Complete ID check Onboarding Guide

This comprehensive guide will take you from zero to production with ARGOS ID check. Whether you’re a developer new to identity verification or migrating from another solution, this guide covers everything you need to know.

Time to Complete: 30-45 minutes for basic integration, 2-3 hours for advanced featuresPrerequisites:

ARGOS Identity account (Sign up here)
Basic knowledge of REST APIs
Development environment with internet access

Part 1: Foundation

Understanding ID check, account setup, and core concepts

Part 2: Integration

Liveform and API integration methods

Part 3: Production

Security, testing, and going live

Part 1: Foundation

What is ARGOS ID check?

ARGOS ID check is a comprehensive identity verification platform that combines AI-powered document verification with fraud detection and compliance features. Core Capabilities:

Document Verification

Verify 20+ document types from 200+ countries including passports, driver’s licenses, national IDs, and residence permits

Data Extraction

Automatically extract and structure data from identity documents with 98%+ accuracy

Fraud Detection

AI algorithms detect forgeries, photo substitutions, and document tampering

Compliance

Built-in KYC/AML compliance with customizable verification rules and audit trails

How It Works:

User Submits Documents

Users upload photos of their ID documents through your application (via Liveform URL or custom UI)

AI Analysis

ARGOS AI engine analyzes documents for authenticity, extracts data fields, and performs liveness checks

Verification Decision

Automated approval/rejection based on your configured rules, or flagged for manual review

Results Delivered

Structured verification data delivered via webhooks and APIs with full audit trail

Account Setup and Dashboard Orientation

Let’s get you set up and familiar with the dashboard.

Create Your Account

Visit idcheck.argosidentity.com
Click “Sign Up” and complete registration
Verify your email address
Log in to access your dashboard

Navigate the Dashboard

Key Dashboard Sections:

Submissions: View and manage all verification submissions
Settings: Configure project settings, webhooks, and security
Access Management: API keys, Liveform URLs, and IP whitelisting
Analytics: Track verification metrics and success rates
Project Settings: Verification rules, document types, and policies

Locate Your API Credentials

Navigate to Settings → Access Management:

API Key: Your authentication key for API requests (keep this secure!)
Project ID (PID): Your unique project identifier
Liveform URL: Your hosted verification page URL

API Key: argos_live_abc123xyz...
Project ID: pid_abc123
Liveform URL: https://form.argosidentity.com?pid=pid_abc123

Security Note: Treat your API key like a password. Never commit it to version control or expose it in client-side code.

Core Concepts You Need to Know

Before diving into integration, let’s understand the key concepts:

Submissions

A submission represents a single identity verification attempt. Each submission has:

Submission ID: Unique identifier (sub_abc123)
KYC Status: approved, rejected, or pending
User Data: Extracted information (name, DOB, nationality, etc.)
Images: Document photos and selfies
Metadata: Timestamps, IP address, device info

Submission Lifecycle:

Created → Processing → Approved/Rejected/Pending → Archived

Liveform vs API Integration

Liveform Integration (Fastest):

Use ARGOS-hosted verification page
Customize via URL parameters
No UI development required
Best for: Quick deployment, mobile apps

API Integration (Most Flexible):

Build custom verification UI
Full programmatic control
Integrate into existing workflows
Best for: Custom UX, complex workflows

You can use both! Many customers use Liveform for standard flows and API for special cases.

Webhooks

Webhooks are real-time HTTP callbacks that notify your server when events occur:

Triggered when submission status changes
Delivered as POST requests to your endpoint
Include full submission data
Support retry mechanism

Event Types:

approved - Verification approved
rejected - Verification rejected
pending - Manual review required
updated - Data updated
deleted - Submission deleted

Example webhook payload:

{
  "webhook_trigger": "approved",
  "submissionId": "sub_abc123",
  "kycStatus": "approved",
  "email": "user@example.com",
  "fullName": "John Doe",
  "birthDate": "1990-01-01"
}

Query Parameters and Tokens

Query Parameters customize Liveform behavior:

Pre-fill user data (email, userid)
Restrict countries/document types
Override verification policies
Control form fields

Tokens enable private mode:

One-time use URLs
Prevent URL sharing
Expire after 3 minutes or first use
Up to 100,000 tokens per project

Learn more: Query String Guide

Encryption and Security

ID check supports multiple encryption layers:1. Query String Encryption (AES-256-ECB):

Encrypt sensitive URL parameters
Protect user data in transit

2. Secure Data Transfer (AES-256-ECB/CBC):

Encrypt API request/response bodies
Encrypt webhook payloads

3. Custom Secret Keys:

Generate dedicated encryption keys
Separate from API keys

Learn more: Encryption Guide

Part 2: Integration

Now let’s integrate ID check into your application. Choose your integration method:

Liveform Integration
API Integration

Liveform Integration (Recommended for Beginners)

The fastest way to get identity verification working in your app.

Step 1: Basic Liveform Setup

Get Your Liveform URL

Log in to Dashboard
Go to Settings → Access Management
Copy your Liveform URL:

https://form.argosidentity.com?pid={your_project_id}

Test the Basic Flow

Open the URL in your browser to see the default verification flow:

Desktop: Shows QR code for mobile scanning
Mobile: Direct verification interface

Integrate into Your App

For Web Apps:

<a href="https://form.argosidentity.com?pid={your_pid}" target="_blank">
  Verify Your Identity
</a>

For Mobile Apps:

// React Native example
import { Linking } from 'react-native';

const verifyIdentity = () => {
  Linking.openURL('https://form.argosidentity.com?pid={your_pid}');
};

For Backend Redirect:

// Node.js Express example
app.get('/verify', (req, res) => {
  res.redirect('https://form.argosidentity.com?pid={your_pid}');
});

Step 2: Customize with Query Parameters

Enhance the user experience by pre-filling data and customizing behavior.

