Skip to main content
This page collects the questions we hear most often from teams integrating and operating ID Check. Click any question to expand the answer. If you do not find what you are looking for, please reach out via Customer Support.

Verification Process and Flow

Each project runs its own independent verification flow, and you can create as many projects as needed. Per-project settings include:
  • Supported countries and ID types (KYC Process > Supported ID Type Management)
  • Document, selfie, and liveness step policies (Policy and Authentication > Anti-fraud and Forgery Prevention)
  • Additional Info fields (Project Settings > Additional Info)
  • ARGOS Score threshold and automated-processing policy (KYC Process)
  • Webhook and Return URL (Project Settings > Integration Info)
  • Result page customization (User Experience > Liveform Customization)
Call the Liveform URL of the corresponding project from each service to expose a different flow to each audience. To add more projects, please contact Sales.
Enter a minimum age in Policy and Authentication > KYC Process > Age Limit. Submissions from users below the configured age are rejected automatically based on the date of birth read from the ID document. The reject code is under_ageLimit. See the full list at Reject Codes.For selfie-based age screening, also enable Anti-fraud and Forgery Prevention > Face-based Age Verification.
Yes, pick whichever approach fits your operation:
  • Split projects per country and run each independently
  • KYC Process > Supported ID Type Management to configure per-country ID types through a CSV upload within a single project
  • Blacklist Country (by issuing country) to block IDs issued by specific countries
  • Liveform query string (allowedCountries, blacklistCountries) to restrict countries at submission time
For the list of supported IDs per country, see Supported ID Types.
Yes. In Anti-fraud and Forgery Prevention you can combine ID forgery prevention (MRZ, PDF417 barcode, ID Liveness, streaming capture), selfie process, face duplication, selfie liveness, and third-party data verification (1-won bank authentication, government data, address proof, etc.) according to your project policy. Detailed results for each enabled option are available through GET Submission (lookup by submissionId).

Operations

There is no dedicated Sandbox environment — every submission consumes the host project’s credits. Instead, you can create a separate project for development or QA and keep it isolated from production. Each project has its own API Key, settings, and credit balance.To create an additional project, please contact Sales.
Yes. Credits are deducted at the moment a submission is created, so rejected or later-deleted submissions remain billed. If a submission failed due to a system error, contact support for review.

Abuse and Security

Combine the following controls under Policy and Authentication > Anti-fraud and Forgery Prevention:
  • Proxy & VPN Detection — catches submissions from suspicious IP ranges
  • Device Verification — detects non-mobile environments
  • Face Duplication — detects the same face across multiple submissions
  • ID Forgery Prevention — MRZ checks, PDF417 barcode checks, ID Liveness, streaming capture
  • Selfie Liveness — Passive / Active liveness to detect photos and deepfakes
Recommended combinations for each industry are in the Anti-fraud and Forgery Prevention guide.
ARGOS generates DI (duplicated_information) from the combination of name, date of birth, gender, and nationality. DI is only produced when all four values are present. Beyond the default DI, you can also use Custom DI to identify duplicate submissions from the same person with additional field combinations tailored to your project.
  • Check duplicated_information, duplicated_users, and duplicated_selfie_users in the GET/Submission response
  • Tune duplicate handling under Policy and Authentication > Authentication Data
  • Enable Face Duplication as well to catch attempts that swap ID documents but reuse the same face
Not by default. Enable Policy and Authentication > Anti-fraud and Forgery Prevention > Proxy & VPN Detection. Submissions are blocked based on the aggregated risk score of the detected types (Proxy, VPN, Commercial VPN, Hosting Provider). Detection results are visible under Preverification > VPN & Proxy.
Your API key is displayed under Project Settings > Integration Info. If you suspect a leak, contact your sales representative or Customer Support to rotate or revoke the key.Additional hardening we recommend in parallel:
  • System Operation > IP Whitelist — allow API calls only from specific IPs (CIDR supported)
  • Security Settings > Access Control — enable Private Mode and pre-register Live-form Token IDs
  • Security Settings > Data Protection — turn on Secure Data Transfer so API and webhook traffic are encrypted

Automation and Manual Review

Configure the following in Policy and Authentication > KYC Process:
  1. Pick an ARGOS Score Threshold suitable for your industry and policy (Conservative 70 / Standard 50 / Open 40)
  2. Enable Automated Processing Only — any submission that would go to Pending is automatically rejected instead
  3. Optionally add Custom Policy Rules to cap ARGOS Score, apply penalties, or force a status change when OCR confidence is low, fields are edited, or warnings are raised
Full automation increases the risk of misclassification, so weigh it against industry regulations (financial, gaming, telecom) and internal policy before enabling.
Go to User Submissions to browse the list and see submission details. For submissions in Pending state you can change the KYC Status directly from the detail view. Admin activity and submission-deletion logs are preserved in Event Log.Pick the reviewer type under Project Settings > System Operation > Reviewer Settings: either ARGOS Expert Reviewer or Client API.
Yes. Call POST https://rest-api.argosidentity.com/v3/submission/review to move a Pending submission to approved or rejected.
  • The request body must include submissionId, status, and admin (an admin email registered on the project)
  • rejectComment is required when status=rejected
  • Already approved or rejected submissions can be modified through the PATCH API. To reverse a completed decision, call the PATCH API or change the outcome directly from User Submissions > Detail view in the dashboard. If neither option works, contact customer support
For the full payload, see REVIEW/Submission.

