Skip to main content
FACE AUTH is an add-on service that instantly verifies identity by comparing the selfie from an existing eKYC Submission ID (Reference) with the user’s latest selfie (Target). Re-authentication can be completed with just one selfie without any complicated processes.

Key Use Scenarios

By re-confirming identity with just one selfie instead of passwords or authentication codes, you can strengthen security while reducing user friction.

Device Change

Used as a re-authentication method by financial institutions to reduce account takeover risk during device or phone number changes.

Re-authentication on Anomaly Detection

ATO Prevention - Apply access block/unblock policies with additional facial authentication when high-risk login, overseas access, or mass attempts are detected.

Periodic Identity Re-verification

Periodic KYC Refresh - Use as a periodic identity verification procedure for high-value services and regulated industries.

Password Recovery/Information Change

Insert as an identity verification step before password reset, payment method, or contact information changes.

How It Works (3-Step)

1

Prerequisites

An approved Submission from eKYC must exist. (Reference)
2

Process

Call Add-On URL (include pid + Submission ID) → Capture selfie
When entering from desktop, a QR is displayed → Continue on mobile to capture.
3

Determination/Storage

Automatic comparison of registered vs verification selfie → Results are stored in the dashboard as Auth ID (submission).
Key Checks
  • An approved Submission ID must exist. (Reference)
  • When using the FACE AUTH URL, use encryption for security.
  • Threshold, liveness, and occlusion (mask/helmet/hat, etc.) policies can be controlled via project options.

Benefits of FACE AUTH

BenefitDescription
Fast Re-authenticationComplete with just one selfie without re-capturing ID document
Enhanced SecurityAccount protection as an additional factor combined with password/OTP
Policy FlexibilityGranular settings for facial match threshold, liveness, occlusion blocking by situation
Simple IntegrationMaintains operational consistency as an add-on dependent on existing eKYC project

Project Creation and Settings

To use FACE AUTH, first create an Add-On project in the dashboard and configure policies (threshold, liveness, occlusion).

Step 1: Create Add-On Project

Select Add-On menu → ‘Create Project’ in the dashboard to create a new FACE AUTH project. Upon creation, a dependent connection to the eKYC project is formed, and the Add-On URL and API key are automatically mapped. 
Path: Dashboard > Add-On > Create Project
Add-On Project Creation Screen

Screen Before Project Creation

Add-On Project Creation Screen

Screen After Project Creation

Step 2: Project Information Settings

In the settings screen, specify the project name and logo, and set the button/URL to navigate to after authentication submission is complete.
Add-On Project Creation Screen

Project Information Settings Screen

Setting ItemDescription
Project NameDisplayed as the title on the authentication start screen
Project StatusService (normal operation) / Closed (authentication not available)
Add on LogoDisplayed at the top of the first authentication screen (ARGOS logo displayed if not set)
Return URLURL where the user is redirected after authentication completion

Step 3: Policy (Threshold) Settings

Thresholds are more lenient when lower, stricter when higher. Adjust gradually according to your service risk and UX goals.
Add-On Project Creation Screen

Project Policy Settings Screen

Policy ItemDescriptionRecommended Value
Face Authentication ThresholdCriteria for determining identity match with eKYC approved user’s face98 points
LivenessDetermines if the captured selfie is a real living person (Passive/Active)70 points
Face OcclusionChecks if the face is not obscured by other objects during authentication-
Face occlusion and face occlusion threshold cannot be used simultaneously.
Special Environment Options:
  • Head Occlusion Threshold: For environments requiring helmet use (motorcycles, construction sites, etc.)
  • Face Occlusion Threshold: For environments requiring mask use (hospitals, construction sites, etc.)

Step 4: Add-On URL Parameters and Encryption Settings

Required parameters must be registered to use the FACE AUTH URL. Required Parameters:
ParameterDescription
pidAdd-On Project ID (included in URL path/parameter)
sideKYC Submission ID (Add-On authentication only available in approved state, encryption required)
URL Pattern Example: 
...?pid={ADDON_PID}&encrypted={encrypted}
In the encrypted statement, Submission ID is represented as sid and Token ID as token.

Token Expiration Condition Settings

Limited access control can be configured through Token ID.
Add-On Project Creation Screen

Project Token Settings Screen

Expiration ConditionDescription
Count-based ExpirationExpires Token ID when token is used once
Time-based ExpirationExpires Token ID after measuring time from when token is first used
The expiration triggering condition is when the “Start” button is clicked on the first FACE AUTH screen.