Pre-fill User Information

Pass user data to skip data entry:

const email = "user@example.com";
const userid = "user_12345";
const cf1 = "campaign_summer2024";

const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&email=${encodeURIComponent(email)}&userid=${userid}&cf1=${cf1}`;

Available Parameters:

Parameter	Type	Description	Example
`email`	string	User’s email	`user@example.com`
`userid`	string	Your internal user ID	`user_12345`
`cf1`, `cf2`, `cf3`	string	Custom fields for metadata	`campaign_id`
`sid`	string	Submission ID (for updates)	`sub_abc123`

Use custom fields (cf1, cf2, cf3) to track campaign IDs, user segments, or any metadata you need for analytics.

Bypass Verification Policies

Override dashboard settings for specific users:

const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&blacklistCountries=false&ageLimit=false&rejectDuplicateUser=true`;

Policy Overrides:

Parameter	Type	Description
`blacklistCountries`	boolean	Set `false` to allow blacklisted countries
`ageLimit`	boolean	Set `false` to disable age restrictions
`approvePeriod`	boolean	Set `false` to disable duplicate check for approved
`rejectPeriod`	boolean	Set `false` to disable duplicate check for rejected
`rejectDuplicateUser`	boolean	Set `true` to enable duplicate prevention

Only use policy overrides when you have specific business requirements. Most apps should rely on dashboard settings.

Restrict Countries and Document Types

Control which countries and ID types users can select:Step 1: Prepare configuration

const config = {
  allowedCountries: "USA,KOR,JPN",  // ISO Alpha-3 codes
  allowedIdTypes: "passport,drivers_license,government_id"
};

Step 2: Encrypt the configuration

const CryptoJS = require('crypto-js');

function encryptQueryParams(data, apiKey) {
  const hashedKey = CryptoJS.SHA256(apiKey);
  const encrypted = CryptoJS.AES.encrypt(
    JSON.stringify(data),
    hashedKey,
    { mode: CryptoJS.mode.ECB }
  );
  return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

const encryptedConfig = encryptQueryParams(config, YOUR_API_KEY);

Step 3: Build URL

const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&encrypted=${encodeURIComponent(encryptedConfig)}`;

Available ID Types:

passport
drivers_license
government_id
residence_permit
pancard
aadhaar
identification_card

Country Codes: See Supported Countries

Encryption is required for allowedCountries, allowedIdTypes, and other sensitive parameters. See the Encryption Guide.

Pre-select Country and Document Type

Skip the selection screens for a faster flow:

const config = {
  selectedIssuingCountry: "USA",
  selectedIdType: "drivers_license"
};

const encryptedConfig = encryptQueryParams(config, YOUR_API_KEY);
const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&encrypted=${encodeURIComponent(encryptedConfig)}`;

selectedIdType must be used with selectedIssuingCountry
Cannot be used simultaneously with allowedCountries or allowedIdTypes

Enable Phone Number Verification

Collect and verify phone numbers via SMS:

const config = {
  auxidField: "phoneNumber"
};

const encryptedConfig = encryptQueryParams(config, YOUR_API_KEY);
const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&encrypted=${encodeURIComponent(encryptedConfig)}`;

Important:

Phone verification uses SMS OTP
91 countries currently don’t support SMS verification (see list)
Cannot be used with selectedIssuingCountry and selectedIdType (will be fixed in future update)

Phone verification adds an extra layer of security by confirming the user has access to the phone number.

Step 3: Implement Private Mode (Optional)

Private mode uses tokens to create one-time-use verification URLs.Use Cases:

Prevent URL sharing between users
Ensure each verification is unique
Add expiration to verification links
Track specific user sessions

curl -X POST 'https://rest-api.argosidentity.com/v3/submission/tokens' \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: text/plain' \
  -d '{
    "tokenId": [
      "user-session-001",
      "user-session-002",
      "verification-abc123"
    ]
  }'

Response:

{
  "success": true,
  "message": "All tokens are now in the pool",
  "summary": {
    "totalSubmitted": 3,
    "currentCount": 3,
    "processed": 3,
    "failed": 0
  }
}

Generate Tokenized URL

const tokenId = "user-session-001";
const secureUrl = `https://form.argosidentity.com?pid={your_pid}&token=${tokenId}`;

// Send this URL to the user
sendEmail(userEmail, `Complete verification: ${secureUrl}`);

Handle Token Expiration

Tokens become invalid when:

More than 3 minutes have passed since first use
A submission with the token reaches determined status (approved/rejected/pending)

Error Handling:

// User sees error if token is invalid
// Generate a new token for the user:

const newToken = `user-session-${Date.now()}`;

await fetch('https://rest-api.argosidentity.com/v3/submission/tokens', {
  method: 'POST',
  headers: {
    'x-api-key': YOUR_API_KEY,
    'Content-Type': 'text/plain'
  },
  body: JSON.stringify({ tokenId: [newToken] })
});

const newUrl = `https://form.argosidentity.com?pid={your_pid}&token=${newToken}`;

Token Limitations:

Maximum 100,000 tokens per project
Maximum 500 tokens per API request
Token ID format: 8-64 characters, alphanumeric + -_.

Learn more: POST Token API

Step 4: Configure Return URL

Redirect users back to your app after verification with results.

