Identity verification · Liveness / Document / Face / Age
One API call opens a hosted verification flow. Provefy runs the checks, reads the document with AI vision, scores every field against your records, and delivers a signed result to your webhook.
Powering verification for
Enable any combination per API key. Users complete everything in a single hosted page — nothing to embed, nothing to build.
Confirms a real person is present — not a photo, a screen replay, or a mask — from a short camera capture.
AI vision reads passports, driver's licenses, national IDs, and professional licenses — including holographic overlays that defeat traditional OCR. Every field is returned structured.
Compares the live selfie against the photo on the document using a biometric embedding model, tuned for the quality gap between webcams and printed IDs.
Estimates age from the selfie and enforces your minimum. Glasses, hats, and masks are detected first and the user is asked to retake.
Your backend calls POST /api/v1/verify with the checks you want and, optionally, the profile data to verify against. You get back a hosted verification URL.
Send the user the URL — from your app, an email, or WhatsApp. Camera capture, document upload, and retakes are handled, in Portuguese and English.
A signed webhook delivers every check result, the extracted document fields, and field-by-field comparison scores. Delivery retries automatically for up to two hours.
Built for platforms that onboard doctors, lawyers, and other licensed professionals. Pass the profile data when creating a session — Provefy reads the physical credential and scores every field.
Fuzzy name matching. A profile that says "Alex Reed" matches the full "ALEXANDRA JANE REED" on the ID — accents, case, and middle names handled.
Registry aware. License numbers match regardless of separators, and the registry acronym is verified on the document itself — medical boards, bar associations, and regional councils like Brazil's CRM and OAB.
Deterministic outcomes. A name or birth-date mismatch fails the session. A document-number mismatch routes to manual review.
JSON in, JSON out, HMAC-signed webhooks. Session tokens carry 48 bytes of entropy; origins are enforced per key.
Names, birth dates, and document numbers are AES-encrypted in the database and decrypted only for authorized reads.
Biometric images and PII are purged on a schedule you control — 90 days by default. Check outcomes are kept for audit.
Every delivery carries an HMAC-SHA256 signature so your platform can verify origin. Failed deliveries retry with backoff for up to two hours.
API keys pin allowed origins; verification sessions reject submissions from anywhere else.
Every session, review decision, and admin action is logged with actor and IP for compliance reporting.
Runs on your own infrastructure. Biometric data never transits a third-party verification vendor.
We'll set up an API key, walk through your first integration, and help you pick the right checks for your flow. Replies within one business day.