1 of 100

EN: Oz Knowledge Base

General

Solution Architecture

This article describes Oz components that can be integrated into your infrastructure in various combinations depending on your needs.

Oz API

Oz API is the central component of the system. It provides RESTful application programming interface to the core functionality of Liveness and Face matching analyses, along with many important supplemental features:

Persistence: your media and analyses are stored for future reference unless you explicitly delete them,
Authentication, roles and access management,
Asynchronous analyses,
Ability to work with videos as well as images.

Under the logical hood, Oz API has the following components:

File storage and database where media, analyses, and other data are stored,
The Oz BIO module that runs neural network models to perform facial biometry magic,
Licensing logic.

The front-end components (Oz Liveness Mobile or Web SDK) connect to Oz API to perform server-side analyses either directly or via customer's back end.

iOS and Android SDK

iOS and Android SDK are collectively referred to as Mobile SDKs or Native SDKs. They are written on Swift and Kotlin/Java, respectively, and designed to be integrated into your native mobile application.

Mobile SDKs implement the out-of-the-box customizable user interface for capturing Liveness video and ensure that the two main objectives are met:

The capture process is smooth for users,
The quality of a video is optimal for the subsequent Liveness analysis.

After Liveness video is recorded and available to your mobile application, you can run the server-side analysis. You can use corresponding SDK methods, call the API directly from your mobile application, or pass the media to your backend and interact with Oz API from there.

Web SDK

Web Adapter and Web Plugin together constitute Web SDK.

Web SDK is designed to be integrated into your web applications and have the same main goals as Mobile SDKs:

The capture process is smooth for users,
The quality of a video is optimal for the subsequent Liveness analysis.

Web Adapter needs to be set up on a server side. Web Plugin is called by your web application and works in a browser context. It communicates with Web Adapter, which, in turn, communicates with Oz API.

Web SDK adds the two-layer protection against injection attacks:

Collects information about browser context and camera properties to detect usage of virtual cameras or other injection methods.
Records liveness video in a format that allows server-side neural networks to search for traces of injection attack in the video itself.

Web UI (Web Console)

Web UI is a convenient user interface that allows to explore the stored API data in the easy way. It relies on API authentication and database and does not store any data on its own.

Liveness, Face Matching, Black List Checks

This article describes the main types of analyses that Oz software is able to perform.

Liveness checks whether a person in a media is a real human.
Face Matching examines two or more media to identify similarities between the faces depicted in them.
Black list looks for resemblances between an individual featured in a media and individuals in a pre-existing photo database.

Liveness

The Liveness check is important to protect facial recognition from the two types of attacks.

A presentation attack, also known as a spoofing attack, refers to the attempt of an individual to deceive a facial recognition system by presenting into a camera video, photo, or any other type of media that mimics the appearance of a genuine user. These attacks can include the use of realistic masks or make up.

An injection attack is an attempt to deceive a facial recognition system by replacing physical camera input with a prerecorded image or video, manipulating physical camera output before it becomes input to a facial recognition, or injectiong some malicious code. Virtual camera software is the most common tool for injection attacks.

Oz Liveness is able to detect both types of attacks. Any component can detect presentation attacks, and for injection attack detection, use Oz Liveness SDK. To learn about how to use Oz components to prevent attacks, check our integration quick start guides:

Once the Liveness check is finished, you can check both qualitative and quantitative analysis results.

Results overview

Qualitative results

SUCCESS – everything went fine, the analysis has completed successfully;
DECLINED – the check failed (an attack detected).

If the analysis hasn't been finished yet, the result can be PROCESSING (the analysis is in progress) / FAILED (the analysis failed due to some error and couldn't get finished).

If you have analyzed multiple media, the aggregated status will be SUCCESS only if each analysis on each media has finished with the SUCCESS result.

Quantitative results

100% (1) – an attack is detected, the person in the video is not a real living person,
0% (0) – a person in the video is a real living person.

Liveness check also can return the best shot from a video: a best-quality frame where the face is seen the most properly.

Face Matching

The Biometry algorithm allows comparing several media and check if the people on them are the same person or not. As sources, you can use images, videos, and scans of documents (with photo). To perform the analysis, the algorithm requires at least two media.

Results overview

Qualitative results

SUCCESS – everything went fine, the analysis has completed successfully;
DECLINED – the check failed (faces don't match).

If the analysis hasn't been finished yet, the result can be PROCESSING (the analysis is in progress) / FAILED (the analysis failed due to some error and couldn't get finished).

Quantitative results

After comparison, the algorithm provides numbers that represent the similarity level. The numbers vary from 100 to 0% (1 to 0), where:

100% (1) – faces are similar, media represent the same person,
0% (0) – faces are not similar and belong to different people

There are two scores to consider: the minimum and maximum. If you have analyzed two media, these scores will be equal. For three or more media, the similarity score is calculated for each pair. Once calculated, these scores get aggregated and analysis returns the minimum and maximum similarity scores for the media compared. Typically, the minimum score is enough.

Black List

In Oz API, you can configure one or more black lists, or face collections. These collections are databases of people depicted in photos. When the Black list analysis is being conducted, Oz software compares the face in a photo or video taken with faces of this pre-made database and shows whether a face exists in a collection.

Results overview

Qualitative results

SUCCESS – everything went fine, the analysis has completed successfully;
DECLINED – the check failed (faces match).

If the analysis hasn't been finished yet, the result can be PROCESSING (the analysis is in progress) / FAILED (the analysis failed due to some error and couldn't get finished).

Quantitative results

After comparison, the algorithm provides a score that represents the similarity level. The number varies from 100 to 0% (1 to 0), where:

100% (1) – the person in an image or video matches with someone in the blacklist database,
0% (0) – the person is not found in the blacklist.

Passive and Active Liveness

Describing how passive and active liveness works.

The objective of the Liveness check is to verify the authenticity and physical presence of an individual in front of the camera. In the passive Liveness check, it is sufficient to capture a user's face while they look into the camera. Conversely, the active Liveness check requires the user to perform an action such as smiling, blinking, or turning their head. While passive Liveness is more user-friendly, active Liveness may be necessary in some situations to confirm that the user is aware of undergoing the Liveness check.

In our Mobile or Web SDKs, you can define what action the user is required to do. You can also combine several actions into a sequence. Actions vary in the following dimensions:

User experience,
File size,
Liveness check accuracy,
Suitability for review by a human operator or in court.

In most cases, the Selfie action is optimal, but you can choose other actions based on your specific needs. Here is a summary of available actions:

Passive Liveness

Selfie

A short video, around 0.7 sec. Users are not required to do anything. Recommended for most cases. It offers the best combination of user experience and liveness check accuracy.

One shot

Similar to “Simple selfie” but only one image is chosen instead of the whole video. Recommended when media size is the most important factor. Hard to evaluate for a spoofing by a human, e.g., by an operator or in a court.

Scan

A 5-second video where a user is asked to follow the text looking at it. Recommended when the longer video is required, e.g., for subsequent review by a human operator or in a court.

Active Liveness

Smile
Blink
Tilt head up
Tilt head down
Turn head left
Turn head right

A user is required to complete a particular gesture within 5 seconds.

Use active liveness when you need a confirmation that the user is aware of undergoing a Liveness check.

Video length and file size may vary depending on how soon a user completes a gesture.

Hybrid Liveness

Since Android and iOS 8.0.0, we have introduced the hybrid Liveness analysis mode. It is a combination of the on-device and server-based analyses that sums up the benefits of these two modes. If the on-device analysis is uncertain about the real human presence, the system initiates the server-based analysis, otherwise, no additional analyses are done.

Benefits of the Hybrid Liveness

You need less computational capacity: in the majority of cases there's no need to apply the server-side analyses and fewer requests are being sent back and forth. On Android, only 8-9% of analyses require an additional server check, on iOS, it's 4.5-5.5%.
The accuracy is similar to the one of the server-based analysis: if the on-device analysis result is uncertain, the server analysis is launched. We offer the hybrid analysis as one of the default analysis modes, but you can also implement your own logic of hybrid analysis by combining the server-based and on-device analyses in your code.
Since the 8.3.0 release, you get the analysis result faster, and less data will be transmitted (by up to 10 times): the on-device analysis is enough in the majority of cases so that you don’t need to upload the full video to analyze it on the server, and, therefore, don’t send or receive the additional data. The customer journey gets shorter.

How to Enable Hybrid Liveness

The hybrid analysis has been available in our native (mobile) SDKs since 8.0.0. As we mentioned before, the server-based analysis is launched in the minority of cases, as if the analysis on your device has finished with a certain answer, there’s no need for a second check. This results in less server resources involved.

Oz API Key Concepts

The Oz API is a comprehensive Rest API that enables facial biometrics, allowing for both face matching and liveness checks. This write-up provides an overview of the essential concepts that one should keep in mind while using the Oz API.

Authentication, Roles, and Access Management

To ensure security, every Oz API call requires an access token in its HTTP headers. To obtain this token, execute the POST /api/authorize/auth method with login and password provided by us. Pass this token in X-Forensics-Access-Token header in subsequent Oz API calls.

Persistence

The unit of work in Oz API is a folder: you can upload interrelated media to a folder, run analyses on them, and check for the aggregated result. A folder can contain the unlimited number of media, and each of the media can be a target of several analyses. Also, analyses can be performed on a bunch of media.

Media Types and Tags

Media OZ API works with photos and videos. Video can be either a regular video container, e.g., MP4 or MOV, or a ZIP archive with a sequence of images. Oz API uses the file mime type to define whether media is an image, a video, or a shot set.

It is also important to determine the semantics of a content, e.g., if an image is a photo of a document or a selfie of a person. This is achieved by using tags. The selection of tags impacts whether specific types of analyses will recognize or ignore particular media files. The most important tags are:

photo_id_front – for the front side of a photo ID
photo_selfie – for a non-document reference photo
video_selfie_blank – for a liveness video recorded beyond Oz Liveness SDK
if a media file is captured using the Oz Liveness SDK, the tags are assigned automatically.

Asynchronous analyses

Oz API vs. Oz API Lite

Liveness and Face Matching can also be provided by the Oz API Lite module. Oz API Lite is conceptually different from Oz API.

Fully stateless, no persistence,
Extremely easy to scale horizontally,
No built-in authentication and access management,
Works with single images, not videos.

Oz API Lite is suitable when you want to embed it into your product and/or have extremely high performance requirements (millions checks per week).

SaaS, On-premise, On-device: What to Choose

We offer different usage models for the Oz software to meet your specific needs. You can either utilize the software as a service from one of our cloud instances or integrate it into your existing infrastructure. Regardless of the usage model you choose, all Oz modules will function equally. It’s only up to you what to pick, depending on your needs.

When to Choose SaaS

With the SaaS model, you can access one of our clouds without having to install our software in your own infrastructure.

Choose SaaS when you want:

Faster start as you don’t need to procure or allocate hardware within your company and set up a new instance.
Zero infrastructure cost as server components are located in Oz cloud.
Lower maintenance cost as Oz maintains and upgrades server components.
No cross-border data transfer for the regions where Oz has cloud instances.

When to Choose On-Premise

The on-premise model implies that all the Oz components required are installed within your infrastructure. Choose on-premise for:

Your data not leaving your infrastructure.
Full and detailed control over the configuration.

When to Choose On-Device

We also provide an opportunity of using the on-device Liveness and Face matching. This model is available in Mobile SDKs.

Consider the on-device option when:

You can’t transmit facial images to any server due to privacy concerns
The network conditions whereon you plan using Oz products are extremely poor.

The choice is yours to make, but we're always available to provide assistance.

Oz Licensing Options

For commercial use of Oz Forensics products, a license is required. The license is time-limited and defines the software access parameters based on the terms of your agreement.

Once you initialize mobile SDK, run Web Plugin, or use Oz Bio, the system checks if your license is valid. The check runs in the background and has minimal impact on the user experience.

As you can see on the scheme above, the license is required for:

Mobile SDKs for iOS and Android,
Web SDK, which consists of Web Adapter and Web Plugin,

For each of the components, you require a separate license which is bound to this component. Thus, if you use all three components, three licenses are required.

Native SDKs (iOS and Android)

To issue a license for mobile SDK, we require your bundle (application) ID. There are two types of licenses for iOS and Android SDKs: online and offline. Any license type can be applied to any analysis mode: on-device, server-based, or hybrid.

Online License

As its name suggests, an online license requires a stable connection. Once you initialize our SDK with this license, it connects to our license server and retrieves information about license parameters, including counters of transactions or devices, where:

Transaction: increments each time you start a video capture.
Device: increments when our SDK is installed on a new device.

The online license can be transaction-limited, device-limited, or both, according to your agreement.

The main advantages of the online license are:

You don’t need to update your application after the license renewal,
And if you want to add a new bundle ID to the incense, there’s also no need to re-issue it. Everything is done on the fly.

The data exchange for the online license is quick, ensuring your users won't experience almost any delay compared to using the offline license.

Please note that even though on-device analyses don’t need the Internet themselves, you still require a connection for license verification.

Online license is the default option for Mobile SDKs. If you require the offline license, please inform your manager.

Offline License

Offline license is a type of license that can work without Internet. All license parameters are set in the license file, and you just need to add the file to your project. This license type doesn’t have any restrictions on transactions or devices.

The main benefit of the offline license is its autonomy, allowing it to function without a network connection. However, when your license expires, and you add a new one, you’ll require to release a new version of your application in Google Play and App Store. Otherwise, the SDK won’t function.

How to add a license to mobile SDK:

Web SDK

Web SDK license is almost similar to the mobile SDK offline license. It can function without network connection, and the license file contains all the necessary parameters, such as expiration date. Web SDK license also has no restrictions on transactions or devices.

The difference between Mobile SDK offline license and Web SDK license is that you don’t need to release a new application version when Web SDK license is renewed.

On-Premise (Oz BIO or Server License)

Trial

Once you're ready to move to commercial use, a new production license will be issued. We’ll provide you with new production credentials and assist you with integration and configuration. Our engineers are always available to help.

Our software offers flexible licensing options to meet your specific needs. Whether you prioritize seamless updates or prefer autonomous operation, we have a solution tailored for you. If you have any questions, please contact us.

Integration Quick Start Guides

This section contains the most common cases of integrating the Oz Forensics Liveness and face Biometry system.

The scenarios can be combined together, for example, integrating liveness into both web and mobile applications or integrating liveness with face matching.

Server-Based Liveness:

On-Device Liveness

Face Matching

Server-Based Liveness

In this section, we listed the guides for the server-based liveness check integrations.

How to Integrate Server-Based Liveness into Your Web Application

This guide outlines the steps for integrating the Oz Liveness Web SDK into a customer web application for capturing facial videos and subsequently analyzing them on a server.

The SDK implements the ready-to-use face capture user interface that is essential for seamless customer experience and accurate liveness results. Under the hood, it communicates with Oz API.