Set Return URL in Dashboard

Go to Settings → General
Enter your return URL:

https://yourapp.com/verification-complete

Click Save

Receive Verification Results

Users will be redirected with query parameters:

https://yourapp.com/verification-complete?userid=user123&email=user@example.com&kycStatus=approved&cf1=campaign_summer

Available Parameters:

userid - User ID from original URL
email - User’s email
kycStatus - approved, rejected, or pending
cf1, cf2, cf3 - Custom fields

If you enabled Secure Data Transfer, these parameters will be encrypted in the encrypted parameter. See Return URL Guide.

Handle the Redirect

// Express.js example
app.get('/verification-complete', (req, res) => {
  const { userid, kycStatus, email } = req.query;

  if (kycStatus === 'approved') {
    // Update user status in database
    await updateUser(userid, { verified: true });
    res.render('verification-success');
  } else if (kycStatus === 'pending') {
    res.render('verification-pending');
  } else {
    res.render('verification-rejected');
  }
});

Liveform Integration Complete!

You now have a working Liveform integration. Test it end-to-end:

Test Desktop Flow

Open your Liveform URL on desktop → Scan QR → Complete verification on mobile

Test Mobile Flow

Open your Liveform URL directly on mobile → Complete verification

Test with Parameters

Try URLs with pre-filled data and policy overrides

Test Return URL

Complete verification and verify redirect with correct parameters

Next: Set Up Webhooks

Continue to webhook setup to receive real-time verification updates

Step 5: Set Up Webhooks

Webhooks provide real-time notifications when verification events occur. This is critical for production deployments.

Create a Webhook Endpoint

Create an HTTPS endpoint to receive webhook POST requests:

const express = require('express');
const app = express();

app.use(express.json());

app.post('/webhooks/idcheck', async (req, res) => {
  const event = req.body;

  console.log('Webhook received:', event.webhook_trigger);
  console.log('Submission ID:', event.submissionId);
  console.log('KYC Status:', event.kycStatus);

  try {
    // Process based on event type
    switch (event.webhook_trigger) {
      case 'approved':
        await handleApproved(event);
        break;

      case 'rejected':
        await handleRejected(event);
        break;

      case 'pending':
        await handlePending(event);
        break;

      case 'updated':
        await handleUpdated(event);
        break;

      default:
        console.log('Unknown event type:', event.webhook_trigger);
    }

    // Always respond with 200 OK quickly
    res.status(200).json({ received: true });

  } catch (error) {
    console.error('Webhook processing error:', error);
    // Still return 200 to prevent retries for processing errors
    res.status(200).json({ received: true, error: error.message });
  }
});

async function handleApproved(event) {
  // Update user in database
  await db.users.update({
    id: event.userid,
    verified: true,
    verificationDate: new Date(),
    fullName: event.fullName,
    birthDate: event.birthDate
  });

  // Send confirmation email
  await sendEmail(event.email, 'Verification Approved', {
    name: event.fullName
  });

  console.log(`User ${event.userid} approved`);
}

async function handleRejected(event) {
  // Update user status
  await db.users.update({
    id: event.userid,
    verified: false,
    rejectionReason: event.rejectionReason
  });

  // Notify user
  await sendEmail(event.email, 'Verification Failed', {
    reason: event.rejectionReason
  });

  console.log(`User ${event.userid} rejected`);
}

async function handlePending(event) {
  // Send notification to admin
  await notifyAdmin(`Manual review required for ${event.userid}`);

  console.log(`User ${event.userid} pending review`);
}

async function handleUpdated(event) {
  // Sync updated data
  await db.submissions.update({
    submissionId: event.submissionId,
    data: event
  });
}

app.listen(3000, () => {
  console.log('Webhook server running on port 3000');
});

Critical Webhook Best Practices:

Always respond with 200 OK quickly (within 5 seconds)
Process webhooks asynchronously if they take time
Handle duplicate webhooks (use submission ID to deduplicate)
Implement retry logic on your end for failed processing
Log all webhooks for debugging

Log in to Dashboard
Navigate to Settings → Access Management
Enter your webhook URL in the Webhook URL field:
```
https://yourapp.com/webhooks/idcheck
```
Click Save

Your webhook URL must use HTTPS. For local testing, use ngrok or similar tools to expose your local server.

Test Webhook Delivery

Option 1: Use webhook.site for testing

Visit https://webhook.site
Copy the unique URL
Enter it in dashboard webhook settings
Perform a test verification
Check webhook.site for the payload

Option 2: Use ngrok for local testing

# Install ngrok
npm install -g ngrok

# Start your local server on port 3000
node server.js

# In another terminal, expose it
ngrok http 3000

# Copy the HTTPS URL (e.g., https://abc123.ngrok.io)
# Enter https://abc123.ngrok.io/webhooks/idcheck in dashboard

Option 3: Test with curl

curl -X POST https://yourapp.com/webhooks/idcheck \
  -H 'Content-Type: application/json' \
  -d '{
    "webhook_trigger": "approved",
    "submissionId": "test_123",
    "kycStatus": "approved",
    "email": "test@example.com",
    "userid": "test_user"
  }'

Handle Webhook Events

Available Event Types:

Event	Trigger	Use Case
`approved`	Verification approved	Update user status, grant access
`rejected`	Verification rejected	Notify user, request resubmission
`pending`	Manual review needed	Alert admins, inform user
`updated`	Data modified	Sync changes to your database
`deleted`	Submission deleted	Clean up related data
`created`	Submission created	Track new verifications
`retry`	User retried verification	Monitor retry patterns
`injection`	Data injected via API	Log API operations
`aml`	AML check completed	Process compliance results

