Veriff Identity Verification
- Charles Wernicke
- Martin Silha
Full-service identity verification solution for compliance and KYC. Leave identity verification to us and focus on doing what you do best.
Part 1: CAS CLI Configuration
When verification has completed, Veriff notifies CAS via a webhook. Veriff must be configured to be exposed as HTTPS on the standard HTTPS port 443 on your hostname domain. You cannot use a custom port (i.e. 7743, 8743) with Veriff.
The webhook endpoint on the CAS server must be configured to be:
publicly visible on the internet (or at least to Veriff IP addresses), and
uses a valid HTTPS certificate (not just self-signed), and
assigned to a FQDN hostname (not just an IP address), and
which matches the contents of:
/batm/config/hostname, andcomplies with the RFC 952 host naming conventions (letters, digits, and hyphens only), and
exposes that HTTPS on the standard HTTPS port (443).
You have 2 options to accomplish this end:
Option A (free): NGINX Proxy Server
This free option requires you to install and configure NGINX as a proxy server. The CAS program batm-manage can handle most of the heavy lifting for this.
Option B (paid): Cloudflare Zero Trust
Cloudflare offers Zero-Trust tunneling to those who use their paid Cloudflare DNS hosting.
Test the webhook endpoint
Before proceeding, you should have a working endpoint.
You can test that your server is configured correctly by entering the webhook URL in your browser. Visit this URL: https://veriff.yourcasdomain.com/serverapi/apiv1/identity-check/veriffwh
Replace “veriff.yourcasdomain.com” with your actual sub/domain/host name.
Make sure there are no SSL warnings.
The lock icon in the URL should be closed / locked and it should say “secure”.
The website should contain this following simple text: “BATM server endpoint for Veriff webhooks”
Part 2: Veriff Configuration
An account with Veriff is necessary to proceed - if you’ve decided to use Veriff Custom Configuration.
Navigate to:
Integration settings
“Webhook fullauto URL” is not supported.
You must have a Webhook decisions URL setting for the integration to work with CAS!
Navigate to: Veriff Station Integrations 
Explanations:
Callback URLOnce your customer completes verification, they will be redirected to the callback URL defined here. The callback does not contain any decision or verification information (yet). If the Callback URL is left empty, the final Veriff screen after customer verification will report: ”You can close this window[…],”. If configured with a valid URL, then a “Continue” button will redirect your customer to the specified URL.
|
Check certificatesKeep Do not allow self signed certificates checked. |
Webhook events URLThis field may be left blank. Veriff events may be sent to a URL. These events are simply noted in the master log - when configured to the same URL as the decision webhook (below). There are two reported events:
|
Webhook decisions URLThe Veriff “Plus” plan is required to access this option.
If there's a network connectivity issue (any technical issue) with delivering the result via the webhook to CAS, Veriff will retry the notification again once per hour (for up to a week, or success). |
Webhook PEP & Sanctions URLNot used |
Webhook fullauto URL Unsupported callback. This new setting may indicate your account cannot be used with CAS.
|
Find your API keys
Your API keys are stored in the Veriff Station. Choose Integrations in the top menu, then select the integration you need. Once you open the integration you'll see Publishable key and Private key.
Private key is your API Secret, and
Publishable key is the API Key.
Part 3: CAS GUI Configuration
AML/KYC settings
Navigate to: “KYC Configuration for registered customers”.
Choose “Nothing, Direct customer to identity verification service via SMS”
You may check the “Autoregister customer when verification is successful” checkbox in the detail of the “Nothing, Direct customer to identity verification service via SMS” instruction if you choose to trust Veriff completely & fully automate the process.
Organization Settings
Navigate to the “Identity Verification Provider” section of your Organization settings.
Select Veriff, and
fill in your Public and Private keys (see: Part 2).
Save it (SUBMIT).
Finally, test it!
You can use any ID (or business card), then after it permits you to upload it, navigate to:
Veriff Station → Verifications → click on the verification → Update Status (Test integrations only) → select status → Update.
This will update the Identity in CAS, and prove the process is working.
More information:
CAS REST API on internal port 7743
REST (Representational State Transfer) API is a software architectural style that defines a set of constraints to be used when creating web services. In a REST API, resources (which could be data objects or services) are identified by URLs, and can be accessed and manipulated using standard HTTP methods, such as GET, POST, PUT, DELETE, etc. Data is typically transferred in a simple, readable format like JSON or XML. REST is stateless, meaning that each HTTP request should contain all the information necessary to carry out the request; no information is retained by the server between requests. This design helps to improve scalability, reliability, and modifiability, making RESTful APIs an attractive choice for developers when building web applications.
Security:
Contact your Veriff account manager to get the Veriff IP range for webhook listeners.
If you only use Veriff, blacklist all public access to your published port (using UFW), then:
whitelist the Veriff IP range for webhook listeners.
Copyright © 2020-2024 General Bytes USA LLC