Oz Liveness Web SDK detects both presentation and injection attacks. An injection attack is an attempt to feed pre-recorded video into the system using a virtual camera.

Finally, while the cloud-based service provides the fully-fledged functionality, we also offer an on-premise version with the same functions but no need for sending any data to our cloud. We recommend starting with the SaaS mode and then reconnecting your web app to the on-premise Web Adapter and Oz API to ensure seamless integration between your front end and back end. With these guidelines in mind, integrating the Oz Liveness Web SDK into your web application can be a simple and straightforward process.

1. Get your Web Adapter

Tell us domain names of the pages from which you are going to call Web SDK and email for admin access, e.g.:

Domain names from which WebSDK will be called:

www.yourbrand.com
www.yourbrand2.com

Email for admin access:

j.doe@yourcompany.com

Password: …

API: https://sandbox.ohio.ozforensics.com/

Web Console: https://sandbox.ohio.ozforensics.com

Web Adapter: https://web-sdk.cdn.sandbox.ozforensics.com/your_company_name/

2. Add Web Plugin to your web pages

Add the following tags to your HTML code. Use Web Adapter URL received before:

<script src="https:///plugin_liveness.php"></script>

3. Implement your logic around Web Plugin

Add the code that opens the plugin and handles the results:

OzLiveness.open({
  lang: 'en',
  action: [
    // 'photo_id_front', // request photo ID picture
    'video_selfie_blank' // request passive liveness video
  ],
  on_complete: function (result) {
    // This callback is invoked when the analysis is complete
    console.log('on_complete', result);
  }
});

Customizing plugin look-and-feel
Adding custom language pack
Tuning plugin behavior
Plugin parameters and callbacks
Security recommendations

For Angular and React, replace https://web-sdk.sandbox.ohio.ozforensics.com in index.html.

How to Integrate Server-Based Liveness into Your Mobile Application

This guide outlines the steps for integrating the Oz Liveness Mobile SDK into a customer mobile application for capturing facial videos and subsequently analyzing them on the server.

The SDK implements a ready-to-use face capture user interface that is essential for seamless customer experience and accurate liveness results. The SDK methods for liveness analysis communicate with Oz API under the hood.

Password: …

API: https://sandbox.ohio.ozforensics.com

Web Console: https://sandbox.ohio.ozforensics.com

We also recommend that you use our logging service called telemetry, as it helps a lot in investigating attacks' details. For Oz API users, the service is enabled by default. For on-premise installations, we'll provide you with credentials.

Android

1. Add SDK to your project

In the build.gradle of your project, add:

allprojects {
    repositories {
        maven { url "https://ozforensics.jfrog.io/artifactory/main" }
    }
}

In the build.gradle of the module, add:

dependencies {
    implementation 'com.ozforensics.liveness:full:<version>'
    // You can find the version needed in the Android changelog
}

2. Initialize SDK

Rename the license file to forensics.license and place it into the project's res/raw folder.

OzLivenessSDK.init(
    context,
    listOf(LicenseSource.LicenseAssetId(R.raw.forensics))
)

OzLivenessSDK.INSTANCE.init(
        context,
        Collections.singletonList(new LicenseSource.LicenseAssetId(R.raw.forensics)),
        null
);

3. Connect SDK to Oz API

Use API credentials (login, password, and API URL) that you’ve got from us.

OzLivenessSDK.setApiConnection(
    OzConnection.fromCredentials(host, username, password),
    statusListener(
        { token -> /* token */ },
        { ex -> /* error */ }
    )
)

OzLivenessSDK.INSTANCE.setApiConnection(
        OzConnection.Companion.fromCredentials(host, username, password),
        new StatusListener<String>() {
            @Override
            public void onStatusChanged(@Nullable String s) {}
            @Override
            public void onSuccess(String token) { /* token */ }
            @Override
            public void onError(@NonNull OzException e) { /* error */ }
        }
);

OzLivenessSDK.setApiConnection(OzConnection.fromServiceToken(host, token))

OzLivenessSDK.INSTANCE.setApiConnection(
        OzConnection.Companion.fromServiceToken(host, token), 
        null
);

4. Add face recording

To start recording, use startActivityForResult:

val OZ_LIVENESS_REQUEST_CODE = 1
val intent = OzLivenessSDK.createStartIntent(listOf( OzAction.Blank)) startActivityForResult(intent, OZ_LIVENESS_REQUEST_CODE)

int OZ_LIVENESS_REQUEST_CODE = 1;
Intent intent = OzLivenessSDK.INSTANCE.createStartIntent(Collections.singletonList(OzAction.Blank));
startActivityForResult(intent, OZ_LIVENESS_REQUEST_CODE);

To obtain the captured video, use onActivityResult:

override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
    super.onActivityResult(requestCode, resultCode, data)
        if (requestCode == OZ_LIVENESS_REQUEST_CODE) {
            val sdkMediaResult = OzLivenessSDK.getResultFromIntent(data)
            val sdkErrorString = OzLivenessSDK.getErrorFromIntent(data)
            if (!sdkMediaResult.isNullOrEmpty()) {
                analyzeMedia(sdkMediaResult)
            } else println(sdkErrorString)
        }
    }

protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    if (requestCode == OZ_LIVENESS_REQUEST_CODE) {
        List<OzAbstractMedia> sdkMediaResult = OzLivenessSDK.INSTANCE.getResultFromIntent(data);
        String sdkErrorString = OzLivenessSDK.INSTANCE.getErrorFromIntent(data);
        if (sdkMediaResult != null && !sdkMediaResult.isEmpty()) {
            analyzeMedia(sdkMediaResult);
        } else System.out.println(sdkErrorString);
    }
}

The sdkMediaResult object contains the captured videos.

5. Run analyses

To run the analyses, execute the code below. Mind that mediaList is an array of objects that were captured (sdkMediaResult) or otherwise created (media you captured on your own).

private fun analyzeMedia(mediaList: List<OzAbstractMedia>) {
    AnalysisRequest.Builder()
        .addAnalysis(Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaList))
        .build()
        .run(object : AnalysisRequest.AnalysisListener {
            override fun onSuccess(result: List<OzAnalysisResult>) {
                result.forEach { 
                    println(it.resolution.name)
                    println(it.folderId)
                }
            }
            override fun onError(error: OzException) {
                error.printStackTrace()
            }
        })
}

private void analyzeMedia(List<OzAbstractMedia> mediaList) {
    new AnalysisRequest.Builder()
            .addAnalysis(new Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaList, Collections.emptyMap()))
            .build()
            .run(new AnalysisRequest.AnalysisListener() {
                @Override public void onStatusChange(@NonNull AnalysisRequest.AnalysisStatus analysisStatus) {}
                @Override
                public void onSuccess(@NonNull List<OzAnalysisResult> list) {
                    for (OzAnalysisResult result: list) {
                        System.out.println(result.getResolution().name());
                        System.out.println(result.getFolderId());
                    }
                }
                @Override
                public void onError(@NonNull OzException e) { e.printStackTrace(); }
    });
}

iOS

1. Add our SDK to your project

pod 'OZLivenessSDK', :git => 'https://gitlab.com/oz-forensics/oz-liveness-ios', :tag => '<version>' // You can find the version needed in  iOS changelog

2. Initialize SDK

Rename the license file to forensics.license and put it into the project.

OZSDK(licenseSources: [.licenseFileName("forensics.license")]) { licenseData, error in
    if let error = error {
        print(error.errorDescription)
    }
}

3. Connect SDK to Oz API

Use API credentials (login, password, and API URL) that you’ve got from us.

OZSDK.setApiConnection(Connection.fromCredentials(host: “https://sandbox.ohio.ozforensics.com”, login: login, password: p)) { (token, error) in
    // Your code to handle error or token
}

OZSDK.setApiConnection(Connection.fromServiceToken(host: "https://sandbox.ohio.ozforensics.com", token: token)) { (token, error) in
}

4. Add face recording

Create a controller that will capture videos as follows:

let actions: [OZVerificationMovement] = [.selfie]
let ozLivenessVC: UIViewController = OZSDK.createVerificationVCWithDelegate(delegate, actions: actions) 
self.present(ozLivenessVC, animated: true)

The delegate object must implement OZLivenessDelegate protocol:

let actions: [OZVerificationMovement] = [.selfie]
let ozLivenessVC: UIViewController = OZSDK.createVerificationVCWithDelegate(delegate, actions: actions) 
self.present(ozLivenessVC, animated: true)

5. Run analyses

Use AnalysisRequestBuilder to initiate the Liveness analysis. The communication with Oz API is under the hood of the run method.

let analysisRequest = AnalysisRequestBuilder()
let analysis = Analysis.init(
media: mediaToAnalyze, 
type: .quality, 
mode: .serverBased)
analysisRequest.uploadMedia(mediaToAnalyze)
analysisRequest.addAnalysis(analysis)
analysisRequest.run(
scenarioStateHandler: { state in }, // scenario steps progress handler
uploadProgressHandler: { (progress) in } // file upload progress handler 
) { (analysisResults : [OzAnalysisResult], error) in 
    // receive and handle analyses results here 
    for result in analysisResults {
        print(result.resolution)
        print(result.folderID)
    }
}

With these steps, you are done with basic integration of Mobile SDKs. You will be able to access recorded media and analysis results in Web Console via browser or programmatically via API.

In developer guides, you can also find instructions for customizing the SDK look-and-feel and access the full list of our Mobile SDK methods. Check out the table below:

How to Check Your Media for Liveness without Oz Front End

Oz API is a rich Rest API for facial biometry, where you can do liveness checks and face matching. Oz API features are:

Persistence: your media and analysis are stored for future reference unless you explicitly delete it,
Ability to work with videos as well as images,
Asynchronous analyses,
Authentication,
Roles and access management.

The unit of work in Oz API is a folder: you can upload interrelated media to a folder, run analyses on them, and check for the aggregated result.

This step-by-step guide describes how to perform a liveness check on a facial image or video that you already have with Oz backend: create a folder, upload your media to this folder, initiate liveness check and poll for the results.

For better accuracy and user experience, we recommend that you use our Web and/or Native SDK on your front end for face capturing. Please refer to the relevant guides:

1. Get the access token

For security reasons, we recommend obtaining the access token instead of using the credentials. Call POST /api/authorize/auth with your login and password in the request body.

Obtain access_token from the response and add it to the X-Forensic-Access-Token of all subsequence requests.

2. Convert a single image to an archive (for API 4.0.8 and below)

Omit this step for API 5.0.0 and above.

With API 4.0.8 and below, Oz API requires video or archived sequence of images in order to perform liveness check. If you want to analyze a single image, you need to transform it into a ZIP archive. Oz API will treat this archive as a video.

Make sure that you use corresponding video-related tags later on.

3. Upload media to a folder

To create a folder and upload your media into it, call POST /api/folders/, adding the media you need to the body part of the request.

In the payload field, set the appropriate tags:

The successful response will return code 201 and folder_id you’ll need later on.

4. Initiate the analysis

The results will be available in a short while. The method will return analysis_id that you’ll need at the next step.

5. Poll for the results

Repeat calling GET /api/analyses/{{analysis_id}} with the analysis_id from the previous step once a second until the state changes from PROCESSING to something else. For a finished analysis:

get the qualitative result from resolution (SUCCESS or DECLINED).
get the quantitative results from results_media[0].results_data.confidence_spoofing. confidence_spoofing ranges from 0.0 (real person) to 1.0 (spoofing).

Here is the Postman collection for this guide.

With these steps completed, you are done with Liveness check via Oz API. You will be able to access your media and analysis results in Web UI via browser or programmatically via API.

On-Device Liveness

In this section, there's a guide for the integration of the on-device liveness check.

How to Integrate On-Device Liveness into Your Mobile Application

This guide outlines the steps for integrating the Oz Liveness Mobile SDK into a customer mobile application for capturing facial videos and performing on-device liveness checks without sending any data to a server.

The SDK implements the ready-to-use face capture user interface that is essential for seamless customer experience and accurate liveness results.

Android

1. Add SDK to your project

In the build.gradle of your project, add:

In the build.gradle of the module, add:

2. Initialize SDK

Rename the license file to forensics.license and place it into the project's res/raw folder.

3. Add face recording

To start recording, use startActivityForResult:

To obtain the captured video, use onActivityResult:

The sdkMediaResult object contains the captured videos.

4. Run analyses

To run the analyses, execute the code below. Mind that mediaList is an array of objects that were captured (sdkMediaResult) or otherwise created (media you captured on your own).

iOS

1. Add our SDK to your project

2. Initialize SDK

Rename the license file to forensics.license and put it into the project.

3. Add face recording

Create a controller that will capture videos as follows:

The delegate object must implement OZLivenessDelegate protocol:

4. Run analyses

Use AnalysisRequestBuilder to initiate the Liveness analysis.

With these steps, you are done with basic integration of Mobile SDKs. The data from the on-device analysis is not transferred anywhere, so please bear in mind you cannot access it via API or Web console. However, the internet is still required to check the license. Additionally, we recommend that you use our logging service called telemetry, as it helps a lot in investigating attacks' details. We'll provide you with credentials.

Face Matching

In this section, we listed the guides for the face matching checks.

How to Add Face Matching of Liveness Video with a Reference Photo From Your Database

This guide describes how to match a liveness video with a reference photo of a person that is already stored in your database.

By this time you should have already implemented liveness video recording and liveness check. If not, please refer to these guides:

In this scenario, you upload your reference image to the same folder where you have a liveness video, initiate the BIOMETRY analysis, and poll for the results.

1. Get `folder_id`

Given that you already have the liveness video recorded and uploaded, you will be working with the same Oz API folder where your liveness video is. Obtain the folder ID as described below, and pass it to your back end.

For a video recorded by Android or iOS SDK, retrieve the folder_id from the analysis’ results as shown below:

Android:

AnalysisRequest.Builder()
        ...
        .run(object : AnalysisRequest.AnalysisListener {
            override fun onSuccess(result: List<OzAnalysisResult>) {
                // save folder_id that is needed for the next step
                val folderId = result.firstOrNull()?.folderId
            }
            ...
        })

private void analyzeMedia(List<OzAbstractMedia> mediaList) {
    new AnalysisRequest.Builder()
            ...
            .run(new AnalysisRequest.AnalysisListener() {
                @Override public void onStatusChange(@NonNull AnalysisRequest.AnalysisStatus analysisStatus) {}
                @Override
                public void onSuccess(@NonNull List<OzAnalysisResult> list) {
                    String folderId = list.get(0).getFolderId();
                    }
                }
                ...
    });
}

iOS:

analysisRequest.run(
scenarioStateHandler: { state in }, 
uploadProgressHandler: { (progress) in }  
)   { (analysisResults : [OzAnalysisResult], error) in 
        // save folder_id that is needed for the next step
        let folderID = analysisResults.first?.folderID
    }
}

2. Upload your reference photo

Set the appropriate tags in the payload field of the request, depending on the nature of a reference photo that you have.

