Support for Veriff Identity Verification was added in CAS version 20220209.
Part 1: CAS CLI Configuration
When verification has completed, Veriff notifies CAS via a webhook. Veriff (unlike other REST services in CAS) cannot use a custom port, so it must be configured to be exposed as HTTPS on the standard HTTPS port 443 on your hostname domain. You cannot use a custom port (i.e. 7743, 8743) with Veriff.
The webhook endpoint on the CAS server must be configured to be:
publicly visible on the internet (or at least to Veriff IP addresses), and
uses a valid HTTPS certificate (not just self-signed), and
assigned to a FQDN host name (not just an IP address), and
which matches the contents of: /batm/config/hostname, and
exposes HTTPS only on the standardHTTPS port (443).
Overview of CAS configuration:
Use batm-manage install-reverse-proxy to install the NGINX reverse proxy,
configure the NGINX reverse proxy,
use certbot to add the “S” in the HTTPS, and
redirect the REST API to standard HTTPS for Veriff’s use.
replace “restapi.yourcasdomain.com” with your actual hostname (as used in Part 2 above).
If there's a network connectivity issue (any technical issue) with delivering the result via the webhook to CAS, Veriff will retry the notification again once per hour (for up to a week, or success).
Webhook PEP & Sanctions URL
Find your API keys
Your API keys are stored in the Veriff Station. Choose Integrations in the top menu, then select the integration you need. Once you open the integration you'll see Publishable key and Private key.
Private key is your API Secret, and
Publishable key is the API Key.
Part 3: CAS GUI Configuration
Navigate to: “KYC Configuration for registered customers”.
Choose “Nothing, Direct customer to identity verification service via SMS”
You may check the “Autoregister customer when verification is successful” checkbox in the detail of the “Nothing, Direct customer to identity verification service via SMS” instruction if you choose to trust Veriff completely & fully automate the process.
Navigate to the “Identity Verification Provider” section of your Organization settings.
Select Veriff, and
fill in your Public and Private keys (see: Part 2).
Save it (SUBMIT).
Finally, test it!
You can use any ID (or business card), then after it permits you to upload it, navigate to:
Veriff Station → Verifications → click on the verification → Update Status (Test integrations only) → select status → Update.
This will update the Identity in CAS, and prove the process is working.
Veriff utilizes the General Bytes' REST API on internal port 7743
REST (Representational State Transfer) API is a software architectural style that defines a set of constraints to be used when creating web services. In a REST API, resources (which could be data objects or services) are identified by URLs, and can be accessed and manipulated using standard HTTP methods, such as GET, POST, PUT, DELETE, etc. Data is typically transferred in a simple, readable format like JSON or XML. REST is stateless, meaning that each HTTP request should contain all the information necessary to carry out the request; no information is retained by the server between requests. This design helps to improve scalability, reliability, and modifiability, making RESTful APIs an attractive choice for developers when building web applications.
Contact your Veriff account manager to get the Veriff IP range for webhook listeners.
If you only use Veriff, blacklist all public access to your published port (using UFW), then:
whitelist the Veriff IP range for webhook listeners.