Providing to Users

FACE AUTH can be provided in two ways.

Verification (Smoke Test)

  • Check if authentication screen appears when calling Add-On URL with approved submissionId
  • Check if QR display and mobile transition work smoothly on PC entry
  • Check if results are saved and queryable as Add-On submission (Auth ID) after capture
Add-On Project Creation Screen

Normal authentication screen and error screen when using incorrect sid

AUTH ID - Checking Authentication Results

Auth ID refers to the result (submission) of a single FACE AUTH (add-on). It records the identity determination comparing the registered selfie (previously approved via eKYC) with the current selfie (verification), along with the applied policy snapshot and processing timeline.

Checking Results in Dashboard

Dashboard > Add-On (FACE AUTH) Project > Submission (Auth ID) List > View Details
Information viewable on the list screen:
  • Time
  • AUTH ID (TARGET)
  • Submission ID (Reference)
  • Status
Information viewable on the details screen:
  • Policy snapshot
  • Score/threshold
  • Liveness and occlusion results
  • Comparison images
  • Logs
Auth ID Dashboard of Add-On Project

Auth ID Dashboard of Add-On Project

Auth ID Detailed Information

FieldDescription
Authentication IDUnique identifier for this submission
Submission IDPreviously approved submission referenced for comparison at submission time
StatusAuthentication result displayed as Approved or Rejected
PolicyProject options applied when this submission was processed
FACE SimilaritySimilarity measured between selfie images during authentication
LivenessLiveness score of the submitted selfie
Face OccludedPass / Fail result determining if face was occluded
Reference information prioritizes comparing Selfie, and if Selfie is unavailable, the portrait from the ID document is used as secondary comparison.
Auth ID Dashboard of Add-On Project

Auth ID Detail Screen of Add-On Project

Real-time Integration via Webhook

When FACE AUTH is completed and final results are determined, results are automatically sent to the Webhook URL registered in the existing ID Check project. Trigger type: "faceAuth" 
{
  "webhook_trigger": "faceAuth",
  "Authentication_id": "AUTH_...",
  "data": {
    "Submission_id": "SUB_...",
    "Auth_Status": "approved | rejected",
    "Create_Time": "UTC+0",
    "User_id": "optional",
    "cf1": "optional",
    "cf2": "optional",
    "cf3": "optional",
    "reference": {
      "userid": "optional",
      "email": "optional",
      "cf": { "cf1": "optional", "cf2": "optional", "cf3": "optional" }
    }
  }
}
Implementation Checklist
  • ✅ Register Webhook URL (per project) and confirm receipt with 2xx response
  • ✅ Implement duplicate receipt prevention: Check duplicates based on Authentication_id
  • ✅ Timezone handling: Create_Time (UTC+0) → Convert to internal standard time if needed
  • ✅ Key mapping: Map to internal users/requests using Submission_id, User_id, cf1~3
  • ✅ Audit logging: Store original payload along with routing results
Dashboard provides manager-friendly operational reading, while development teams can proceed with system automation via webhooks simultaneously. View status, scores, policies, and timelines consistently per Auth ID, and connect immediately to internal system flows using Authentication_id/Submission_id from webhooks.

Quick Deployment Checklist

1

Create Project

Create a FACE AUTH project in Dashboard → Add On.
2

Configure Policy Values

Set face match threshold / liveness / occlusion blocking (ON/OFF).
3

Secure eKYC Approved Submission

An approved eKYC Submission is needed to use as Reference.
4

Design Call Flow

Include pid + Submission ID in Add-On URL (consider desktop→QR→mobile flow)
5

Result Verification Routine

Monitor Auth ID (submission) status, policies, and comparison results in dashboard.

Operational Tips

  • Start with somewhat conservative initial policy values → Gradually tune thresholds based on actual service data
  • Monitoring metrics: Re-authentication success rate, drop-off rate, average authentication time, threat event block rate, reset/change completion rate
  • UX design: If desktop entry rate is high, clearly guide QR transition flow; for mobile users, provide authentication guidance with minimal text

Add-On API Overview

Check the complete Add-On service overview.

POST/Face Auth API

Check FACE AUTH integration via API.

FACE AUTH Webhook

Learn how to receive FACE AUTH results via webhook.

Encryption Guide

Check URL encryption methods.