{
  "media:tags": { 
    "photo1": [
        "photo_id", "photo_id_front" // for the front side of an ID
        // OR
        "photo_selfie" // for a non-ID photo
    ]
  }
}

3. Initiate the analysis

{
    "analyses": [
        {
            "type": "biometry"
        }
    ]
}

4. Poll for the results

get the qualitative result from resolution (SUCCESS or DECLINED).
get the quantitative results from analyses.results_data.min_confidence

Here is the Postman collection for this guide.

With these steps completed, you are done with adding face matching via Oz API. You will be able to access your media and analysis results in Web UI via browser or programmatically via API.

How to Add Photo ID Capture and Face Matching to Your Web or Mobile Application

Please note that the Oz Liveness Mobile SDK does not include a user interface for scanning official documents. You may need to explore alternative SDKs that offer that functionality or implement it on your own. Web SDK does include a simple photo ID capture screen.

This guide describes the steps needed to add face matching to your liveness check.

By this time you should have already implemented liveness video recording and liveness check. If not, please refer to these guides:

Adding Photo ID Capture Step to Web SDK

Simply add photo_id_front to the list of actions for the plugin, e.g.,

OzLiveness.open({
  lang: 'en',
  action: [
    'photo_id_front', 
    'video_selfie_blank'
  ],
  ...
});

Adding Face Matching to Android SDK

For the purpose of this guide, it is assumed that your reference photo (e.g., front side of an ID) is stored on the device as reference.jpg.

Modify the code that runs the analysis as follows:

private fun analyzeMedia(mediaList: List<OzAbstractMedia>) {

    val refFile = File(context.filesDir, "reference.jpg")
    val refMedia = OzAbstractMedia.OzDocumentPhoto(
        OzMediaTag.PhotoIdFront , // OzMediaTag.PhotoSelfie for a non-ID photo
        refFile.absolutePath
    )

    AnalysisRequest.Builder()
        .addAnalysis(Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaList))
        .addAnalysis(Analysis(Analysis.Type.BIOMETRY, Analysis.Mode.SERVER_BASED, mediaList + refMedia))
        .build()
        .run(object : AnalysisRequest.AnalysisListener {
            override fun onSuccess(result: List<OzAnalysisResult>) {
                result.forEach { 
                    println(it.resolution.name)
                    println(it.folderId)
                }
            }
            override fun onError(error: OzException) {
                error.printStackTrace()
            }
        })
}

private void analyzeMedia(List<OzAbstractMedia> mediaList) {
    File refFile = new File(context.getFilesDir(), "reference.jpg");
    OzAbstractMedia refMedia = new OzAbstractMedia.OzDocumentPhoto(
            OzMediaTag.PhotoIdFront , // OzMediaTag.PhotoSelfie for a non-ID photo
            refFile.getAbsolutePath()
    );
    ArrayList<OzAbstractMedia> mediaWithReferencePhoto = new ArrayList<>(mediaList);
    mediaWithReferencePhoto.add(refMedia);
    new AnalysisRequest.Builder()
            .addAnalysis(new Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaList, Collections.emptyMap()))
            .addAnalysis(new Analysis(Analysis.Type.BIOMETRY, Analysis.Mode.SERVER_BASED, mediaWithReferencePhoto, Collections.emptyMap()))
            .build()
            .run(new AnalysisRequest.AnalysisListener() {
                @Override public void onStatusChange(@NonNull AnalysisRequest.AnalysisStatus analysisStatus) {}
                @Override
                public void onSuccess(@NonNull List<OzAnalysisResult> list) {
                    String folderId = list.get(0).getFolderId();
                }
                @Override
                public void onError(@NonNull OzException e) { e.printStackTrace(); }
    });
}

For on-device analyses, you can change the analysis mode from Analysis.Mode.SERVER_BASED to Analysis.Mode.ON_DEVICE

Adding Face Matching to iOS SDK

For the purpose of this guide, it is assumed that your reference photo (e.g., front side of an ID) is stored on the device as reference.jpg.

Modify the code that runs the analysis as follows:

let imageURL = URL(fileURLWithPath: NSTemporaryDirectory())
    .appendingPathComponent("reference.jpg")

let refMedia = OZMedia.init(movement: .selfie,
                   mediaType: .movement,
                   metaData: nil,
                   videoURL: nil,
                   bestShotURL: imageUrl,
                   preferredMediaURL: nil,
                   timestamp: Date())
   
var mediaBiometry = [OZMedia]()
mediaBiometry.append(refMedia)
mediaBiometry.append(contentsOf: mediaToAnalyze)
let analysisRequest = AnalysisRequestBuilder()
let analysisBiometry = Analysis.init(media: mediaBiometry, type: .biometry, mode: .serverBased)
let analysisQuality = Analysis.init(media: mediaToAnalyze, type: .quality, mode: .serverBased)
analysisRequest.addAnalysis(analysisBiometry)
analysisRequest.addAnalysis(analysisQuality)
analysisRequest.uploadMedia(mediaBiometry)
analysisRequest.run(
    scenarioStateHandler: { state in }, // scenario steps progress handler
    uploadProgressHandler: { (progress) in } // file upload progress handler
) { (analysisResults : [OzAnalysisResult], error) in
    // receive and handle analyses results here
    for result in analysisResults {
        print(result.resolution)
        print(result.folderID)
    }
}

For on-device analyses, you can change the analysis mode from mode: .serverBased to mode: .onDevice

Final notes for all SDKs

You will be able to access your media and analysis results in Web UI via browser or programmatically via API.

Guides

Developer Guide

In this section, you will find the description of both API and SDK components of Oz Forensics Liveness and face biometric system. API is the backend component of the system, it is needed for all the system modules to interact with each other. SDK is the frontend component that is used to:

1) take videos or images which are then processed via API,

2) display results.

We provide two versions of API.

With full version, we provide you with all functionality of Oz API.

The Lite version is a simple and lightweight version with only the necessary functions included.

The SDK component consists of web SDK and mobile SDK.

Web SDK is a plugin that you can embed into your website page and the adapter for this plugin.

Mobile SDK is SDK for iOS and Android.

API

Working with Oz System: Basic Scenarios

In this section, you'll learn how to perform analyses and where to get the numeric results.

Liveness is checking that a person on a video is a real living person.

Biometry compares two or more faces from different media files and shows whether the faces belong to the same person or not.

Best shot is an addition to the Liveness check. The system chooses the best frame from a video and saves it as a picture for later use.

Blacklist checks whether a face on a photo or a video matches with one of the faces in the pre-created database.

The Quantitative Results section explains where and how to find the numeric results of analyses.

In API 6.0, we've implemented new analysis modes:

Authentication

Getting an Access Token

To get an access token, call POST /api/authorize/auth/ with credentials (which you've got from us) containing the email and password needed in the request body. The host address should be the API address (the one you've also got from us).

The successful response will return a pair of tokens:access_token and expire_token.

access_token is a key that grants you access to system resources. To access a resource, you need to add your access_token to the header.

headers = {‘ X-Forensic-Access-Token’: <access_token>}

access_token is time-limited, the limits depend on the account type.

service accounts – OZ_SESSION_LONGLIVE_TTL (5 years by default),
other accounts – OZ_SESSION_TTL (15 minutes by default).

expire_token is the token you can use to renew your access token if necessary.

Automatic session extension

If the value ofexpire_date > current date, the value of current sessionexpire_date is set to current date + time period that is defined as shown above (depending on the account type).

Token Renewal

To renewaccess_token and expire_token, call POST /api/authorize/refresh/. Add expire_token to the request body and X-Forensic-Access-Token to the header.

In case of success, you'll receive a new pair of access_token and expire_token. The "old" pair will be deleted upon the first authentication with the renewed tokens.

Errors

Uploading Media

To create a folder and upload media to it, call POST /api/folders/

To add files to the existing folder, call POST /api/folders/{{folder_id}}/media/

Add the files to the request body; tags should be specified in the payload.

Here's the example of the payload for a passive Liveness video and ID front side photo.

An example of usage (Postman):

The successful response will return the folder data.

Best Shot

Please note: historically, some instances are configured to allow Best Shot only for certain gestures.

Processing steps

3. The URL to the best shot is located in the results_media -> output_images -> original_url response.

SDK

Administrator Guide

How to Integrate Server-Based Liveness into Your Mobile Application

This guide outlines the steps for integrating the Oz Liveness Mobile SDK into a customer mobile application for capturing facial videos and subsequently analyzing them on the server.

Before you begin, make sure you have Oz API credentials. When using SaaS API, you get them :

Password: …

API: https://sandbox.ohio.ozforensics.com

Web Console: https://sandbox.ohio.ozforensics.com

For the on-premise Oz API, you need to create a user yourself or ask your team that manages the API. See the . Consider the proper user role (CLIENT in most cases or CLIENT ADMIN, if you are going to make SDK work with the pre-created folders from other API users). In the end, you need to obtain a similar set of credentials as you would get for the SaaS scenario.

Oz Liveness Mobile SDK requires a license. License is bound to the bundle_id of your application, e.g., com.yourcompany.yourapp. Issue the 1-month trial license or for a long-term license.

Android

1. Add SDK to your project

In the build.gradle of your project, add:

allprojects {
    repositories {
        maven { url "https://ozforensics.jfrog.io/artifactory/main" }
    }
}

In the build.gradle of the module, add:

dependencies {
    implementation 'com.ozforensics.liveness:full:<version>'
    // You can find the version needed in the Android changelog
}

2. Initialize SDK

Rename the license file to forensics.license and place it into the project's res/raw folder.

OzLivenessSDK.init(
    context,
    listOf(LicenseSource.LicenseAssetId(R.raw.forensics))
)

OzLivenessSDK.INSTANCE.init(
        context,
        Collections.singletonList(new LicenseSource.LicenseAssetId(R.raw.forensics)),
        null
);

3. Connect SDK to Oz API

Use API credentials (login, password, and API URL) that you’ve got from us.

OzLivenessSDK.setApiConnection(
    OzConnection.fromCredentials(host, username, password),
    statusListener(
        { token -> /* token */ },
        { ex -> /* error */ }
    )
)

OzLivenessSDK.INSTANCE.setApiConnection(
        OzConnection.Companion.fromCredentials(host, username, password),
        new StatusListener<String>() {
            @Override
            public void onStatusChanged(@Nullable String s) {}
            @Override
            public void onSuccess(String token) { /* token */ }
            @Override
            public void onError(@NonNull OzException e) { /* error */ }
        }
);

In production, instead of hard-coding login and password in the application, it is recommended to get access token on your backend with API method then pass it to your application:

OzLivenessSDK.setApiConnection(OzConnection.fromServiceToken(host, token))

OzLivenessSDK.INSTANCE.setApiConnection(
        OzConnection.Companion.fromServiceToken(host, token), 
        null
);

4. Add face recording

To start recording, use startActivityForResult:

val OZ_LIVENESS_REQUEST_CODE = 1
val intent = OzLivenessSDK.createStartIntent(listOf( OzAction.Blank)) startActivityForResult(intent, OZ_LIVENESS_REQUEST_CODE)

int OZ_LIVENESS_REQUEST_CODE = 1;
Intent intent = OzLivenessSDK.INSTANCE.createStartIntent(Collections.singletonList(OzAction.Blank));
startActivityForResult(intent, OZ_LIVENESS_REQUEST_CODE);

To obtain the captured video, use onActivityResult:

override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
    super.onActivityResult(requestCode, resultCode, data)
        if (requestCode == OZ_LIVENESS_REQUEST_CODE) {
            val sdkMediaResult = OzLivenessSDK.getResultFromIntent(data)
            val sdkErrorString = OzLivenessSDK.getErrorFromIntent(data)
            if (!sdkMediaResult.isNullOrEmpty()) {
                analyzeMedia(sdkMediaResult)
            } else println(sdkErrorString)
        }
    }

protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    if (requestCode == OZ_LIVENESS_REQUEST_CODE) {
        List<OzAbstractMedia> sdkMediaResult = OzLivenessSDK.INSTANCE.getResultFromIntent(data);
        String sdkErrorString = OzLivenessSDK.INSTANCE.getErrorFromIntent(data);
        if (sdkMediaResult != null && !sdkMediaResult.isEmpty()) {
            analyzeMedia(sdkMediaResult);
        } else System.out.println(sdkErrorString);
    }
}

The sdkMediaResult object contains the captured videos.

5. Run analyses

To run the analyses, execute the code below. Mind that mediaList is an array of objects that were captured (sdkMediaResult) or otherwise created (media you captured on your own).

private fun analyzeMedia(mediaList: List<OzAbstractMedia>) {
    AnalysisRequest.Builder()
        .addAnalysis(Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaList))
        .build()
        .run(object : AnalysisRequest.AnalysisListener {
            override fun onSuccess(result: List<OzAnalysisResult>) {
                result.forEach { 
                    println(it.resolution.name)
                    println(it.folderId)
                }
            }
            override fun onError(error: OzException) {
                error.printStackTrace()
            }
        })
}

private void analyzeMedia(List<OzAbstractMedia> mediaList) {
    new AnalysisRequest.Builder()
            .addAnalysis(new Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaList, Collections.emptyMap()))
            .build()
            .run(new AnalysisRequest.AnalysisListener() {
                @Override public void onStatusChange(@NonNull AnalysisRequest.AnalysisStatus analysisStatus) {}
                @Override
                public void onSuccess(@NonNull List<OzAnalysisResult> list) {
                    for (OzAnalysisResult result: list) {
                        System.out.println(result.getResolution().name());
                        System.out.println(result.getFolderId());
                    }
                }
                @Override
                public void onError(@NonNull OzException e) { e.printStackTrace(); }
    });
}

iOS

1. Add our SDK to your project

Install OZLivenessSDK via . To integrate OZLivenessSDK into an Xcode project, add to Podfile:

pod 'OZLivenessSDK', :git => 'https://gitlab.com/oz-forensics/oz-liveness-ios', :tag => '<version>' // You can find the version needed in  iOS changelog

2. Initialize SDK

Rename the license file to forensics.license and put it into the project.

OZSDK(licenseSources: [.licenseFileName("forensics.license")]) { licenseData, error in
    if let error = error {
        print(error.errorDescription)
    }
}

3. Connect SDK to Oz API

Use API credentials (login, password, and API URL) that you’ve got from us.

