> ## Documentation Index
> Fetch the complete documentation index at: https://developers.argosidentity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# FACE AUTH Guide

> Learn how to use the FACE AUTH add-on service that compares selfies with existing eKYC approved users to verify if they are the same person.

FACE AUTH is an **add-on service** that immediately verifies whether a user is the same person by comparing the selfie (Reference) from a Submission ID obtained from existing eKYC with the user's latest selfie (Target). You can complete re-authentication with just one selfie without a separate complex process.

## Representative Use Cases

Since identity can be re-verified with just one selfie without a password or authentication code, you can enhance security while reducing user friction.

<CardGroup cols={2}>
  <Card title="Device Change" icon="mobile-screen">
    Used by **financial institutions** as a re-authentication means to reduce account theft risk during device change·number change.
  </Card>

  <Card title="Re-authentication on Anomaly Detection" icon="shield-exclamation">
    **ATO Prevention** - Apply access block/release policies with additional face authentication when high-risk login, overseas access, or bulk attempts are detected.
  </Card>

  <Card title="Regular Identity Re-verification" icon="calendar-check">
    **Periodic KYC Refresh** - Used as a periodic same-person verification procedure in high-value services·regulated industries.
  </Card>

  <Card title="Password Loss/Information Change" icon="key">
    Insert as identity verification step before important account changes such as password reset, payment method·contact change.
  </Card>
</CardGroup>

## Operation Method (3-Step)

<Steps>
  <Step title="Prerequisite">
    An **approved Submission** from eKYC must exist. (Reference)
  </Step>

  <Step title="Process">
    Call Add-On URL (including pid + Submission ID) → Take selfie

    <Note>
      When entering from desktop, QR is displayed → Continue shooting on mobile.
    </Note>
  </Step>

  <Step title="Judgment/Storage">
    Automatic comparison of registered vs verified → Results are stored in dashboard as **Auth ID** (submission).
  </Step>
</Steps>

<Warning>
  **Key Checks**

  * Approved Submission ID must exist. (Reference)
  * FACE AUTH URL must be **encrypted for security** when used.
  * Threshold·liveness·occlusion (mask/helmet/hat, etc.) policies can be controlled through project options.
</Warning>

## Benefits of FACE AUTH

| Benefit                    | Description                                                                                   |
| -------------------------- | --------------------------------------------------------------------------------------------- |
| **Fast Re-authentication** | Complete with just one selfie without re-shooting ID                                          |
| **Security Enhancement**   | Protect accounts as an additional factor alongside password·OTP                               |
| **Policy Flexibility**     | Detailed settings by situation such as face match threshold, liveness, occlusion blocking     |
| **Simple Integration**     | Operates as an add-on dependent on existing eKYC project, maintaining operational consistency |

***

## Project Creation and Settings

To use FACE AUTH, first create an Add-On project in the dashboard and set policies (threshold·liveness·occlusion).

### Step 1: Create Add-On Project

Select **Add-On menu → 'Create Project'** in the dashboard to create a new FACE AUTH project.

Dependency connection with eKYC project is formed immediately upon creation, and Add-On URL and API key are automatically mapped.

```
Path: Dashboard > Add-On > Create Project
```

<Frame caption="Screen before project creation">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/addon-setting/addon-create.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=be7dcab4be72d564a12bd179d2d289c0" alt="Add-On project creation screen" width="1853" height="564" data-path="images/dashboard/new/addon-setting/addon-create.png" />
</Frame>

<Frame caption="Screen after project creation">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/addon-setting/project_made.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=87ec5bab371770b41e2ab9aafbb18bf9" alt="Add-On project creation screen" width="1876" height="217" data-path="images/dashboard/new/addon-setting/project_made.png" />
</Frame>

### Step 2: Project Information Settings

Specify project name·logo in the settings screen, and set button/URL to move to after authentication submission completion.

