To connect SDK to Oz API, specify the API URL and access token as shown below.
OZSDK.setApiConnection(Connection.fromServiceToken(host: "https://sandbox.ohio.ozforensics.com", token: token)) { (token, error) in
}
Please note: in your host application, it is recommended that you set the API address on the screen that precedes the liveness check. Setting the API URL initiates a service call to the API, which may cause excessive server load when being done at the application initialization or startup.
Alternatively, you can use the login and password provided by your Oz Forensics account manager:
OZSDK.setApiConnection(Connection.fromCredentials(host: “https://sandbox.ohio.ozforensics.com”, login: login, password: p)) { (token, error) in
// Your code to handle error or token
}
By default, logs are saved along with the analyses' data. If you need to keep the logs distinct from the analysis data, set up the separate connection for telemetry as shown below:
let eventsConnection = Connection.fromCredentials(host: https://echo.cdn.ozforensics.com/,
login: <your_telemetry_user_eg_tm@company.com>,
password: your_telemetry_password)
OZSDK.setEventsConnection(eventsConnection) { (token, error) in
}
Master License for Android
Master license is the offline license that allows using Mobile SDKs with any bundle_id, unlike the regular licenses. To get a master license, create a pair of keys as shown below. Email us the public key, and we will email you the master license shortly after that.
Your application needs to sign its bundle_id with the private key, and the Mobile SDK checks the signature using the public key from the master license. Master licenses are time-limited.
Generating Keys
This section describes the process of creating your private and public keys.
Creating a Private Key
To create a private key, run the commands below one by one.
openssl genpkey -algorithm RSA -outform DER -out privateKey.der -pkeyopt rsa_keygen_bits:2048
# for MacOS
base64 -i privateKey.der -o privateKey.txt
# for Linux
base64 -w 0 privateKey.der > privateKey.txt
You will get these files:
privateKey.der is a private .der key;
privateKey.txt is privateKey.der encoded by base64. This key containing will be used as the host app bundle_id signature.
Add the implementation 'com.madgag.spongycastle:prov:1.58.0.0' dependency;
Prior to the SDK initializing, create a base64-encoded signature for the host app bundle_id using the private key.
Signature creation example:
private fun getMasterSignature(): String {
Security.insertProviderAt(org.spongycastle.jce.provider.BouncyCastleProvider(), 1)
val privateKeyBase64String = "the string copied from the privateKey.txt file"
// with key example:
// val privateKeyBase64String = "MIIEpAIBAAKCAQEAxnpv02nNR34uNS0yLRK1o7Za2hs4Rr0s1V1/e1JZpCaK8o5/3uGV+qiaTbKqU6x1tTrlXwE2BRzZJLLQdTfBL/rzqVLQC/n+kAmvsqtHMTUqKquSybSTY/zAxqHF3Fk59Cqisr/KQamPh2tmg3Gu61rr9gU1rOglnuqt7FioNMCMvjW7ciPv+jiawLxaPrzNiApLqHVN+xCFh6LLb4YlGRaNUXlOgnoLGWSQEsLwBZFkDJDSLTJheNVn9oa3PXg4OIlJIPlYVKzIDDcSTNKdzM6opkS5d+86yjI1aTKEH3Zs64+QoEuoDfXUxS3TOUFx8P+wfjOR5tYAT+7TRN4ocwIDAQABAoIBAATWJPV05ZCxbXTURh29D/oOToZ0FVn78CS+44Vgy1hprAcfG9SVkK8L/r6X9PiXAkNJTR+Uivly64Oua8//bNC7f8aHgxRXojFmWwayj8iOMBncFnad1N2h4hy1AnpNHlFp3I8Yh1g0RpAZOOVJFucbTxaup9Ev0wLdWyGgQ3ENmRXAyLU5iUDwUSXg59RCBFKcmsMT2GmmJt1BU4P3lL9KVyLBktqeDWR/l5K5y8pPo6K7m9NaOkynpZo+mHVoOTCtmTj5TC/MH9YRHlF15VxQgBbZXuBPxlYoQCsMDEcZlMBWNw3cNR6VBmGiwHIc/tzSHZVsbY0VRCYEbxhCBZkCgYEA+Uz0VYKnIWViQF2Na6LFuqlfljZlkOvdpU4puYTCdlfpKNT3txYzO0T00HHY9YG9k1AW78YxQwsopOXDCmCqMoRqlbn1SBe6v49pVB85fPYU2+L+lftpPlx6Wa0xcgzwOBZonHb4kvp1tWhUH+B5t27gnvRz/rx5jV2EfmWinycCgYEAy8/aklZcgoXWf93N/0EZcfzQo90LfftkKonpzEyxSzqCw7B9fHY68q/j9HoP4xgJXUKbx1Fa8Wccc0DSoXsSiQFrLhnT8pE2s1ZWvPaUqyT5iOZOW6R+giFSLPWEdwm6+BeFoPQQFHf8XH3Z2QoAepPrEPiDoGN1GSIXcCwoe9UCgYEAgoKj4uQsJJKT1ghj0bZ79xVWQigmEbE47qI1u7Zhq1yoZkTfjcykc2HNHBaNszEBks45w7qo7WU5GOJjsdobH6kst0eLvfsWO9STGoPiL6YQE3EJQHFGjmwRbUL7AK7/Tw2EJG0wApn150s/xxRYBAyasPxegTwgEj6j7xu7/78CgYEAxbkI52zG5I0o0fWBcf9ayx2j30SDcJ3gx+/xlBRW74986pGeu48LkwMWV8fO/9YCx6nl7JC9dHI+xIT/kk8OZUGuFBRUbP95nLPHBB0Hj50YRDqBjCBh5qaizSEGeGFFNIfFSKddri3U8nnZTNiKLGCx7E3bjE7QfCh5qoX8ZF0CgYAtsEPTNKWZKA23qTFI+XAg/cVZpbSjvbHDSE8QB6X8iaKJFXbmIC0LV5tQO/KT4sK8g40m2N9JWUnaryTiXClaUGU3KnSlBdkIA+I77VvMKMGSg+uf4OdfJvvcs4hZTqZRdTm3dez8rsUdiW1cX/iI/dJxF4964YIFR65wL+SoRg=="
val sig = Signature.getInstance("SHA512WithRSA")
val keySpec = PKCS8EncodedKeySpec(Base64.decode(privateKeyBase64String, Base64.DEFAULT))
val keyFactory = KeyFactory.getInstance("RSA")
sig.initSign(keyFactory.generatePrivate(keySpec))
sig.update(packageName.toByteArray(Charsets.UTF_8))
return Base64.encodeToString(sig.sign(), Base64.DEFAULT).replace("\n", "")
}
Pass the signature as the masterLicenseSignature parameter during the SDK initialization.
If the signature is invalid, the initialization continues as usual: the SDK checks the list of bundle_id included into the license, like it does it by default without a master license.
Changelog
iOS SDK changes
10.0.0 – June 03, 2026
Breaking changes: for the OzCapsula flow, this SDK version requires API 6.6.0.1 or newer.
Updated internal dependencies.
Enhanced security.
9.3.0 – May 22, 2026
The files passed via UserMedia in MediaRequest (OzCapsula) are now named using a UUID v4 identifier with the original file extension. The original file name can still be transmitted via the mediaMeta field.
Telemetry observer callbacks (EventObserver.update() and EventObserver.onDetected()) are now dispatched on a background thread.
Updated the SDK to comply with Apple Required Reasons API.
The unbalanced dispatch_group_leave() crash on session timeout in view controller no longer occurs.
Removed the OZ_ prefix from cases of the ContainerType.
We now send the One Shot gesture media as ZIP instead of JPEG.
Enhanced security.
9.2.0 – Apr. 23, 2026
Added the new addAnalysisProfile method. It allows appending an additional AnalysisProfile (e.g., a reference photo) to an existing OzCapsula container generated during capture, forming a multi-container package for biometric or comprehensive analyses. The session token and the existing OzCapsula instance are read from device memory automatically; no additional parameters are needed. Warning: requires API 6.6.1 and above.
The Scan gesture has been made easier to pass: resolved the issue with conflicting hints.
Updated sample to cover the case of biometric verification using OzCapsula.
Resolved the issue with SQLCipher integration conflict.
9.1.0 – Mar. 17, 2026
Added support for optimized data transmission when using container.
Updated code sample in align with OzCapsula functionality.
Long antiscam messages are now displayed properly.
SDK no longer crashes when Liveness screen is called several times in a row with short intervals.
Resolved the issue with container errors not being returned.
Updated dependencies.
8.22.0 – Dec. 09, 2025
Implemented a new proprietary data format: OzCapsula Data Container.
Resolved the issue with SDK not returning the license-related callbacks.
Enhanced security.
8.21.0 – Nov. 21, 2025
Resolved the issue with SDK sometimes not responding to user actions on some devices.
Updated SDK to support the upcoming security features.
8.20.0 – Oct. 17, 2025
Fixed the bug with crashes that might happen during the Biometry analysis after taking a reference photo using camera.
Enhanced security.
8.19.0 – Sept. 23, 2025
The Scan gesture animation now works properly.
Fixed the bug where SDK didn’t call completion during initialization in debug mode.
Enhanced security.
8.18.2 – Aug. 22, 2025
Addressed an SDK crash that occasionally happened when invoking the license.