OZSDK.setApiConnection(Connection.fromCredentials(host: “https://sandbox.ohio.ozforensics.com”, login: login, password: p)) { (token, error) in
    // Your code to handle error or token
}

In production, instead of hard-coding the login and password in the application, it is recommended to get an access token on your back end using the API method, then pass it to your application:

OZSDK.setApiConnection(Connection.fromServiceToken(host: "https://sandbox.ohio.ozforensics.com", token: token)) { (token, error) in
}

4. Add face recording

Create a controller that will capture videos as follows:

let actions: [OZVerificationMovement] = [.selfie]
let ozLivenessVC: UIViewController = OZSDK.createVerificationVCWithDelegate(delegate, actions: actions) 
self.present(ozLivenessVC, animated: true)

The delegate object must implement OZLivenessDelegate protocol:

let actions: [OZVerificationMovement] = [.selfie]
let ozLivenessVC: UIViewController = OZSDK.createVerificationVCWithDelegate(delegate, actions: actions) 
self.present(ozLivenessVC, animated: true)

5. Run analyses

Use AnalysisRequestBuilder to initiate the Liveness analysis. The communication with Oz API is under the hood of the run method.

let analysisRequest = AnalysisRequestBuilder()
let analysis = Analysis.init(
media: mediaToAnalyze, 
type: .quality, 
mode: .serverBased)
analysisRequest.uploadMedia(mediaToAnalyze)
analysisRequest.addAnalysis(analysis)
analysisRequest.run(
scenarioStateHandler: { state in }, // scenario steps progress handler
uploadProgressHandler: { (progress) in } // file upload progress handler 
) { (analysisResults : [OzAnalysisResult], error) in 
    // receive and handle analyses results here 
    for result in analysisResults {
        print(result.resolution)
        print(result.folderID)
    }
}

With these steps, you are done with basic integration of Mobile SDKs. You will be able to access recorded media and analysis results in Web Console via browser or programmatically via API.

In developer guides, you can also find instructions for customizing the SDK look-and-feel and access the full list of our Mobile SDK methods. Check out the table below:

Android source codes

iOS source codes

Android OzLiveness SDK

iOS OzLiveness SDK

in PlayMarket

in TestFlight

API Lite Methods

From 1.1.0, Oz API Lite works with base64 as an input format and is also able to return the biometric templates in this format. To enable this option, add Content-Transfer-Encoding = base64 to the request headers.

version – component version check

Use this method to check what versions of components are used (available from 1.1.1).

Call GET /version

Input parameters

Request example

GET localhost/version

Successful response

In case of success, the method returns a message with the following parameters.

HTTP response content type: “application/json”.

Output parameters

Response example

Biometry

health – biometric processor status check

Use this method to check whether the biometric processor is ready to work.

Call GET /v1/face/pattern/health

Input parameters

Request example

GET localhost/v1/face/pattern/health

Successful response

In case of success, the method returns a message with the following parameters.

HTTP response content type: “application/json”.

Output parameters

Response example

extract – the biometric template extraction

The method is designed to extract a biometric template from an image.

HTTP request content type: “image / jpeg” or “image / png”

Call POST /v1/face/pattern/extract

Input parameters

The name itself is not mandatory for a parameter of the Stream type.

To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.

Request example

Successful response

In case of success, the method returns a biometric template.

The content type of the HTTP response is “application/octet-stream”.

If you've passed Content-Transfer-Encoding = base64 in headers, the template will be in base64 as well.

Output parameters

The name itself is not mandatory for a parameter of the Stream type.

Response example

compare – the comparison of biometric templates

The method is designed to compare two biometric templates.

The content type of the HTTP request is “multipart / form-data”.

CallPOST /v1/face/pattern/compare

Input parameters

To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.

Request example

Successful response

In case of success, the method returns the result of comparing the two templates.

HTTP response content type: “application/json”.

Output parameters

Response example

verify – the biometric verification

The method combines the two methods from above, extract and compare. It extracts a template from an image and compares the resulting biometric template with another biometric template that is also passed in the request.

The content type of the HTTP request is “multipart / form-data”.

Call POST /v1/face/pattern/verify

Input parameters

To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.

Request example

Successful response

In case of success, the method returns the result of comparing two biometric templates and the biometric template.

The content type of the HTTP response is “multipart/form-data”.

Output parameters

Response example

extract_and_compare – extracting and comparison of templates derived from two images

The method also combines the two methods from above, extract and compare. It extracts templates from two images, compares the received biometric templates, and transmits the comparison result as a response.

The content type of the HTTP request is “multipart / form-data”.

Call POST /v1/face/pattern/extract_and_compare

Input parameters

To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.

Request example

Successful response

In case of success, the method returns the result of comparing the two extracted biometric templates.

HTTP response content type: “application / json”.

Output parameters

Response example

compare_n – 1:N biometric template comparison

Use this method to compare one biometric template to N others.

The content type of the HTTP request is “multipart/form-data”.

Call POST /v1/face/pattern/compare_n

Input parameters

Request example

Successful response

In case of success, the method returns the result of the 1:N comparison.

HTTP response content type: “application / json”.

Output parameters

Response example

verify_n – 1:N biometric verification

The method combines the extract and compare_n methods. It extracts a biometric template from an image and compares it to N other biometric templates that are passed in the request as a list.

The content type of the HTTP request is “multipart/form-data”.

Call POST /v1/face/pattern/verify_n

Input parameters

To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.

Request example

Successful response

In case of success, the method returns the result of the 1:N comparison.

HTTP response content type: “application / json”.

Output parameters

Response example

extract_and_compare_n – 1:N template extraction and comparison

This method also combines the extract and compare_n methods but in another way. It extracts biometric templates from the main image and a list of other images and then compares them in the 1:N mode.

The content type of the HTTP request is “multipart/form-data”.

Call POST /v1/face/pattern/extract_and_compare_n

Input parameters

To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.

Request example

Successful response

In case of success, the method returns the result of the 1:N comparison.

HTTP response content type: “application / json”.

Output parameters

Response example

Method errors

HTTP response content type: “application / json”.

A biometric sample is an input image.

Liveness

health – checking the status of liveness processor

Use this method to check whether the liveness processor is ready to work.

Call GET /v1/face/liveness/health

Input parameters

None.

Request example

GET localhost/v1/face/liveness/health

Successful response

In case of success, the method returns a message with the following parameters.

HTTP response content type: “application/json”.

Output parameters

Response example

detect – presentation attack detection

The detect method is made to reveal presentation attacks. It detects a face in each image or video (since 1.2.0), sends them for analysis, and returns a result.

The method supports the following content types:

image/jpeg or image/png for an image;
multipart/form-data for images, videos, and archives. You can use payload to add any parameters that affect the analysis.

To run the method, call POST /{version}/face/liveness/detect.

Image

Accepts an image in JPEG or PNG format. No payload attached.

Request example

Successful response example

Multipart/form-data

Accepts the multipart/form-data request.

Each media file should have a unique name, e.g., media_key1, media_key2.
The payload parameters should be a JSON placed in the payload field.

Temporary IDs will be deleted once you get the result.

Request example

Successful response example

Multipart/form-data with Best Shot

To extract the best shot from your video or archive, in analyses, set extract_best_shot = true (as shown in the request example below). In this case, API Lite will analyze your archives and videos, and, in response, will return the best shot. It will be a base64 image in analysis->output_images->image_b64.

Additionally, you can change the Liveness threshold. In analyses, set the new threshold in the threshold_spoofing parameter. If the resulting score will be higher than this parameter's value, the analysis will end up with the DECLINED status. Otherwise, the status will be SUCCESS.

Request example

Successful response example

The payload field

Method errors

HTTP response content type: “application / json”.

A biometric sample is an input image.

Changelog

API changes

6.0.1 – Apr. 30, 2025

Optimized storage and database.
You can now combine working systems based on asynchronous method or celery worker (local processing, celery processing). Added S3 storage mechanics for each of the combinations.
Implemented security updates.
We no longer support RAR archives.
Improved mechanics for calculating analysis time.
Replaced the is_admin and is_service flags for the CLIENT role with new roles: CLIENT ADMIN and CLIENT SERVICE, respectively. Set the roles in user_type.
To change the user password, call POST /api/users/{{user_id}}/change-password/. PATCH users/{{user_id}}/ no longer works.
To issue a service token for a user via {{host}}/api/authorize/service_token/, this user must have the CLIENT SERVICE role. You can also create a token for another user with this role: call {{host}}/api/authorize/service_token/{user_id}.
To delete an image of a person from collection, use DELETE collections/<collection_id>/persons/<person_id>/images/<media_id>/. DELETE images|media/<media_id> is deprecated.
image_id, video_id, and shots_set_id are now deprecated. Use media_id instead.
analyse_id is now deprecated. Use analysis_id instead.
can_start_analyse_biometry, can_start_analyse_collection, can_start_analyse_documents, can_start_analyse_quality are now deprecated. Use can_start_analysis_biometry, can_start_analysis_collection, can_start_analysis_documents, can_start_analysis_quality instead, respectively.
Also deprecated:
- expire_date in {{host}}/api/authorize/auth and {{host}}/api/authorize/refresh (use access_token.exp from payload instead),
- session_id in {{host}}/api/authorize/auth and {{host}}/api/authorize/refresh (use token_id instead).
Removed collection and person attributes from COLLECTION.analysis.
We no longer store separate objects for each frame in SHOTS_SET.

5.3.1 – Dec. 24, 2024

Improved the resource efficiency of server-based biometry analysis.

5.3.0 – Nov. 27, 2024

API can now extract action shots from videos of a person performing gestures. This is done to comply with the new Kazakhstan regulatory requirements for biometric identification. Dependencies with other system components are specified here.
Created a new report template that also complies with the requirements mentioned above.
If action shots are enabled, the thumbnails for the report are generated from them.

5.2.0 – Sept. 06, 2024

Added the new method to check the timezone settings: GET {{host}}/api/config
Added parameters to the GET {{host}}/api/event_sessions method:
- time_created
- time_created.min
- time_created.max
- time_updated
- time_updated.min
- time_updated.max
- session_id
- session_id.exclude
- sorting
- offset
- limit
- total_omit
If you create a folder using SHOT_SET, the corresponding video will be in media.video_url.
Fixed the bug with CLIENT ADMIN being unable to change passwords for users from their company.

5.1.1 – July 16, 2024

Security updates.

5.1.0 – Mar. 20, 2024

Face Identification 1:N is now live, significantly increasing the data processing capacity of the Oz API to find matches. Even huge face databases (containing millions of photos and more) are no longer an issue.
The Liveness (QUALITY) analysis now ignores photos tagged with photo_id, photo_id_front, or photo_id_back, preventing these photos from causing the tag-related analysis error.

5.0.1 – July 16, 2024

Security updates.

5.0.0 – Nov. 17, 2023

You can now apply the Liveness (QUALITY) analysis to a single image.
Fixed the bug where the Liveness analysis could finish with the SUCCESS result with no media uploaded.
The default value for the extract_best_shot parameter is now True.
RAR archives are no longer supported.
By default, analyses.results_media.results_data now contain the confidence_spoofing parameter. However, if you need all three parameters for the backward compatibility, it is possible to change the response back to three parameters: confidence_replay, confidence_liveness, and confidence_spoofing.
Updated the default PDF report template.
The name of the PDF report now contains folder_id.

4.0.8-patch1 – July 16, 2024

Security updates.

4.0.8 – May 22, 2023

Set the autorotation of logs.
Added the CLI command for user deletion.
You can now switch off the video preview generation.
The ADMIN access token is now valid for 5 years.
Added the folder identifier folder_id to the report name.
Fixed bugs and optimized the API work.

4.0.2 – Sept. 13, 2022

For the sliced video, the system now deletes the unnecessary frames.
Added new methods: GET and POST at media/<media_id>/snapshot/.
Replaced the default report template.
The shot set preview now keeps images’ aspect ratio.
ADMIN and OPERATOR receive system_company as a company they belong to.
Added the company_id attribute to User, Folder, Analyse, Media.
Added the Analysis group_id attribute.
Added the system_resolution attribute to Folder and Analysis.
The analysis resolution_status now returns the system_resolution value.
Removed the PATCH method for collections.
Added the resolution_status filter to Folder Analyses [LIST] and analyse.resolution_status filter to Folder [LIST].
Added the audit log for Folder, User, Company.
Improved the company deletion algorithm.
Reforged the blacklist processing logic.
Fixed a few bugs.

3.33.0

The Photo Expert and KYC modules are now removed.
The endpoint for the user password change is now POST users/user_id/change-password instead of PATCH.

3.32.1

Provided log for the Celery app.

3.32.0

Added filters to the Folder [LIST] request parameters: analyse.time_created, analyse.results_data for the Documents analysis, results_data for the Biometry analysis, results_media_results_data for the QUALITY analysis. To enable filters, set the with_results_media_filter query parameter to True.

3.31.0

Added a new attribute for users – is_active (default True). If is_active == False, any user operation is blocked.
Added a new exception code (1401 with status code 401) for the actions of the blocked users.

3.30.0

Added shots sets preview.
You can now save a shots set archive to a disk (with the original_local_path, original_url attributes).
A new original_info attribute is added to store md5, size, and mime-type of a shots set
Fixed ReportInfo for shots sets.

3.29.0

Added health check at GET api/healthcheck.

3.28.1

Fixed the shots set thumbnail URL.

3.28.0

Now, the first frame of shots set becomes this shots set's thumbnail URL.

3.27.0

Modified the retry policy – the default max count of analysis attempts is increased to 3 and jitter configuration introduced.
Changed the callback algorithm.
Refactored and documented the command line tools.
Refactored modules.

3.25.0

Changed the delete personal information endpoint and method from delete_pi to /pi and from POST to DELETE, respectively.

3.23.1

Improved the delete personal information algorithm.
It is now forbidden to add media to cleaned folders.

3.23.0

Changed the authorize/restore endpoint name from auth to auth_restore.
Added a new tag – video_selfie_oneshot.
Added the password validation setting (OZ_PASSWORD_POLICY).
Added auth, rest_unauthorized, rps_with_token throttling (use OZ_THROTTLING_RATES in configuration. Off by default).
User permissions are now used to access static files (OZ_USE_PERMISSIONS_FOR_STATIC in configuration, false by default).
Added a new folder endpoint – /delete_pi. It clears all personal information from a folder and analyses related to this folder.

3.22.2

Fixed a bug with no error while trying to synchronize empty collections.
If persons are uploaded, the analyse collection TFSS request is sent.

3.22.0

Added the fields_to_check parameter to document analysis (by default, all fields are checked).
Added the double_page_spread parameter to document analysis (True by default).

3.21.3

Fixed collection synchronization.

3.21.0

Authorization token can be now refreshed by expire_token.

3.20.1

Added support for application/x-gzip.

3.20.0

Renamed shots_set.images to shots_set.frames.

3.18.0

Added user sessions API.
Users can now change a folder owner (limited by permissions).
Changed dependencies rules.
Changed the access_token prolongation policy to fix bug of prolongation before checking the expiration permission.

3.16.0

Move oz_collection_binding (collection synchronization functional) to oz_core.

