Veriff Identity Verification

Full-service identity verification solution for compliance and KYC. Leave identity verification to us and focus on doing what you do best.

- from https://www.veriff.com/product/identity-verification


Part 1: CAS CLI Configuration

When verification has completed, Veriff notifies CAS via a webhook. Veriff must be configured to be exposed as HTTPS on the standard HTTPS port 443 on your hostname domain. You cannot use a custom port (i.e. 7743, 8743) with Veriff.

The webhook endpoint on the CAS server must be configured to be:

  1. publicly visible on the internet (or at least to Veriff IP addresses), and

  2. uses a valid HTTPS certificate (not just self-signed), and

  3. assigned to a FQDN hostname (not just an IP address), and

  4. which matches the contents of: /batm/config/hostname, and

  5. complies with the RFC 952 host naming conventions (letters, digits, and hyphens only), and

  6. exposes that HTTPS on the standard HTTPS port (443).

You have 2 options to accomplish this end:

Option A (free): NGINX Proxy Server

This free option requires you to install and configure NGINX as a proxy server. The CAS program batm-manage can handle most of the heavy lifting for this.

Option B (paid): Cloudflare Zero Trust

Cloudflare offers Zero-Trust tunneling to those who use their paid Cloudflare DNS hosting.


Test the webhook endpoint

Before proceeding, you should have a working endpoint.

You can test that your server is configured correctly by entering the webhook URL in your browser. Visit this URL: https://veriff.yourcasdomain.com/serverapi/apiv1/identity-check/veriffwh

  • Replace “veriff.yourcasdomain.com” with your actual sub/domain/host name.

Make sure there are no SSL warnings.

  • The lock icon in the URL should be closed / locked and it should say “secure”.

The website should contain this following simple text: “BATM server endpoint for Veriff webhooks


Part 2: Veriff Configuration

An account with Veriff is necessary to proceed - if you’ve decided to use Veriff Custom Configuration.

Navigate to:

https://www.veriff.com/contact-sales

Integration settings

“Webhook fullauto URL” is not supported.

  • You must have a Webhook decisions URL setting for the integration to work with CAS!

Navigate to: Veriff Station Integrations image-20241002-150130.png [Select the integration to configure] image-20241002-150135.png Settings

Explanations:

Callback URL

Once your customer completes verification, they will be redirected to the callback URL defined here. The callback does not contain any decision or verification information (yet).

If the Callback URL is left empty, the final Veriff screen after customer verification will report: ”You can close this window[…],”.

If configured with a valid URL, then a “Continue” button will redirect your customer to the specified URL.

  • Useful for a “Thank you” page on your website, or some type of concluding statement.

Check certificates

Keep Do not allow self signed certificates checked.

Webhook events URL

This field may be left blank. Veriff events may be sent to a URL. These events are simply noted in the master log - when configured to the same URL as the decision webhook (below).

There are two reported events:

  • your customer navigates to the Veriff environment and starts the verification process, and

  • your customer has finished the process and has submitted an attempt.

Webhook decisions URL

The Veriff “Plus” plan is required to access this option.

  • This field is critical. The result of the verification request is sent to this URL.

  • Example: https://restapi.yourcasdomain.com/serverapi/apiv1/identity-check/veriffwh

    • replace “restapi.yourcasdomain.com” with your actual hostname (as used in Part 2 above).

If there's a network connectivity issue (any technical issue) with delivering the result via the webhook to CAS, Veriff will retry the notification again once per hour (for up to a week, or success).

Webhook PEP & Sanctions URL

Not used

Webhook fullauto URL

Unsupported callback. This new setting may indicate your account cannot be used with CAS.

Find your API keys

Your API keys are stored in the Veriff Station. Choose Integrations in the top menu, then select the integration you need. Once you open the integration you'll see Publishable key and Private key.

  • Private key is your API Secret, and

  • Publishable key is the API Key.


Part 3: CAS GUI Configuration

AML/KYC settings

  1. Navigate to: “KYC Configuration for registered customers”.

  2. Choose “Nothing, Direct customer to identity verification service via SMS

  • You may check the “Autoregister customer when verification is successful” checkbox in the detail of the “Nothing, Direct customer to identity verification service via SMS” instruction if you choose to trust Veriff completely & fully automate the process.

Organization Settings

Navigate to the “Identity Verification Provider” section of your Organization settings.

  • Select Veriff, and

  • fill in your Public and Private keys (see: Part 2).

  • Save it (SUBMIT).

Finally, test it!

You can use any ID (or business card), then after it permits you to upload it, navigate to:

Veriff Station → Verifications → click on the verification → Update Status (Test integrations only) → select status → Update.

This will update the Identity in CAS, and prove the process is working.


More information:

CAS REST API on internal port 7743

REST (Representational State Transfer) API is a software architectural style that defines a set of constraints to be used when creating web services. In a REST API, resources (which could be data objects or services) are identified by URLs, and can be accessed and manipulated using standard HTTP methods, such as GET, POST, PUT, DELETE, etc. Data is typically transferred in a simple, readable format like JSON or XML. REST is stateless, meaning that each HTTP request should contain all the information necessary to carry out the request; no information is retained by the server between requests. This design helps to improve scalability, reliability, and modifiability, making RESTful APIs an attractive choice for developers when building web applications.

Security:

Contact your Veriff account manager to get the Veriff IP range for webhook listeners.

If you only use Veriff, blacklist all public access to your published port (using UFW), then:

  • whitelist the Veriff IP range for webhook listeners.

Copyright © 2020-2024 General Bytes USA LLC