LogoLogo
Useful links
  • Home
  • Product guides
  • API
  • SDKs
  • Overview
  • OUR SOLUTIONS
    • User Onboarding
    • ID Document Verification
    • Know Your Customer - KYC
    • Know Your Business - KYB
    • Account Takeover Prevention
  • USER GUIDE
    • Trust Platform
      • New Query
      • Executions
      • Company
      • Onboarding List
      • Onboarding Builder
      • Query Templates
      • Workflow Builder
    • Smart Auth (identity)
      • Getting Started
      • Access Token
      • Checking the Response
  • Quick Start Guides
    • Onboarding Journey
    • Company Search through API
    • Onboarding links into WebView and iFrame
      • WebView
        • Android
        • iOS
        • React Native
        • Flutter
      • iFrame
      • Events
LogoLogo

2025 © Caf. - All rights reserved

On this page
  • Goal
  • How it works
  • Useful resources
  1. USER GUIDE

Smart Auth (identity)

On this page, you will find information about the Smart Auth SDK.

Last updated 1 month ago

Goal

The main goal of the Smart Auth SDK is to prove that a user is really who he says he is. The SDK works as a form of multi-factor authentication for registered identities.

How it works

How the Smart Auth SDK works can be seen in the flow chart below:

Briefly:

  1. During some routine of your application or website (such as login, password changes, or bank transfers) a call will be made to the SDK with the ID of the policy to be verified and the CPF of the user.

  2. We will receive the request and, according to policy, determine if the user context is known.

    1. If it is, the SDK jumps to item 3.

    2. If not, the user will go through all the means of authentication required by the policy (e.g. facial authentication, via SMS, etc.).

      1. If all are correct, the SDK jumps to item 3.

      2. If either one fails, the SDK jumps to item 4.

  3. The SDK returns a signed JWT using your clientSecret attesting that the user is who they say they are.

    1. You send this JWT to your API and check the details and the signature.

      1. If something is incorrect, the user is not authenticated

      2. If everything is correct, the user is authenticated and cleared to perform the desired operation.

    2. End of execution

  4. The SDK returns that the user is not authorized.

    1. End of execution

Useful resources

And these are the versions of the Smart Auth SDK that are publicly available today:

(Android)

(iOS)

(React Native)

(JavaScript)

Starting the Integration with the Smart Auth SDK
Checking the response on your server
SDK Android
SDK iOS
SDK React Native
SDK Web