3.15.3

Simplified the shots sets functionality. One archive keeps one shot set.

3.15.2

Improved the document sides recognition for the docker version.

3.15.1

Moved the orientation tag check to liveness at quality analysis.

3.15.0

Added a default report template for Admin and Operator.

3.14.0

Updated the biometric model.

3.13.2

A new ShotsSet object is not created if there are no photos for it.
Updated the data exchange format for the documents' recognition module.

3.13.1

You can’t delete a Collection if there are associated analyses with Collection Persons.

3.13.0

Added time marks to analysis: time_task_send_to_broker, time_task_received, time_task_finished.

3.12.0

Added a new authorization engine. You can now connect with Active Directory by LDAP (settings configuration required).

3.11.0

A new type of media in Folders – "shots_set".
You can’t delete a CollectionPerson if there are analyses associated with it.

3.10.0

Renamed the folder field resolution_suggest to operator_status.
Added a folder text field operator_comment.
The folder fields operator_status and operator_comment can be edited only by Admin, Operator, Client Service, Client Operator, and Client Admin.
Only Admin and Client Admin can delete folder, folder media, report template, report template attachments, reports, and analyses (within their company).

3.9.0

Fixed a deletion error: when report author is deleted, their reports get deleted as well.

3.8.1

Client can now view only their own profile.

3.8.0

Client Operator can now edit only their profile.
Client can't delete own folders, media, reports, or analyses anymore.
Client Service can now create Collection Person and read reports within their company.

3.7.1

Client, Client Admin, Client Operator have read access to users profiles only in their company.
A/B testing is now available.
Added support for expiration date header.
Added document recognition module Standalone/Dockered binding support.

3.7.0

Added a new role of Client Operator (like Client Admin without permissions for company and account management).
Client Admin and Client Operator can change the analysis status.
Only Admin and Client Admin (for their company) can create, update and delete operations for Collection and CollectionPerson models from now on.
Added a check for user permissions to report template when creating a folder report.
Collection creation now returns status code 201 instead of 200.

Changelog

Android SDK changes

8.16.3 – Apr. 08, 2025

Security updates.

8.16.2 – Mar. 19, 2025

Resolved the issue with possible SDK crashes when closing the Liveness screen.

8.16.1 – Mar. 14, 2025

Security updates.

8.16 – Mar. 11, 2025

Updated the authorization logic.
Improved voiceover.
Fixed the issue with SDK lags and the non-responding error that users might have encountered on some devices after completing the video recording.
Resolved the issue with SDK crashes on some devices that might have occurred because of trying to access non-initialized or closed resources.
Security updates.

8.15.6 – Feb. 26, 2025

Security updates.

8.15.5 – Feb. 18, 2025

Fixed the bug with green videos on some smartphone models.
Security updates.

8.15.4 – Feb. 11, 2025

Fixed bugs that could have caused crashes on some phone models.

8.15.0 – Dec. 30, 2024

Changed the wording for the head_down gesture: the new wording is “tilt down”.
Added proper focus order for TalkBack when the antiscam hint is enabled.
Added the public setting extract_action_shot in the Demo Application.
Fixed bugs.
Security updates.

8.14.1 – Dec. 5, 2024

Fixed the bug when the recorded videos might appear green.
Resolved codec issues on some smartphone models.

8.14.0 – Dec. 2, 2024

Accessibility updates according to WCAG requirements: the SDK hints and UI controls can be voiced.
Improved user experience with head movement gestures.
Moved the large video compression step to the Liveness screen closure.
Fixed the bug when the best shot frame could contain an image with closed eyes.
Minor bug fixes and telemetry updates.

8.13.0 – Nov. 12, 2024

Security and telemetry updates.

8.12.4 – Oct. 01, 2024

Security updates.

8.12.2 – Sept. 10, 2024

Security updates.

8.12.0 – Aug. 29, 2024

Security and telemetry updates.

8.11.0 – Aug. 19, 2024

Fixed the RuntimeException error with the server-based Liveness that appeared on some devices.
Security updates.

8.10.0 – July 26, 2024

Security updates.
Bug fixes.

8.9.0 – July 18, 2024

Updated the Android Gradle plugin version to 8.0.0.
Internal SDK improvements.

8.8.3 – July 11, 2024

Internal SDK improvements.

8.8.2 – June 21, 2024

Security updates.

8.8.1 – June 12, 2024

Security updates.

8.8.0 – June 04, 2024

Security updates.

8.7.3 – June 03, 2024

Security updates.

8.7.0 – May 06, 2024

Added a description for the error that occurs when providing an empty string as an ID in the setFolderID method.
Fixed a bug causing an endless spinner to appear if the user switches to another application during the Liveness check.
Fixed some smartphone model specific-bugs.

8.6.0 – Apr. 05, 2024

Upgraded the on-device Liveness model.
Security updates.

8.5.0 – Feb. 27, 2024

Removed the pause after the Scan gesture.
If the recorded video is larger than 10 MB, it gets compressed.
Security and logging updates.

8.4.4 – Feb. 06, 2024

Changed the master license validation algorithm.

8.4.3 – Jan. 29, 2024

Downgraded the required compileSdkVersion from 34 to 33.

8.4.2 – Jan. 15, 2024

Security updates.

8.4.0 – Jan. 04, 2024

Updated the on-device Liveness model.
Fixed some bugs.

8.3.3 – Dec. 11, 2023

Internal licensing improvements.

8.3.2 – Nov. 30, 2023

Internal SDK improvements.

8.3.1 – Nov. 24, 2023

Bug fixes.

8.3.0 – Nov. 17, 2023

Implemented the possibility of using a master license that works with any bundle_id.
Video compression failure on some phone models is now fixed.

8.2.1 – Nov. 01, 2023

Bug fixes.

8.2.0 – Oct. 23, 2023

The Analysis structure now contains the sizeReductionStrategy field. This field defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully.
The messages for the errors that are retrieved from API are now detailed.

8.1.1 – Oct. 02, 2023

8.1.0 – Sept. 07, 2023

Updated the Liveness on-device model.
Added the Portuguese (Brazilian) locale.
If a media hasn't been uploaded correctly, the system repeats the upload.
Created a new method to retrieve the telemetry (logging) identifier: getEventSessionId.
The login and auth methods are now deprecated. Use the setAPIConnection method instead.
OzConfig.baseURL and OzConfig.permanentAccessToken are now deprecated.
If a user closes the screen during video capture, the appropriate error is now being handled by SDK.
Fixed some bugs and improved the SDK work.

8.0.3 – Aug. 24, 2023

Fixed errors.

8.0.2 – July 13, 2023

The SDK now works properly with baseURL set to null.

8.0.1 – June 28, 2023

The dependencies' versions have been brought into line with Kotlin version.

8.0.0 – June 19, 2023

Added the new analysis mode – hybrid (Liveness only). If the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.
Kotlin version requirements lowered to 1.7.21.
Improved the on-device models.
For some phone models, fixed the fatal device error.
The hint text width can now exceed the frame width (when using the main camera).
Photos taken during the One Shot analysis are now being sent to the server in the original size.
Removed the OzAnalysisResult class. The onSuccess method ofAnalysisRequest.run now uses the RequestResult structure instead of List<OzAnalysisResult>.
All exceptions are moved to the com.ozforensics.liveness.sdk.core.exceptions package (See changes below).
Classes related to AnalysisRequest are moved to the com.ozforensics.liveness.sdk.analysispackage (See changes below).
The methods below are no longer supported:

Public interface changes

New entities

AnalysisRequest.Type.HYBRID in com.ozforensics.liveness.sdk.analysis.entity
AnalysisError in com.ozforensics.liveness.sdk.analysis.entity
SourceMedia in com.ozforensics.liveness.sdk.analysis.entity
ResultMedia in com.ozforensics.liveness.sdk.analysis.entity
RequestResult in com.ozforensics.liveness.sdk.analysis.entity

Moved entities

NoAnalysisException from com.ozforensics.liveness.sdk.exceptions в com.ozforensics.liveness.sdk.core.exceptions
NoNetworkException from com.ozforensics.liveness.sdk.exceptions в com.ozforensics.liveness.sdk.core.exceptions
TokenException from com.ozforensics.liveness.sdk.exceptions в com.ozforensics.liveness.sdk.core.exceptions
NoMediaInAnalysisException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions
EmptyMediaListException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions
NoSuchMediaException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions
LicenseException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.security.exception
Analysis from com.ozforensics.liveness.sdk.analysis.entity to com.ozforensics.liveness.sdk.core.model
AnalysisRequest from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
AnalysisListener from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
AnalysisStatus from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
AnalysisRequest.Builder from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
OzException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions

Changed classes

OzLivenessSDK

Removed uploadMediaAndAnalyze
Removed uploadMedia
Removed runOnDeviceBiometryAnalysis
Removed runOnDeviceLivenessAnalysis

AnalysisRequest

Removed build(): AnalysisRequest

AnalysisRequest.Builder

Removed addMedia
Removed onSuccess(result: List<OzAnalysisResult>)
Added onSuccess(result: RequestResult)

7.3.1 – June 07, 2023

Restructured the settings screen.
Added the center hint background customization.
Added new face frame forms (Circle, Square).
The OzLivenessSDK::init method no longer crashes if there is a StatusListener parameter passed.
Changed the scan gesture animation.

Please note: for this version, we updated Kotlin to 1.8.20.

7.2.0 – May 04, 2023

Improved the SDK algorithms.

7.1.4 – Mar. 30, 2023

Updated the model for the on-device analyses.
Fixed the animation for sunglasses/mask.
The oval size for Liveness is now smaller.

7.1.3 – Mar. 03, 2023

Fixed the error with the server-based analyses while using permanentAccessToken for authorization.

7.1.2 – Feb. 22, 2023

You can now hide the status bar and system buttons (works with 7.0.0 and higher).
OzLivenessSDK.init now requires context as the first parameter.
OzAnalysisResult now shows the server-based analyses' scores properly.
Fixed initialization issues, displaying of wrong customization settings, authorization failures on Android <7.1.1.

7.1.1 – Jan. 16, 2023

Fixed crashes for Android v.6 and below.
Fixed oval positioning for some phone models.
Internal fixes and improvements.

7.1.0 – Dec. 16, 2022

Updated security.
Implemented some internal improvements.
The addMedia method is now deprecated, please use uploadMedia for uploading.

7.0.0 – Nov. 23, 2022

Changed the way of sharing dependencies. Due to security issues, now we share two types of libraries as shown below: sdk is a server analysis only, full provides both server and on-device analyses:

UICustomization has been implemented instead of OzCustomization.
Added the Spanish locale.

6.4.2.3

Fixed the bug with freezes that had appeared on some phone models.
SDK now captures videos in 720p.

6.4.1

Synchronized the names of the analysis modes with iOS: SERVER_BASED and ON_DEVICE.
Fixed the bug with displaying of localization settings.

6.4.0

Now you can use Fragment as Liveness screen.
Added a new field to the Analysis structure. The params field is for any additional parameters, for instance, if you need to set extracting the best shot on server to true. The best shot algorithm chooses the most high-quality frame from a video.

6.3.7

The Zoom in and Zoom out gestures are no longer supported.

6.3.6

Updated the biometry model.

6.3.5

Added a new simplified API – AnalysisRequest. With it, it’s easier to create a request for the media and analysis you need.

6.3.4

Published the on-device module for on-device liveness and biometry analyses. To add this module to your project, use:

To launch these analyses, use runOnDeviceBiometryAnalysis and runOnDeviceLivenessAnalysis methods from the OzLivenessSDK class:

6.3.3

Liveness now goes smoother.
Fixed freezes on Xiaomi devices.
Optimized image converting.

6.3.1

New metadata parameter for OzLivenessSDK.uploadMedia and new OzLivenessSDK.uploadMediaAndAnalyze method to pass this parameter to folders.

6.2.8

Added functions for SDK initialization with LicenseSources: LicenseSource.LicenseAssetId and LicenseSource.LicenseFilePath. Use the OzLivenessSDK.init method to start initialization.
Now you can get the license info upon initialization val licensePayload = OzLivenessSDK.getLicensePayload().

6.2.4

Added the Kyrgyz locale.

6.2.0

Added local analysis functions.
You can now configure the face frame.
Fixed version number at the Liveness screen.

6.1.0

Added the main camera support.

6.0.1

Added configuration from license support.

6.0.0

Added the OneShot gesture.
Added new states for OzAnalysisResult.Resolution.
Added the uploadMediaAndAnalyze method to load a bunch of media to the server at once and send them to analysis immediately.
OzMedia is renamed to OzAbstractMedia and got subclasses for images and videos.
Fixed camera bugs for some devices.

5.1.0

Access token updates automatically.
Renamed accessToken to permanentAccessToken.
Added R8 rules.
Configuration became easier: config settings are mutable.

5.0.2

Fixed the oval frame.
Removed the unusable parameters from AnalyseRequest.
Removed default attempt limits.

5.0.0

To customize the configuration options, the config property is added instead of baseURL, accessToken, etc. Use OzConfig.Builder for initialization.
Added license support. Licences should be installed as raw resources. To pass them to OzConfig, use setLicenseResourceId.
Replaced the context-dependent methods with analogs.
Improved the image analysis.
Removed unusable dependencies.
Fixed logging.

iOS SDK Methods and Properties

OZSDK

A singleton for Oz SDK.

Methods

OZSDK

Parameter

Type

Description

licenseSources

The source of the license

Returns

setLicense

Forces the license installation.

Parameter

Type

Description

licenseSource

Source of the license

setApiConnection

Retrieves an access token for a user.

Parameter

Type

Description

apiConnection

Authorization parameters

Returns

The access token or an error.

setEventsConnection

Retrieves an access token for a user to send telemetry.

Parameter

Type

Description

eventsConnection

Telemetry authorization parameters

Returns

The access token or an error.

isLoggedIn

Checks whether an access token exists.

Parameters

Returns

The result – the true or false value.

logout

Deletes the saved access token

Parameters

Returns

createVerificationVCWithDelegate

Creates the Liveness check controller.

Parameter

Type

Description

delegate

The delegate for Oz Liveness

actions

Captured action

cameraPosition (optional)

AVCaptureDevice.Position

front – front camera (default), back – rear camera

Returns

UIViewController or an exception.

createVerificationVC

Creates the Liveness check controller.

Parameter

Type

Description

actions

Captured action

FaceCaptureCompletion

type alias used as follows:

public typealias FaceCaptureCompletion = (_ results: [OZMedia]?, _ error: OZVerificationStatus?) -> Void

cameraPosition (optional)

AVCaptureDevice.Position

front – front camera (default), back – rear camera

Returns

UIViewController or an exception.

cleanTempDirectory

Deletes all videos.

Parameters

Returns

getEventSessionId

Retrieves the telemetry session ID.

