LogoLogo
Useful links
  • Home
  • Product guides
  • API
  • SDKs
  • Overview
  • CORE API
    • Authentication
    • Available resources
      • Transaction
      • Onboarding
      • Profile
      • Synchronous services
        • OCR Sync
        • Basic Data Sync (Individual)
    • Transaction details
      • Services
        • Document OCR
        • Documentscopy
        • Face Liveness
        • Facematch
        • Facial Biometrics
        • Private Faceset
        • Shared Faceset
        • Document Liveness
      • Background check
        • Data structure
        • KYC
          • Driver
          • Financial
          • Labor
          • Register data
          • Relationships
          • Risk
        • KYB
          • Financial
          • Labor
          • Register data
          • Risk
        • Vehicle
          • Register data
      • Validation rules
      • Manual reprovals
    • Webhooks
      • Transaction
      • Profile
      • Face authentication
  • MOBILE API
    • Authentication
    • Available resources
      • Face liveness (deprecated)
      • Face registration (deprecated)
      • Face authentication (deprecated)
    • Response signature
  • GLOBAL API
    • Authentication
    • Available resources
      • Services
        • Company search
        • Company record
        • Basic Data Sync (Individual)
        • Sanctions
      • Orchestrations
        • Transactions
          • Services
            • KYB
              • Credit Report
              • Business Identity
            • KYC
              • Adverse Media
              • PEPs
              • Sanctions
              • Warnings
              • Global identity verification
              • Global identity double verification
            • DOC ID
              • Global Document Verification
      • Onboardings
        • Links
    • Webhooks
  • SMART AUTH API
    • Authentication
    • Available resources
      • Authentications
      • Create identity
  • Joint resolution 6 API
    • Authentication
    • Available resources
      • Suspected fraud creation
      • Suspected fraud query
      • Suspected fraud update
      • Suspected fraud deletion
    • Using mTLS
    • Changelog
LogoLogo

2025 © Caf. - All rights reserved

On this page
  1. MOBILE API
  2. Available resources

Face authentication (deprecated)

Last updated 27 days ago

Supports response signature.

Face authentication

post

It performs facial authentication, i.e., it checks if the face that is in the photo sent is the same as the one linked to the CPF in our base.

Query parameters
shouldSignResponsebooleanOptional

Specifies whether the request should be signed. The default is false. e.g. shouldSignResponse=true.

Header parameters
AuthorizationstringRequired

Your access token. See more in the 'Authentication' topic of this section.

Body
peopleIdstringRequired

CPF of the user you want to authenticate (only numbers).

imageUrlstringOptional

URL of the image to be validated.

Responses
200
Success
application/json
400
The access token has not been entered
401
The token used is not valid for this product
404
No face registered for the entered CPF
405
HTTP method not allowed
500
Internal server error
post
POST /faces/authenticate HTTP/1.1
Host: api.mobile.combateafraude.com
Authorization: text
Content-Type: application/json
Accept: */*
Content-Length: 131

{
  "peopleId": "text",
  "imageUrl": "text",
  "device": {
    "operatingSystem": "text",
    "fingerprint": "text",
    "manufacturer": "text",
    "model": "text"
  }
}
{
  "requestId": "2b8f373-c462-4bbf-9a4f-8aeb7d71ec53",
  "isMatch": true
}

Face authentication attempt

get

Get a face authentication attempt based on the provided attempt ID.

Path parameters
attemptIdstringRequired

Authentication attempt ID

Example: xxxxxxf41e2fcd832e6xxxxx
Header parameters
AuthorizationstringRequired

Mobile API Authorization Token

Body
anyOptional
Responses
200
Authentication attempt success
application/json
401
Unauthorized
application/json
404
Authentication attempt not found
application/json
500
Internal server error
application/json
get
GET /faces/authenticate/{attemptId} HTTP/1.1
Host: api.mobile.combateafraude.com
Authorization: text
Content-Type: application/json
Accept: */*

{
  "requestId": "86bb55c3-cecd-4643-95c7-188bb45a60a9",
  "data": {
    "id": "xxxxxxf41e2fcd832e6xxxxx",
    "createdAt": "2024-04-04T13:45:24.321Z",
    "peopleId": "00011122233",
    "sourceIp": "000.000.000.00",
    "executionOriginId": "xxxxxxd3a480530008xxxxxx",
    "registeredImageUrl": "https://xxx.s3.amazonaws.com/xxxxxxx",
    "receivedImageUrl": "https://xxx.s3.amazonaws.com/xxxxxxx",
    "faceMatch": {
      "similarity": 0.9999998474121093,
      "isFaceMatch": true
    },
    "liveness": {
      "probability": 1,
      "isAlive": true
    },
    "isMatch": true
  }
}
  • POSTFace authentication
  • GETFace authentication attempt