8.18.1 – Aug. 06, 2025
We highly recommend updating to this version.
Resolved the issue with integration via Swift UI.
SDK no longer crashes on smartphones that are running low on storage.
Security and telemetry updates.
8.17.0 – June 12, 2025
Security updates.
8.16.2 – Apr. 22, 2025
Xcode updated to version 16 to comply with Apple requirements.
8.16.1 – Apr. 09, 2025
Security updates.
8.16.0 – Mar. 11, 2025
Updated the authorization logic.
Improved voiceover.
SDK now compresses videos if their size exceeds 10 MB.
Head movement gestures are now handled properly.
Security updates.
8.15.0 – Dec. 30, 2024
Changed the wording for the head_down gesture: the new wording is “tilt down”.
Added proper focus order for VoiceOver when the antiscam hint is enabled.
Added the public setting extract_action_shot in the Demo Application.
Bug fixes.
Security updates.
8.14.0 – Dec. 3, 2024
Accessibility updates according to WCAG requirements: the SDK hints and UI controls can be voiced.
Improved user experience with head movement gestures.
Minor bug fixes and telemetry updates.
8.13.0 – Nov. 11, 2024
The screen brightness no longer changes when the rear camera is used.
Fixed the video recording issues on some smartphone models.
Security and telemetry updates.
8.12.2 – Oct. 24, 2024
Internal SDK improvements.
8.12.1 – Sept. 30, 2024
Added Xcode 16 support.
Security and telemetry updates.
8.11.0 – Sept. 10, 2024
Security updates.
8.10.1 – Aug. 23, 2024
Bug fixes.
8.10.0 – Aug. 1, 2024
SDK now requires Xcode 15 and newer.
Security updates.
Bug fixes.
8.9.1 – July 16, 2024
Internal SDK improvements.
8.8.3 – July 11, 2024
Internal SDK improvements.
8.8.2 – June 25, 2024
Bug fixes.
8.8.1 – June 25, 2024
Logging updates.
8.8.0 – June 18, 2024
Security updates.
8.7.0 – May 10, 2024
You can now install iOS SDK via Swift Package Manager.
The sample is now available on SwiftUI. Please find it here.
Added a description for the error that occurs when providing an empty string as an ID in the addFolderID method.
Bug fixes.
8.6.0 – Apr. 10, 2024
The messages displayed by the SDK after uploading media have been synchronized with Android.
The bug causing analysis delays that might have occurred for the One Shot gesture has been fixed.
8.5.0 – Mar. 06, 2024
The length of the Selfie gesture is now configurable (affects the video file size).
You can set your own logo instead of Oz logo if your license allows it.
Removed the pause after the Scan gesture.
The code in is now up-to-date.
Security and logging updates.
8.4.2 – Jan. 24, 2024
Security updates.
8.4.0 – Jan. 09, 2024
Changed the default behavior in case a localization key is missing: now the English string value is displayed instead of a key.
Fixed some bugs.
8.3.3 – Dec. 11, 2023
Internal licensing improvements.
8.3.0 – Nov. 17, 2023
Implemented the possibility of using a master license that works with any bundle_id.
Fixed the bug with background color flashing.
8.2.1 – Nov. 11, 2023
Bug fixes.
8.2.0 – Oct. 30, 2023
The Analysis structure now contains the sizeReductionStrategy field. This field defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully.
The messages for the errors that are retrieved from API are now detailed.
The toFrameGradientColor option in hintAnimationCustomization is now deprecated, please use the hintGradientColor option instead.
Got back the iOS 11 support.
8.1.1 – Oct. 09, 2023
If multiple analyses are applied to the folder simultaneously, the system sends them as a group. It means that the “worst” of the results will be taken as resolution, not the latest. Please refer to this article for details.
For the Liveness analysis, the system now treats the highest score as a quantitative result. The Liveness analysis output is described here.
8.1.0 – Sept. 07, 2023
Updated the Liveness on-device model.
Added the Portuguese (Brazilian) locale.
You can now add a custom or update an existing language pack. The instructions can be found here.
If a media hasn't been uploaded correctly, the system now repeats the upload.
Added a new method to retrieve the telemetry (logging) identifier: getEventSessionId.
The setPermanentAccessToken, configure and login methods are now deprecated. Please use the setApiConnection method instead.
The setLicense(from path:String) method is now deprecated. Please use the setLicense(licenseSource: LicenseSource) method instead.
Fixed some bugs and improved the SDK work.
8.0.2 – Aug. 15, 2023
Fixed some bugs and improved the SDK algorithms.
8.0.0 – June 27, 2023
Added the new analysis mode – hybrid (Liveness only). If the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.
Improved the on-device models.
Updated the run method.
Added new structures: RequestStatus (analysis state), ResultMedia (analysis result for a single media) and RequestResult (consolidated analysis result for all media).
The updated AnalysisResult structure should be now used instead of OzAnalysisResult.
For the OZMedia object, you can now specify additional tags that are not included into our tags list.
The Selfie video length is now about 0.7 sec, the file size and upload time are reduced.
The hint text width can now exceed the frame width (when using the main camera).
The methods below are no longer supported:
Removed method
Replacement
analyse
AnalysisRequest.run
addToFolder
uploadMedia
documentAnalyse
AnalysisRequest.run
7.3.0 – June 06, 2023
Added the center hint background customization.
Added new face frame forms (Circle, Square).
Added the antiscam widget and its customization. This feature allows you to alert your customers that the video recording is being conducted, for instance, for loan application purposes. The purpose of this is to safeguard against scammers who may attempt to deceive an individual into approving a fraudulent transaction.
Synchronized the default customization values with Android.
Added the Spanish locale.
iOS 11 is no longer supported, the minimal required version is 12.
7.2.1 – May 24, 2023
Fixed the issue with the server-based One shot analysis.
7.2.0 – May 18, 2023
Improved the SDK algorithms.
7.1.6 – May 04, 2023
Fixed error handling when uploading a file to API. From this version, an error will be raised to a host application in case of an error during file upload.
7.1.5 – Apr. 03, 2023
Improved the on-device Liveness.
7.1.4 – Mar. 24, 2023
Fixed the animation for sunglasses/mask.
Fixed the bug with the .document analysis.
Updated the descriptions of customization methods and structures.
7.1.2 – Feb. 21, 2023
Updated the TensorFlow version to 2.11.
Fixed several bugs, including the Biometry check failures on some phone models.
7.1.1 – Feb. 06, 2023
Added customization for the hint animation.
7.1.0 – Jan. 20, 2023
Integrated a new model.
Added the uploadMedia method to AnalysisRequest. The addMedia method is now deprecated.
Fixed the combo analysis error.
Added a button to reset the SDK theme and language settings.
Fixed some bugs and localization issues.
Extended the network request timeout to 90 sec.
Added a setting for the animation icon size.
7.0.0 – Dec. 08, 2022
Implemented a range of UI customization options and switched to the new design. To restore the previous settings, please refer to this article.
6.7.0
The run method now works similar to the one in Android SDK and returns an array of analysis' results.
6.4.0
Synchronized the version numbers with Android SDK.
Added a new field to the Analysis structure. The params field is for any additional parameters, for instance, if you need to set extracting the best shot on server to true. The best shot algorithm chooses the most high-quality frame from a video.
Fixed some localization issues.
Changed the Combo gesture.
Now you can launch the Liveness check to analyze images taken with another SDK.
3.0.1
The Zoom in and Zoom out gestures are no longer supported.
3.0.0
Added a new simplified analysis structure – AnalysisRequest.
2.3.0
Added methods of on-device analysis: runOnDeviceLivenessAnalysis and runOnDeviceBiometryAnalysis.
You can choose the installation version. Standard installation gives access to full functionality. The core version (OzLivenessSDK/Core) installs SDK without the on-device functionality.
Added a method to upload data to server and start analyzing it immediately: uploadAndAnalyse.
Improved the licensing process, now you can add a license when initializing SDK: OZSDK(licenseSources: [LicenseSource], completion: @escaping ((LicenseData?, LicenseError?) -> Void)), where LicenseSource is a path to physical location of your license, LicenseData contains the license information.
Added the setLicense method to force license adding.
2.2.3
Added the Turkish locale.
2.2.1
Added the Kyrgyz locale.
Added Completion Handler for analysis results.
Added Error User Info to telemetry to show detailed info in case of an analysis error.
2.2.0
Added local on-device analysis.
Added oval and rectangular frames.
Added Xcode 12.5.1+ support.
2.1.4
Added SDK configuration with licenses.
2.1.3
Added the One Shot gesture.
Improved OZVerificationResult: added bestShotURL which contains the best shot image and preferredMediaURL which contains an URL to the best quality video.
When performing a local check, you can now choose a main or back camera.
2.1.2
Authorization sessions extend automatically.
Updated authorization interfaces.
2.1.1
Added the Kazakh locale.
Added license error texts.
2.1.0
You can cancel network requests.
You can specify Bundle for license.
Added analysis parameterization documentAnalyse.
Fixed building errors (Xcode 12.4 / Cocoapods 1.10.1).
2.0.0
Added license support.
Added Xcode 12 support instead of 11.
Fixed the documentAnalyse error where you had to fill analyseStates to launch the analysis.
This section contains the most common cases of integrating the Oz Forensics Liveness and face Biometry system.
