Liveness detection HTML5 (H5) version, is a critical security feature designed to thwart spoofing attacks during digital authentication processes.
This technology is employed in various web and mobile applications to ensure that the entity attempting access is a live human being rather than a photograph, video, mask, or another form of replicated biometric attack.
The liveness detection H5 leverages the capabilities of modern web browsers, allowing seamless integration into online platforms without the need for additional plugins or software installations. It utilizes sophisticated algorithms that analyze real-time video feeds for subtle movements, texture, and other indicators of physical presence.
Throughout the process, end users are instructed to perform gestures based on prompts like "open your mouth" and "blink your eyes." The outcome of the liveness detection could be retrieved from the backend, and a selfie is provided if it detects a live person.
Integration Steps
There are 3 steps to integrate H5 Liveness Detection:
- Use the "Retrieve token API" to configure redirect URLs and other settings, which will generate the liveness detection token and H5 liveness detection URL.
- The user completes the liveness detection process through the H5 liveness detection URL, and redirected to success and failure web page URL.
- Use the "Retrieve result API" to obtain a selfie if the liveness detection is successful, or receive detailed results in case of failure.
1.Retrieve token API
Base URL
- Singapore:https://sg.apitd.net/verification/kyc/h5/liveness/token/v1
- Indonesia:https://id-credit.apitd.net/verification/kyc/h5/liveness/token/v1
API
| URL | Request Methods | Content Type | Output Format | Character Set |
|---|---|---|---|---|
| api-base-url?partner_code=xxx&partner_key=xxx | POST | application/json | JSON | UTF-8 |
Authentication
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| partner_code | String | Partner Code | Required | Assigned by TD |
| partner_key | String | Partner Key | Required | Assigned by TD |
Request
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| success_redirect | String | Page redirected after successful liveness detection | Required | |
| failure_redirect | String | Page redirected after liveness detection failure | Required | |
| language | String | Page prompt language Enumeration value: en: English id: Indonesian es: Espanol ar: Arabic tl: Filipino ko: Korean pt: Portuguese ru: Russian th: Thai tr: Turkish vi: Vietnamese kh: Khmer zh-Hans: Simplified Chinese zh-Hant: Traditional Chinese | Optional | 1. If a specific language is specified, it will display the prompt in that language. 2. If no language is specified, it will retrieve the browser's language and display the corresponding language prompt.3. If the language is not retrieved in Step 2, or in other exceptional circumstances, it will display the prompt in English (en) as default. |
| audio | Boolean | Play action prompt audio | Optional | Default false. If set to true: 1. Play the corresponding prompt sound based on the language result. 2. If the language is not retrieved in Step 1, or in other exceptional circumstances, it will play the English prompt sound as default.Currently, we support audios in the following languages: English, Spanish, and Indonesian. |
Response Parameters
| Parameter | Type | Description | Notes |
|---|---|---|---|
| code | Integer | API status code | Please refer to below API Code list |
| message | String | Status Information | Detailed reasons will be provided about API status |
| sequence_id | String | Unique response code | A unique ID used to track each request |
| token | String | Liveness detection token | The token is used to generate the liveness detection URL and to subsequently query the result of this liveness detection process. |
| url | String | Liveness detection url | The H5 liveness detection URL will be provided, incorporating any necessary redirect URLs and configurations in the following format: https://static.tongdun.net/liveness/index.html#/progress?code=token&success_redirect=[successURL]&failure_redirect=[failureURL]&language=xx&audio=true& |
Response Example
-
Request
{ "success_redirect": "http://www.google.com", "failure_redirect": "http://www.facebook.com", "language": "en", "audio": true } -
Success
{
"code": 200,
"message": "success",
"sequence_id": "17119500882*****29",
"token": "a41701e4-b2a2-4f62-8cd4-9******3",
"url": "https://static.tongdun.net/liveness/index.html#/progress?code=a41701e4-b2a2-4f62-8cd4-9******3&success_redirect=http%3A%2F%2Fwww.google.com&failure_redirect=http%3A%2F%2Fwww.facebook.com&language=en&audio=true&"
}
- Failed
{
"code": 11350,
"sequence_id": "69b57131b6fb********61ccba118b60",
"message": "Internal error"
}
2.Liveness detection and page redirection
After completing the liveness detection, the page will automatically redirect to the callback page configured by the customer: either the success page [successURL] or the failure page [failureURL].
