Appearance
Qualified eSignature (QES) Beta
Some countries (such as Germany) enforce stricter standards on user verification. One way to follow such standards is by using a Qualified Electronic Signature (QES). For Germany, this option requires a SEPA transfer into the user's Wallet as an extra validation step.
Treezor relies on a user verification provider for QES services. In this process, you redirect end users to a URL where they follow the verification steps. The identity document uploaded during these steps is digitally signed according to QES standards.
Configuration – Environment configuration by Treezor
Contact Treezor to use the qualified eSignature feature.
Process
- You initiate QES verification for the User:
/v1/users/{userId}/qes - Treezor answers with the QES URL (
identificationURL). - You redirect the User to the
identificationURL - The User follows the step-by-step QES verification process, hence uploading the document.
- Treezor informs you of the documents processing with the QES webhooks.
- Once the
qes.finalizedwebhook returns a successResult, you may request a KYC review:/v1/users/{userId}/Kycreview - Treezor sends you the
user.kycreviewwebhook upon validation or refusal.
Key attributes (webhooks)
QES verification relies on webhooks to provide you with information regarding the process:
qes.created– Received when the user completes the QES verification process.qes.processing– Received when the QES verification process is under review on the verification provider side.qes.aborted– Received when the user abandons the QES process (see Aborted reasons list for more details).qes.finalized– Received when the verification process is done on the verification provider side, either successful or canceled (see Canceled reasons list for more details).
Below some of the key attributes you may find in these webhooks.
| Attribute | Type | Description |
|---|---|---|
result | string | Indicates whether the user was successfully verified on the provider side. Can be:
|
reason | object | Details about the result when necessary. See Reasons list below. |
Reasons
The reason object of the webhook contains a reasonCode and a reasonMessage for you to better understand the result of the QES verification.
Aborted reasons
Here are the reasons you may find for aborted QES.
| Code | Message | Description |
|---|---|---|
3001 | USER_CANCELLATION_DOCUMENT_NOT_ACCEPTED | User's ID document is not accepted for the verification process |
3002 | USER_CANCELLATION_DOCUMENT_EXPIRED | User cannot continue the verification process due to an expired ID document |
3003 | USER_CANCELLATION_UNDERAGE | User is underage and is not allowed to continue the verification process |
3004 | USER_CANCELLATION_CAMERA_ACCESS_DENIED | User does not allow camera permission in the app |
3005 | USER_CANCELLATION_TERMS_DENIED | User does not accept the terms and conditions |
3006 | USER_CANCELLATION_SELFIE_NOT_READY | User is not ready for a selfie |
3007 | USER_CANCELLATION_APP_NOT_SCANNING | User aborts as the app is not scanning the document |
3008 | USER_CANCELLATION_ESIGNING_REJECTED | User does not accept the esigning request |
3009 | USER_CANCELLATION_ESIGNING_NAME_CONFIRMATION_REJECTED | User's name is specified incorrectly (This applies only to the QES/Signing flow) |
3010 | USER_CANCELLATION_INCORRECT_PHONE_NUMBER | User cancels as the phone number is specified incorrectly |
3011 | USER_CANCELLATION_IDENTIFY_LATER | User wants to identify later |
3012 | USER_CANCELLATION_USER_NOT_INTERESTED | User is not interested in performing the identity verification |
3013 | USER_CANCELLATION_APP_NOT_RESPONDING | User aborts because the app is not responding |
3014 | USER_CANCELLATION_PRIVACY_CONCERNS | User aborts due to privacy concerns |
3015 | USER_CANCELLATION_DOCUMENT_NOT_AVAILABLE | User does not have the ID document available and aborts |
3016 | USER_CANCELLATION_OTHER | User aborts the identification process in app for any other unspecified reason |
3017 | APP_CANCELLATION_APPROVAL_PHRASE_RETRY_LIMIT_REACHED | This is used in the QES/esign flow when the app is unable to retrieve the approval phrases from the backend after multiple retries |
3018 | APP_CANCELLATION_APPROVAL_PHRASE_NO_CONTRACT | App encounters a technical error in the Approval Phrases step in QES/esign |
3019 | APP_CANCELLATION_APPROVAL_PHRASE_INSUFFICIENT_DOCUMENT_COUNT | In the Approval Phrases step for QES/esign, the required number of documents to be signed are not received from backend |
3020 | APP_CANCELLATION_OTP_MATCH_LIMIT_REACHED | In the OTP Authentication step, the user has reached the allowed limit for number of OTP entries and cannot try again |
3021 | APP_CANCELLATION_TSP_TECHNICAL_EXCEPTION | App encounters a technical error from the TSP side. If this error state does not resolve after multiple automatic retries, the user cannot proceed further and the ident is aborted with this reason |
Canceled reasons
Here are the reasons you may find for canceled QES.