The scenarios can be combined together, for example, integrating liveness into both web and mobile applications or integrating liveness with face matching.
The webhook feature simplifies getting analyses' results. Instead of polling after the analyses are launched, add a webhook that will call your website once the results are ready.
When you create a folder, add the webhook endpoint (resolution_endpoint) into the payload section of your request body:
Postman
Payload example
{
"resolution_endpoint": "address.com", // use address of your website here
... // other request details - folder etc.
}
You'll receive a notification each time the analyses are completed for this folder. The webhook request will contain information about the folder and its corresponding analyses.
Oz Mobile SDK (iOS, Android, Flutter)
Oz Mobile SDK stands for the Software Developer’s Kit of the Oz Forensics Liveness and Face Biometric System, providing seamless integration with customers’ mobile apps for login and biometric identification.
In this section, we explain how to use Oz Flutter SDK for iOS and Android.
Before you start, it is recommended that you install:
Flutter 3.0.0 or newer;
Android SDK 21 or newer;
dart 2.18.6 or newer;
iOS platform 13 or newer;
Xcode.
Please find the Flutter repository .
Oz Liveness and Biometry Key Concepts
Oz Forensics specializes in liveness and face matching: we develop products that help you identify your clients remotely and protect against spoofing and deepfake attacks. Oz software helps you to add facial recognition to your software systems and products. You can integrate Oz modules in many ways depending on your needs. We are constantly improving our components, increasing their quality.
Oz Liveness is responsible for recognizing a living person on a video it receives. Oz Liveness can distinguish a real human from their photo, video, mask, or other kinds of spoofing and deepfake attacks. The accuracy of our algorithms is confirmed by BixeLab, the independent biometric testing laboratory.
Here are the confirmation letters from the laboratory.
Developer Guide
In this section, you will find the description of both API and SDK components of Oz Forensics Liveness and face biometric system. API is the backend component of the system, it is needed for all the system modules to interact with each other. SDK is the frontend component that is used to:
1) take videos or images which are then processed via API,
2) display results.
We provide two versions of API.
With full version, we provide you with all functionality of Oz API.
The Lite version is a simple and lightweight version with only the necessary functions included.
The SDK component consists of web SDK and mobile SDK.
Oz API
Oz API is the most important component of the system. It makes sure all other components are connected with each other. Oz API:
provides the unified Rest API interface to run the Liveness and Biometry analyses,
processes authorization and user permissions management,
Best Shot
The "Best shot" algorithm is intended to choose the most high-quality and well-tuned frame with a face from a video record. This algorithm works as a part of the analysis, so here, we describe only the best shot part. Starting with API v6.0.1, the best shot is extracted and returned in the API response by default unless disabled for a specific purpose.
1. Initiate the analysis similar to , but make sure that extract_best_shot is set to true as shown below, or this line is omitted (for API 6.0.1 and newer):
If you want to use a webhook for response, add it to the payload at this step, as described .
2. Check and interpret results in the same way as for the pure analysis.
Oz API Lite (Deprecated)
What is Oz API Lite, when and how to use it.
Oz API Lite is the lightweight yet powerful version of Oz API. The Lite version is less resource-demanding, more productive, and easier to work with. The analyses are made within the API Lite image. As Oz API Lite doesn't include any additional services like statistics or data storage, this version is the one to use when you need a high performance.
To check the Liveness processor, GET /v1/face/liveness/health.
To check the Biometry processor, GET /v1/face/pattern/health.
To perform the liveness check for an image, POST /v1/face/liveness/detect (it takes an image as an input and displays the evaluation of spoofing attack chance in this image)
Oz API Postman Collections
Download and install the Postman client from this Then download the JSON file needed:
Oz API 5.1.0 works with the same collection.
Launch the client and import Oz API collection for Postman by clicking the Import button:
Click files, locate the JSON needed, and hit Open to add it:
The collection will be imported and will appear in the Postman interface:
Oz API Lite Postman Collection
Download and install the Postman client from this Then download the JSON file needed:
Launch the client and import Oz API Lite collection for Postman by clicking the Import button:
Click files, locate the JSON needed, and hit Open to add it:
The collection will be imported and will appear in the Postman interface:
Android Localization: Adding a Custom or Updating an Existing Language Pack
Please note: this feature has been implemented in 8.1.0.
To add or update the language pack for Oz Android SDK, please follow these instructions:
Go to the folder for the locale needed, or create a new folder. Proceed to for the details.
Create the file called strings.xml.
Adding SDK to a Project
Add the following URL to the build.gradle of the project:
Add this to the build.gradle of the module (VERSION is the version you need to implement. Please refer to ):
Please note: this is the default version.
Please note: the resulting file will be larger.
Also, regardless of the mode chosen, add:
iOS Localization: Adding a Custom or Updating an Existing Language Pack
Please note: this feature has been implemented in 8.1.0.
To add or update the language pack for Oz iOS SDK, use the set(languageBundle: Bundle) method. It shows the SDK that you are going to use the non-standard bundle. In OzLocalizationCode, use the custom language (optional).
If you don’t set the custom language and bundle, the SDK uses the pre-installed languages only.
Web Plugin (Web SDK Frontend part)
Web Plugin is a plugin called by your web application. It works in a browser context. The Web Plugin communicates with Web Adapter, which, in turn, communicates with Oz API.
Please find a sample for Oz Liveness Web SDK . To make it work, replace <web-adapter-url> with the Web Adapter URL you've received from us.
For the samples below, replace https://web-sdk.sandbox.ohio.ozforensics.com in index.html.
sample
Adding the Plugin to Your Web Page
A dedicated Web Adapter in our cloud or the adapter deployed on-premise. The adapter's URL is required for adding the plugin.
To embed the plugin in your page, add a reference to the primary script of the plugin (plugin_liveness.php) that you received from Oz Forensics to the HTML code of the page. web-sdk-root-url is the Web Adapter link you've received from us.
Description of the on_error Callback
This callback is called when the system encounters any error. It contains the error details and telemetry ID that you can use for further investigation.
To compare two faces in two images, callPOST /v1/face/pattern/extract_and_compare (it takes two images as an input, derives the biometry templates from these images, and compares them).
To compare an image with a bunch of images, callPOST /v1/face/pattern/extract_and_compare_n.
For the full list of Oz API Lite methods, please refer to API Methods.
API Lite is deprecated and no longer maintained. Its functionality has been added to API full: see Instant API.
tracks and records requested orders and analyses to the database (for example, in 6.0, the database size for 100 000 orders with analyses is ~4 GB),
archives the inbound media files,
collects telemetry from connected mobile apps,
provides settings for specific device models,
generates reports with analyses' results.
For the latest API methods collection, please refer to our API reference.
In API 6.0, we introduced two new operation modes: Instant API and single request.
In the Instant API mode – also known as non-persistent – no data is stored at any point. You send a request, receive the result, and can be confident that nothing is saved. This mode is ideal for handling sensitive data and helps ensure GDPR compliance. Additionally, it reduces storage requirements on your side.
Single request mode allows you to send all media along with the analysis request in one call and receive the results in the same response. This removes the need for multiple API calls – one is sufficient. However, if needed, you can still use the multi-request mode.
3. The URL to the best shot is located in the analyses.results_media -> output_images -> original_url response under analyses.results_media -> output_images -> original_name = "ResultImage.jpg".
request body
{
"analyses": [{
"type": "quality",
"source_media": ["1111aaaa-11aa-11aa-11aa-111111aaaaaa"], // // optional; omit to include all media from the folder
"params" : {
"extract_best_shot": true // the mandatory part for the best shot analysis
}
}]
}
Please note: historically, some instances are configured to allow Best Shot only for certain gestures.
Add a reference to the file with styles and to the primary script of the plugin (plugin_liveness.php) that you received from Oz Forensics to the HTML code of the page. web-sdk-root-url is the Web Adapter link you've received from us.
For Angular and Vue, script (and files, if you use a version lower than 1.4.0) should be added in the same way. For React apps, use head at your template's main page to load and initialize the OzLiveness plugin. Please note: if you use <React.StrictMode>, you may experience issues with Web Liveness.
on_error {
"code": "error_code",
"event_session_id": "id_of_telemetry_session_with_error",
"message": "<error decription>",
"context": {} // additional information if any
}
Closing or Hiding the Plugin
Closing the plugin
To force the closing of the plugin window, use the close() method. All requests to server and callback functions (except on_close) within the current session will be aborted.
Example:
var session_id = 123;
OzLiveness.open({
// We transfer the arbitrary meta data, by which we can later identify the session in Oz API
meta: {
session_id: session_id
},
// After sending the data, forcibly close the plugin window and independently request the result
on_submit: function() {
OzLiveness.close();
my_result_function(session_id);
}
});
Hiding the plugin window without cancelling the callbacks
To hide the plugin window without cancelling the requests for analysis results and user callback functions, call the hide() method. Use this method, for instance, if you want to display your own upload indicator after submitting data.
An example of usage:
No-Server Licensing
This article covers a rare case when you use Web Plugin only. If you have a standard installation with Web Adapter, do not use these licensing parameters in OzLiveness.open() – your server license will be managed automatically. Passing a license via the frontend will override the server license and may cause unexpected expiration issues.
To generate the license, we need the domain name of the website where you are going to use Oz Forensics Web SDK, for instance, your-website.com. You can also define subdomains.
