> ## Documentation Index
> Fetch the complete documentation index at: https://developers.argosidentity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting Started

> Add-on is a feature that performs additional authentication for approved submissions in customer projects. Currently, facial authentication (FaceAuth) is supported, and additional authentication methods such as identity documents, documents, and certificates will be introduced in the future. <br /> FaceAuth is a process that further verifies identity by comparing the selfie image of a user approved in the ID Check process with the selfie image obtained during the FaceAuth process. <br /> Administrators can additionally verify the identity through Add-on even after the initial identity verification, which enhances the reliability of identity verification.

## How FaceAuth Is Delivered — Two Options

FaceAuth can be delivered in two ways. **We recommend the Face Auth URL method**, which removes the need to build your own camera UI and supports Active Liveness.

<CardGroup cols={2}>
  <Card title="A. Face Auth URL (Recommended)" icon="link" href="/dashboard/en/face-auth-guide">
    Selfie capture happens on an ARGOS-hosted page (similar to Liveform). No client-side camera implementation is required, and the project policy can enable **Liveness (Passive/Active)** and occlusion (mask/helmet) controls.
  </Card>

  <Card title="B. POST /faceauth API" icon="code" href="/en/idcheck/add-on/post-faceauth">
    Your app implements the camera UI and posts the captured `faceImage` file to the API. **Active Liveness is not supported** — only face similarity is compared.
  </Card>
</CardGroup>

<Tip>
  **If spoofing via replayed screens or printed photos is a concern, use the URL method.** The POST API method judges a single submitted image on similarity alone and cannot verify that the user is physically present. The URL method lets you set a **Liveness threshold** in the project policy to block screen-replay and still-photo attacks.
</Tip>

For dashboard policy setup (thresholds, liveness, occlusion) and end-to-end use cases for both methods, see the [FACE AUTH guide](/dashboard/en/face-auth-guide). The remainder of this page covers parameters and the auth flow for **Method A (Face Auth URL)**. For **Method B (POST API)**, see the [POST/Faceauth](/en/idcheck/add-on/post-faceauth) page.

## QueryString for Accessing FaceAuth

FaceAuth is a sub-project of ID check, and administrators can create as many projects as they want. To deliver additional authentication via the FaceAuth URL method, **use the Face Auth URL within the Add-on project.** <br />
To reference a submission\_Id that has been approved through ID document or Knowledge-based where a selfie image exists, it must be added to the URL through QueryString, and for security purposes, it must always be used in an encrypted state.<br />
Encryption must use the API key within the FaceAuth project and uses AES-256. <br />
For detailed methods, please refer to [Query String Encryption in the Data Encryption and Decryption page](https://developers.argosidentity.com/en/idcheck/getting-started/encrypt-and-decrypt-data/overview#2-query-string-encryption).

```text Face Auth URL theme={null}
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}
```

```text Face Auth QueryString basic: Only add the submission_Id to reference theme={null}
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}&encrypted={sid={submission_Id}}
```

```text Face Auth QueryString with all parameters: sid, authUserId, authCf1, authCf2, authCf3, token theme={null}
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}&encrypted={sid={submission_Id}&authUserId={user Id}&authCf1={additional_info}&...&token={any tokenId}}
```

```text When encrypted theme={null}
  https://form.argosidentity.com/face-auth?pid={faceAuth_projectId}&encrypted={encrypted}
```

## Definition of Request Parameters

<ResponseField name="pid" type="string" required>
  Unique number assigned to the project when creating a FaceAuth project (automatically attached to the URL)
</ResponseField>

<ResponseField name="sid" type="string" required>
  submission\_Id approved through ID document or Knowledge-based (sid is used for distinction)
</ResponseField>

<ResponseField name="authUserId" type="string">
  User Id that the administrator will assign to the user (this could be the user Id in the administrator's service or the same userId used in ID document or Knowledge-based)
</ResponseField>

<ResponseField name="authCf1" type="string">
  Additional information that the administrator will assign to the user (e.g., email address, etc.)
</ResponseField>

<ResponseField name="authCf2" type="string">
  Additional information that the administrator will assign to the user (same as authCf1)
</ResponseField>

<ResponseField name="authCf3" type="string">
  Additional information that the administrator will assign to the user (same as authCf1)
</ResponseField>

<ResponseField name="token" type="string">
  Token that the administrator will add to the URL for security purposes. <br />
  **Note!**: This token operates separately from the pre-registered token in private mode.