Callback page URL examples:
● Successful callback example: [successURL]?code=7ac3a964-f540-4aa2-acdf-59ea1639572e&state=0
● Failed callback example: [failureURL]?code=7ac3a964-f540-4aa2-acdf-59ea1639572e&state=2
When the page is redirected, if the customer's callback page receives the parameter "state" with a value of 0 or 2 after the completion of liveness detection, it can proceed to call the API to retrieve the result of the liveness detection. For other values of "state" besides 0 or 2, please refer to the following explanation and suggestions.
| Return Value "state" | Meaning | Suggestions for Subsequent Processes |
|---|---|---|
| 0 | Passing liveness detection | Call the API to retrieve the liveness detection results |
| 2 | Failing liveness detection is usually indicative of a spoofing attempt | Call the API to retrieve the liveness detection results Based on risk preferences, decide whether to initiate liveness detection again (retrieve token) |
| 3 | Invalid token indicates that the token obtained in the previous steps has already been used | Initiate liveness detection again. Please ask the user to retry |
| 4 | Unable to open the camera | The camera cannot be opened. Please proceed with an alternative verification method, such as manual processing |
| 5, 6 | Network issue | Initiate liveness detection again. Please ask the user to retry |
| Others | In case the callback state status code is maliciously tampered with, for example, changed to state=8 | Based on risk preferences, choose to either terminate the process directly or initiate liveness detection again |
3.Retrieve result API
Base URL
- Singapore:https://sg.apitd.net/verification/kyc/h5/liveness/result/v1
- Indonesia:https://id-credit.apitd.net/verification/kyc/h5/liveness/result/v1
API
| URL | Request Methods | Content Type | Output Format | Character Set |
|---|---|---|---|---|
| api-base-url?partner_code=xxx&partner_key=xxx | POST | application/json | JSON | UTF-8 |
Authentication
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| partner_code | String | Partner Code | Required | Assigned by TD |
| partner_key | String | Partner Key | Required | Assigned by TD |
Request
| Parameter | Type | Description | Required/Optional | Notes |
|---|---|---|---|---|
| token | String | Liveness detection token | Required |
Response Parameters
| Parameter | Type | Description | Notes |
|---|---|---|---|
| code | Integer | API status code | Please refer to below API Code list |
| message | String | Status Information | Detailed reasons will be provided about API status |
| sequence_id | String | Unique response code | A unique ID used to track each request |
| image | String | Liveness Detection face images | The best selfie image captured during the liveness detection process, in base64 format. Will only return if liveness detection is successful. |
API Code
| Code | Message | Charged |
|---|---|---|
| 200 | success (live person) | YES |
| 12223 | No face detected | NO |
| 12224 | Multiple faces have been detected | NO |
| 12225 | Detection timeout | NO |
| 12226 | Person change detected | NO |
| 12227 | Token has been used | NO |
| 12228 | User actively cancels liveness detection process | NO |
| 12229 | Liveness detection result not found | NO |
| 12202 | Identified as a blink attack | YES |
| 12203 | Identified as a mouth movement attack | YES |
| 12204 | Identified as a partial face attack | YES |
| 12205 | Identified as a video replay attack | YES |
| 12206 | Identified as a black and white image | YES |
| 12207 | Identified as a paper-based attack | YES |
| 12208 | Identified as a frame (including paper or phone frame) | YES |
| 12209 | Identified as a moire pattern attack | YES |
| 12210 | Identified as a face superiority attack | YES |
| 12211 | Identified as a paper-based attack (optical flow) | YES |
| 12212 | Identified as a mask attack | YES |
| 12213 | Identified as an ID card attack | YES |
| 12214 | Identified as a 3D mask attack | YES |
| 12215 | Identified as a synthetic image attack | YES |
| 12216 | Identified as a black-market software attack | YES |
| 12217 | Identified as a T-type mask attack | YES |
| 12218 | Identified as a blurry image | YES |
| 12219 | Suspected deepfake image attack | YES |
| 12220 | Suspected high-resolution screen attack | YES |
| 12221 | Light verification failed | YES |
| 12222 | Injection attack | YES |
| 12250 | Verification error | YES |
| 11350 | Internal error | NO |
Response Example
-
Request
{ "token":"a41701e4-b2a2-4f62-8cd4-9******3" } -
Success
{
"code": 200,
"message": "Success",
"sequence_id": "1711950327713613G109E0A081240931",
"image": "/9j/4AAFbs64"
}
- Failed
{
"code": 11350,
"sequence_id": "69b57131b6fb********61ccba118b60",
"message": "Internal error"
}