To find the origin, in the developer mode, run window.origin on the page you are going to embed Oz Web SDK in. At localhost / 127.0.0.1, license can work without this information.
Proceed to your website origin and launch Liveness -> Simple selfie.
Once the license is added, the system will check its validity on launch.
How to Restore the Previous Design after an Update
If you want to get back to the previous (up to 6.4.2) versions' design, reset the customization settings of the capture screen and apply the parameters that are listed below.
// customization parameters for the toolbar
let toolbarCustomization = ToolbarCustomization(
closeButtonColor: .white,
backgroundColor: .black)
// customization parameters for the center hint
let centerHintCustomization = CenterHintCustomization(
verticalPosition: 70)
// customization parameters for the center hint animation
let hintAnimationCustomization = HintAnimationCustomization(
hideAnimation: true)
// customization parameters for the frame around the user face
let faceFrameCustomization = FaceFrameCustomization(
strokeWidth: 6,
strokeFaceAlignedColor: .green,
strokeFaceNotAlignedColor: .red)
// customization parameters for the background outside the frame
let backgroundCustomization = BackgroundCustomization(
backgroundColor: .clear)
OZSDK.customization = OZCustomization(toolbarCustomization: toolbarCustomization,
centerHintCustomization: centerHintCustomization,
hintAnimationCustomization: hintAnimationCustomization,
faceFrameCustomization: faceFrameCustomization,
versionCustomization: vesrionCustomization,
backgroundCustomization: backgroundCustomization)
OzLiveness.open({
// When receiving an intermediate result, hide the plugin window and show your own loading indicators
on_result: function(result) {
OzLiveness.hide();
if (result.state === 'processing') {
show_my_loader();
}
},
on_complete: function() {
hide_my_loader();
}
});
Oz Liveness is also certified by iBeta, a NIST-accredited biometric testing laboratory, with 100% accuracy.
Our liveness technology protects against both injection and presentation attacks.
The injection attack detection is layered. Our SDK examines user environment to detect potential manipulations: browser, camera, etc. Further on, the deep neural network comes into play to defend against even the most sophisticated injection attacks.
The presentation attack detection is based on deep neural networks of various architectures, combined with a proprietary ensembling algorithm to achieve optimal performance. The networks consider multiple factors, including reflection, focus, background scene, motion patterns, etc. We offer both passive (no gestures) and active (various gestures) Liveness options, ensuring that your customers enjoy the user experience while delivering accurate results for you. The iBeta test was conducted using passive Liveness, and since then, we have significantly enhanced our networks to better meet the needs of our clients.
Oz Face Matching (Biometry) verifies that the person performing the check is the same person shown on the document. Oz Biometry looks through the video, finds the best shot where the person is clearly seen, and compares it with the photo from ID or another document. The algorithm's accuracy is 99.99% confirmed by NIST FRVT.
Our biometry technology has both 1:1 Face Verification and 1:N Face Identification, which are also based on ML algorithms. To train our neural networks, we use our own framework based on state-of-the-art technologies. Our private dataset of over 4.5 million unique faces covers a wide range of ethnic groups and attributes (predicted race, age, etc.), helping our models produce robust matching scores.
Our face detector can work with photos and videos. Also, the face detector excels in detecting faces in images of IDs and passports (which can be rotated or of low quality).
The Oz software combines accuracy in analysis with ease of integration and use. To further simplify the integration process, we have provided a detailed description of all the key concepts of our system in this section. If you're ready to get started, please refer to our integration guides, which provide the step-by-step instructions on how to achieve your facial recognition goals quickly and easily.
Oz Forensics adheres to SOC 2® and ISO/IEC 27001:2022 standards.
If the custom bundle is set (and language is not), it has a priority when checking translations, i.e, SDK checks for the localization record in the custom bundle localization file. If the key is not found in the custom bundle, the standard bundle text for this key is used.
If both custom bundle and language are set, SDK retrieves all the translations from the custom bundle localization file.
A list of keys for iOS:
The keys Action.*.Task refer to the appropriate gestures. Others refer to the hints for any gesture, info messages, or errors.
When new keys appear with new versions, if no translation is provided by your custom bundle localization file, you’ll see the default (English) text.
The localization record consists of the localization key and its string value, e.g., "about" = "About".
Oz API is the central component of the system. It provides RESTful application programming interface to the core functionality of Liveness and Face matching analyses, along with many important supplemental features:
Persistence: your media and analyses are stored for future reference unless you explicitly delete them,
Authentication, roles and access management,
Asynchronous analyses,
Ability to work with videos as well as images.
For more information, please refer to and . To test Oz API, please check the Postman collection .
Under the logical hood, Oz API has the following components:
File storage and database where media, analyses, and other data are stored,
The Oz BIO module that runs neural network models to perform facial biometry magic,
Licensing logic.
The front-end components (Oz Liveness Mobile or Web SDK) connect to Oz API to perform server-side analyses either directly or via customer's back end.
iOS and Android SDK are collectively referred to as Mobile SDKs or Native SDKs. They are written on Swift and Kotlin/Java, respectively, and designed to be integrated into your native mobile application.
Mobile SDKs implement the out-of-the-box customizable user interface for capturing Liveness video and ensure that the two main objectives are met:
The capture process is smooth for users,
The quality of a video is optimal for the subsequent Liveness analysis.
After Liveness video is recorded and available to your mobile application, you can run the server-side analysis. You can use corresponding SDK methods, call the API directly from your mobile application, or pass the media to your backend and interact with Oz API from there.
The basic integration option is described in the .
Mobile SDKs are also capable of On-device Liveness and Face matching when Oz API is not required.
Web Adapter and Web Plugin together constitute Web SDK.
Web SDK is designed to be integrated into your web applications and have the same main goals as Mobile SDKs:
The capture process is smooth for users,
The quality of a video is optimal for the subsequent Liveness analysis.
Web Adapter needs to be set up on a server side. Web Plugin is called by your web application and works in a browser context. It communicates with Web Adapter, which, in turn, communicates with Oz API.
Web SDK adds the two-layer protection against injection attacks:
Collects information about browser context and camera properties to detect usage of virtual cameras or other injection methods.
Records liveness video in a format that allows server-side neural networks to search for traces of injection attack in the video itself.
Check the for the basic integration scenario, and explore the for more details.
Web UI is a convenient user interface that allows to explore the stored API data in the easy way. It relies on API authentication and database and does not store any data on its own.
Web console has an intuitive interface, yet the user guide is available .
Oz API Key Concepts
The Oz API is a comprehensive Rest API that enables facial biometrics, allowing for both face matching and liveness checks. This write-up provides an overview of the essential concepts that one should keep in mind while using the Oz API.
Authentication, roles, and access management
To ensure security, every Oz API call requires an access token in its HTTP headers. To obtain this token, execute the POST /api/authorize/auth method with login and password provided by us. Pass this token in X-Forensic-Access-Token header in subsequent Oz API calls.
This article provides comprehensive details on the authentication process. Kindly refer to it for further information.
Furthermore, the Oz API offers distinct user roles, ranging from CLIENT, who can perform checks and access reports but lacks administrative rights, e.g., deleting folders, to ADMIN, who enjoys nearly unrestricted access to all system objects. For additional information, please consult .
The unit of work in Oz API is a folder: you can upload interrelated media to a folder, run analyses on them, and check for the aggregated result. A folder can contain the unlimited number of media, and each of the media can be a target of several analyses. Also, analyses can be performed on a bunch of media.
Media OZ API works with photos and videos. Video can be either a regular video container, e.g., MP4 or MOV, or a ZIP archive with a sequence of images. Oz API uses the file mime type to define whether media is an image, a video, or a shot set.
It is also important to determine the semantics of a content, e.g., if an image is a photo of a document or a selfie of a person. This is achieved by using tags. The selection of tags impacts whether specific types of analyses will recognize or ignore particular media files. The most important tags are:
photo_id_front – for the front side of a photo ID
photo_selfie – for a non-document reference photo
video_selfie_blank
The full list of Oz media tags with their explanation and examples can be found .
Since video analysis may take a few seconds, the analyses are performed asynchronously. This implies that you initiate an analysis (/api/folders/{{folder_id}}/analyses/) and then monitor the outcomes by polling until processing is complete (/api/analyses/{{analysis_id}} for a single analysis or /api/folders/{{folder_id}}/analyses/ for all folder’s analyses). Alternatively, there is a webhook option available. To see an example of how to use both the polling and webhook options, please check .
These were the key concepts of Oz API. To gain a deeper understanding of its capabilities, please refer to the of our developer guide.
Proprietary Format: OzCapsula Data Container
To improve the overall security level or Oz products, we’ve introduced a new proprietary data exchange format that provides improved data confidentiality and integrity: OzCapsula.
How it works
A proprietary data exchange format is a container that safely stores and transmits transaction-related media data.
When you capture video using Oz SDK, your media is placed into the OzCapsula container along with all required information. The package can be processed only in Oz API due to internal mechanisms, so it is significantly more difficult to access the package containing.
Please note: we do not disclose specific technical details for security reasons.
Benefits
Integrity and Authenticity Guaranteed. Each container’s content is verified by the API, ensuring data arriving from the user device is genuine, untampered, and fully intact.