Example Webhook Payload:

{
  "webhook_trigger": "approved",
  "submissionId": "sub_abc123",
  "kycStatus": "approved",
  "email": "user@example.com",
  "userid": "user_12345",
  "fullName": "John Doe",
  "birthDate": "1990-01-01",
  "nationality": "USA",
  "gender": "male",
  "documentType": "passport",
  "documentNumber": "123456789",
  "issuingCountry": "USA",
  "expiryDate": "2030-01-01",
  "createdAt": "2024-01-15T10:30:00Z",
  "verifiedAt": "2024-01-15T10:35:00Z",
  "cf1": "campaign_summer",
  "cf2": null,
  "cf3": null,
  "ipAddress": "192.168.1.1"
}

Learn more: Webhook Events Reference

Part 3: Production Deployment

Security Configuration

Before going live, implement these essential security features:

1. Enable Data Encryption

Encrypt all API requests, responses, and webhooks.

Enable in Dashboard

Navigate to Settings → Access Management
Toggle ON the “Secure Data Transfer” option
Click Save

Implement Encryption in Code

const CryptoJS = require('crypto-js');

function encryptData(data, apiKey) {
  // Hash the API key with SHA-256
  const hashedKey = CryptoJS.SHA256(apiKey);

  // Extract 32 bytes for AES-256 key
  const key = CryptoJS.lib.WordArray.create(
    hashedKey.words.slice(0, 8),
    32
  );

  // Encrypt data with AES-256-ECB
  const encrypted = CryptoJS.AES.encrypt(
    JSON.stringify(data),
    key,
    { mode: CryptoJS.mode.ECB }
  );

  return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

// Usage in API request
const userData = {
  email: 'user@example.com',
  fullName: 'John Doe',
  birthDate: '1990-01-01'
};

const encryptedBody = encryptData(userData, YOUR_API_KEY);

const response = await axios.post(
  'https://rest-api.argosidentity.com/v3/submission/migration',
  { body: encryptedBody },
  {
    headers: {
      'x-api-key': YOUR_API_KEY,
      'Content-Type': 'application/json'
    }
  }
);

Key Differences:

API requests/responses: Use AES-256-ECB
Webhooks: Use AES-256-CBC
Always hash API key with SHA-256 first

Test Encryption

Use the Encryption/Decryption Tool to verify your implementation:

Download and run the tool
Enter your API key
Test encryption/decryption with sample data
Compare results with your code

The tool supports both ECB and CBC modes. Make sure to test both!

Learn more: Encryption Guide

2. Configure IP Whitelisting

Restrict API access to trusted IP addresses.

Find Your Server IPs

# Find your server's public IP
curl ifconfig.me

# Or check in your cloud provider dashboard
# AWS: EC2 Elastic IP
# Google Cloud: External IP
# Azure: Public IP

Add IPs to Whitelist

Navigate to Settings → Access Management → IP Whitelist
Enter your server IP addresses (one per line):
```
52.12.34.56
52.12.34.57
```
Click Save

Test Access

From whitelisted IP (should succeed):

curl -H "x-api-key: YOUR_API_KEY" \
  https://rest-api.argosidentity.com/v3/submission

From non-whitelisted IP (should fail with 403):

{
  "errorCode": "forbidden",
  "errorMessage": "Access denied. IP not whitelisted."
}

Make sure to whitelist all server IPs that will call the API, including:

Production servers
Staging servers
CI/CD pipeline IPs (if applicable)
Admin/developer IPs for testing

3. Implement Private Mode

Use tokens for secure, one-time verification URLs.When to use Private Mode:

High-security applications (financial, healthcare)
Preventing URL sharing/forwarding
Time-sensitive verifications
Tracking specific user sessions

Implementation:

// 1. Generate unique token for user session
const tokenId = `session-${userId}-${Date.now()}`;

// 2. Register token with ARGOS
await fetch('https://rest-api.argosidentity.com/v3/submission/tokens', {
  method: 'POST',
  headers: {
    'x-api-key': YOUR_API_KEY,
    'Content-Type': 'text/plain'
  },
  body: JSON.stringify({ tokenId: [tokenId] })
});

// 3. Generate secure Liveform URL
const secureUrl = `https://form.argosidentity.com?pid=${projectId}&token=${tokenId}`;

// 4. Send URL to user (email, SMS, etc.)
await sendEmail(userEmail, {
  subject: 'Complete Identity Verification',
  body: `Click here to verify: ${secureUrl}`,
  expiresIn: '3 minutes'
});

// 5. Handle token expiration
setTimeout(async () => {
  // Check if token was used
  const submission = await getSubmissionByToken(tokenId);

  if (!submission) {
    console.log(`Token ${tokenId} expired unused`);
    // Optionally notify user or generate new token
  }
}, 3 * 60 * 1000); // 3 minutes

Token Lifecycle:

Generated → Registered → URL Sent → User Opens → Submission Created → Token Consumed
                            ↓
                       Expires after 3 min or when submission reaches final status

Learn more: POST Token API

4. Secure API Key Management

Never expose your API key in client-side code or version control.Best Practices:

# .env file (add to .gitignore!)
ARGOS_API_KEY=argos_live_abc123xyz...
ARGOS_PROJECT_ID=pid_abc123

# Load in Node.js
require('dotenv').config();
const apiKey = process.env.ARGOS_API_KEY;

Never commit API keys to git!Add to .gitignore:

.env
.env.local
.env.production
config/secrets.js

Use tools like git-secrets to prevent accidental commits.