| Code | Message | Description |
|---|---|---|
3101 | ID_BLURRY | Document is blurry and mandatory data cannot be read due to the blur. |
3102 | ID_GLARE | Document has glare and mandatory data cannot be read due to the glare. |
3103 | ID_DARKNESS | Pictures of the document are dark and it is not possible to read the mandatory data or verify the authenticity of the document. |
3104 | ID_DATA_COVERED | Mandatory data is covered by the user while taking the picture |
3105 | ID_PERSPECTIVE | Document is positioned at such an angle that mandatory data cannot be read or document cannot be verified |
3106 | ID_DATA | Mandatory data cannot be read on the document |
3107 | ID_DATA_OTHER | Any other reason due to which mandatory data cannot be read |
3108 | ID_NOT_SUPPORTED | Document used during the identification is not supported for the customer's use case |
3109 | ID_EXPIRED | Document used during the identification is expired. |
3110 | ID_WRONG_SIDE | Wrong side of the document is scanned during the process. |
3111 | ID_OUTWORN | Document is worn out. Either data cannot be read out or the document cannot be verified. |
3112 | ID_HAS_STICKER | Document has such stickers which are not acceptable and the document used is considered as damaged document. |
3113 | ID_WRITTEN_ON | Document has text written over it which makes the document not readable or not verifiable. If the sticker is legit one and added by the authorities while issuing the document then the document will be acceptable and not cancelled due to this reason. |
3114 | ID_BROKEN | Document used during the identification is broken. |
3115 | ID_DAMAGED | Document used during identification is a damaged document. |
3116 | ID_DAMAGED_OTHER | Any other reason for a damaged document. |
3117 | ID_SECURITY_FEATURE_NOT_VISIBLE_NOT_FRAUD | Security features of the document are not visible because user did not move the document correctly. |
3118 | ID_SECURITY_FEATURE_VIDEO_SHORT | Security feature video is too short to detect if there are holograms in the document. |
3119 | ID_SECURITY_FEATURE_VIDEO_CANNOT_BE_PLAYED | Security feature video cannot be played for the agent to review holograms. |
3120 | ID_SECURITY_FEATURE_OTHER | Any other issues with the security feature video. |
3121 | ID_SECOND_DOCUMENT | If two documents are required for the identification process, the user needs to photograph two different documents (i.e. ID + Driver's license) - If the second required ID document is not available, the ident will be cancelled. |
3122 | ID_SECOND_DOCUMENT_BAD_PHOTO_QUALITY | Photo quality of the additional document in the process is not acceptable. |
3123 | ID_SECOND_DOCUMENT_DAMAGED | Additional document used in the identification process is severely outworn, written or drawn on, ripped or broken. |
3124 | ID_SECOND_DOCUMENT_EXPIRED | Additional document used in the identification process is an expired document. |
3125 | ID_SECOND_DOCUMENT_OTHER | Any other issues with the additional document used in the identification process. |
3126 | ID_NEED_ADDITIONAL_DOCUMENT | Additional document like Driver's License is missing in the identification process but it was required. |
3127 | ID_OTHER | Any other issues with the document used in the identification process. |
3128 | USER_INVOICE_MISSING | Customer needs proof of address from the user as the additional document but user did not provide it in the identification process. |
3129 | USER_OBSCURED | User has covered the face during the face comparison process unintentionally like wearing the face mask. |
3130 | SELFIE_BLURRY | Selfie taken by the user is blurry and cannot be used to compare the face with the identification document. |
3131 | SELFIE_GLARE | Photo of the user on the ID document has glares and selfie cannot be compared with it. |
3132 | SELFIE_DARKNESS | Selfie taken by the user is too dark to compare the face of the person with the photo on the identification document. |
3133 | SELFIE_PERSPECTIVE | Selfie taken by the user is on such an angle that it is not possible to compare it with the photo on the identification document. |
3134 | SELFIE_OTHER | Any other issues with the selfie which restrict ident specialist to compare the selfie of the user with the photo on the identification document. |
3135 | IDENT_CANNOT_BE_COMPLETED | Due to a technical reason, ident specialist cannot finish the identity verification process. |
3136 | IDENT_DISPLAY_ERROR | Due to a technical reason, ident specialist cannot see the data submitted by the user in the identification process. |
3137 | IDENT_OTHER | Any other reason due to which the identification process cannot be completed by the ident specialist. |
3138 | TSP_WRONG_CONFIRMATION_TOKEN | A wrong signing code was entered by the user during the signing step. |
3139 | TSP_SIGNING_FAILED | The signing process failed due to any technical error. |
3140 | TSP_CERTIFICATE_EXPIRED | Signing certificates are valid for an hour. The final signing step took more than an hour from the time of certificate generation. |
3141 | ID_SECURITY_FEATURE_VIDEO_FILE_MISSING | If enabled, the system automatically cancels an ident when the 'Security Features' (Hologram) video is not saved due to any technical error, and is hence missing from the final result (zip) file. |
Fraud suspicion reasons
Important – Don't communicate fraud suspicion to end users
For legal reasons, you mustn't indicate to end users that they are suspected of fraud.