Full Confidentiality of Internal Data. Multi-layered cryptographic protection keeps all data, metadata, and technical details hidden from unauthorized viewing, extraction, or interpretation.
Unified Data Package. All content is stored in a single, secure file, simplifying transmission and enabling consistent, predictable processing.
Built-In Investigation Tools. Every action within the container is logged, giving complete visibility for incident analysis and rapid troubleshooting.
Strict, Built-In Access Control. Only authorized systems can open or use the container, preventing misuse, tampering attempts, or unauthorized integration.
Ready for High-Volume Workflows. The container is designed to scale effortlessly, supporting any number of transmissions without performance or integration issues.
Minimal component versions:
API: 6.6.1.
Web SDK: 1.9.10.
Native SDKs: 10.0.0.
You will also require a new token: session_token.
Configure SDK and API:
SaaS, On-premise, On-device: What to Choose
We offer different usage models for the Oz software to meet your specific needs. You can either utilize the software as a service from one of our cloud instances or integrate it into your existing infrastructure. Regardless of the usage model you choose, all Oz modules will function equally. It’s only up to you what to pick, depending on your needs.
When to choose SaaS
With the SaaS model, you can access one of our clouds without having to install our software in your own infrastructure.
Choose SaaS when you want:
Faster start as you don’t need to procure or allocate hardware within your company and set up a new instance.
Zero infrastructure cost as server components are located in Oz cloud.
Lower maintenance cost as Oz maintains and upgrades server components.
No cross-border data transfer for the regions where Oz has cloud instances.
The on-premise model implies that all the Oz components required are installed within your infrastructure. Choose on-premise for:
Your data not leaving your infrastructure.
Full and detailed control over the configuration.
We also provide an opportunity of using the on-device Liveness and Face matching. This model is available in Mobile SDKs.
Consider the on-device option when:
You can’t transmit facial images to any server due to privacy concerns
The network conditions whereon you plan using Oz products are extremely poor.
The choice is yours to make, but we're always available to provide assistance.
Collection (1:N) Check
How to compare a photo or video with ones from your database.
The collection check algorithm is designed to check the presence of a person using a database of preloaded photos. A video fragment and/or a photo can be used as a source for comparison.
You have already uploaded a database of images for comparison. If not, please do it as described .
1. Initiate the analysis: POST/api/folders/{{folder_id}}/analyses/
If you want to use a webhook for response, add it to the payload at this step, as described .
You'll need analysis_id or folder_id from response.
2. If you use a webhook, just wait for it to return the information needed. Otherwise, initiate polling:
GET /api/analyses/{{analysis_id}} – for the analysis_id you have from the previous step.
GET /api/folders/{{folder_id}} – for all analyses performed on media in the folder with the folder_id you have from the previous step.
Wait for the resolution_status and resolution fields to change the status to anything other than PROCESSING and treat this as a result.
If you want to know which person from your collection matched with the media you have uploaded, find the collection analysis in the response, check results_media, and retrieve person_id. This is the ID of the person who matched with the person in your media. To get the information about this person, use GET /api/collections/{{collection_id}}/persons/{{person_id}} with IDs of your collection and person.
Liveness
The Liveness detection algorithm is intended to detect a real living person in a media.
You have already created a folder and added your media marked by correct tags into this folder.
For API 4.0.8 and below, please note: the Liveness analysis works with videos and shotsets, images are ignored. If you want to analyze an image, upload it as a shotset (archive) with a single image and mark with the video_selfie_blank tag.
Processing Steps
1. Initiate the analysis for the folder: POST /api/folders/{{folder_id}}/analyses/
If you want to use a webhook for response, add it to the payload at this step, as described .
You'll needanalysis_id or folder_id from response.
2. If you use a webhook, just wait for it to return the information needed. Otherwise, initiate polling:
GET /api/analyses/{{analysis_id}} – for the analysis_id you have from the previous step.
GET api/folders/{{folder_id}}/analyses/ – for all analyses performed on media in the folder with the folder_id you have from the previous step.
Repeat the check until theresolution_status and resolution fields change status to any other except PROCESSING and treat this as a result.
For the Liveness Analysis, seek the confidence_spoofing value related to the video you need. It indicates a chance that a person is not a real one.
Instant API: Non-Persistent Mode
Instant API, or non-persistent operation mode, has been introduced in API 6.0.1. It is a mode where we do not save any data anywhere. All data is being used only within a request: you send it, receive the response, and that's all, nothing gets recorded. This ensures you do not store any sensitive data, which might be crucial for GDPR compliance. Also, it significantly reduces storage requirements.
To enable this mode, when you prepare the config.py file to run the API, set the OZ_APP_COMPONENTS parameter to stateless. Call POST /api/instant/folders/ to send the request without saving any data. Authorization for Instant API should be set on your side.
Please note: as Instant API doesn't store data, it is not intended to work with Blacklist (1:N).
If you use Instant API with Web SDK, in Web Adapter configuration, set architecture to lite. The version of Web SDK should be 1.7.14 or above.
CPU: 16 cores, 32 threads, base frequency – 2.3 GHz, single-core maximum turbo frequency – 4 GHz.
RAM: 32 GB, DDR 5, Dual Channel.
To evaluate your RPS and RPM and configure your system for optimal performance, please contact us.
Prior to the launch, prepare a configuration file with the parameters listed below.
These parameters are crucial to run Instant API.
You can find the Instant API methods or download the collection below.
Uploading Media
To launch one or more analyses for your media files, you need to create a folder via Oz API (or use an existing folder) and put the files into this folder. Each file should be marked by tags: they describe what's pictured in a media and determine the applicable analyses.
For API 4.0.8 and below, please note: if you want to upload a photo for the subsequent Liveness analysis, put it into the ZIP archive and apply the tags.
To create a folder and upload media to it, call POST /api/folders/
To add files to the existing folder, call POST /api/folders/{{folder_id}}/media/
Add the files to the request body; tags should be specified in the payload.
Here's the example of the payload for a passive Liveness video and ID front side photo.
payload
{
"media:tags": { // this section sets the tags for the media files that you upload
// media files are referenced by the keys in a multipart form
"video1": [ // your file key
// a typical set of tags for a passive Liveness video
"video_selfie", // video of a person
"video_selfie_blank", // no gesture used
"orientation_portrait" // video orientation
],
"photo1": [
// a typical set of tags for an ID front side
"photo_id",
"photo_id_front"
]
}
}
An example of usage (Postman):
The successful response will return the folder data.
Authentication
Getting an access token
To get an access token, call POST /api/authorize/auth/ with credentials (which you've got from us) containing the email and password needed in the request body. The host address should be the API address (the one you've also got from us).
{
"credentials": {
"email": "{{user_email}}", // your login
"password": "{{user_password}}" // your password
}
}
The successful response will return a pair of tokens:access_token and expire_token.
access_token is a key that grants you access to system resources. To access a resource, you need to add your access_token to the header.
access_token is time-limited, the limits depend on the account type.
service accounts – OZ_SESSION_LONGLIVE_TTL (5 years by default),
other accounts – OZ_SESSION_TTL (15 minutes by default).
expire_token is the token you can use to renew your access token if necessary.
If the value ofexpire_date > current date, the value of current sessionexpire_date is set to current date + time period that is defined as shown above (depending on the account type).
To renewaccess_token and expire_token, call POST /api/authorize/refresh/. Add expire_token to the request body and X-Forensic-Access-Token to the header.
In case of success, you'll receive a new pair of access_token and expire_token. The "old" pair will be deleted upon the first authentication with the renewed tokens.
Quantitative Results
This article describes how to get the analysis scores.
When you perform an analysis, the result you get is a number. For biometry, it reflects a chance that the two or more people represented in your media are the same person. For liveness, it shows a chance of deepfake or a spoofing attack: that the person in uploaded media is not a real one. You can get these numbers via API from a JSON response.
Make a request to the folder or folder list to get a JSON response. Set the with_analyses parameter to true.
For the Biometry analysis, check the response for the min_confidence value:
This value is a quantitative result of matching the people on the media uploaded.
4. For the Liveness Analysis, seek the confidence_spoofing value related to the video you need:
This value is a chance that a person is not a real one.
To process a bunch of analysis results, you can parse the appropriate JSON response.
Changelog
API Lite (FaceVer) changes
1.2.3 – Nov., 2024
Fixed the bug with the time_created and folder_id parameters of the Detect method that sometimes might have been generated incorrectly.
Security updates.
1.2.2 – Oct. 17, 2024
Updated models.
The file size for the detect Liveness method is now capped at 15 MB, with a maximum of 10 files per request.
Updated the gesture list for best_shot analysis: it now supports head turns (left and right), tilts (up and down), smiling, and blinking.
Introduced the new that can process videos and archives as well.
Added the .
API Lite now accepts base64.
Improved the biometric model.
Added the 1:N mode.
Added the CORS policy.
Published the documentation.
Improved error messages – made them more detailed.
Simplified the Liveness/Detect methods.
Reworked and improved the core.
Added anti-spoofing algorithms.
Added the extract_and_compare method.
How to Restore the Previous Design after an Update
If you want to get back to the previous (up to 6.4.2) versions' design, reset the customization settings of the capture screen and apply the parameters that are listed below.