Parameters

Returns

The telemetry session ID (String parameter).

set

Sets the bundle to look for translations in.

Parameter

Type

Description

languageBundle

Bundle

The bundle that contains translations

Returns

setSelfieLength

Sets the length of the Selfie gesture (in milliseconds).

Parameter

Type

Description

selfieLength

Int

The length of the Selfie gesture (in milliseconds). Should be within 500-5000 ms, the default length is 700

generateSignedPayload

Generates the payload with media signatures.

Parameter

Type

Description

media

An array of media files

folderMeta

[String]

Additional folder metadata

Returns

Payload to be sent along with media files that were used for generation.

Properties

localizationCode

SDK locale (if not set, works automatically).

Parameter

Type

Description

localizationCode

The localization code

host

The host to call for Liveness video analysis.

Parameter

Type

Description

host

String

Host address

attemptSettings

The holder for attempts counts before SDK returns error.

Parameter

Type

Description

singleCount

Int

Attempts on a single action/gesture

commonCount

Int

Total number of attempts on all actions/gestures if you use a sequence of them

faceAlignmentTimeout

Float

Time needed to align face into frame

uploadMediaSettings

Sets the number of attempts and timeout between them

version

The SDK version.

Parameter

Type

Description

version

String

Version number

OZLivenessDelegate

A delegate for OZSDK.

Methods

onOZLivenessResult

Gets the Liveness check results.

Parameter

Type

Description

results

An array of the OzMedia objects.

Returns

onError

The error processing method.

Parameter

Type

Description

status

The error description.

Returns

AnalysisRequest

A protocol for performing checks.

Methods

AnalysisRequestBuilder

Creates the AnalysisRequest instance.

Parameter

Type

Description

folderId (optional)

String

The identifier to define when you need to upload media to a certain folder.

Returns

The AnalysisRequest instance.

addAnalysis

Adds an analysis to the AnalysisRequest instance.

Parameter

Type

Description

analysis

A structure containing information on the analyses required.

Returns

uploadMedia

Uploads media on server.

Parameter

Type

Description

media

Media or an array of media objects to be uploaded.

Returns

addFolderId

Adds the folder ID to upload media to a certain folder.

Parameter

Type

Description

folderId

String

The folder identifier.

Returns

addFolderMeta

Adds metadata to a folder.

Parameter

Type

Description

run

Runs the analyses.

Parameter

Type

Description

statusHandler

A callback function as follows:

The handler that is executed when the scenario state changes

errorHandler

A callback function as follows:

errorHandler: @escaping ((_ error: Error) -> Void)

Error handler

completionHandler

A callback function as follows:

The handler that is executed when the run method completes.

Returns

The analysis result or an error.

Customization

Customization for OzLivenessSDK (use OZSDK.customization).

toolbarCustomization

A set of customization parameters for the toolbar.

Parameter

Type

Description

closeButtonIcon

UIImage

An image for the close button

closeButtonColor

UIColor

Close button tintColor

titleFont

UIFont

Toolbar title text font

titleColor

UIColor

Toolbar title text color

backgroundColor

UIColor

Toolbar background color

titleText

String

Text on the toolbar

centerHintCustomization

A set of customization parameters for the center hint that guides a user through the process of taking an image of themselves.

Parameter

Type

Description

textFont

UIFont

Center hint text font

textColor

UIColor

Center hint text color

backgroundColor

UIColor

Center hint text background

verticalPosition

Int

Center hint vertical position from the screen top (in %, 0-100)

hideTextBackground

Bool

Hides text background

backgroundCornerRadius

Int

Center hint background frame corner radius

hintAnimationCustomization

A set of customization parameters for the hint animation.

Parameter

Type

Description

hideAnimation

Bool

A switcher for hint animation, if True, the animation is hidden

animationIconSize

CGfloat

A side size of the animation icon square

hintGradientColor

UIColor

The close-to-frame gradient color

faceFrameCustomization

A set of customization parameters for the frame around the user face.

Parameter

Type

Description

geometryType

The frame type: oval, rectangle, circle, or square

cornerRadius

CGFloat

Rectangle corner radius (in dp)

strokeFaceNotAlignedColor

UIColor

Frame color when a face is not aligned properly

strokeFaceAlignedColor

UIColor

Frame color when a face is aligned properly

strokeWidth

CGFloat

Frame stroke width (in dp, 0-20)

strokePadding

CGFloat

A padding from the stroke to the face alignment area (in dp, 0-10)

backgroundCustomization

A set of customization parameters for the background outside the frame.

Parameter

Type

Description

backgroundColor

UIColor

Background color

versionCustomization

A set of customization parameters for the SDK version text.

Parameter

Type

Description

textFont

UIFont

SDK version text font

textColor

UIColor

SDK version text color

antiscamCustomization

A set of customization parameters for the antiscam message that warns user about their actions being recorded.

Parameter

Type

Description

customizationEnableAntiscam

Bool

Adds the antiscam message

customizationAntiscamTextMessage

String

Antiscam message text

customizationAntiscamTextFont

UIFont

Antiscam message text font

customizationAntiscamTextColor

UIColor

Antiscam message text color

customizationAntiscamBackgroundColor

UIColor

Antiscam message text background color

customizationAntiscamCornerRadius

CGFloat

Background frame corner radius

customizationAntiscamFlashColor

UIColor

Color of the flashing indicator close to the antiscam message

logoCustomization

Logo customization parameters. Custom logo should be allowed by license.

Parameter

Type

Description

image

UIImage

Logo image

size

CGSize

Logo size (in dp)

Variables and Objects

enum LicenseSource

A source of a license.

Case

Description

licenseFilePath

An absolute path to a license (String)

licenseFileName

The name of the license file

struct LicenseData

The license data.

Parameter

Type

Description

appIDS

[String]

An array of bundle IDs

expires

TimeInterval

The expiration interval

features

Features

License features

configs (optional)

ABTestingConfigs

Additional configuration

enum OzVerificationMovement

Contains action from the captured video.

Case

Description

smile

Smile

eyes

Blink

scanning

Scan

selfie

A selfie with face alignment check

one_shot

The best shot from the video taken

left

Head turned left

right

Head turned right

down

Head tilted downwards

Head lifted up

enum OZLocalizationCode

Case

Description

English

Armenian

Kazakh

Kyrgyz

Turkish

Spanish

pt-BR

Portuguese (Brazilian)

custom(String)

Custom language (language ISO 639-1 code, two letters)

struct OZMedia

Contains all the information on the media captured.

Parameter

Type

Description

movement

User action type

mediaType

Type of media

metaData

[String] as follows:

["meta1": "data1"]

Metadata if any

videoURL

URL

URL of the Liveness video

bestShotURL

URL

URL of the best shot in PNG

preferredMediaURL

URL

URL of the API media container

timestamp

Date

Timestamp for the check completion

enum MediaType

The type of media captured.

Case

Description

movement

A media with an action

documentBack

The back side of the document

documentFront

The front side of the document

enum OZVerificationStatus

Error description. These errors are deprecated and will be deleted in the upcoming releases.

Case

Description

userNotProcessed

The Liveness check was not processed

failedBecauseUserCancelled

The check was interrupted by user

failedBecauseCameraPermissionDenied

The Liveness check can't be performed: no camera access

failedBecauseOfBackgroundMode

The Liveness check can't be performed: background mode

failedBecauseOfTimeout

The Liveness check can't be performed: timeout

failedBecauseOfAttemptLimit

The Liveness check can't be performed: attempts limit exceeded

failedBecausePreparingTimout

The Liveness check can't be performed: face alignment timeout

failedBecauseOfLowMemory

The Liveness check can't be performed: no memory left

struct Analysis

Contains information on what media to analyze and what analyses to apply.

Parameter

Type

Description

media

An array of the OzMedia objects

type

The type of the analysis

mode

The mode of the analysis

sizeReductionStrategy

Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully

params (optional)

String

Additional parameters

enum AnalysisType

The type of the analysis.

Case

Description

biometry

The algorithm that allows comparing several media and check if the people on them are the same person or not

quality

The algorithm that aims to check whether a person in a video is a real human acting in good faith, not a fake of any kind.

document

The analysis that aims to recognize the document and check if its fields are correct according to its type.

blacklist

The analysis that compares a face on a captured media with faces from the pre-made media database.

Currently, the .document analysis can't be performed in the on-device mode.

enum AnalysisMode

The mode of the analysis.

Case

Description

onDevice

The on-device analysis with no server needed

serverBased

The server-based analysis

hybrid

The hybrid analysis for Liveness: if the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.

enum ScenarioState

Shows the media processing status.

Case

Description

addToFolder

The system is creating a folder and adding files to this folder

addAnalyses

The system is adding analyses

waitAnalysisResult

The system is waiting for the result

struct AnalysisStatus

Shows the files' uploading status.

Parameter

Type

Description

media

The object that is being uploaded at the moment

index

Int

Number of this object in a list

from

Int

Objects quantity

progress

Progress

Object uploading status

RequestStatus

Shows the analysis processing status.

Parameter

Type

Description

status

Processing analysis status

progressStatus

Media uploading status

ResultMedia

Describes the analysis result for the single media.

Parameter

Type

Description

resolution

Consolidated analysis result

sourceId

String

Media identifier

isOnDevice

Bool

Analysis mode

confidenceScore

Float

Resulting score

mediaType

String

Media file type: VIDEO / IMAGE / SHOT_SET

media

Media that is being analyzed

error

AnalysisError (inherits from Error)

Error

RequestResult

Contains the consolidated analysis results for all media.

Parameter

Type

Description

resolution

Consolidated analysis result

folderId

String

Folder identifier

analysisResults

A list of analysis results

class AnalysisResult

Contains the results of the checks performed.

Parameter

Type

Description

resolution

Analysis resolution

type

Analysis type

mode

Analysis mode

analysisId

String

Analysis identifier

error

AnalysisError (inherits from Error)

Error

resultMedia

Results of the analysis for single media files

confidenceScore

Float

The resulting score

serverRawResponse

String

Server response

enum AnalyseResolutionStatus

The general status for all analyses applied to the folder created.

Case

Description

INITIAL

No analyses have been applied yet

PROCESSING

The analyses are in progress

FAILED

One or more analyses failed due to some error and couldn't get finished

FINISHED

The analyses are finished

DECLINED

The check failed (e.g., faces don't match or some spoofing attack detected)

SUCCESS

Everything went fine, the check succeeded (e.g., faces match or liveness confirmed)

OPERATOR_REQUIRED

The result should be additionally checked by a human operator

struct AnalyseResolution

Contains the results for single analyses.

Parameter

Type

Description

analyseResolutionStatus

The analysis status

type

The analysis type

folderID

String

The folder identifier

score

Float

The result of the check performed

enum GeometryType

Frame shape settings.

Case

Description

oval

Oval frame

rectangle(cornerRadius: CGFloat)

Rectangular frame (with corner radius)

circle

Circular frame

square(cornerRadius: CGFloat)

Square frame (with corner radius)

enum LicenseError

Possible license errors.

Case

Description

licenseFileNotFound

The license is not found

licenseParseError

Cannot parse the license file, the license might be invalid

licenseBundleError

The bundle_id in the license file doesn't match with bundle_id used.

licenseExpired

The license is expired

enum Connection

The authorization type.

Case

Description

fromServiceToken

Authorization with a token:

host: String
token: String

fromCredentials

Authorization with credentials:

host: String
login: String
password: String

struct UploadMediaSettings

Defines the settings for the repeated media upload.

Parameter

Type

Description

attemptsCount

Int

Number of attempts for media upload

attemptsTimeout

Int

Timeout between attempts

enum SizeReductionStrategy

Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully. By default, the system uploads the compressed video.

uploadOriginal

The original video

uploadCompressed

The compressed video

uploadBestShot

The best shot taken from the video

uploadNothing

Nothing is sent (note that no folder will be created)

Changelog

iOS SDK changes

8.16.2 – Apr. 22, 2025

Xcode updated to version 16 to comply with Apple requirements.

8.16.1 – Apr. 09, 2025

Security updates.

8.16.0 – Mar. 11, 2025

Updated the authorization logic.
Improved voiceover.
SDK now compresses videos if their size exceeds 10 MB.
Head movement gestures are now handled properly.
Security updates.

8.15.0 – Dec. 30, 2024

Changed the wording for the head_down gesture: the new wording is “tilt down”.
Added proper focus order for VoiceOver when the antiscam hint is enabled.
Added the public setting extract_action_shot in the Demo Application.
Bug fixes.
Security updates.

8.14.0 – Dec. 3, 2024

Accessibility updates according to WCAG requirements: the SDK hints and UI controls can be voiced.
Improved user experience with head movement gestures.
Minor bug fixes and telemetry updates.

8.13.0 – Nov. 11, 2024

The screen brightness no longer changes when the rear camera is used.
Fixed the video recording issues on some smartphone models.
Security and telemetry updates.

8.12.2 – Oct. 24, 2024

Internal SDK improvements.

8.12.1 – Sept. 30, 2024

Added Xcode 16 support.
Security and telemetry updates.

8.11.0 – Sept. 10, 2024

Security updates.

8.10.1 – Aug. 23, 2024

Bug fixes.

8.10.0 – Aug. 1, 2024

SDK now requires Xcode 15 and higher.
Security updates.
Bug fixes.

8.9.1 – July 16, 2024

Internal SDK improvements.

8.8.3 – July 11, 2024

Internal SDK improvements.

8.8.2 – June 25, 2024

Bug fixes.

8.8.1 – June 25, 2024

Logging updates.

8.8.0 – June 18, 2024

Security updates.

8.7.0 – May 10, 2024

Added a description for the error that occurs when providing an empty string as an ID in the addFolderID method.
Bug fixes.

8.6.0 – Apr. 10, 2024

The messages displayed by the SDK after uploading media have been synchronized with Android.
The bug causing analysis delays that might have occurred for the One Shot gesture has been fixed.

8.5.0 – Mar. 06, 2024

Removed the pause after the Scan gesture.
Security and logging updates.

8.4.2 – Jan. 24, 2024

Security updates.

8.4.0 – Jan. 09, 2024

Changed the default behavior in case a localization key is missing: now the English string value is displayed instead of a key.
Fixed some bugs.

8.3.3 – Dec. 11, 2023

Internal licensing improvements.

8.3.0 – Nov. 17, 2023

Implemented the possibility of using a master license that works with any bundle_id.
Fixed the bug with background color flashing.

8.2.1 – Nov. 11, 2023

Bug fixes.

8.2.0 – Oct. 30, 2023

The Analysis structure now contains the sizeReductionStrategy field. This field defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully.
The messages for the errors that are retrieved from API are now detailed.
The toFrameGradientColor option in hintAnimationCustomization is now deprecated, please use the hintGradientColor option instead.
Got back the iOS 11 support.