  <Accordion title="How FaceAuth token works">
    The token is designed to assign a unique URL to each user when they authenticate through FaceAuth. <br />
    To apply a token, you must enable the token expiration condition setting option in the FaceAuth project, and it works as follows:

    * Count-based expiration: When the token is used once, the Token ID is immediately expired.
    * Time-based expiration: When the time has elapsed from the point when the token was used once, the Token ID is expired.

    This token operates separately from the main project's private mode token or pre-registered token. <br />
    For example, you can specify an arbitrary tokenId set by the administrator in the token, and even if you reuse the token used in the main project, it works because it is viewed separately.
    For a guide on enabling the token expiration condition setting option in the FaceAuth project, please refer to [FACE AUTH guide — Token Expiration Condition Settings](/dashboard/en/face-auth-guide#token-expiration-condition-settings).
  </Accordion>
</ResponseField>

<Note>
  For approved cases where no selfie image exists, the portrait image from the ID document will be used instead.
</Note>

## Add-on API Endpoints

<CardGroup cols={2}>
  <Card title=" POST/FaceAuth" icon="person-circle-plus" href="/en/idcheck/add-on/post-faceauth">
    FaceAuth Submission
  </Card>

  <Card title="GET/FaceAuth" icon="person-circle-check" href="/en/idcheck/add-on/get-faceauth">
    FaceAuth Retrieval
  </Card>

  <Card title="GET/FaceAuth/Image" icon="person-circle-check" href="/en/idcheck/add-on/get-faceauth_image">
    FaceAuth Image Retrieval
  </Card>

  <Card title="DELETE/FaceAuth" icon="person-circle-xmark" href="/en/idcheck/add-on/delete-faceauth">
    FaceAuth Deletion
  </Card>
</CardGroup>

## Webhook

<CardGroup cols={3}>
  <Card title="Faceauth" icon="person-circle-plus" href="/en/idcheck/add-on/add-on-webhook">
    FaceAuth Webhook
  </Card>
</CardGroup>

## API Key

The Add-on API key serves to verify and authenticate client and server requests and is different from the project's API key. It verifies the requester's authentication information, and Argos Identity provides the appropriate response according to the request.

## How to Check Add-on API Key

<Steps>
  <Step title="Dashboard Login">
    Log in to the ID Check [dashboard](https://idcheck.argosidentity.com/).
  </Step>

  <Step title="Access Settings Menu">
    Click the `Add-on` menu in the top navigation bar of the dashboard.
  </Step>

  <Step title="Create Project">
    Click the `Create Project` button on the Add-on page to create a project.

    <img height="200" src="https://mintcdn.com/argosidentity/gyvtEs7dv5_zfdlr/images/add-ons/add_on_en.png?fit=max&auto=format&n=gyvtEs7dv5_zfdlr&q=85&s=a9501f7b51b1333151c2cd65f72298da" data-path="images/add-ons/add_on_en.png" />
  </Step>

  <Step title="Create Project">
    After creating the project, click the `Edit` button on the Add-on page and check the `API` key.
    Find the `API` key section and click the right icon to copy and use the API key.

    <img height="200" src="https://mintcdn.com/argosidentity/gyvtEs7dv5_zfdlr/images/add-ons/add_on_api_en.png?fit=max&auto=format&n=gyvtEs7dv5_zfdlr&q=85&s=77deca4cc4b23ed125083c540cbf17e6" data-path="images/add-ons/add_on_api_en.png" />
  </Step>
</Steps>

## HTTP Response Status Codes

HTTP response codes indicate the status of requests. Each response code follows these rules:

* `2xx`  Successful requests
* `4xx`  Client errors
* `5xx`  Server errors

| HTTP Status Code |                                Message                               |                                                                      Description                                                                     |
| :--------------: | :------------------------------------------------------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------: |
|       `200`      |                                  OK                                  |                                                        The request was successfully processed.                                                       |
|       `400`      |                    Invalid Query String parameters                   |   The request could not be processed. Required parameters are missing or parameter format is incorrect. Please check the request parameters again.   |
|       `403`      | User is not authorized to access this resource with an explicit deny |                                        Access denied. The request was made from an IP that is not whitelisted.                                       |
|       `403`      |                               Forbidden                              |                                                Access denied. An incorrect API key may have been used.                                               |
|       `413`      |                       Request Entity Too Large                       | The request is too large. The request contains data that exceeds the size that the server can process. Please reduce the request data and try again. |
|       `500`      |                         Internal Server Error                        |                         A server error occurred. There may be an issue with the Argos server. Please contact the Argos team.                         |
|       `502`      |                              Bad Gateway                             |                  The server received an invalid response from the upstream server. Please try again later or contact the Argos team.                 |