Rabo Identity Services - Onfido v1.51.0

Skip to main content
Rabo Identity Services - Onfido ID Scan1.0.7

Overview

The Onfido API is an offering of Rabo Identity Services to identify users based on their identity document.

Before you begin

Make sure you have a working sandbox account in the Rabobank developer portal. Read Get Started to set up an account and register an Application.

NOTE: To use these API(s), a valid TLS certificate is required.

Using the API

After your account set up is complete, subscribe the Onfido API to your application.

With Onfido, user can identify themselves online based on their own legal identity document. For each identification, a process should be started, each process needs to be triggered within a Dossier. A dossier can consist of one or more processes, which contain all the evidence of a single identification.

You should create separate applications for the pre-production and production environments to efficiently differentiate the API traffic.

Step 1 - Create a dossier

You start with creating a new dossier. This dossier contains all the collected evidence of the user and can be identified through unique identifiers.

To create a dossier, send the following request:

Request

The API supports the possibility to associate your own unique identifier to the dossier in order to link it to your own session.

POST https://api.rabobank.nl/openapi/ris/onfido/dossiers

{
    "externalReference":"426ab6fd-c038-404a-9249-e46cbdce8455"
}

Response

After the dossier is created, an unique dossierId is generated and associated to the Dossier. As depicted in the response, the externalReference is associated to the Dossier.

{
    "dossierId":"1da64a84-cc06-4948-959d-7942563149f9",
    "externalReference": "426ab6fd-c038-404a-9249-e46cbdce8455",
    "createdAt":"2023-11-21T07:10:57Z",
    "updatedAt":"2023-11-21T07:10:57Z"
}

Step 2 - Create a process

Next, trigger a process within the dossier. The below request illustrates a basic document verification specifying which flow should be triggered.

Request

This request triggers a unique verification to receive a URL generated for verification.

We support the following processTypes:

  • document - This process type verifies the identity document.
  • documentSelfie - This process type verifies the identity document and performs a biometric verification based on a photo of the user, this helps to match the user to the provided identity document.
  • documentVideo - This process type verifies the identity document and performs a biometric verification based on a video (with instructions), this helps to match the user to the provided identity document.

After the verification is complete, the user is redirected using the URL specified in the redirectUrl parameter.

To receive updates on status changes for pending verifications in your application, set up webhook notifications through a server side configuration. To set it up, sharing the endpoint (where you want to receive the notifications) with Rabobank. Our platform supports one webhook setup per environment.

Only HTTP status codes of 429 and 500-599 i.e. failures caused by network errors are retrieved, whereas failures caused by misconfiguration are not.
The time between each delivery attempt starts at approximately one second and rapidly increases towards 24 hours, for up to five days.

The sdk parameter defines which frontend application should be used to capture the document, preferred value is native.

For more information about this functionality, contact us.

POST https://api.rabobank.nl/openapi/ris/onfido/dossiers/1da64a84-cc06-4948-959d-7942563149f9/process`

{
    "processType":"document",
    "redirectUrl":"[https://developer.rabobank.nl/api-documentation](https://developer.rabobank.nl/api-documentation)",
    "sdk":"native"
}

Response

A URL is returned in the response for verification. The user should be redirected to this URL to start the verification.

This URL hosts a verification session to retrieve the required attributes from the identity document.

{
    "url":"[https://api.rabobank.nl/capture/#/artifact=2uyzimtat8kd8st8d5bvg406fpqeh8vxjafsb9e4jugeoyqfgo](https://api.rabobank.nl/capture/#/artifact=2uyzimtat8kd8st8d5bvg406fpqeh8vxjafsb9e4jugeoyqfgo)"
}

After completing the process, the user is redirected to your own platform and a unique processId is generated for the final step. The processId is added to your specified redirectURL.

Step 3 - Get the result

Request

The processId is added to the redirect URL and can be used to fetch the final response.

When the verification state shows as accepted, you can execute the below request:

GET https://api.rabobank.nl/openapi/ris/onfido/dossiers/1da64a84-cc06-4948-959d-7942563149f9/processes/c9887bb6-106f-4e20-bfb0-2434d4fb0890

Response

You should receive the following response with the data retrieved from the identity document.

In the (pre)production environments, message level encryption is applied to this specific response, due to the nature of processing sensitive PII data. For more information, read Message level encryption

Message level encryption is only applied to the following endpoints:

  • GET /ris/onfido/dossiers/{dossierId}/processes/{processId}
  • GET /ris/onfido/dossiers/{dossierId}/processes/{processId}/download
{
"processId":"c9887bb6-106f-4e20-bfb0-2434d4fb0890",
"provider":"onfido",
"processType":"document",
"status":"accepted",
"providerSpecific": {
    "documentVerification": {
        "firstName":"Willeke",
        "lastName":"de Bruin",
        "gender":"F",
        "nationality":"NLD",
        "dateOfBirth":"1965-03-10",
        "documentType":"passport",
        "documentNumber":"SPECI2014",
        "dateOfExpiry":"2024-01-15",
        "issuingCountry":"NLD",
        "dateOfIssue":"2014-01-15"
        }
    }
}

- Each response contains a X-Trace-Id header which can be used for troubleshooting failed transactions
- Certain fields may not be available in the response body, this depends on the availability in the source and the type of request. Read the response schema object to understand which fields can be part of the response body.

All responses are signed by Rabobank, to validate the response read Validate signed responses

Other scenarios

You can test the other scenarios using:

Scenario Example
Biometric verification with photo 
"processType":"documentSelfie"
Biometric verification with video 
"processType":"documentVideo"
Type
REST
OAS2
Protocol
HTTPS
Endpoint
Production, Development:
https://api.rabobank.nl/openapi
Security
Mutual TLS
Enabled
clientId
X-IBM-Client-Id
apiKey located in header

ClientId as provided by the Rabobank developer portal.

Download OpenAPI document as JSON
Download OpenAPI document as YAML