8.1.1 – Oct. 09, 2023

8.1.0 – Sept. 07, 2023

Updated the Liveness on-device model.
Added the Portuguese (Brazilian) locale.
If a media hasn't been uploaded correctly, the system now repeats the upload.
Added a new method to retrieve the telemetry (logging) identifier: getEventSessionId.
The setPermanentAccessToken, configure and login methods are now deprecated. Please use the setApiConnection method instead.
The setLicense(from path:String) method is now deprecated. Please use the setLicense(licenseSource: LicenseSource) method instead.
Fixed some bugs and improved the SDK work.

8.0.2 – Aug. 15, 2023

Fixed some bugs and improved the SDK algorithms.

8.0.0 – June 27, 2023

Added the new analysis mode – hybrid (Liveness only). If the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.
Improved the on-device models.
Updated the run method.
Added new structures: RequestStatus (analysis state), ResultMedia (analysis result for a single media) and RequestResult (consolidated analysis result for all media).
The updated AnalysisResult structure should be now used instead of OzAnalysisResult.
For the OZMedia object, you can now specify additional tags that are not included into our tags list.
The Selfie video length is now about 0.7 sec, the file size and upload time are reduced.
The hint text width can now exceed the frame width (when using the main camera).
The methods below are no longer supported:

Removed method

Replacement

analyse

AnalysisRequest.run

addToFolder

uploadMedia

documentAnalyse

AnalysisRequest.run

uploadAndAnalyse

AnalysisRequest.run

runOnDeviceBiometryAnalysis

AnalysisRequest.run

runOnDeviceLivenessAnalysis

AnalysisRequest.run

addMedia

uploadMedia

7.3.0 – June 06, 2023

Added the center hint background customization.
Added new face frame forms (Circle, Square).
Synchronized the default customization values with Android.
Added the Spanish locale.
iOS 11 is no longer supported, the minimal required version is 12.

7.2.1 – May 24, 2023

Fixed the issue with the server-based One shot analysis.

7.2.0 – May 18, 2023

Improved the SDK algorithms.

7.1.6 – May 04, 2023

Fixed error handling when uploading a file to API. From this version, an error will be raised to a host application in case of an error during file upload.

7.1.5 – Apr. 03, 2023

Improved the on-device Liveness.

7.1.4 – Mar. 24, 2023

Fixed the animation for sunglasses/mask.
Fixed the bug with the .document analysis.
Updated the descriptions of customization methods and structures.

7.1.2 – Feb. 21, 2023

Updated the TensorFlow version to 2.11.
Fixed several bugs, including the Biometry check failures on some phone models.

7.1.1 – Feb. 06, 2023

Added customization for the hint animation.

7.1.0 – Jan. 20, 2023

Integrated a new model.
Added the uploadMedia method to AnalysisRequest. The addMedia method is now deprecated.
Fixed the combo analysis error.
Added a button to reset the SDK theme and language settings.
Fixed some bugs and localization issues.
Extended the network request timeout to 90 sec.
Added a setting for the animation icon size.

7.0.0 – Dec. 08, 2022

6.7.0

6.4.0

Synchronized the version numbers with Android SDK.
Added a new field to the Analysis structure. The params field is for any additional parameters, for instance, if you need to set extracting the best shot on server to true. The best shot algorithm chooses the most high-quality frame from a video.
Fixed some localization issues.
Changed the Combo gesture.
Now you can launch the Liveness check to analyze images taken with another SDK.

3.0.1

The Zoom in and Zoom out gestures are no longer supported.

3.0.0

Added a new simplified analysis structure – AnalysisRequest.

2.3.0

Added methods of on-device analysis: runOnDeviceLivenessAnalysis and runOnDeviceBiometryAnalysis.
You can choose the installation version. Standard installation gives access to full functionality. The core version (OzLivenessSDK/Core) installs SDK without the on-device functionality.
Added a method to upload data to server and start analyzing it immediately: uploadAndAnalyse.
Improved the licensing process, now you can add a license when initializing SDK: OZSDK(licenseSources: [LicenseSource], completion: @escaping ((LicenseData?, LicenseError?) -> Void)), where LicenseSource is a path to physical location of your license, LicenseData contains the license information.
Added the setLicense method to force license adding.

2.2.3

Added the Turkish locale.

2.2.1

Added the Kyrgyz locale.
Added Completion Handler for analysis results.
Added Error User Info to telemetry to show detailed info in case of an analysis error.

2.2.0

Added local on-device analysis.
Added oval and rectangular frames.
Added Xcode 12.5.1+ support.

2.1.4

Added SDK configuration with licenses.

2.1.3

Added the One Shot gesture.
Improved OZVerificationResult: added bestShotURL which contains the best shot image and preferredMediaURL which contains an URL to the best quality video.
When performing a local check, you can now choose a main or back camera.

2.1.2

Authorization sessions extend automatically.
Updated authorization interfaces.

2.1.1

Added the Kazakh locale.
Added license error texts.

2.1.0

You can cancel network requests.
You can specify Bundle for license.
Added analysis parameterization documentAnalyse.
Fixed building errors (Xcode 12.4 / Cocoapods 1.10.1).

2.0.0

Added license support.
Added Xcode 12 support instead of 11.
Fixed the documentAnalyse error where you had to fill analyseStates to launch the analysis.
Fixed logging.

Flutter SDK Methods and Properties

clearActionVideos

Deletes all action videos from file system (iOS 8.4.0 and higher, Android).

Returns

Future<Void>.

getSDKVersion

Returns the SDK version.

Returns

Future<String>.

initSDK

Initializes SDK with license sources.

Parameter

Type

Description

licenses

List<String>

A list of licences

Returns

Case

Text

True

Initialization has completed successfully

False

Initialization error

setApiConnectionWithCredentials

Authentication via credentials.

Parameter

Type

Description

String

User email

password

String

User password

host

String

Server URL

Returns

Case

Text

Success

Nothing (void)

Failed

PlatformException:

code = AUTHENTICATION_FAILED
message = exception details

setApiConnectionWithToken

Authentication via access token.

Parameter

Type

Description

token

String

User email

host

String

Server URL

Returns

Case

Text

Success

Nothing (void)

Failed

PlatformException:

code = AUTHENTICATION_FAILED
message = exception details

setEventConnectionWithCredentials

Connection to the telemetry server via credentials.

Parameter

Type

Description

String

User email

password

String

User password

host

String

Server URL

Returns

Case

Text

Success

Nothing (void)

Failed

PlatformException:

code = AUTHENTICATION_FAILED
message = exception details

setEventConnectionWithToken

Connection to the telemetry server via access token.

Parameter

Type

Description

token

String

User email

host

String

Server URL

Returns

Case

Text

Success

Nothing (void)

Failed

PlatformException:

code = AUTHENTICATION_FAILED
message = exception details

isLoggedIn

Checks whether an access token exists.

Returns

Case

Returns

Token exists

True

Token does not exist

False

logout

Deletes the saved access token.

Returns

Nothing (void).

supportedLanguages

Returns the list of SDK supported languages.

Returns

startLiveness

Starts the Liveness video capturing process.

Parameter

Type

Description

actions

Actions to execute

mainCamera

Boolean

Use main (True) or front (False) camera

setSelfieLength

Sets the length of the Selfie gesture (in milliseconds).

Parameter

Type

Description

selfieLength

Int

The length of the Selfie gesture (in milliseconds). Should be within 500-5000 ms, the default length is 700

Returns

Error if any.

Analyze

Launches the analyses.

Parameter

Type

Description

analysis

The list of Analysis structures

uploadMedia

The list of the captures videos

params

Map<String, Any>

Additional parameters

Returns

setLocalization

Sets the SDK localization.

Parameter

Type

Description

locale

The SDK language

attemptSettings

The number of attempts before SDK returns error.

Parameter

Type

Description

singleCount

int

Attempts on a single action/gesture

commonCount

int

Total number of attempts on all actions/gestures if you use a sequence of them

setUICustomization

Sets the UI customization values for OzLivenessSDK. The values are described in the Customization structures section. Structures can be found in the lib\customization.dart file.

setfaceAlignmentTimeout

Sets the timeout for the face alignment for actions.

Parameter

Type

Description

timeout

int

Timeout in milliseconds

Fonts and Other Customized Resources

For iOS

Add fonts and drawable resources to the application/ios project.

For Android

Fonts and images should be placed into related folders:

ozforensics_flutter_plugin\android\src\main\res\drawable ozforensics_flutter_plugin\android\src\main\res\font

Customization structures

These are defined in the customization.dart file.

UICustomization

Contains the information about customization parameters.

ToolbarCustomization

Toolbar customization parameters.

Parameter

Type

Description

closeButtonIcon

String

Close button icon received from plugin

closeButtonColor

String

Color #XXXXXX

titleText

String

Header text

titleFont

String

Text font

titleSize

int

Font size

titleFontStyle

String

Font style

titleColor

String

Color #XXXXXX

titleAlpha

int

Header text opacity

isTitleCentered

bool

Sets the text centered

backgroundColor

String

Header background color #XXXXXX

backgroundAlpha

int

Header background opacity

CenterHintCustomization

Center hint customization parameters.

Parameter

Type

Description

textFont

String

Text font

textFontStyle

String

Font style

textColor

String

Color #XXXXXX

textSize

int

Font size

verticalPosition

int

Y position

textAlpha

int

Text opacity

centerBackground

bool

Sets the text centered

HintAnimation

Hint animation customization parameters.

Parameter

Type

Description

hideAnimation

bool

Hides the hint animation

animationIconSize

int

Animation icon size in px (40-160)

hintGradientColor

String

Color #XXXXXX

hintGradientOpacity

int

Gradient color

FaceFrameCustomization

Frame around face customization parameters.

Parameter

Type

Description

geometryType

String

Frame shape received from plugin

geometryTypeRadius

int

Corner radius for rectangle

strokeWidth

int

Frame stroke width

strokeFaceNotAlignedColor

String

Color #XXXXXX

strokeFaceAlignedColor

String

Color #XXXXXX

strokeAlpha

int

Stroke opacity

strokePadding

int

Stroke padding

VersionLabelCustomization

SDK version customization parameters.

Parameter

Type

Description

textFont

String

Text font

textFontStyle

String

Font style

textColor

String

Color #XXXXXX

textSize

int

Font size

textAlpha

int

Text opacity

BackgroundCustomization

Background customization parameters.

Parameter

Type

Description

backgroundColor

String

Color #XXXXXX

backgroundAlpha

int

Background opacity

Flutter structures

Defined in the models.dart file.

enum Locale

Stores the language information.

Case

Description

English

Armenian

Kazakh

Kyrgyz

Turkish

Spanish

pt_br

Portuguese (Brazilian)

enum MediaType

The type of media captured.

Case

Description

movement

A media with an action

documentBack

The back side of the document

documentFront

The front side of the document

enum FileType

The type of media captured.

Case

Description

documentPhoto

A photo of a document

video

A video

shotSet

A frame archive

enum MediaTag

Contains an action from the captured video.

Case

Description

blank

A video with no gesture

photoSelfie

A selfie photo

videoSelfieOneShot

A video with the best shot taken

videoSelfieScan

A video with the scanning gesture

videoSelfieEyes

A video with the blink gesture

videoSelfieSmile

A video with the smile gesture

videoSelfieHigh

A video with the lifting head up gesture

videoSelfieDown

A video with the tilting head downwards gesture

videoSelfieRight

A video with the turning head right gesture

videoSelfieLeft

A video with the turning head left gesture

photoIdPortrait

A photo from a document

photoIdBack

A photo of the back side of the document

photoIdFront

A photo of the front side of the document

Media

Stores information about media.

Parameter

Type

Description

Platform

fileType

The type of the file

Android

movement

An action on a media

iOS

mediatype

String

A type of media

iOS

videoPath

String

A path to a video

bestShotPath

String

path of the best shot in PNG for video or image path for liveness

preferredMediaPath

String

URL of the API media container

photoPath

String

A path to a photo

archivePath

String

A path to an archive

tag

A tag for media

Android

RequestResult

Stores information about the analysis result.

Parameter

Type

Description

Platform

folderId

String

The folder identifier

type

The analysis type

errorCode

int

The error code

Android only

errorMessage

String

The error message

mode

The mode of the analysis

confidenceScore

Double

The resulting score

resolution

The completed analysis' result

status

Boolean

The analysis state:

true- success;

false- failed

Analysis

Stores data about a single analysis.

Parameter

Type

Description

type

The type of the analysis

mode

The mode of the analysis

mediaList

Media to analyze

params

Map<String, String>

Additional analysis parameters

sizeReductionStrategy

Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully

Structures

enum Type

Analysis type.

Case

Description

biometry

The algorithm that allows comparing several media and check if the people on them are the same person or not

quality

The algorithm that aims to check whether a person in a video is a real human acting in good faith, not a fake of any kind.

enum Mode

Analysis mode.

Case

Description

onDevice

The on-device analysis with no server needed

serverBased

The server-based analysis

hybrid

The hybrid analysis for Liveness: if the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.

enum VerificationAction

Contains the action from the captured video.

Case

Description

oneShot

The best shot from the video taken

blank

A selfie with face alignment check

scan

Scan

headRight

Head turned right

headLeft

Head turned left

headDown

Head tilted downwards

headUp

Head lifted up

eyeBlink

Blink

smile

Smile

Resolution

The general status for all analyses applied to the folder created.

Case

Description

failed

One or more analyses failed due to some error and couldn't get finished

declined

The check failed (e.g., faces don't match or some spoofing attack detected)

success

Everything went fine, the check succeeded (e.g., faces match or liveness confirmed)

operatorRequired

The result should be additionally checked by a human operator

enum SizeReductionStrategy

Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully. By default, the system uploads the compressed video.

uploadOriginal

The original video

uploadCompressed

The compressed video

uploadBestShot

The best shot taken from the video

uploadNothing

Nothing is sent (note that no folder will be created)

Customization resources

This is a Map to define the platform-specific resources on the plugin level.

closeButtonIcon

This key is a Map for the close button icon.

Key

Value

Android drawable resource / iOS Pods resource

Arrow

Android drawable resource / iOS Pods resource

titleFont

This key is a Map containing the data on the uploaded fonts.

Key

Value

Flutter application font name

Android font resource / iOS Pods resource, used to retrieve the font on the plugin level

titleStyle

This key is a Map containing the data on the uploaded font styles.

Key

Value

Flutter application font style name

Name of the style retrieved for the font creation on the plugin level

faceFrameGeometry

This key is a Map containing the data on grame shape.