Data and Privacy

Two APIs are available:
  • DELETE /v3/submission — permanently deletes the entire submission (not recoverable)
  • DELETE /v3/submission/partial — deletes only the items listed in the fields parameter
These APIs can also serve GDPR / CCPA deletion requests. Deletion events are preserved in Event Log. Note that deleted submissions remain billed.
Delete removes the entire submission. Partial Delete removes only the items specified in fields. Supported fields values include:
  • id_image, selfie_image
  • data, OCR_raw, ocr, review
  • applicant_id, email, userid
  • duplicated_information, custom_duplicated_information
  • additional_list
For example, you can erase sensitive images and personal data while keeping duplicated_information so the submission still contributes to duplicate-signup prevention.Be careful: once Partial Delete is applied to a field used for duplicate checking, duplicate detection will no longer fire for that submission even if the same data is received again.
Use GET /v3/image with submissionId and type (idImage, idBackImage, selfieImage) to download one image per call; the image file itself is returned.To add or replace images on an existing submission, use PUT /v3/submission/image with Base64-encoded images sent as multipart/form-data. See Encrypt and Decrypt Data for the encryption options.
Security Settings > Data Protection offers two options:
  • Liveform Encryption — encrypts Liveform URL query strings with ECB or GCM (using either the API Key or a dedicated secretKey). An Encryption-only Mode is also available, which wraps every parameter into a single encrypted value.
  • Secure Data Transfer — when enabled, API request bodies (AES-256-ECB), API responses, and webhook payloads (AES-256-CBC) are all encrypted.
Full usage examples and code snippets are in Encrypt and Decrypt Data.

Technical Integration

ARGOS does not permanently store individual webhook delivery events on the dashboard. Walk through the following checks:
  1. Confirm the webhook URL is registered correctly under Project Settings > Integration Info (HTTPS required).
  2. Allow ARGOS’s sender IP 52.78.194.237 in your firewall / security-group allow list.
  3. Inspect your server logs to confirm it returned a 2xx status code.
  4. If encryption is enabled, verify your AES-256-CBC decryption logic on incoming webhooks.
  5. Register names and emails under Integration Info > Notification User Management to receive a daily email summary of the previous day’s webhook deliveries (00:00–23:59 UTC).
Webhook URL change history is not retained, so manage URL changes separately on your side.
The following webhook_trigger values are emitted:
TriggerDescription
createdNew submission created
retryRetry occurred during KYC processing
submitSubmission moved to Pending
approvedApproved
rejectedRejected
updatedSubmission information updated
deleteSubmission deleted
token_expiredToken ID expired
injectionData Injection performed
amlAML screening result received
aml_monitorAML Ongoing Monitoring result received
Payloads for each event are documented in Webhook Events.
All ID Check API endpoints are limited to 5,000 requests/second (QPS) and 100,000 requests/day (QPD). Requests beyond the limit are throttled and resume automatically after the cooldown. If you hit the limits frequently, revisit your call pattern or contact Customer Support to request a higher quota. Details are in the Rate Limits doc.
Register the URL under Project Settings > Integration Info > Return URL and pick the parameters you want in the Dynamic Fields section. Supported parameters:
  • kycStatus — possible values: approved, pending, rejected
  • userid, email, submissionId
  • cf1, cf2, cf3
Enabling encryption wraps the selected parameters into a single encrypted value using AES-256-ECB. To skip the built-in result page and redirect directly to the return URL, also enable Result Page Skip. See Return URL Guide for usage details.
We publish guidance for iOS Safari and In-App Browser camera policies. Most issues can be resolved by following the iOS Block Page and Camera Permission docs.
Under User Experience > Liveform Customization you can customize the result page for each status (Approved, Rejected, Pending) and each supported language. For every page, you can upload an image and edit the main text (up to 125 characters) and subtext (up to 100 characters).To skip the built-in result page entirely and redirect to your own page, enable Integration Info > Result Page Skip and choose the parameters you need in the Dynamic Fields section of Return URL.
Invite administrators under Project Settings > System Operation > Admin Settings by entering an email and name (invitations are valid for 7 days). Users already registered in the dashboard are added immediately; others receive an invitation email. Only add/remove of project access is currently supported — fine-grained role management is planned.Individual admin accounts can enable OTP (two-factor authentication) from the OTP Settings entry in the profile menu at the bottom-left of the dashboard.
AML screening runs automatically when a submission is marked Approved. To run AML manually on an existing submission, call POST /v3/submission/aml.
  • Webhook: delivered as a webhook_trigger: aml event
  • API: call GET /v3/report/aml for a detailed PDF report (the resourceId is only generated when the AML result is Red Flag)
For continuous screening, combine this with AML Ongoing Monitoring.

Can’t find what you need?

Contact Support

Open a ticket in the support portal and a specialist will follow up.

Talk to Sales

Looking for the right plan or a technical consultation? Reach out to the sales team.