OzLivenessSDK.config.customization =UICustomization(// customization parameters for the toolbar
OzLivenessSDK.INSTANCE.getConfig().setCustomization(new UICustomization(
// customization parameters for the toolbar
new ToolbarCustomization(
R.drawable.ib_close,
new Color.ColorHex("#FFFFFF"),
new Color.ColorHex("#000000"),
100, // toolbar text opacity (in %)
),
// customization parameters for the center hint
new CenterHintCustomization(
70, // vertical position (in %)
),
// customization parameters for the hint animation
new HintAnimation(
true, // hide animation
),
// customization parameters for the frame around the user face
new FaceFrameCustomization(
new Color.ColorHex("#EC574B"),
new Color.ColorHex("#00FF00"),
6, // frame stroke width (in dp)
),
// customization parameters for the background outside the frame
new BackgroundCustomization(
100 // background opacity (in %)
),
)
);
Adding SDK to a Client’s Mobile App
CocoaPods
To integrate OZLivenessSDK into an Xcode project via the CocoaPods dependency manager, add the following code to Podfile:
pod 'OZLivenessSDK', :git => 'https://gitlab.com/oz-forensics/oz-liveness-ios', :tag => 'VERSION'
Version is optional as, by default, the newest version is integrated. However, if necessary, you can find the older version number in Changelog.
Since 8.1.0, you can also use a simpler code:
// for the latest version
pod ‘OZLivenessSDK’
// OR, for the specific version
// pod ‘OZLivenessSDK’, ‘8.22.0’
By default, the full version is being installed. It contains both server-based and on-device analysis modes. To install the server-based version only, use the following code:
pod 'OZLivenessSDK/Core', :git => 'https://gitlab.com/oz-forensics/oz-liveness-ios.git', :tag => 'VERSION'
For 8.1.0 and higher:
pod ‘OZLivenessSDK/Core’
// OR
// pod ‘OZLivenessSDK/Core’, ‘8.22.0’
SPM
Please note: installation via SPM is available for versions 8.7.0 and above.
Add the following package dependencies via SPM: (if you need a guide on adding the package dependencies, please refer to the ). OzLivenessSDK is mandatory. If you don't need the on-device analyses, skip the OzLivenessSDKOnDevice file.
You can also add the necessary frameworks to your project manually.
Download the SDK files from and add them to your project.
OZLivenessSDK.xcframework,
OZLivenessSDKResources.bundle,
OZLivenessSDKOnDeviceResources.bundle (if you don't need the on-device analyses, skip this file).
Download the TensorFlow framework 2.11 from .
Make sure that:
both xcframework are in Target-Build Phases -> Link Binary With Libraries and Target-General -> Frameworks, Libraries, and Embedded Context;
the bundle file(s) are in Target-Build Phases -> Copy Bundle Resources.
iOS
To start using Oz iOS SDK, follow the steps below.
Embed Oz iOS SDK into your project as described here.
Get a trial license for SDK on our website or a production license by email. We'll need your bundle id. Add the license to your project as described here.
Connect SDK to API as described . This step is optional, as this connection is required only when you need to process data on a server.
Capture videos by creating the controller as described . You'll send them for analysis afterwards.
Upload and analyze media you've taken at the previous step. The process of checking liveness and face biometry is described .
If you want to customize the look-and-feel of Oz iOS SDK, please refer to .
Minimal iOS version: 11.
Minimal Xcode version: 16.
Available languages: EN, ES, HY, KK, KY, TR, PT-BR.
A sample app source code using the Oz Liveness SDK is located in the GitLab repository:
Follow the link below to see a list of SDK methods and properties:
Download the demo app latest build .
Capturing Videos
OzCapsula (SDK v8.22 and newer)
Please note: all required data (other than the video) must be packaged into the container before starting the Liveness screen.
Create a controller that will capture videos as follows:
getSessionToken() { sessionToken in
DispatchQueue.main.async {
do {
let action:OZVerificationMovement = .selfie
let mediaRequest = MediaRequest.action(action)
let profile = AnalysisProfile(mediaList: [mediaRequest],
type: .quality,
params: [:] )
let request = CaptureRequest(analysisProfileList: [profile], cameraPosition: .front)
let ozLivenessVC = try OZSDK.createMediaCaptureScreen(self, request, sessionToken: sessionToken)
self.present(ozLivenessVC, animated: true)
} catch let error {
print(error.localizedDescription)
}
}
}
The delegate object must implement the OZLivenessDelegate protocol:
Create a controller that will capture videos as follows:
let actions: [OZVerificationMovement] = [.selfie]
let ozLivenessVC: UIViewController = OZSDK.createVerificationVCWithDelegate(self, actions: actions)
self.present(ozLivenessVC, animated: true)
action – a list of user’s actions while capturing the video.
Once video is captured, the system calls the onOZLivenessResult method:
extension viewController: OZLivenessDelegate {
func onError(status: OZVerificationStatus?) {
// show error
}
}
func onOZLivenessResult(results: [OZMedia]) {
// proceed to the checks step
}
}
The method returns the results of video capturing: the [] objects. The system uses these objects to perform checks.
If a user closes the capturing screen manually, the failedBecauseUserCancelled error appears.
Getting a License for iOS SDK
License
You can generate the trial license here or contact us by email to get a productive license. To create the license, your bundle id is required. After you get a license file, there are two ways to add the license to your project.
Rename this file to forensics.license and put it into the project. In this case, you don't need to set the path to the license.
During the runtime: when initializing SDK, use the following method.
OZSDK(licenseSources: [.licenseFileName(“forensics.license”)]) { licenseData, error in
if let error = error {
print(error)
}
}
or
LicenseSource a source of license, and LicenseData is the information about your license. Please note: this method checks whether you have an active license or not and if yes, this license won't be replaced with a new one. To force the license replacement, use the setLicense method.
In case of any license errors, the system will use your error handling code as shown above. Otherwise, the system will return information about license. To check the license data manually, use OZSDK.licenseData.
Error message
What to Do
Description of the on_result Callback
This callback is called periodically during the analysis’ processing. It retrieves an intermediate result (unavailable for the capture mode). The result content depends on the Web Adapter result_modeconfiguration parameter.
Keep in mind that it is more secure to get your back end responsible for the decision logic. You can find more details including code samples .
Safe
When result_mode is safe, the on_result callback contains the state of the analysis only:
{
"state": "finished"
}
Please note: the options listed below are for testing purposes only. If you require more information than what is available in the Safe mode, please follow .
Status
For the status value, the callback contains the state of the analysis, and for each of the analysis types, the name of the type, state, and resolution.
The folder value is almost similar to the status value, with the only difference: the folder_id is added.
In this case, you receive the detailed response possibly containing sensitive data. This mode is deprecated; for security reasons, we recommend using the safe mode.
Browser Compatibility
Please note: for the plugin to work, your browser version should support JavaScript ES6 and be the one as follows or newer.
Browser
Version
Google Chrome (and other browsers based on the Chromium engine)
56
Mozilla Firefox
*Web SDK doesn't work in Internet Explorer compatibility mode due to lack of important functions.
Passive and Active Liveness
Describing how passive and active liveness works.
The objective of the Liveness check is to verify the authenticity and physical presence of an individual in front of the camera. In the passive Liveness check, it is sufficient to capture a user's face while they look into the camera. Conversely, the active Liveness check requires the user to perform an action such as smiling, blinking, or turning their head. While passive Liveness is more user-friendly, active Liveness may be necessary in some situations to confirm that the user is aware of undergoing the Liveness check.
In our Mobile or Web SDKs, you can define what action the user is required to do. You can also combine several actions into a sequence. Actions vary in the following dimensions:
User experience,
Oz Licensing Options
For commercial use of Oz Forensics products, a license is required. The license is time-limited and defines the software access parameters based on the terms of your agreement.
Once you initialize mobile SDK, run Web Plugin, or use Oz Bio, the system checks if your license is valid. The check runs in the background and has minimal impact on the user experience.
As you can see on the scheme above, the license is required for:
Mobile SDKs for iOS and Android,
OzCapsula Data Container
The main change in interaction with API is that you require to send data with another content type, as data container is a binary file: Content-Type = application/octet-stream. We've added support for this content type along with container functionality.
Also, Instant API now requires client’s private and public keys to function. The paths to these keys should be specified in OZ_JWT_PRIVATE_KEY_PATH and OZ_JWT_PUBLIC_KEY_PATH in the configuration file.
To generate them, use commands as listed below.
POST api/folders:
Collection (1:N) Management in Oz API
This article describes how to create a collection via API, how to add persons and photos to this collection and how to delete them and the collection itself if you no longer need it. You can do the same in , but this article covers API methods only.
Collection in Oz API is a database of facial photos that are used to compare with the face from the captured photo or video via the Collection analysis
Person represents a human in the collection. You can upload several photos for a single person.
The collection should be created within a company, so you require your company's company_id as a prerequisite.
Metadata
Metadata is any optional data you might need to add to a . In the meta_data section, you can include any information you want, simply by providing any number of fields with their values:
Metadata is available for most Oz system objects. Here is the list of these objects with the API methods required to add metadata. Please note: you can also add metadata to these objects during their creation.
Android
To start using Oz Android SDK, follow the steps below.
Embed Oz Android SDK into your project as described .
Get a trial license for SDK on our or a production license by . We'll need your application id. Add the license to your project as described .
Localization: Adding a Custom Language Pack
The add_lang(lang_id, lang_obj) method allows adding a new or customized language pack.