Key

Value

Oval

Oval shape

Rectangle

Rectangular shape

Changelog

Web SDK changes

1.7.13 – Apr. 02, 2025

Added support for upcoming API 6.0.
Improved accessibility: the hints throughout the customer journey (camera access, processing data, uploading data, requesting results) are now properly and completely voiced by screen readers in assertive mode (changes in hints are announced immediately).
Created an endpoint for license verification: [GET] /check_license.php.
Reduced the bundle size.
Fixed the issue with missing analysis details in the on_complete callback when using result_mode: full.
Fixed the issue when the camera switch button might have been missed.
The front camera no longer displays the user's actions as in a mirror image.
Improved error handling.
Improved support for low-performance devices.
Added the closed eyes check to the Scan gesture.
Major security and telemetry updates.
Bug fixes.

1.6.15 – Dec. 27, 2024

Simplified the checks that require user to move their head: turning left or right, tilting, or looking down.
Decreased the distance threshold for the head-moving actions: turning left or right, tilting, or looking down.
The application's behavior when the opened dev-tools are detected is now manageable.
You can now configure method signatures to make them trusted via checksum of the modified function.
Changed the wording for the head_down gesture: the new wording is “tilt down”.
Fixed an issue where an arrow incorrectly appeared after capturing head-movement gestures.
Fixed an issue where the oval disappeared when the "Great!" phrase was displayed.
Security updates.

1.6.12 – Oct. 18, 2024

Security updates.
Resolved the issue where a video could not be generated from a sequence of frames.

1.6.0 – June 24, 2024

The on_complete callback now is called upon folder status change.
Updated instructions for camera access in the Android Chrome and Facebook browsers. New keys:
- error_no_camera_access,
- oz_tutorial_camera_android_chrome_with_screens_title,
- oz_tutorial_camera_android_chrome_instruction_screen_click_settings,
- oz_tutorial_camera_android_chrome_instruction_screen_permissions,
- oz_tutorial_camera_android_chrome_instruction_screen_allow_access,
- try_again,
- oz_tutorial_camera_external_browser_button,
- oz_tutorial_camera_external_browser_manual_open_link,
- oz_tutorial_camera_external_browser_title.
Added the get_langs() method that returns a list of locales available in the installed Web SDK.
Added an error for the case of setting a non-available locale.
Added an error for the case of lacking of a necessary resource. New key: unable_load_resource.
Changed texts for the error_connection_lost and error_service_unavailable errors.
Uploaded new Web SDK string files.
The crop function no longer adds borders for images smaller than 512×512.

1.5.3 – May 28, 2024

In case of camera access timeout, we now display a page with instructions for users to enable camera access: default for all browsers and specific for Facebook.
- accessing_camera_switch_to_another_browser,
- error_camera_timeout_instruction,
- error_camera_timeout_title,
- error_camera_timeout_android_facebook_instruction.

1.5.0 – May 05, 2024

Improved user experience for card printer machines. Users no longer need to get that close to the screen with face frame.
Added the disable_adaptive_aspect_ratio parameter to the Web Plugin. This parameter switches off the default video aspect ratio adjustment to the window.
Implemented the get_user_media_timeout parameter for Web Plugin: when SDK can’t get access to the user camera, after this timeout it displays a hint on how to solve the problem.
- oz_tutorial_camera_android_edge_browser
- oz_tutorial_camera_android_edge_instruction
- oz_tutorial_camera_android_edge_title
- error_camera_timeout_instruction
- error_camera_timeout_title
Improved the localization: when SDK can’t find a translation for a key, it displays a message in English.
You can now distribute the serverless Web SDK via Node Package Manager.
You can switch off the display of API errors in modal windows. Set the disable_adapter_errors_on_screen parameter in the configuration file to True.
The mobile browsers now use the rear camera to take the documents’ photos.
Updated samples.
Fixed the bug with abnormal 3D mask reaction when user needs to repeat a gesture.
Logging and security updates.

1.4.3 – Apr. 15, 2024

Fixed the bug where the warning about incorrect device orientation was not displayed when a mobile user attempted to take a video with their face in landscape orientation.

1.4.2 – Mar. 14, 2024

Debugging improvements.

1.4.1 – Feb. 27, 2024

Major security updates: improved protection against virtual cameras and JavaScript tampering.
Improved WebView support:
- Added camera access instructions for applications within the generic WebView browsers on Android and iOS. The corresponding events are added to telemetry.
- Improved the React Native app integration by adding the webkit-playsinline attribute, thereby fixing the issue of the full-screen camera launch on iOS WebView.
The iFrame using error when iframe_allowed = False is now shown properly.
New localization keys:
- oz_tutorial_camera_android_webview_browser
- oz_tutorial_camera_android_webview_instruction
- oz_tutorial_camera_android_webview_title

1.4.0 – Feb. 07, 2024

The iframe support is back: set the iframe_allowed parameter in the Web Adapter configuration file to True.
The interval for polling for the analyses’ results is now configurable. Change it in the results_polling_interval parameter of the Web Adapter configuration file if necessary.
You can now select the front or back camera via Web Plugin. In the OzLiveness.open() method, set cameraFacingMode to user for the front camera and environment for the back one. This parameter only works when the use_for_liveness option in the Web Adapter configuration file is not set.
The plugin styles are now being added automatically. Please remove <link rel="stylesheet" href="/plugin/ozliveness.css" /> from your page to prevent style conflicts.
Fixed some bugs and updated telemetry.

1.3.1 – Jan. 12, 2024

Improved the protection against injection attacks.
Replaced the code for Brazilian Portuguese from pt to pt-br to match the ISO standard.
Removed the lang_default adapter parameter.
The 3D mask transparency became customizable.
Implemented the possibility of using a master license that works with any domain.
Added the master_license_signature option into Web Adapter configuration parameters.
Fixed some bugs.

1.2.2 – Dec. 15, 2023

Internal SDK improvements.

1.2.1 – Nov. 04, 2023

Updated telemetry (logging).

1.1.5 – Oct. 27, 2023

Logging updates.

1.1.4 – Oct. 2023

Security updates.

1.1.3 – Sept. 29, 2023

Internal SDK improvements.

1.1.2 – Sept. 21, 2023

Internal SDK improvements.

1.1.1 – Aug. 29, 2023

Fixed some bugs.

1.1.0 – Aug. 24, 2023

Changed the signature of the on_error() callback: now it returns an object with the error code, error message, and telemetry ID for logging.
Added the configuration parameter for the debug mode. If True, the Web SDK enables access to the /debug.php page, which contains information about the current configuration and the current license.
Fixed some bugs and improved logging.

1.0.2 – July 06, 2023

If your device has multiple cameras, you can now choose one when launching the Web Plugin.

1.0.1 – July 01, 2023

Added the Portuguese, Spanish, and Kazakh locales.
Added the combo gesture.
Added the progress bar for media upload.
Removed the Zoom in / Zoom out gestures.
On tablets, you can now capture video in landscape orientation.
Removed the lang_allow option from Web Adapter configuration file.

0.9.1 – Mar. 01, 2023

In the capture architecture, when a virtual camera is detected, the additional_info parameter is inside the from_virtual_camera section.
You can now crop the lossless frame without losing quality.
Fixed face landmarks for the capture architecture.

0.9.0 – Feb. 20, 2023

Improved the recording quality;
- added detailed error descriptions;
- now you can set the license in JS during the runtime;
- when you set a license in OzLiveness.open(), it rewrites the previous license;
- the license no longer requires port and protocol;
- you can now specify subdomains in the license;
- upon the launch of the plugin on a server, the license payload is displayed in the Docker log;
- localhost and 127.0.0.1 no longer ask for a license;
The on_capture_complete callback is now available on any architecture: it is called once a video is taken and returns info on actions from the video;
Oz Web Liveness and Oz Web Adapter versions are displayed in the Docker log upon launch;
Deleted the deprecated adapter_version field from order metadata;
Fixed the Switch camera button in Google Chrome;
Upon the start of Web SDK, the actual configuration parameters are displayed in the Docker log.

0.7.6 – Sept. 27, 2022

Changed the extension of some Oz system files from .bin to .dat.

0.7.5

Additional scripts are now called using the main script's address.

0.7.4

Web SDK now can be installed via static files only (works for the capture type of architecture).
Web SDK can now work with CDN.
Now, you can launch several Oz Liveness plugins on different pages. In this case, you need to specify the path to scripts in head of these pages.

If you update the Web SDK version from 0.4.0, the license should be updated as well.

0.4.1

Fixed a bug with the shooting screen.

0.4.0

Added licensing (requires origin).

0.3.2044

Fixed Angular integration.

0.3.2043

Fixed the bug where the IMAGE_FOLDER section was missed in the JSON response with the lossless frame enabled.

0.3.2042

Fixed issues with the ravenjs library.

0.3.2041

A frame for taking a documents photo is now customizable.

0.3.2012

Implemented security updates.

0.3.2009 (0.4.8)

Metadata now contains names of all cameras you can use.

0.3.2005 (0.4.8)

Video and zip formats now allow loading a lossless image.
Fixed Best Shot.

0.3.2004 (0.4.8)

Separated the error code and error description in server responses.

0.3.2001 (0.4.6)

If the SDK mode is set in the environment variables architecture, api_url, it is passed to settings automatically.
In the Lite mode, you can select the best frame for any action.
In the Lite mode, an image sent via API gets the on_complete status only after a successful liveness.
You can manage CORS using the environment variables (CORS headers are not added by default).

0.3.1999

Added the folder value for result_mode: it returns the same value as status but with folder_id.

0.3.1997 (0.4.5)

Updated encryption: now only metadata required to decrypt an object is encrypted.
Updated data transfer: images are being sent in separate form fields.
Added the camera parameters check.

0.3.1992 (0.4.4)

Enabled a new method for image encryption.
Optimized image transfer format.

0.3.1991

Added the use_for_liveness option: mobile devices use back camera by default, on desktop, flip and oval circling are off. By default, the option is switched off.

0.3.1990 (0.4.3)

Decreased video length for video_selfie_best (the Selfie gesture) from 1 to 0,2 sec.
Loading scripts is now customizable.
Improved UX.

0.3.1988 (0.4.2)

Added the Kazakh locale.
Added a guide for accessing the camera on a desktop.
Improved logging: plugin_liveness.php requests and recording user-agent to the server log.
Added the Lite mode.

0.3.1987 (0.4.1)

Added encryption.
Updated libraries.

0.3.1986 (0.3.91)

You can now hide the Oz Forensics logo.

0.3.1984

Updated a guide for Facebook, Instagram, Samsung, Opera.
Added handlers for unknown variables and a guide for “unknown” browsers.

0.3.1983

Optimized memory usage for a frame.
Added a guide on how to switch cameras on using Android browsers.

Installation in Docker

Hardware and Software Requirements

To launch the services, you'll require:

CPU: 16 cores,
RAM: 32 GB,
Disk: 100 GB, SSD,
Linux-compatible OS,
Docker 19.03+ (or Podman 4.4+),
Docker Compose 1.27+ (or podman-compose 1.2.0+, if you use Podman).

For Docker installations with multiple API servers, you'll also require shared volume or NFS.

Distribution Package Contents

The package you get consists of the following directories and files:

Installation

Installing TFSS and the API on the Same Host

Put the license file in ./configs/tfss/license.key.
Unzip the file that contains models into the ./data/tfss/models directory.
Before starting system configuration, we recommend running the host readiness check scripts. Navigate to the checkers directory and run the pre-checker-all.sh script.

Set the initial passwords and values:

Configuration

configs\api\config.py
- Line 15: 'PORT' is the same port as set in line 2 of configs\nginx\default.conf. Needed to set URLs to serve static via nginx.
- Line 21: 'HOST' is the same name as set in docker-compose for oz-api-nginx container. Needed to set URLs to serve static via nginx.
- Line 24-28: 'DB_*' are parameters for connecting to PostgreSQL database. Must refer to oz-api-pg name and parameters, that are set in configs\init\init-db.sh, configs\postgres\init.sql
- Line 33-34: 'TFSS' must refer to oz-tfss container name and port, that are set in the docker-compose.yaml oz-tfss start command.
- Line 36: Regula. Currently, we support only external Regula.
- Line 54-57: Redis connection. Change password or Redis container name and port, corresponding to lines 2 and 4 of configs\redis\redis.conf.
- Line 69: Celery workers' healthcheck list. Remove Celery workers from list, if you have disabled them in docker-compose.yaml.
- Line 141: O2N. Change o2n name and port, corresponding to docker-compose.yaml.
configs\init\init-*.sh
- VARS section of each file (Lines 4-9) must refer to PostgreSQL names, ports in docker-compose, parameters in config.py and sets up user and database that are created during startup.
nginx\default.conf
- Line 2: Listen port. Must be set corresponding to the docker-compose oz-api-nginx port parameter and config.py
- Lines 27, 43, 48: Service names in redirect. oz-api, oz-statistic. Change if container names are changed in docker-compose.yaml
configs\pg-o2n\init.sql
- Username, database name, password that are pre-created in database.
- Username in lines 1, 9.
- Password in line 1.
- DB name in lines 8, 16.
configs\postgres\init.sql
- Username, database name, password that are pre-created in database.
- Username in lines 1, 9.
- Password in line 1.
- DB name in lines 8, 16.
configs\redis\redis.conf
- Line 2: password for security. Refers to config.py.
- Line 4: port. Refers to config.py.
data\tfss
- Must have 'models' folder with models.
configs\webui\aquireToken.sh
- Line 3-6: API parameters. Web UI should point to the oz-api-nginx container. Set name and port same as in oz-api-nginx.
- Line 5-6: login and password must be the same as in configs\init\init-user.sh (if you have created another user manually, you can also use other credentials)
configs\o2n\config.env
- Lines 6-10: pg-o2n parameters. Must be the same as listed in init-o2n.sh and pg-o2n\init.sql.
- Line 12: password for superuser in PostgreSQL for O2N.
- Lines 14-16: service parameters for superuser in PostgreSQL.
- Lines 24-29: database parameters. Must be the same as listed in configs\postgres\init.sql.
- Line 38: 'APP_ENV' User 'local' for http, 'https' for https.
- Line 51-57: mail parameters. Set up for 'send password to email' option.

For this configuration, run all services on a single host:

We recommend using PostgreSQL as a container only for testing purposes. For the production deployment, it is recommended to use a standalone database.

Installing TFSS and the API on Separate Hosts

TFSS Host

Create a directory and unzip the distribution package into it. The package contains Docker Compose manifests and directories with the configuration files required for operation.
Put the license file in ./configs/tfss/license.key.
Unzip the file that contains models into the ./data/tfss/models directory.
Before starting system configuration, we recommend running the host readiness check scripts. Navigate to the checkers directory and run the pre-checker-all.sh script.
For this configuration, run TFSS service on a separate host:

API Host

Create a directory and unzip the distribution package into it. The package contains Docker Compose manifests and directories with the configuration files required for operation.
Before starting system configuration, we recommend running the host readiness check scripts. Navigate to the checkers directory and run the pre-checker-all.sh script.