<Frame caption="Project information settings screen">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/addon-setting/project-setting.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=e84daae58c03d1f6af172973c9be29c3" alt="Add-On project creation screen" width="1853" height="359" data-path="images/dashboard/new/addon-setting/project-setting.png" />
</Frame>

| Setting Item       | Description                                                                       |
| ------------------ | --------------------------------------------------------------------------------- |
| **Project Name**   | Displayed as title on authentication start screen                                 |
| **Project Status** | Service (Normal Operation) / Closed (Authentication Disabled)                     |
| **Add on Logo**    | Displayed at top of first authentication screen (ARGOS logo displayed if not set) |
| **Return URL**     | URL where user is redirected after authentication completion                      |

### Step 3: Policy (Threshold) Settings

<Info>
  Thresholds are **more lenient when lower, stricter when higher**. Adjust step by step to match service risk·UX goals.
</Info>

<Frame caption="Project policy settings screen">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/addon-setting/project-threshold-set.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=b3f4108eaf1409b356094b71ff0fb109" alt="Add-On project creation screen" width="1859" height="428" data-path="images/dashboard/new/addon-setting/project-threshold-set.png" />
</Frame>

| Policy Item                       | Description                                                              | Recommended Value |
| --------------------------------- | ------------------------------------------------------------------------ | ----------------- |
| **Face Authentication Threshold** | Criteria for judging if same person as eKYC approved user's face         | 98 points         |
| **Liveness**                      | Determines if shot selfie is of an actual living person (Passive/Active) | 70 points         |
| **Face Occlusion**                | Checks if face is not occluded by other objects during authentication    | -                 |

<Note>
  Face occlusion and face occlusion threshold **cannot be used simultaneously**.
</Note>

**Special Environment Options:**

* **Head Occlusion Threshold**: Environments requiring safety helmet (bike, construction site, etc.)
* **Face Occlusion Threshold**: Environments requiring mask (hospital, construction site, etc.)

### Step 4: Add-On URL Parameters and Encryption Settings

Required parameters must be registered to use FACE AUTH URL.

**Required Parameters:**

| Parameter | Description                                                                                      |
| --------- | ------------------------------------------------------------------------------------------------ |
| `pid`     | Add-On project ID (included in URL path/parameters)                                              |
| `sid`     | eKYC Submission ID (Add-On authentication possible only in approved status, encryption required) |

**URL Pattern Example:**

```
...?pid={ADDON_PID}&encrypted={encrypted}
```

<Tip>
  In the `encrypted` statement, use Submission ID as `sid` and Token ID as `token`.
</Tip>

#### Token Expiration Condition Settings

You can configure limited access control through Token ID.

<Frame caption="Project token settings screen">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/addon-setting/project-token-expiration.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=28056b8da1ad1c439b10eafa403d8d93" alt="Add-On project creation screen" width="1859" height="472" data-path="images/dashboard/new/addon-setting/project-token-expiration.png" />
</Frame>

| Expiration Condition       | Description                                                   |
| -------------------------- | ------------------------------------------------------------- |
| **Usage-based Expiration** | Expire the Token ID when token is used once                   |
| **Time-based Expiration**  | Measure time from when token is used once and expire Token ID |

<Note>
  Expiration triggering condition is when **"Start" button is clicked** on the first FACE AUTH screen.
</Note>

***

## Providing to Users

FACE AUTH can be provided in two ways.

<Tabs>
  <Tab title="A. Add-On URL (Recommended)">
    Guide users to open the Add-On URL to proceed with re-authentication through selfie shooting on the web screen.

    **Required Parameters:**

    * `pid={AddOn Project ID}` — included in the URL query string in plaintext
    * `encrypted={...}` — must contain `sid={Approved eKYC Submission ID}` inside, AES-256 encrypted (see [Step 4](#step-4-add-on-url-parameters-and-encryption-settings))

    ```text URL pattern theme={null}
    https://form.argosidentity.com/face-auth?pid={ADDON_PID}&encrypted={encrypted}
    ```

    **Desktop → Mobile Transition:**
    When opened on PC, QR code is displayed so users can scan with their phone and continue shooting.