Parameters:
lang_id: a string value that can be subsequently used as lang parameter for the open() method;
Description of the on_complete Callback
This callback is called after the check is completed. It retrieves the analysis result (unavailable for the capture mode). The result content depends on the Web Adapter result_mode .
When result_mode is safe, the on_complete callback contains the state of the analysis only:
For the status value, the callback contains the state of the analysis, and for each of the analysis types, the name of the type, state, and resolution.
Security Recommendations
Even though the analysis result is available to the host application via Web Plugin callbacks, it is recommended that the application back end receives it directly from Oz API. All decisions of the further process flow should be made on the back end as well. This eliminates any possibility of malicious manipulation with analysis results within the browser context.
To find your folder from the back end, you can follow these steps:
On the front end, add your unique identifier to the folder metadata.
You can add your own key-value pairs to attach user document numbers, phone numbers, or any other textual information. However, ensure that tracking personally identifiable information (PII) complies with relevant regulatory requirements.
Customization Options for Older Versions (before 1.0.1)
To set your own look-and-feel options, use the style section in the Ozliveness.open method. Here is what you can change:
faceFrame – the color of the frame around a face:
Face Matching for Non-OzCapsula Flow
In this section, we listed the guides for the face matching checks.
toolbarCustomization =ToolbarCustomization(
closeIconTint = Color.ColorHex("#FFFFFF"),
backgroundColor = Color.ColorHex("#000000"),
backgroundAlpha =100,
),
// customization parameters for the center hint
centerHintCustomization =CenterHintCustomization(
verticalPosition =70
),
// customization parameters for the hint animation
new HintAnimation(
hideAnimation =true
),
// customization parameters for the frame around the user face
For each of the components, you require a separate license which is bound to this component. Thus, if you use all three components, three licenses are required.
To issue a license for mobile SDK, we require your bundle (application) ID. There are two types of licenses for iOS and Android SDKs: online and offline. Any license type can be applied to any analysis mode: on-device, server-based, or hybrid.
As its name suggests, an online license requires a stable connection. Once you initialize our SDK with this license, it connects to our license server and retrieves information about license parameters, including counters of transactions or devices, where:
Transaction: increments each time you start a video capture.
Device: increments when our SDK is installed on a new device.
The online license can be transaction-limited, device-limited, or both, according to your agreement.
The main advantages of the online license are:
You don’t need to update your application after the license renewal,
And if you want to add a new bundle ID to the incense, there’s also no need to re-issue it. Everything is done on the fly.
The data exchange for the online license is quick, ensuring your users won't experience almost any delay compared to using the offline license.
Please note that even though on-device analyses don’t need the Internet themselves, you still require a connection for license verification.
Offline license is a type of license that can work without Internet. All license parameters are set in the license file, and you just need to add the file to your project. This license type doesn’t have any restrictions on transactions or devices.
The main benefit of the offline license is its autonomy, allowing it to function without a network connection. However, when your license expires, and you add a new one, you’ll require to release a new version of your application in Google Play and App Store. Otherwise, the SDK won’t function.
Web SDK license is almost similar to the mobile SDK offline license. It can function without network connection, and the license file contains all the necessary parameters, such as expiration date. Web SDK license also has no restrictions on transactions or devices.
The license is bound to URLs of your domains and/or subdomains. To add the license to your SDK instance, you need to place it to the Web SDK container as described here. In rare cases, it is also possible to add a license via Web Plugin.
The difference between Mobile SDK offline license and Web SDK license is that you don’t need to release a new application version when Web SDK license is renewed.
For on-premise installations, we offer a dedicated license with a limitation on activations, with each activation representing a separate Oz BIO seat. This license can be online or offline, depending on whether your Oz BIO servers have internet access. The online license is verified through our license server, while for offline licenses, we assist you in setting up an offline license server within your infrastructure and activating the license.
For test integration purposes, we provide a free trial license that is sufficient for initial use, such as testing with your datasets to check analysis accuracy. For Mobile SDKs, you can generate a one-month license yourself on our website: click here. If you would like to integrate with your web application, please contact us to obtain a license, and we will also assist you in configuring your dedicated instance of our Web SDK. With the license, you will receive credentials to access our services.
Once you're ready to move to commercial use, a new production license will be issued. We’ll provide you with new production credentials and assist you with integration and configuration. Our engineers are always available to help.
Our software offers flexible licensing options to meet your specific needs. Whether you prioritize seamless updates or prefer autonomous operation, we have a solution tailored for you. If you have any questions, please contact us.
Native SDKs (iOS and Android)
Online license
Online license is the default option for Mobile SDKs. If you require the offline license, please inform your manager.
License error. Current date yyyy-mm-dd hh:mm:ss is later than license expiration date yyyy-mm-dd hh:mm:ss
Your license has expired. Please contact us.
License is not initialized.
You haven't initialized the license. Please add the license to your project as described above.
License error. License at (your_URI) not found
The license file is missing. Please check its name and path to the file.
License error. Cannot parse license from (your_URI), invalid format
The license file is somehow damaged. Please email us the file.
License error. Bundle company.application.id is not in the list allowed by license (bundle.id1, bundle.id2)
The bundle (application) identifier you specified is missing in the allowed list. Please check the spelling, if it is correct, you need to get another license for your application.
To customize the Oz Liveness interface, use OZCustomization as shown below. For the description of customization parameters, please refer to iOS SDK Methods and Properties.
Please note: the customization methods should be called before the video capturing ones.
If you don't know your ID, call
GET /api/companies/?search_text=test
, replacing "test" with your company name or its part. Save the
company_id
you've received.
Now, create a collection via POST /api/collections/. In the request body, specify the alias for your collection and company_id of your company:
In a response, you'll get your new collection identifier: collection_id.
To add a new person to your collection, call POST /api/collections/{{collection_id}}/persons/, using collection_id of the collection needed. In the request body, add a photo or several photos. Mark them with appropriate tags in the payload:
The response will contain the person_id which stands for the person identifier within your collection.
If you want to add a name of the person, in the request payload, add it as metadata:
To add more photos of the same person, call POST {{host}}/api/collections/{{collection_id}}/persons/{{person_id}}/images/ using the appropriate person_id. The request body should be filled as you did it before with POST /api/collections/{{collection_id}}/persons/.
To obtain information on all the persons within the single collection, call GET /api/collections/{{collection_id}}/persons/.
To obtain a list of photos for a single person, call GET /api/collections/{{collection_id}}/persons/{{person_id}}/images/. For each photo, the response will containperson_image_id. You'll need this ID, for instance, if you want to delete the photo.
To delete a person with all their photos, call DELETE /api/collections/{{collection_id}}/persons/{{person_id}} with the appropriate collection and person identifiers. All the photos will be deleted automatically. However, you can't delete a person entity if it has any related analyses, which means the Collection analysis used this photo for comparison and found a match. To delete such a person, you'll need to delete these analyses using DELETE /api/analyses/{{analysis_id}} with analysis_id of the Collection (1:N) analysis.
To delete all the collection-related analyses, get a list of folders where the Collection analysis has been used: call GET /api/folders/?analyse.type=COLLECTION. For each folder from this list (GET /api/folders/{{folder_id}}/), find the analysis_id of the required analysis, and delete the analysis – DELETE /api/analyses/{{analysis_id}}.
To delete a single photo of a person, call DELETE collections/<collection_id>/persons/<person_id>/images/<media_id>/ with collection, person, and image identifiers specified.
Delete the information on all the persons from this collection as described above, then call DELETE /api/collections/{{collection_id}}/ to delete the remaining collection data.
You can also change or delete metadata. Please refer to our API documentation.
You may want to use metadata to group folders by a person or lead. For example, if you want to calculate conversion when a single lead makes several Liveness attempts, just add the person/lead identifier to the folder metadata.
Here is how to add the client ID iin to a folder object.
In the request body, add:
Another case is security: when you need to process the analyses’ result from your back end, but don’t want to perform this using the folder ID. Add an ID (transaction_id) to this folder and use this ID to search for the required information. This case is thoroughly explained here.
If you store PII in metadata, make sure it complies with the relevant regulatory requirements.
You can also add metadata via SDK to process the information later using API methods. Please refer to the corresponding SDK sections:
You can pass an ID of a person in this field, and use this ID to combine requests with the same person and count unique persons (same ID = same person, different IDs = different persons). This ID can be a phone number, an IIN, an SSN, or any other kind of unique ID. The ID will be displayed in the report as an additional column.
The folder value is almost similar to the status value, with the only difference: the folder_id is added.
In this case, you receive the detailed response possibly containing sensitive data. This mode is deprecated; for security reasons, we recommend using the safe mode.
Keep in mind that it is more secure to get your back end responsible for the decision logic. You can find more details including code samples here.
Safe
Please note: The options listed below are for testing purposes only. If you require more information than what is available in the Safe mode, please follow Security Recommendations.
Use the on_complete callback of the plugin to be notified when the analysis is done. Once used, call your back end and pass the transaction_id value.
On the back end side, find the folder by the identifier you've specified using the Oz API Folder LIST method:
To speed up the processing of your request, we recommend adding the time filter as well:
In the response, find the analysis results and folder_id for future reference.
Web Adapter may send analysis results to the Web Plugin with various levels of verbosity. It is recommended that, in production, the level of verbosity is set to minimum.
