AI-powered identity verification — document capture, biometric liveness, AML screening, and risk signals via the Jumio KYX platform with web and mobile SDKs.
- 01document + biometric KYC
- 02liveness / selfie
- 03global IDV (200+ countries)
- 04AML screening + IDV in one workflow
- 05regulated fintech onboarding
- pnpm add @jumio/websdk
| Variable | Scope | Description |
|---|---|---|
| JUMIO_API_TOKEN | Server | API token from the Jumio Customer Portal for the KYX REST API. |
| JUMIO_API_SECRET | Server | API secret paired with JUMIO_API_TOKEN for HTTP Basic auth. |
| JUMIO_DATACENTER | Server | Datacenter region (e.g. `us`, `eu`, `sg`) — affects API and SDK base URLs. |
Use Jumio KYX for document + biometric identity verification. Server-side, create an account/transaction with `POST https://account.{datacenter}.jumio.ai/api/v1/accounts` (Basic auth with `JUMIO_API_TOKEN:JUMIO_API_SECRET`) using `customerInternalReference`, `userReference`, and a `workflowDefinition.key` that matches the workflow you configured (e.g. ID + Selfie + Liveness + AML). Pass the returned `web.href` to the client and load it in an iframe via the Web SDK, or use the iOS/Android SDK with the `sdkToken` for native flows. Listen for the `transactionStatus` callback (PROCESSED/SESSION_EXPIRED/FAILED) and pull final results from `GET /api/v1/accounts/{id}/workflow-executions/{wfId}` server-side — do not trust client-reported success. Match the datacenter (US/EU/SG) to where you store your customer data for residency compliance.
- ⚑Datacenter is sticky — accounts created in EU cannot be queried via the US base URL. Pick the datacenter for residency before integrating, not after.
- ⚑Document and country coverage is broad but uneven — confirm acceptable document types per country and configure fallback paths (e.g. passport-only) where local IDs aren't supported.
- ⚑Liveness false-rejects climb on low-end Android cameras and poor lighting — instrument retry funnels and consider workflow branching (passive liveness then active) to avoid abandonment.
- ⚑Sandbox uses test documents and shortcut decisions — do not measure approval rates or fraud rates against sandbox.
- ⚑Callbacks are signed via mutual auth or token-in-URL depending on configuration — enforce signature verification and TLS pinning, and never trust the client-side success page.
- ⚑Data retention is configurable per contract (default ~30 days for raw images, longer for metadata) — align with GDPR/CCPA disclosures and pull artifacts you need for audit before they expire.
- ⚑The product is now branded under Entrust Identity Verification — older Netverify endpoints still work but are being migrated; check migration notes before greenfield work.