5. Implement Rate Limiting

Protect your integration from abuse and unexpected costs.ARGOS Rate Limits:

API calls: 100 requests/minute per IP
Webhook retries: 5 attempts with exponential backoff
Token registration: 500 tokens per request, 100k total

Your Application Rate Limiting:

const rateLimit = require('express-rate-limit');

// Limit verification requests per user
const verificationLimiter = rateLimit({
  windowMs: 60 * 60 * 1000, // 1 hour
  max: 3, // Max 3 verifications per hour per IP
  message: 'Too many verification attempts. Please try again later.',
  standardHeaders: true,
  legacyHeaders: false,
});

app.post('/api/create-verification',
  verificationLimiter,
  async (req, res) => {
    // Your verification logic
  }
);

// Track per-user limits in database
async function checkUserVerificationLimit(userId) {
  const recentAttempts = await db.verifications.count({
    userId,
    createdAt: { $gte: new Date(Date.now() - 24 * 60 * 60 * 1000) }
  });

  if (recentAttempts >= 5) {
    throw new Error('Daily verification limit exceeded');
  }
}

Testing Checklist

Before going live, test all integration points thoroughly:

Go-Live Checklist

Final checks before production launch:

Code Review

API keys loaded from environment variables
No hardcoded credentials in code
Error handling is comprehensive
Logging is implemented (but not sensitive data!)
Rate limiting is in place
Webhook retry logic implemented
Database queries are optimized
Frontend doesn’t expose API keys

Infrastructure

Production servers are provisioned
Load balancer configured (if needed)
SSL certificates installed
Database is backed up
Monitoring/alerting set up
CDN configured for static assets
Firewall rules configured

Monitoring Setup

Set up monitoring for:

// Example: Log key metrics
const metrics = {
  verifications_started: 0,
  verifications_completed: 0,
  verifications_approved: 0,
  verifications_rejected: 0,
  api_errors: 0,
  webhook_failures: 0,
  average_completion_time: 0
};

// Track in application
function trackVerificationStart() {
  metrics.verifications_started++;
  // Send to monitoring service (Datadog, New Relic, etc.)
}

// Monitor webhook delivery
app.post('/webhooks/idcheck', async (req, res) => {
  const startTime = Date.now();

  try {
    await processWebhook(req.body);
    metrics.verifications_completed++;

    if (req.body.kycStatus === 'approved') {
      metrics.verifications_approved++;
    } else if (req.body.kycStatus === 'rejected') {
      metrics.verifications_rejected++;
    }

  } catch (error) {
    metrics.webhook_failures++;
    logger.error('Webhook processing failed', { error, body: req.body });
  }

  const duration = Date.now() - startTime;
  metrics.average_completion_time =
    (metrics.average_completion_time + duration) / 2;

  res.status(200).json({ received: true });
});

Key Metrics to Monitor:

Verification success rate
Average completion time
API error rate
Webhook delivery rate
System uptime
Database performance

Documentation

Internal documentation written
Runbook created for ops team
Incident response plan documented
API integration guide for team
User flow diagrams created

Rollout Plan

Gradual Rollout Strategy:

// Phase 1: 5% of users (canary)
function shouldUseNewVerification(userId) {
  return parseInt(userId.slice(-2), 16) % 100 < 5;
}

// Phase 2: 25% of users
function shouldUseNewVerification(userId) {
  return parseInt(userId.slice(-2), 16) % 100 < 25;
}

// Phase 3: 100% of users
function shouldUseNewVerification(userId) {
  return true;
}

// Usage
if (shouldUseNewVerification(user.id)) {
  redirectToArgosVerification(user);
} else {
  redirectToOldVerification(user);
}

Phase 1: 5% of traffic for 48 hours
Monitor metrics, fix issues
Phase 2: 25% of traffic for 24 hours
Monitor metrics, fix issues
Phase 3: 100% of traffic

Advanced Features

AML (Anti-Money Laundering) Screening

Perform compliance checks against global watchlists and sanctions lists.

Enable AML in Dashboard

Navigate to Settings → General → AML Settings
Enable AML screening
Configure screening options:
- Watchlist sources (UN, OFAC, EU, etc.)
- Match threshold (fuzzy matching sensitivity)
- Auto-reject on match

Request AML Check via API

curl -X POST 'https://rest-api.argosidentity.com/v3/submission/aml' \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "fullName": "John Doe",
    "birthDate": "1990-01-01",
    "nationality": "USA",
    "submissionId": "sub_abc123"
  }'

Retrieve AML Report

curl -X GET 'https://rest-api.argosidentity.com/v3/submission/aml/report?submissionId=sub_abc123' \
  -H 'x-api-key: YOUR_API_KEY'

Response:

{
  "submissionId": "sub_abc123",
  "amlStatus": "clear",
  "matches": [],
  "checkedAt": "2024-01-15T10:35:00Z",
  "sources": ["UN", "OFAC", "EU", "UK"]
}

If matches found:

{
  "submissionId": "sub_abc123",
  "amlStatus": "match",
  "matches": [
    {
      "name": "John Doe",
      "matchScore": 0.95,
      "source": "OFAC",
      "listType": "sanctions",
      "details": "Sanctioned individual"
    }
  ],
  "checkedAt": "2024-01-15T10:35:00Z"
}

Handle AML Results

async function handleAMLWebhook(event) {
  if (event.webhook_trigger === 'aml') {
    const { submissionId, amlStatus, matches } = event;

    if (amlStatus === 'match') {
      // Flag for review
      await db.submissions.update({
        submissionId,
        flagged: true,
        flagReason: 'AML match detected',
        requiresManualReview: true
      });

      // Alert compliance team
      await notifyCompliance({
        type: 'AML_MATCH',
        submissionId,
        matches
      });

      // Reject verification if auto-reject enabled
      if (config.aml.autoReject) {
        await rejectVerification(submissionId, 'AML compliance issue');
      }
    } else {
      // Clear to proceed
      console.log(`AML clear for ${submissionId}`);
    }
  }
}

Learn more: AML API Reference

Ongoing AML Monitoring

Continuously monitor approved users against updated watchlists.

