google.com&failure_redirect=http%3A%2F%2Fwww.facebook.com&language=en&audio=true&"
}
- Failed
{
"code": 11350,
"sequence_id": "69b57131b6fb********61ccba118b60",
"message": "Internal error"
}
Retrieve result API
Base URL
API
| URL | Request Methods | Content Type | Output Format | Character Set |
|---|---|---|---|---|
| api-base-url?partner_code=xxx&partner_key=xxx | POST | application/json | JSON | UTF-8 |
Authentication
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| partner_code | String | Partner Code | Required | Assigned by TD |
| partner_key | String | Partner Key | Required | Assigned by TD |
Request
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| token | String | Liveness detection token | Required |
Response Parameters
| Parameter | Type | Description | Notes |
|---|---|---|---|
| code | Integer | API status code | Please refer to below API Code list |
| message | String | Status Information | Detailed reasons will be provided about API status |
| sequence_id | String | Unique response code | A unique ID used to track each request |
| image | String | Liveness Detection face images | The best selfie image captured during the liveness detection process, in base64 format. Will only return if liveness detection is successful. |
API Code
| Code | Message | Charged |
|---|---|---|
| 200 | success (live person) | YES |
| 12223 | No face detected | NO |
| 12224 | Multiple faces have been detected | NO |
| 12225 | Detection timeout | NO |
| 12226 | Person change detected | NO |
| 12202 | Identified as a blink attack | YES |
| 12203 | Identified as a mouth movement attack | YES |
| 12204 | Identified as a partial face attack | YES |
| 12205 | Identified as a video replay attack | YES |
| 12206 | Identified as a black and white image | YES |
| 12207 | Identified as a paper-based attack | YES |
| 12208 | Identified as a frame (including paper or phone frame) | YES |
| 12209 | Identified as a moire pattern attack | YES |
| 12210 | Identified as a face superiority attack | YES |
| 12211 | Identified as a paper-based attack (optical flow) | YES |
| 12212 | Identified as a mask attack | YES |
| 12213 | Identified as an ID card attack | YES |
| 12214 | Identified as a 3D mask attack | YES |
| 12215 | Identified as a synthetic image attack | YES |
| 12216 | Identified as a black-market software attack | YES |
| 12217 | Identified as a T-type mask attack | YES |
| 12218 | Identified as a blurry image | YES |
| 12219 | Suspected deepfake image attack | YES |
| 12220 | Suspected high-resolution screen attack | YES |
| 12222 | Injection attack | YES |
| 12250 | Verification error | YES |
| 11350 | Internal error | NO |
Response Example
-
Request
{ "token":"a41701e4-b2a2-4f62-8cd4-9******3" } -
Success
{
"code": 200,
"message": "Success",
"sequence_id": "1711950327713613G109E0A081240931",
"image": "/9j/4AAFbs64"
}
- Failed
{
"code": 11350,
"sequence_id": "69b57131b6fb********61ccba118b60",
"message": "Internal error"
}