Veriff Identity Verification

Full-service identity verification solution for compliance and KYC. Leave identity verification to us and focus on doing what you do best.

- from https://www.veriff.com/product/identity-verification

Support for Veriff Identity Verification was added in CAS version 20220209.


Part 1: CAS CLI Configuration

When verification has completed, Veriff notifies CAS via a webhook. Veriff (unlike other REST services in CAS) cannot use a custom port, so it must be configured to be exposed as HTTPS on the standard HTTPS port 443 on your hostname domain. You cannot use a custom port (i.e. 7743, 8743) with Veriff.

The webhook endpoint on the CAS server must be configured to be:

  1. publicly visible on the internet (or at least to Veriff IP addresses), and

  2. uses a valid HTTPS certificate (not just self-signed), and

  3. assigned to a FQDN host name (not just an IP address), and

  4. which matches the contents of: /batm/config/hostname, and

  5. exposes HTTPS only on the standard HTTPS port (443).

Overview of CAS configuration:

  1. Use batm-manage install-reverse-proxy to install the NGINX reverse proxy,

  2. configure the NGINX reverse proxy,

  3. use certbot to add the “S” in the HTTPS, and

  4. redirect the REST API to standard HTTPS for Veriff’s use.


Instructions to install NGINX and Let’s Encrypt: https://generalbytes.atlassian.net/l/cp/nfb1x7Xd


Test webhook endpoint

https://help.veriff.com/en/articles/3430232-what-are-webhooks

You can test that your server is configured correctly by accessing the webhook URL in your browser.

Visit this URL in your browser: https://restapi.yourcasdomain.com/serverapi/apiv1/identity-check/veriffwh

  • Replace “restapi.yourcasdomain.com” with your actual domain/host name.

Make sure there are no SSL warnings.

  • The lock icon in the URL should be closed / locked and it should say “secure”.

The website normally contains this following text: “BATM server endpoint for Veriff webhooks”


Part 2: Veriff Configuration

An account with Veriff is necessary to proceed - if you’ve decided to use Veriff Custom Configuration.

Navigate to:

https://www.veriff.com/contact-sales

Integration settings

Navigate to: Veriff Station → Integrations → Pick the integration to configure → Settings

Callback URL

Once your customer completes verification, they will be redirected to the callback URL defined here. The callback does not contain any decision or verification information (yet).

If the Callback URL is left empty, the final Veriff screen after customer verification will report: ”You can close this window[…],”.

If configured with a valid URL, then a “Continue” button will redirect your customer to the specified URL.

  • Useful for a “Thank you” page on your website, or some type of concluding statement.

Check certificates

Keep Do not allow self signed certificates checked.

Webhook events URL

This field may be left blank. Veriff events may be sent to a URL. These events are simply noted in the master log - when configured to the same URL as the decision webhook (below).

There are two reported events:

  • your customer navigates to the Veriff environment and starts the verification process, and

  • your customer has finished the process and has submitted an attempt.

Webhook decisions URL

This field is critical. The result of the verification request is sent to this URL.

  • Example: https://restapi.yourcasdomain.com/serverapi/apiv1/identity-check/veriffwh

    • replace “restapi.yourcasdomain.com” with your actual hostname (as used in Part 2 above).

If there's a network connectivity issue (any technical issue) with delivering the result via the webhook to CAS, Veriff will retry the notification again once per hour (for up to a week, or success).

Webhook PEP & Sanctions URL

Not used

Find your API keys

Your API keys are stored in the Veriff Station. Choose Integrations in the top menu, then select the integration you need. Once you open the integration you'll see Publishable key and Private key.

  • Private key is your API Secret, and

  • Publishable key is the API Key.


Part 3: CAS GUI Configuration

AML/KYC settings

  1. Navigate to: “KYC Configuration for registered customers”.

  2. Choose “Nothing, Direct customer to identity verification service via SMS

  • You may check the “Autoregister customer when verification is successful” checkbox in the detail of the “Nothing, Direct customer to identity verification service via SMS” instruction if you choose to trust Veriff completely & fully automate the process.

Organization Settings

Navigate to the “Identity Verification Provider” section of your Organization settings.

  • Select Veriff, and

  • fill in your Public and Private keys (see: Part 2).

  • Save it (SUBMIT).

Finally, test it!

You can use any ID (or business card), then after it permits you to upload it, navigate to:

Veriff Station → Verifications → click on the verification → Update Status (Test integrations only) → select status → Update.

This will update the Identity in CAS, and prove the process is working.


More information:

Veriff utilizes the General Bytes' REST API on internal port 7743

REST (Representational State Transfer) API is a software architectural style that defines a set of constraints to be used when creating web services. In a REST API, resources (which could be data objects or services) are identified by URLs, and can be accessed and manipulated using standard HTTP methods, such as GET, POST, PUT, DELETE, etc. Data is typically transferred in a simple, readable format like JSON or XML. REST is stateless, meaning that each HTTP request should contain all the information necessary to carry out the request; no information is retained by the server between requests. This design helps to improve scalability, reliability, and modifiability, making RESTful APIs an attractive choice for developers when building web applications.

Security:

Contact your Veriff account manager to get the Veriff IP range for webhook listeners.

If you only use Veriff, blacklist all public access to your published port (using UFW), then:

  • whitelist the Veriff IP range for webhook listeners.

Copyright © 2020-2024 General Bytes USA LLC