Identity verification · Liveness / Document / Face / Age

Verify who your users are. Not who they claim to be.

One API call opens a hosted verification flow. Provefy runs the checks, reads the document with AI vision, scores every field against your records, and delivers a signed result to your webhook.

< 60 smedian flow
4 checksone session
PT / ENuser flow
session — a7f3c2e1…9b40d6f2 IN PROGRESS
Liveness detection score 0.98
Document reading AI vision
NAMEALEXANDRA JANE REED
DATE OF BIRTH1991-03-14
DOCUMENT NºGMC 7048392
Face match — selfie ↔ document similarity 0.82
Field comparison 3/3 matched
fullNamematch · 1.00
dateOfBirthmatch
documentNumbermatch
WEBHOOK → https://yourapp.com/kyc 00:41

Powering verification for

ConsultaFácilLaudo FácilCompanionCareBrazen
01
Checks

Every check your compliance team will ask about.

Enable any combination per API key. Users complete everything in a single hosted page — nothing to embed, nothing to build.

LivenessPRESENCE

Confirms a real person is present — not a photo, a screen replay, or a mask — from a short camera capture.

model MiniFASNet
threshold 0.85
input camera frames

Document readingEXTRACTION

AI vision reads passports, driver's licenses, national IDs, and professional licenses — including holographic overlays that defeat traditional OCR. Every field is returned structured.

engine AI vision
fallback OCR + rules
fields name · dob · nº · expiry

Face matchBIOMETRIC

Compares the live selfie against the photo on the document using a biometric embedding model, tuned for the quality gap between webcams and printed IDs.

model ArcFace w600k
threshold 0.57
detection face crop first

Age estimationSCREENING

Estimates age from the selfie and enforces your minimum. Glasses, hats, and masks are detected first and the user is asked to retake.

engine AI vision + ONNX ViT
output age · range · gender
gate min-age per key
02
Integration

Three steps. About an afternoon.

/01

Create a session

Your backend calls POST /api/v1/verify with the checks you want and, optionally, the profile data to verify against. You get back a hosted verification URL.

/02

User completes the flow

Send the user the URL — from your app, an email, or WhatsApp. Camera capture, document upload, and retakes are handled, in Portuguese and English.

/03

Results hit your webhook

A signed webhook delivers every check result, the extracted document fields, and field-by-field comparison scores. Delivery retries automatically for up to two hours.

03
Credentials

The person on the license is the person on the profile.

Built for platforms that onboard doctors, lawyers, and other licensed professionals. Pass the profile data when creating a session — Provefy reads the physical credential and scores every field.

Field comparison — sampleRESULT: PASS
fullName Alex ReedALEXANDRA JANE REED 1.00
dateOfBirth 1991-03-141991-03-14 match
documentNumber GMC-7048392GMC 7048392 match
professionalCouncil GMCfound on document match

Fuzzy name matching. A profile that says "Alex Reed" matches the full "ALEXANDRA JANE REED" on the ID — accents, case, and middle names handled.

Registry aware. License numbers match regardless of separators, and the registry acronym is verified on the document itself — medical boards, bar associations, and regional councils like Brazil's CRM and OAB.

Deterministic outcomes. A name or birth-date mismatch fails the session. A document-number mismatch routes to manual review.

04
API

An API you can read in one sitting.

JSON in, JSON out, HMAC-signed webhooks. Session tokens carry 48 bytes of entropy; origins are enforced per key.

Create a sessionPOST /api/v1/verify { "checks": ["liveness", "doc_verify", "face_match"], "externalRef": "doctor-8451", "expectedFields": { "fullName": "Alex Reed", "documentNumber": "GMC-7048392", "professionalCouncil": "GMC" } }
Webhook payload{ "event": "verification.completed", "overallResult": "APPROVED", "checks": { "faceMatch": { "similarityScore": 0.82 }, "documentVerification": { "fieldComparison": { "fullName": { "match": true, "score": 1.0 } } } } }
05
Security

Built like the regulated platforms it serves.

PII encrypted at rest

Names, birth dates, and document numbers are AES-encrypted in the database and decrypted only for authorized reads.

Automatic data retention

Biometric images and PII are purged on a schedule you control — 90 days by default. Check outcomes are kept for audit.

Signed webhooks with retries

Every delivery carries an HMAC-SHA256 signature so your platform can verify origin. Failed deliveries retry with backoff for up to two hours.

Origin enforcement

API keys pin allowed origins; verification sessions reject submissions from anywhere else.

Full audit trail

Every session, review decision, and admin action is logged with actor and IP for compliance reporting.

Self-hosted

Runs on your own infrastructure. Biometric data never transits a third-party verification vendor.

06
Access

Tell us what you're verifying.

We'll set up an API key, walk through your first integration, and help you pick the right checks for your flow. Replies within one business day.