// Register user for ongoing monitoring
await fetch('https://rest-api.argosidentity.com/v3/submission/aml/ongoing', {
  method: 'POST',
  headers: {
    'x-api-key': YOUR_API_KEY,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    submissionId: 'sub_abc123',
    recordId: 'user_12345'
  })
});

// Receive webhook when new match is found
app.post('/webhooks/idcheck', (req, res) => {
  if (req.body.webhook_trigger === 'aml_monitor') {
    console.log('Ongoing AML match detected:', req.body);
    // Take action (freeze account, notify user, etc.)
  }
  res.status(200).send('OK');
});

Learn more: AML Ongoing Monitoring

Data Projection (Field Filtering)

Control which data fields are collected and displayed. Use Cases:

Minimize data collection for GDPR compliance
Create different verification levels (basic vs full)
Customize for specific document types or countries

Create Projection via API

curl -X POST 'https://rest-api.argosidentity.com/v3/projection' \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "projectionName": "basic-kyc",
    "allowedFields": [
      "fullName",
      "birthDate",
      "nationality"
    ]
  }'

Response:

{
  "message": "success",
  "projectionId": "proj_123abc"
}

Use Projection in Liveform

const config = {
  projectionId: "proj_123abc"
};

const encryptedConfig = encryptQueryParams(config, YOUR_API_KEY);
const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&encrypted=${encodeURIComponent(encryptedConfig)}`;

You can also use projectionName instead of projectionId, but they cannot be used together.

Result

With this projection, the form will:

Only collect name, birth date, and nationality
Skip other fields (address, document number, etc.)
Return only projected fields in API responses and webhooks

Learn more: Projection API

Multi-Language Support

ID check Liveform supports multiple languages for global users. Available Languages:

English (en)
Korean (ko)
Japanese (ja)
Spanish (es)
French (fr)
German (de)
And more…

Usage:

// Add lang parameter to Liveform URL
const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&lang=ko`;

// Or let user's browser language determine
const userLang = navigator.language.split('-')[0]; // 'en', 'ko', 'ja', etc.
const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&lang=${userLang}`;

Learn more: Liveform Languages

Troubleshooting Guide

Common issues and how to resolve them:

Webhooks not being received

Symptoms:

No webhook events arriving
Webhook endpoint not being called

Possible Causes & Solutions:

Webhook URL not HTTPS

❌ http://yourapp.com/webhook
✅ https://yourapp.com/webhook

Endpoint returning non-200 status
- Check your server logs
- Ensure endpoint returns 200 OK within 5 seconds
- Process webhooks asynchronously if needed
Firewall blocking ARGOS IPs
- Whitelist ARGOS webhook IPs in your firewall
- Check with ARGOS support for IP ranges
Endpoint URL typo in dashboard
- Double-check the URL in Settings → Access Management
- Test endpoint with curl: curl -X POST https://yourapp.com/webhook

Debugging Steps:

// Add detailed logging
app.post('/webhooks/idcheck', (req, res) => {
  console.log('=== WEBHOOK RECEIVED ===');
  console.log('Headers:', req.headers);
  console.log('Body:', req.body);
  console.log('========================');

  res.status(200).json({ received: true });
});

// Test with webhook.site
// 1. Go to https://webhook.site
// 2. Copy unique URL
// 3. Enter in dashboard
// 4. Trigger test event
// 5. Check webhook.site for delivery

API returning 403 Forbidden

Symptoms:

{
  "errorCode": "forbidden",
  "errorMessage": "Access denied"
}

Possible Causes & Solutions:

Invalid or missing API key

# Check header format
✅ x-api-key: argos_live_abc123...
❌ x-api-key: "argos_live_abc123..."  (no quotes!)
❌ Authorization: Bearer argos_live... (wrong header!)

IP not whitelisted
- Check your server’s public IP: curl ifconfig.me
- Add to IP whitelist in dashboard
- If using proxy/load balancer, whitelist proxy IP
Using wrong API key
- Verify you’re using the correct project’s API key
- Check for copy-paste errors
- Regenerate API key if needed

Debugging:

# Test from command line
curl -v -H "x-api-key: YOUR_API_KEY" \
  https://rest-api.argosidentity.com/v3/submission

# Check response headers for clues
# Look for: X-Request-Id, X-Error-Code

Encryption/Decryption errors

Symptoms:

“Invalid encrypted data” errors
Decrypted data is gibberish
JSON parse error when decrypting

Possible Causes & Solutions:

Using wrong encryption mode
- API requests/responses: Use AES-256-ECB
- Webhooks: Use AES-256-CBC
- Query strings: Use AES-256-ECB

Not hashing API key first

❌ const key = apiKey; // Wrong!
✅ const hashedKey = CryptoJS.SHA256(apiKey); // Correct!

Encoding issues

// Encryption output must be Base64
✅ encrypted.ciphertext.toString(CryptoJS.enc.Base64)
❌ encrypted.toString() // Wrong encoding!

// Decryption input must parse Base64
✅ CryptoJS.enc.Base64.parse(encryptedData)
❌ encryptedData // Wrong!

