Create secure NFC identity verification requests from your own system. Invite users by email or SMS, or send the generated link yourself. The user scans the NFC chip in the mobile app and you retrieve only the fields your process needs.
ID Scan is designed for software vendors and organizations that want to add identity verification without building the full mobile scanning flow themselves.
Create a scan request from your backend. Add an external reference, language, expiry, delivery settings, requested fields and checks.
Let ID Scan send the email or SMS, or use your own communication channel with the returned verification link.
The user opens the mobile app, scans the MRZ, reads the NFC chip and optionally completes a live selfie check against the DG2 portrait photo.
Retrieve status, checks, requested fields and audit information through the API. Only configured fields are returned.
API calls are sent to the ID Scan API base URL and authenticated using an API key generated in the ID Scan portal. The API key is sent through a dedicated request header and should only be used server-side. Never expose API keys in frontend code or mobile applications.
When a scan request is created, the API returns the request ID, request key, expiry time and verification links. Use the returned WebUrl in your own email, SMS, portal or workflow when using self delivery. On mobile devices, DeepLinkUrl can open the app directly.
You can choose how the user receives the verification request. This allows ID Scan to fit into both fully automated and custom communication flows.
ID Scan sends a branded invitation email with a secure verification link.
ID Scan sends the verification link by SMS. Useful for mobile-first onboarding flows.
Your system receives the link and sends it through your own email, SMS, portal or messaging workflow.
A verification request moves through a small set of statuses. Integrations can use these statuses to show progress, trigger reminders or decide whether a new request is needed.
| Status | Description |
|---|---|
requested | The request has been created and is waiting for the user to start or complete the verification. |
compliance_pending | The identity verification has been completed and optional compliance screening is being processed. |
completed | The user completed the flow. Use IsSuccess and the check fields to determine whether verification passed. |
expired | The request expired before the user completed the verification. |
deleted | The request was deleted and is no longer available for completion. |
failed | The request could not be completed successfully because of an error or failed verification step. |
Use an external reference to link a verification request to your own customer, employee, dossier, order or onboarding record. The same reference is returned when you retrieve request details.
Link the request to your own customer or client record.
Connect the result to a Wwft, HR or compliance dossier.
Use the reference to continue automated workflows after verification is complete.
ID Scan supports data minimization. Configure exactly which fields should be returned to your system. The user can be shown what data will be shared before submission.
| Field | Description | Source |
|---|---|---|
surname | Surname / family name from the identity document. | NFC DG1 |
given_names | Given names from the identity document. | NFC DG1 |
date_of_birth | Date of birth. Can also be used for age checks. | NFC DG1 |
date_of_expiry | Document expiry date. | NFC DG1 |
document_number | Document number. Can be returned full or masked depending on template settings. | NFC DG1 |
document_type | Document type, such as passport or identity card. | NFC DG1 |
issuing_country | Country that issued the document. | NFC DG1 |
country_of_issue | Country of issue when available. | NFC DG1 |
nationality | Nationality from the identity document. | NFC DG1 |
gender | Gender marker from the document, if requested. | NFC DG1 |
photo | Portrait photo from the NFC chip. Only return when explicitly needed. | NFC DG2 |
mrz_masked_image | Masked MRZ image as proof of scan without exposing all MRZ data. | Camera/MRZ |
selfie_image | Live selfie image. Usually only included for manual review. | Camera/selfie |
Checks can be requested as part of the verification flow. Some checks are technical NFC checks, while others are business rules such as minimum age or selfie verification.
| Check | Description | Returned result |
|---|---|---|
nfc_read_success | Indicates whether the NFC chip was successfully read. | true / false |
chip_authentication_success | Indicates whether chip authentication or chip verification succeeded. | true / false |
document_not_expired | Checks if the document expiry date is in the future. | true / false |
minimum_age | Checks whether the person meets a configured minimum age without necessarily returning the date of birth. | { required, passed } |
sod_signature_valid | Checks the SOD signature when available. | true / false |
dg1_hash_valid | Checks whether DG1 data matches the signed document data. | true / false |
dg2_hash_valid | Checks whether the portrait photo data matches the signed document data. | true / false |
active_auth_ok | Optional active authentication result when supported by the document. | true / false / not available |
selfie_check | Optional live selfie verification matched against the DG2 portrait photo. | { requested, consent_given, passed, status, method } |
compliance_screening | Optional PEP, sanctions and related person screening after the NFC identity verification has completed. | { requested, match_found, pep_match, sanctions_match, rca_match, highest_score, matches } |
ID Scan can optionally screen the verified identity data against PEP, sanctions and related person datasets. This helps support KYC, AML and compliance workflows after the NFC document verification has been completed.
Check whether the verified person appears as a politically exposed person.
Check whether the verified person appears on sanctions-related datasets.
Possible findings should always be reviewed manually before taking action.
The result endpoint returns request status, verification status, external reference, selected identity fields, selected images and check results. Fields that were not requested are not returned.
Requested, completed, expired, deleted or failed, including created and completed timestamps.
Only configured identity data such as name, nationality, date of birth or document expiry date.
NFC read status, chip authentication, document validity, selfie check and optional PDF/reporting data.
Image fields such as the DG2 portrait photo, masked MRZ image and selfie image are returned inline as Base64 encoded data when requested. Images are not returned as public URLs.
Use the data value as Base64 encoded binary image data.
Use content_type, such as image/jpeg, to reconstruct the image correctly.
Image data is only included when the field is explicitly requested in the template.
The document number can be returned full or masked. Masking helps reduce unnecessary exposure of document numbers while still allowing matching or audit checks in your own system.
| Value | Option | Description |
|---|---|---|
(empty) | No masking | Return the document number as read from the identity document. Only use when the full document number is required. |
last4_visible | Last 4 visible | Mask the document number and only return the last four characters, for example *****7P44. |
first4_visible | First 4 visible | Mask the document number and only return the first four characters. |
The example below creates a verification request, asks ID Scan to send the invitation by email and returns only the selected fields and checks.
After completion, your system can retrieve the result by request ID or request key. The external reference can be used to connect the result to your own system.
Retention settings can be configured per tenant. Verification data can be deleted after a fixed period, after read, or according to your configured privacy policy. This helps limit unnecessary storage of sensitive identity data.
Delete verification data after a configured number of days.
Mark data as read when retrieved and schedule deletion after that moment.
Use separate retention settings for portal and API workflows when needed.
Besides creating and retrieving requests, integrations can resend invitations or delete a request. Deleting a request can be used when a workflow is cancelled or a verification is no longer needed.
POST /scan-requests/{id}/resend
DELETE /scan-requests/{id}
GET /scan-requests/{id}/details
Test mode can be used to validate the full integration flow before going live. Test requests are marked with IsTest in the API response, so your system can separate test data from production workflows.
Validate request creation, delivery, app scanning and result retrieval without using production workflows.
The create request response contains IsTest, making test requests easy to detect.
Start with a test API key or test tenant setup and switch to live verification after validation.
Explore our public .NET integration example on GitHub. The example demonstrates how to create verification requests, retrieve verification results and integrate NFC passport verification into your own applications.
Includes request creation, result retrieval and identity verification workflows using C# and .NET.
Learn how to process NFC passport verification results, document fields and verification checks.
Clone the repository, test the API and use it as a starting point for your own integration.
Not every request results in a successful verification. A user may stop the flow, the request may expire, or NFC reading may fail. Use Status, HasResult, IsSuccess and the check fields to determine the final outcome.
Create a free account, generate an API key and test the full flow before going live.