Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developers.argosidentity.com/llms.txt

Use this file to discover all available pages before exploring further.

How FaceAuth Is Delivered — Two Options

FaceAuth can be delivered in two ways. We recommend the Face Auth URL method, which removes the need to build your own camera UI and supports Active Liveness.

A. Face Auth URL (Recommended)

Selfie capture happens on an ARGOS-hosted page (similar to Liveform). No client-side camera implementation is required, and the project policy can enable Liveness (Passive/Active) and occlusion (mask/helmet) controls.

B. POST /faceauth API

Your app implements the camera UI and posts the captured faceImage file to the API. Active Liveness is not supported — only face similarity is compared.
If spoofing via replayed screens or printed photos is a concern, use the URL method. The POST API method judges a single submitted image on similarity alone and cannot verify that the user is physically present. The URL method lets you set a Liveness threshold in the project policy to block screen-replay and still-photo attacks.
For dashboard policy setup (thresholds, liveness, occlusion) and end-to-end use cases for both methods, see the FACE AUTH guide. The remainder of this page covers parameters and the auth flow for Method A (Face Auth URL). For Method B (POST API), see the POST/Faceauth page.

QueryString for Accessing FaceAuth

FaceAuth is a sub-project of ID check, and administrators can create as many projects as they want. To deliver additional authentication via the FaceAuth URL method, use the Face Auth URL within the Add-on project.
To reference a submission_Id that has been approved through ID document or Knowledge-based where a selfie image exists, it must be added to the URL through QueryString, and for security purposes, it must always be used in an encrypted state.
Encryption must use the API key within the FaceAuth project and uses AES-256.
For detailed methods, please refer to Query String Encryption in the Data Encryption and Decryption page.
Face Auth URL
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}
Face Auth QueryString basic: Only add the submission_Id to reference
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}&encrypted={sid={submission_Id}}
Face Auth QueryString with all parameters: sid, authUserId, authCf1, authCf2, authCf3, token
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}&encrypted={sid={submission_Id}&authUserId={user Id}&authCf1={additional_info}&...&token={any tokenId}}
When encrypted
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}&encrypted={encrypted}

Definition of Request Parameters

pid
string
required
Unique number assigned to the project when creating a FaceAuth project (automatically attached to the URL)
sid
string
required
submission_Id approved through ID document or Knowledge-based (sid is used for distinction)
authUserId
string
User Id that the administrator will assign to the user (this could be the user Id in the administrator’s service or the same userId used in ID document or Knowledge-based)
authCf1
string
Additional information that the administrator will assign to the user (e.g., email address, etc.)
authCf2
string
Additional information that the administrator will assign to the user (same as authCf1)
authCf3
string
Additional information that the administrator will assign to the user (same as authCf1)
token
string
Token that the administrator will add to the URL for security purposes.
Note!: This token operates separately from the pre-registered token in private mode.
The token is designed to assign a unique URL to each user when they authenticate through FaceAuth.
To apply a token, you must enable the token expiration condition setting option in the FaceAuth project, and it works as follows:
  • Count-based expiration: When the token is used once, the Token ID is immediately expired.
  • Time-based expiration: When the time has elapsed from the point when the token was used once, the Token ID is expired.
This token operates separately from the main project’s private mode token or pre-registered token.
For example, you can specify an arbitrary tokenId set by the administrator in the token, and even if you reuse the token used in the main project, it works because it is viewed separately. For a guide on enabling the token expiration condition setting option in the FaceAuth project, please refer to FACE AUTH guide — Token Expiration Condition Settings.
For approved cases where no selfie image exists, the portrait image from the ID document will be used instead.

Add-on API Endpoints

POST/FaceAuth

FaceAuth Submission

GET/FaceAuth

FaceAuth Retrieval

GET/FaceAuth/Image

FaceAuth Image Retrieval

DELETE/FaceAuth

FaceAuth Deletion

Webhook

Faceauth

FaceAuth Webhook

API Key

The Add-on API key serves to verify and authenticate client and server requests and is different from the project’s API key. It verifies the requester’s authentication information, and Argos Identity provides the appropriate response according to the request.

How to Check Add-on API Key

1

Dashboard Login

Log in to the ID Check dashboard.
2

Access Settings Menu

Click the Add-on menu in the top navigation bar of the dashboard.
3

Create Project

Click the Create Project button on the Add-on page to create a project.
4

Create Project

After creating the project, click the Edit button on the Add-on page and check the API key. Find the API key section and click the right icon to copy and use the API key.

HTTP Response Status Codes

HTTP response codes indicate the status of requests. Each response code follows these rules:
  • 2xx Successful requests
  • 4xx Client errors
  • 5xx Server errors
HTTP Status CodeMessageDescription
200OKThe request was successfully processed.
400Invalid Query String parametersThe request could not be processed. Required parameters are missing or parameter format is incorrect. Please check the request parameters again.
403User is not authorized to access this resource with an explicit denyAccess denied. The request was made from an IP that is not whitelisted.
403ForbiddenAccess denied. An incorrect API key may have been used.
413Request Entity Too LargeThe request is too large. The request contains data that exceeds the size that the server can process. Please reduce the request data and try again.
500Internal Server ErrorA server error occurred. There may be an issue with the Argos server. Please contact the Argos team.
502Bad GatewayThe server received an invalid response from the upstream server. Please try again later or contact the Argos team.