Wrong key extraction (ECB)

✅ CryptoJS.lib.WordArray.create(hashedKey.words.slice(0, 8), 32)
❌ hashedKey // Wrong!

Testing:

// Use this test to verify your encryption
const testData = { test: "hello" };
const encrypted = encryptData(testData, YOUR_API_KEY);
const decrypted = decryptData(encrypted, YOUR_API_KEY);

console.log('Original:', testData);
console.log('Encrypted:', encrypted);
console.log('Decrypted:', decrypted);

if (JSON.stringify(testData) === JSON.stringify(decrypted)) {
  console.log('✅ Encryption working correctly!');
} else {
  console.log('❌ Encryption failed!');
}

Use the Encryption Tool to verify!

Images failing to upload

Symptoms:

Image upload returns 400 or 413 error
“Image too large” errors
“Invalid image format” errors

Possible Causes & Solutions:

Image too large (>10MB)

// Compress before upload
const compressedImage = await compressImage(originalImage, {
  maxWidth: 1920,
  maxHeight: 1080,
  quality: 0.8
});

Unsupported file format

✅ Supported: JPEG, PNG
❌ Not supported: GIF, BMP, WebP, HEIC

// Convert HEIC to JPEG (iOS photos)
import heic2any from 'heic2any';

if (file.type === 'image/heic') {
  const converted = await heic2any({
    blob: file,
    toType: 'image/jpeg'
  });
  file = converted;
}

Poor image quality
- Ensure minimum resolution: 1280x720
- Check image isn’t blurry
- Ensure all document edges visible
- Verify no glare on document

Wrong Content-Type header

✅ Content-Type: image/jpeg
❌ Content-Type: application/octet-stream

Liveform not loading or showing errors

Symptoms:

Blank screen when opening Liveform URL
“Invalid project ID” error
QR code not displaying

Possible Causes & Solutions:

Invalid project ID (PID)
- Verify PID from dashboard Settings → Access Management
- Check for typos in URL
```
✅ ?pid=proj_abc123
❌ ?pid=abc123 (missing prefix)
```

Malformed query parameters

URL encode all parameter values
Check for proper formatting

❌ ?email=user@example.com&userid=user 123
✅ ?email=${encodeURIComponent('user@example.com')}&userid=${encodeURIComponent('user 123')}

Encrypted parameter issues
- Verify encryption is correct
- Ensure URL encoding of encrypted value
- Check encryption tool output matches
Browser compatibility
- Check supported browsers
- Test in different browsers
- Check for JavaScript errors in console (F12)

Testing:

// Test basic URL first
https://form.argosidentity.com?pid={your_pid}

// Then add parameters one by one
https://form.argosidentity.com?pid={your_pid}&email=test@example.com

// Use browser DevTools (F12) → Console for errors

Duplicate submission errors

Symptoms:

“Duplicate user detected” error
User can’t submit even though they haven’t before

Possible Causes & Solutions:

Duplicate prevention enabled
- Check dashboard Settings → Project Settings → Duplicate Prevention
- rejectDuplicateUser is enabled
- User with same name+DOB+nationality already verified
Approved/Reject period restrictions
- Dashboard settings prevent re-submission within X days
- Override with query parameters:
  ?approvePeriod=false&rejectPeriod=false
Same email/userid reused
- Use unique identifiers for each user
- Don’t reuse test email addresses

Solutions:

// Option 1: Override for specific user
const liveformUrl = `https://form.argosidentity.com?pid={your_pid}&rejectDuplicateUser=false`;

// Option 2: Delete previous submission
await fetch(`https://rest-api.argosidentity.com/v3/submission?submissionId=${oldSubmissionId}`, {
  method: 'DELETE',
  headers: { 'x-api-key': YOUR_API_KEY }
});

// Option 3: Use different userid/email
const uniqueUserid = `user_${userId}_${Date.now()}`;

Rate limit errors (429)

Symptoms:

{
  "errorCode": "too_many_requests",
  "errorMessage": "Rate limit exceeded"
}

Solutions:

Implement retry with exponential backoff

async function callAPIWithRetry(url, options, maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      const response = await fetch(url, options);

      if (response.status === 429) {
        const retryAfter = response.headers.get('Retry-After') || (2 ** i);
        console.log(`Rate limited. Retrying after ${retryAfter}s...`);
        await sleep(retryAfter * 1000);
        continue;
      }

      return response;

    } catch (error) {
      if (i === maxRetries - 1) throw error;
      await sleep(1000 * 2 ** i); // 1s, 2s, 4s
    }
  }
}

Implement request queuing

const queue = require('p-queue').default;

const apiQueue = new queue({
  concurrency: 1,
  interval: 1000, // 1 request per second
  intervalCap: 1
});

async function queuedAPICall(url, options) {
  return apiQueue.add(() => fetch(url, options));
}

Cache API responses

const cache = new Map();

async function cachedGetSubmission(submissionId) {
  if (cache.has(submissionId)) {
    return cache.get(submissionId);
  }

  const submission = await getSubmission(submissionId);
  cache.set(submissionId, submission);

  // Expire after 5 minutes
  setTimeout(() => cache.delete(submissionId), 5 * 60 * 1000);

  return submission;
}

Tokens expired or invalid

Symptoms:

“Token expired” error
“Token not found” error
“Token already used” error

Possible Causes & Solutions:

Token expired (>3 minutes since first use)

// Generate new token
const newToken = `session-${userId}-${Date.now()}`;

await fetch('https://rest-api.argosidentity.com/v3/submission/tokens', {
  method: 'POST',
  headers: { 'x-api-key': YOUR_API_KEY, 'Content-Type': 'text/plain' },
  body: JSON.stringify({ tokenId: [newToken] })
});