    <Check>
      **Checklist**

      * ✅ Connect Add-On URL to link/button
      * ✅ Verify `sid` is not missing and refers to an `approved` eKYC submission
      * ✅ Security-sensitive parameters such as `sid` must be embedded inside `encrypted` — never exposed in plaintext
      * ✅ If desktop traffic is high, place QR transition guide text at top fixed position
    </Check>
  </Tab>

  <Tab title="B. API-based Integration">
    Expose FACE AUTH in your own UI with buttons·modals·step-based flow, and call Add-On via API from backend.

    <Warning>
      **Active Liveness is not supported** when proceeding with API method.

      * faceImage recommended specs: 960 x 720
      * Requires a **separate API Key** different from existing liveform API Key.
    </Warning>

    <Check>
      **Checklist**

      * ✅ Verify Add-On project creation linked to eKYC approval history (registered copy)
      * ✅ Implement logic to pass pid·submissionId when calling
      * ✅ Route to next step in success/failure callbacks
    </Check>

    <Card title="POST/Face Auth API Documentation" icon="code" href="/en/idcheck/add-on/post-faceauth">
      Learn API-based integration methods in detail.
    </Card>
  </Tab>
</Tabs>

### Operation Verification (Smoke Test)

* Whether authentication screen appears when Add-On URL is called with approved submissionId
* Whether QR display and mobile transition are natural when entering from PC
* Whether results are stored·queried as Add-On submission (Auth ID) after shooting

<Frame caption="Normal authentication screen and error screen when sid is used incorrectly">
  <img src="https://mintcdn.com/argosidentity/9nmfC9DUN64YxjGL/images/dashboard/addon-setting/normal_error_page.png?fit=max&auto=format&n=9nmfC9DUN64YxjGL&q=85&s=27127ce3bd084f39782d53218e403389" alt="Add-On project creation screen" width="1080" height="899" data-path="images/dashboard/addon-setting/normal_error_page.png" />
</Frame>

***

## AUTH ID - Authentication Result Verification

Auth ID refers to one result (submission) of FACE AUTH (add-on). Same-person judgment comparing registered copy (face approved from eKYC previously) with this selfie (verified copy), applied policy snapshot, and processing timeline are recorded together.

### View Results in Dashboard

```
Dashboard > Add-On (FACE AUTH) Project > Submission (Auth ID) List > Detail View
```

**Information viewable in list screen:**

* Time
* AUTH ID (TARGET)
* Submission ID (Reference)
* Status

**Information viewable in detail screen:**

* Policy snapshot
* Score/threshold
* Liveness·occlusion results
* Comparison images
* Logs

<Frame caption="Auth ID dashboard of Add-On project">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/addon-setting/auth_id_list.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=d9760c65c611b52a3c18ced3022551fc" alt="Auth ID dashboard of Add-On project" width="3718" height="1639" data-path="images/dashboard/new/addon-setting/auth_id_list.png" />
</Frame>

### Auth ID Detail Information

| Field                 | Description                                                                      |
| --------------------- | -------------------------------------------------------------------------------- |
| **Authentication ID** | Unique identifier for the submission                                             |
| **Submission ID**     | Previously approved submission referenced as comparison target during submission |
| **Status**            | Displays authentication result as Approved, Rejected                             |
| **Policy**            | Project options applied when the submission was processed                        |
| **FACE Similarity**   | Similarity between selfie images measured during authentication                  |
| **Liveness**          | Liveness score of submitted selfie                                               |
| **Face Occluded**     | Result judging if face is occluded as Pass / Fail                                |

<Note>
  Reference information prioritizes Selfie comparison, and if Selfie is not available, calls ID portrait as secondary for comparison.
</Note>

