LogoLogo
Useful links
  • Home
  • Product guides
  • API
  • SDKs
  • Overview
  • CORE API
    • Authentication
    • Available resources
      • Transaction
      • Onboarding
      • Profile
      • Synchronous services
        • OCR Sync
        • Basic Data Sync (Individual)
    • Transaction details
      • Services
        • Document OCR
        • Documentscopy
        • Face Liveness
        • Facematch
        • Facial Biometrics
        • Private Faceset
        • Shared Faceset
        • Document Liveness
      • Background check
        • Data structure
        • KYC
          • Driver
          • Financial
          • Labor
          • Register data
          • Relationships
          • Risk
        • KYB
          • Financial
          • Labor
          • Register data
          • Risk
        • Vehicle
          • Register data
      • Validation rules
      • Manual reprovals
    • Webhooks
      • Transaction
      • Profile
      • Face authentication
  • MOBILE API
    • Authentication
    • Available resources
      • Face liveness (deprecated)
      • Face registration (deprecated)
      • Face authentication (deprecated)
    • Response signature
  • GLOBAL API
    • Authentication
    • Available resources
      • Services
        • Company search
        • Company record
        • Basic Data Sync (Individual)
        • Sanctions
      • Orchestrations
        • Transactions
          • Services
            • KYB
              • Credit Report
              • Business Identity
            • KYC
              • Adverse Media
              • PEPs
              • Sanctions
              • Warnings
              • Global identity verification
              • Global identity double verification
            • DOC ID
              • Global Document Verification
      • Onboardings
        • Links
    • Webhooks
  • SMART AUTH API
    • Authentication
    • Available resources
      • Authentications
      • Create identity
  • Joint resolution 6 API
    • Authentication
    • Available resources
      • Suspected fraud creation
      • Suspected fraud query
      • Suspected fraud update
      • Suspected fraud deletion
    • Using mTLS
    • Changelog
LogoLogo

2025 © Caf. - All rights reserved

On this page
  1. SMART AUTH API
  2. Available resources

Create identity

Last updated 2 months ago

The identity creation process is necessary to enable authentication for a given user. Subsequent authentication attempts for this user will be compared against this created identity, based on the personId, while storing the user's context data. A clear selfie is required, used for facial validation.

Email and phone are optional for the API, but required if you intend to allow OTPs as a means of re-authenticating this user. In this case, in addition to enabling email or SMS in the authentication policy, users must have an email and phone number registered.

All calls to the API are authenticated and must have the token next to Bearer prefix in the Authorization header of the request. Calls with a missing or invalid access token will return status code 401 ("Unauthorized").

The token used to make requests to the API is the access token .

generated according to these instructions.

Create Identity of new users

post

Create Identity of new users.

Header parameters
AuthorizationstringRequired

Identity Authorization Token

Example: Bearer your_token_here
Body
namestringRequired

The name of the user who will be authenticated.

Example: First Middle Last
personIdstringRequired

The registry id of the user who will be authenticated. In Brazil, this id is the CPF

Example: 952.360.980-76
imageUrlstringRequired

The url of the selfie of the user who will be authenticated.

Example: https://imageurlink.jpeg
emailstringOptional

The email of the user who will be authenticated.

Example: [email protected]
phonestringOptional

The phone number of the user who will be authenticated. You must inform phone with country and region code. (country code + region code + phone)

Example: 5521982895497
Responses
200
Success
application/json
400
Bad Request
application/json
401
Unauthorized
application/json
500
Internal server error
application/json
post
POST /identities HTTP/1.1
Host: api.identity.combateafraude.com
Authorization: text
Content-Type: application/json
Accept: */*
Content-Length: 143

{
  "name": "First Middle Last",
  "personId": "952.360.980-76",
  "imageUrl": "https://imageurlink.jpeg",
  "email": "[email protected]",
  "phone": 5521982895497
}
{
  "requestId": "xxxxx-cecd-4643-95c7-xxxxx",
  "id": "123ab456789c123456d7e8fg"
}