// Send new URL to user
const newUrl = `https://form.argosidentity.com?pid={your_pid}&token=${newToken}`;

Token already used
- Each token can only create one submission
- Generate new token for each verification attempt

Token pool exceeded (100k limit)

Delete old tokens:

curl -X DELETE 'https://rest-api.argosidentity.com/v3/submission/tokens?startDate=2024-01-01&endDate=2024-01-31' \
  -H 'x-api-key: YOUR_API_KEY'

Enable auto-deletion in dashboard

Token format invalid

Must be 8-64 characters
Only alphanumeric + -_.
Must start/end with letter or number

✅ "user-session-123"
✅ "token_abc.xyz"
❌ "-invalid-" (starts with hyphen)
❌ "short" (too short, &lt;8 chars)
❌ "has space" (contains space)

Best Practices Summary

For All Integrations

Security

Enable Secure Data Transfer encryption
Use IP whitelisting in production
Never expose API keys in client code
Implement Private Mode for sensitive apps
Regularly rotate API keys (quarterly)

Error Handling

Handle all HTTP error codes (400, 403, 500, etc.)
Implement retry logic with exponential backoff
Log errors for debugging (without sensitive data)
Show user-friendly error messages
Have fallback flows for critical errors

Webhooks

Always respond with 200 OK quickly (<5s)
Process webhooks asynchronously
Implement idempotency (deduplicate)
Log all webhook events
Monitor webhook delivery rate
Implement retry logic for processing failures

Testing

Test all integration points before launch
Use test accounts/data during development
Test error scenarios thoroughly
Perform load testing for high-traffic apps
Monitor in staging before production

Performance

Cache API responses when appropriate
Implement rate limiting on your end
Optimize database queries
Use CDN for static assets
Monitor API response times

Compliance

Minimize data collection (use projections)
Implement data retention policies
Enable AML screening for regulated industries
Keep audit logs of verifications
Follow GDPR/CCPA requirements

Additional Resources

API Reference

Complete API documentation with all endpoints, parameters, and examples

Webhook Reference

Detailed webhook event types, payloads, and implementation guides

Encryption Guide

In-depth encryption implementation with code examples in multiple languages

Query String Guide

Complete list of Liveform query parameters and usage examples

Supported Documents

Full list of supported countries and document types

Browser Support

Changelog

Latest updates, new features, and bug fixes

Dashboard Guide

Learn how to configure settings and manage submissions in the dashboard

Support

Need help? We’re here for you:

Email Support

support@argosidentity.comResponse time: Within 24 hours (business days)

Documentation

Browse our comprehensive documentation and guides

Community

Join our developer community (link from support team)

Enterprise Support

For enterprise customers: Dedicated support channel available

What’s Next?

Start Building

You now have everything you need! Start with the integration method that best fits your use case.

Join the Community

Connect with other developers, share experiences, and get help from the community.

Stay Updated

Subscribe to the changelog for updates on new features and improvements.

Provide Feedback

Your feedback helps us improve! Let us know how we can make ID check better for you.

Congratulations! You’ve completed the ID check onboarding guide. You’re ready to build secure, compliant identity verification into your application.

Pro Tip: Bookmark this guide and refer back to the troubleshooting section as you build. Happy coding!

Getting Started

Liveform URL

Security

Developer's Guide MCP

​Complete ID check Onboarding Guide

​Table of Contents

Part 1: Foundation

Part 2: Integration

Part 3: Production

​Part 1: Foundation

​What is ARGOS ID check?

Document Verification

Data Extraction

Fraud Detection

Compliance

​Account Setup and Dashboard Orientation

​Core Concepts You Need to Know

​Part 2: Integration

​Liveform Integration (Recommended for Beginners)

​Step 1: Basic Liveform Setup

​Step 2: Customize with Query Parameters

​Step 3: Implement Private Mode (Optional)

​Step 4: Configure Return URL

​Liveform Integration Complete!

Next: Set Up Webhooks

​Step 5: Set Up Webhooks

​Part 3: Production Deployment

​Security Configuration

​Testing Checklist

​Go-Live Checklist

​Advanced Features

​AML (Anti-Money Laundering) Screening

​Ongoing AML Monitoring

​Data Projection (Field Filtering)

​Multi-Language Support

​Troubleshooting Guide

​Best Practices Summary

​For All Integrations

Security

Error Handling

Webhooks

Testing

Performance

Compliance

​Additional Resources

API Reference

Webhook Reference

Encryption Guide

Query String Guide

Supported Documents

Browser Support

Changelog

Dashboard Guide

​Support

Email Support

Documentation

Community

Enterprise Support

​What’s Next?

Complete ID check Onboarding Guide

Table of Contents

Part 1: Foundation

What is ARGOS ID check?

Account Setup and Dashboard Orientation

Core Concepts You Need to Know

Part 2: Integration

Liveform Integration (Recommended for Beginners)

Step 1: Basic Liveform Setup

Step 2: Customize with Query Parameters

Step 3: Implement Private Mode (Optional)

Step 4: Configure Return URL

Liveform Integration Complete!

Step 5: Set Up Webhooks

Part 3: Production Deployment

Security Configuration

Testing Checklist

Go-Live Checklist

Advanced Features

AML (Anti-Money Laundering) Screening

Ongoing AML Monitoring

Data Projection (Field Filtering)

Multi-Language Support

Troubleshooting Guide

Best Practices Summary

For All Integrations

Additional Resources

Support

What’s Next?