<Frame caption="Auth ID detail screen of Add-On project">
  <img src="https://mintcdn.com/argosidentity/352WpTnZFyEfW7I6/images/dashboard/new/addon-setting/auth_id_detail.png?fit=max&auto=format&n=352WpTnZFyEfW7I6&q=85&s=52c8b5e2200719a6c63977312b408af6" alt="Auth ID dashboard of Add-On project" width="1782" height="1288" data-path="images/dashboard/new/addon-setting/auth_id_detail.png" />
</Frame>

***

## Real-time Integration via Webhook

When FACE AUTH is completed and final results are available, results are **automatically sent to the Webhook URL** registered in the existing ID Check project.

Trigger type: `"faceAuth"`

```json theme={null}
{
  "webhook_trigger": "faceAuth",
  "Authentication_id": "AUTH_...",
  "data": {
    "Submission_id": "SUB_...",
    "Auth_Status": "approved | rejected",
    "Create_Time": "UTC+0",
    "User_id": "optional",
    "cf1": "optional",
    "cf2": "optional",
    "cf3": "optional",
    "reference": {
      "userid": "optional",
      "email": "optional",
      "cf": { "cf1": "optional", "cf2": "optional", "cf3": "optional" }
    }
  }
}
```

<Check>
  **Implementation Checklist**

  * ✅ Register Webhook URL (project unit) and confirm receipt with 2xx response
  * ✅ Duplicate receipt prevention: Check duplicates based on Authentication\_id
  * ✅ Timezone processing: Create\_Time(UTC+0) → Convert to internal standard time if needed
  * ✅ Key mapping: Map to internal users/requests with Submission\_id, User\_id, cf1\~3
  * ✅ Audit logging: Store original payload and routing results together
</Check>

<Tip>
  Administrators can read operation-friendly through dashboard, and development teams can automate systems via webhook simultaneously. Consistently view status·score·policy·timeline by Auth ID unit, and immediately connect to internal system flow using Authentication\_id/Submission\_id from webhook.
</Tip>

***

## Checklist for Quick Adoption

<Steps>
  <Step title="Create Project">
    Create FACE AUTH project in Dashboard → Add-On.
  </Step>

  <Step title="Set Policy Values">
    Set face match threshold / liveness / occlusion blocking (ON/OFF).
  </Step>

  <Step title="Obtain eKYC Approved Submission">
    Approved eKYC Submission to use as Reference is required.
  </Step>

  <Step title="Design Call">
    Include pid + Submission ID in Add-On URL (consider desktop→QR→mobile flow)
  </Step>

  <Step title="Result Verification Routine">
    Monitor Auth ID (submission) status·policy·comparison results in dashboard.
  </Step>
</Steps>

### Operation Tips

<Tip>
  * Start policy initial values somewhat **conservatively** → Gradually tune thresholds while viewing actual service data
  * **Monitoring Metrics**: Re-authentication success rate, drop-off rate, average authentication time, risk event blocking rate, reset/change completion rate
  * **UX Design**: If desktop entry rate is high, clearly guide QR transition flow, and provide minimal text authentication guide for mobile users
</Tip>

***

## Related Documentation

<CardGroup cols={2}>
  <Card title="Add-On API Overview" icon="puzzle-piece" href="/en/idcheck/add-on/overview">
    View complete overview of Add-On service.
  </Card>

  <Card title="POST/Face Auth API" icon="code" href="/en/idcheck/add-on/post-faceauth">
    Learn how to integrate FACE AUTH via API.
  </Card>

  <Card title="FACE AUTH Webhook" icon="webhook" href="/en/idcheck/add-on/add-on-webhook">
    Learn how to receive FACE AUTH results via webhook.
  </Card>

  <Card title="Encryption Guide" icon="lock" href="/en/idcheck/getting-started/encrypt-and-decrypt-data/overview">
    Learn URL encryption methods.
  </Card>
</CardGroup>
