Integration guide — Native

This guide covers how to integrate our native SDK into your own Android app.

Prerequisites

Sign up for an account — It's free
Sign in to your account and generate a new public key and secret. For security purposes, the secret is only shown once, so make sure to save it and keep it in a safe place. If you lose your secret you can generate a new one.

Integration steps

With this integration you will embed our technology into your own Android app. Our UX components blends with yours and the user will go through the necessary steps without leaving your app.

On a high level, this integration has three main steps:
• Create a session using the Session API. Provide a callback URL to receive the updates for this session.
• Using the native SDK, start the session with the token created in the previous step. Once the passport or ID is successfully scanned by the user, you will receive a callback to the URL provided in the previous step.
• When you receive a callback with session state APPROVED, use the Session API to retrieve the passport and ID data.

Each step is outlined in more detail below.

Note that there is no sandbox environment for testing, instead, integration and testing is done in production.
When you sign up for an account you are given free credit to be used for this.
Always start by creating a new session from your backend system:
# request curl http://localhost:4000/api/v1/session.create \ -u PUBLIC_KEY:SECRET \ -d @- << EOF { "callback_url": "..." } EOF # response { "id": 123, "token": "i_dI5hs7m...", ... } Optional properties;
• callback_url — set a callback url to receive session updates. Must be a valid public URL where your backend system handles the session updates.
• reference — set a reference to connect the session to any arbitrary identifier, such as a user id or a session id from your own system.
• face_verification — set whether face verification is required or not (false by default).

Send the token to your application.

Note that a session is intended to be used for a short period of time to handle one user (one document).
Once a session has been used successfully, it should not be used again.
Download the SDK (Iris library) for Android and add it to your Android Studio project.
Both Kotlin and Java is supported. Minimum target API level 21.

To add a library to an Android application, follow these steps:
• Open the app's Android Studio project.
• Go to File > New > New Module and select Import .JAR/.AAR Package.
• Provide the path to the library and click Finish to add it.
• Go to File > Project Structure > Dependencies and select your app.
• Under Declared Dependencies, click the + button and select Module Dependency.
• Select the library from the list.

Next, import the SDK and set up a session using the token from the previous step.

Start the session. // integration example in Kotlin import iris.Iris val iris = Iris(this, token) iris.start(object: Iris.StartHandler { override fun onSuccess(response: Iris.SuccessResponse) { // session was successful } override fun onError() { // handle error, e.g. retry by calling start again } }) On success, you will receive a callback to the URL provided in the previous step. Some data points are also available directly in the response.
When you receive a callback with session state APPROVED, use the Session API to retreive the passport and ID data in your backend system.
# request curl http://localhost:4000/api/v1/session.get \ -u PUBLIC_KEY:SECRET \ -d @- << EOF { "id": 123 } EOF # response { "given_names": "John", "surname": "Doe", "nationality": "US", "sex": "MALE", "date_of_birth": "1988-01-01", "document_type": "PASSPORT", "document_number": "31195855", "expiry_date": "2031-01-01", "issuing_country": "US", "issuer": "Department of State, U.S. Government", "portrait": "dGVzdHRlc3R0ZXN0...", ... } If face verification was required, an additional property will be available; face — containing and image of the user's face.
Data points returned by the Session API, available for you to use in your application:

• Given names — Given names as stated on the passport or ID
• Surname — Surname as stated on the passport or ID
• Nationality — Two-letter ISO 3166 code (e.g. “US”)
• Sex — “MALE”, “FEMALE” or “UNSPECIFIED”
• Date of birth — Formatted as YYYY-MM-DD
• Personal number — If applicable, subject to country-specific formats
• Document type — The document type (e.g. “PASSPORT”)
• Document number — Document number as stated on the passport or ID
• Expiry date — Formatted as YYYY-MM-DD
• Issuing country — Two-letter ISO 3166 code (e.g. “US”)
• Issuer — Name of the issuing authority
• Portrait image — High resolution digital image from the passport or ID, base64 encoded PNG
• Face — Image of the user's face (if face verification was required), base64 encoded PNG

Certain data points are available in the SDK directly, without using the Session API:

• Given names
• Surname
• Nationality
• Document type
• Document number
• Expiry date
• Issuing country
• Issuer
• Portrait image

These data points are unverified and unsecure, and should not be used for purposes other than providing a smooth user experience, such as greeting the user by their real name as they progress in the application flow.

Always use only the verified data from the Session API for any real operations such as creating user accounts.
During the lifecycle of a session we will send a callback when the session state changes. These callbacks are sent to the URL provided when the session is created.

Callbacks are sent as JSON encoded POST requests and contain the session id and session state in the request body. All callbacks are re-tried up to 5 times in case of errors on the receiving end.
# callback example curl CALLBACK_URL \ -H "Content-Type: application/json" \ -d @- << EOF { "session_id": 123, "session_state": "INITIATED", "session_reference": "" } EOF Below is a list of possible lifecycle states for a session. All state changes after CREATED are sent as callbacks to the URL provided when the session was created.

If the flow ends with state ABORTED or FAILED, a new session must be created and the user must start over from the beginning.

• State CREATED — The session is created
• State INITIATED — The session has been initiated by the user
• State FAILED — The session failed, e.g. because of an NFC read error
• State ABORTED — The session was aborted by the user
• State COMPLETED — The session completed successfully
• State REJECTED — The session was rejected, e.g. because the document could not be verified
• State APPROVED — The session has been verified and approved

See also