Here are the reasons you may find for fraud suspicions.
| Code | Message | Description |
|---|---|---|
3201 | WARNING_SELFIE_REAL_PERSON | User that performed the identification is a real person but the selfie does not match with the face on the document. |
3202 | WARNING_SELFIE_NO_REAL_PERSON | Selfie taken in the identification person is not of a real person. For example, the selfie taken is a photo of a picture. |
3203 | WARNING_SELFIE_DISGUISED | User intentionally disguised the face by wearing a mask or in some other way. |
3204 | WARNING_MANIPULATED_DATA | Data is manipulated on the Identification document. |
3205 | WARNING_MANIPULATED_PHOTO | Photo of the person is manipulated on the Identification document. |
3206 | WARNING_FAKED_SECURITY_FEATURES | Security features like holograms on the Identification document are not real. |
3207 | WARNING_PAPER_PRINT | The Identification document is not real but a printout taken on a paper. |
3208 | WARNING_DIGITAL_DOCUMENT | Identification document image is taken from a digital screen (from laptop, from mobile or from any other screen). |
3209 | WARNING_FAKED_SPECIMEN | Identification document is a specimen document and not real document. |
3210 | WARNING_USER_UNDERAGE | User is below the age required to access the customer's service. |
3211 | WARNING_DIGITAL_SELFIE | Selfie is taken from a digital screen (from laptop, from mobile or from any other screen). |
3212 | WARNING_MONEY_MULE | User is duped by fraudster to perform identification on fraudster's behalf. |
3213 | WARNING_NAME_COMPARISON | Considerable inconsistency between user's name and document. |
3214 | WARNING_SCAN | Identification document is a facsimile. |
3215 | WARNING_FRAUD_OTHER | Any other type of fraud identified during the verification process by Ident specialist. |
Initiate QES verification
Before initiating the QES verification process, the User must be created with the relevant attributes (as required by Treezor Compliance).
At least the firstname, lastname, email, country, and phone fields of the user must be populated, otherwise, the API call returns an HTTP 428 error.
Parameters
You can optionally override the default URL to which the user will be redirected after the QES verification.
| Attribute | Type | Description |
|---|---|---|
redirectUrl | string | The URL to which the User will be redirected after the QES verification. |
Request
You can use the following request to initiate the QES verification process.
bash
curl -X POST {baseUrl}/v1/users/{userId}/qes \
--header 'Authorization: Bearer {accessToken}' \
--header 'Content-Type: application/json' \
-d '{"redirectUrl": "https://www.my-domain.tld"}'Answers with a 201 HTTP Status Code and returns the identifier of the verification process and the identificationURL. The latter is where the end user is to be redirected to go through the qualified electronic signature process.
json
{
"identification": {
"identificationId": {{identification-id}},
"identificationURL": "https://go.idnow.de/app/treezoramlauto/identifications/{{identification-id}}/identification/routing/start",
}
}Once redirected, end users are guided through the QES verification steps, in which they present a verification document.
End user QES verification
Once redirected, end users are guided through the QES steps.
Click to see the Qualified eSignature steps for your end users (mobile)
After the last step:
- The user is redirected to the
redirectUrlor the URL configured with Treezor. - Treezor sends you a
qes.createdwebhook. - The verification documents are automatically created once the
qes.finalizedwebhook is received.
Download the QES documents
If you're eligible, you may be able to collect some of the uploaded documents whose documentTypeId allows for it.
Configuration – Download is not enabled by default
Please contact Treezor to request access to this feature.
Downloading a document is a 2-step process, in which you:
Request the download URL
To request the download URL, you need the corresponding documentId (available in the document.create webhook for instance).
bash
curl -X GET {baseUrl}/v1/documents/{documentId}/download \
--header 'Authorization: Bearer {accessToken}' \Returns the URL to download the document, with all the necessary query parameters for the next step.
json
{
"url": "{documentDownloadUrl}"
}Download the document
You have 30 seconds to download the document from the moment the presigned URL has been generated in the previous step.
bash
curl -X GET {documentDownloadUrl}The document is returned in its initial format.
Request a KYC Review for the User
Before requesting a KYC review from Treezor, please make sure all the information and documents are properly updated for the user.
You can use the dedicated endpoint:
Alert – Documents must be uploaded for children users too
When there are parent-children hierarchical relationship, in most cases, the KYC Review must only be requested for the parent user. But you may need to upload Documents for the children before that. Please abide by the Treezor Compliance team recommendation for a smooth experience.
Learn more in the KYC Request article.
Endpoints
| Endpoint | Scope |
|---|---|
/v1/users/{userId}/Kycreview Initiate the user KYC review process | read_write |
/v1/users/{userId}/qes Initiate the user QES verification process | read_write |
/v1/documents/{documentId}/download Retrieve a document download URL | read_only |