In the Web Adapter configuration file, set the result_mode parameter to "safe".
Retrieve the analysis response and process it on the back end
Limit amount of the information sent to Web Plugin from the server
faceReady – the frame color when the face is correctly placed within the frame;
faceNotReady – the frame color when the face is placed improperly and can't be analyzed.
centerHint – the text of the hint that is displayed in the center.
textSize – the size of the text;
color – the color of the text;
yPosition – the vertical position measured from top;
letterSpacing – the spacing between letters;
fontStyle – the style of font (bold, italic, etc.).
closeButton – the button that closes the plugin:
image – the button image, can be an image in PNG or dataURL in base64.
backgroundOutsideFrame – the color of the overlay filling (outside the frame):
color – the fill color.
Example:
request body
{
"analyses": [{
"type": "collection",
"collection_id": "your_image_database_id",
"source_media": ["1111aaaa-11aa-11aa-11aa-111111aaaaaa"] // // optional; omit to include all media from the folder
}]
}
request body
{
"analyses": [
{
"type": "quality",
"source_media": ["1111aaaa-11aa-11aa-11aa-111111aaaaaa"], // optional; omit to include all media from the folder
...
}
]
}
[
{
// you may have multiple analyses in the list
// pick the one you need by analyse_id or type
"analysis_id": "1111aaaa-11aa-11aa-11aa-111111aaaaaa",
"type": "QUALITY",
"results_media": [
{
// if you have multiple media in one analysis, match score with media by source_video_id/source_shots_set_id
"source_video_id": "1111aaaa-11aa-11aa-11aa-111111aaaaab", // for shots_set media, the key would be source_shots_set_id
"results_data":
{
"confidence_spoofing": 0.05790174 // quantitative score for this media
}
"resolution_status": "SUCCESS", // qualitative resolution (based on all media)
...
]
...
}
...
]
# application components list, values for Instant API: auth,stateless
# auth is for Oz authentication component
OZ_APP_COMPONENTS=stateless
# local storage support enable
OZ_LOCAL_STORAGE_SUPPORT_ENABLE=false
# service tfss host
OZ_SERVICE_TFSS_HOST=http://xxx.xxx.xxx.xxx:xxxx
# allowed hosts
APP_ALLOWED_HOSTS=example-host1.com,example-host2.com
# secret key
OZ_API_SECRET_KEY=long_secret_key
OzLiveness.open({
...
meta: {
// the user or lead ID from an external lead generator
// that you can pass to keep track of multiple attempts made by the same user
'end_user_id': '<user_or_lead_id>',
// the unique attempt ID
'transaction_id': '<unique_transaction_id>'
}
});
Suitability for review by a human operator or in court.
In most cases, the Selfie action is optimal, but you can choose other actions based on your specific needs. Here is a summary of available actions:
Selfie
A short video, around 0.7 sec. Users are not required to do anything.
Recommended for most cases. It offers the best combination of user experience and liveness check accuracy.
One shot
Similar to “Simple selfie” but only one image is chosen instead of the whole video.
Recommended when media size is the most important factor. Difficult for a human (e.g., an operator or a court) to evaluate as spoofing. We recommend avoiding the one shot gesture whenever possible, as it tends to produce less accurate results.
On January 1, 2027, the One Shot gesture will become unavailable. Please plan your.
Scan
A 5-second video where a user is asked to follow the text looking at it.
Recommended when the longer video is required, e.g., for subsequent review by a human operator or in a court.
Smile
Blink
Tilt head up
A user is required to complete a particular gesture within 5 seconds.
Use active liveness when you need a confirmation that the user is aware of undergoing a Liveness check.
Video length and file size may vary depending on how soon a user completes a gesture.
Our algorithms use tags to identify which gesture the user performed. For more information, please read the Media Tags article. The detailed information on how the actions, or, in other words, gestures are called in different Oz Liveness components is here.
Passive Liveness
Active Liveness
POST api/instant/folders:
Error code
Error message
Description
3
Invalid request data
Missing payload.json
4
Invalid request data
No media have been added into container
Before you start with SDK, obtain a session token:
(Optional, only if you use stateful API) Authorize as any non-OPERATOR role.
lang_obj: an object that includes identifiers of translation strings as keys and translation strings themselves as values.
A list of language identifiers:
lang_id
Language
en
English
es
Spanish
pt-br
Portuguese (Brazilian)
An example of usage:
OzLiveness.add_lang('en', enTranslation), where enTranslation is a JSON object.
To set the SDK language, when you launch the plugin, specify the language identifier in lang:
You can check which locales are installed in Web SDK: use the ozLiveness.get_langs() method. If you have added a locale manually, it will also be shown.
A list of all language identifiers:
The keys oz_action_*_go refer to the appropriate gestures. oz_tutorial_camera_* – to the hints on how to enable camera in different browsers. Others refer to the hints for any gesture, info messages, or errors.
Since 1.5.0, if your language pack doesn't include a key, the message for this key will be shown in English.
// Editing the button text
OzLiveness.add_lang('en', {
action_photo_button: 'Take a photo'
});
OzLiveness.open({
lang: 'es', // the identifier of the needed language
...
});
Before 1.5.0
If your language pack doesn't include a key, the translation for this key won't be shown.
This article covers common cyberattacks and the steps you can take to stay safe.
Cyberattack Types
The most common cyberattacks can be divided to three groups: injection, integration, and presentation attacks. Below, you’ll find some examples for mobile and web SDKs.
Injection Attacks
An injection attack on a liveness detection system is an attempt to bypass liveness verification mechanisms by injecting falsified data or modifying the execution logic of the frontend SDK. This type of attack is typically carried out by code injection, tampering with the runtime environment, or replacing camera input components (e.g., intercepting and substituting the video stream in real time, using virtual cameras, or manipulating JavaScript logic in the Web SDK). The goal of such attacks is to trick the liveness system into accepting fake or pre-recorded content as a genuine live interaction with the user.
Examples for mobile SDKs:
Virtual cameras.
File system integrity compromise.
Function hooking & application modification.
Emulators and cloud devices.
For web:
Virtual cameras.
Code injection attacks.
A presentation attack is an attempt to deceive the system by presenting pre-recorded or artificial content that mimics a real user. The goal of such attacks is to pass the liveness check without involving a real, live person. These attacks do not target the SDK directly but rather the biometric models on the backend. They may include:
Photos,
Videos,
3D masks,
Screens of other devices, or
These attacks include cyber fraudsters manipulating how the liveness detection module is integrated into the application or backend, bypassing or faking the check. Typically, these attacks involve patching the app, injecting hooks, or exploiting weak verification of liveness results. For instance, Man-in-the-Middle (MitM) / SSL Interception attack that is based on substitution or manipulation of captured data during network transmission, typically involving SSL/TLS violations or certificate pinning bypass.
With cyberattacks on the rise, cybersecurity has become crucial and is now our highest priority. We provide protection even from multi-vector complex attacks, ensuring your data is safe at all stages of processing, including media capture, data transmission, and analysis. This protection involves many mechanisms on multiple layers that work together, supporting and reinforcing each other. To name a few:
We do not accept virtual cameras and emulators.
In native SDKs, you can configure SSL pinning and add protection for media files using request payload.
For Web SDK, you can move the decision logic to backend to avoid manipulating data within the browser context.
As our software aims to be embedded, it includes mechanisms to verify its runtime integrity, but it does not validate the integrity of the host application itself. Ensuring protection of the host application through anti-tampering techniques, code obfuscation, and runtime integrity verification is the responsibility of the host application owner. Without such safeguards, even a secure SDK may become susceptible to manipulation at the application or platform level.
Here are some measures we recommend to protect your application.
Consider revising your policies. This might involve:
Creating and using corporate SSL certificates,
Limiting access to unverified sources,
For more detailed recommendations, please contact us. For us, clients' safety comes first, and we’ll be happy to help.
Single Request
Overview and benefits
In version 6.0.1, we introduced a new feature which allows you to send all required data and receive the analysis result within a single request.
Before 6.0.1, interacting with the API required multiple requests: you had to create a folder and upload media to it, initiate analyses (see Liveness, Biometry, and Blacklist), and then either poll for results or use webhooks for notifications when the result was ready. This flow is still supported, so if you need to send separate requests, you can continue using the existing methods that are listed above.
However, the new API operation mode significantly simplifies the process by allowing you to send a single request and receive the response synchronously. The key benefits are:
Single request for everything – all data is sent in one package, eliminating the risk of data loss.
Synchronous response – no need for polling or webhooks to retrieve results.
High performance – supports up to 36 analyses per minute per instance.
To use this method, call POST /api/folders/. In the X-Forensic-Access-Token header, pass your . Add media files to the request body and define the tags and metadata if needed in the payload part.
In response, you receive analysis results.
You're done.
How to Issue a Service Token
Here’s a step-by-step guide on how to issue a service token in Oz API 5 and 6.
1
Step 1
Authorize using your ADMIN account: {{host}}/api/authorize/auth.
The Biometry algorithm allows comparing several media and check if the people on them are the same person or not. As sources, you can use images, videos, and scans of documents (with photo). To perform the analysis, the algorithm requires at least two media (for details, please refer to ).
After comparison, the algorithm provides a number that represents the similarity level. The number varies from 100 to 0% (1 to 0), where:
100% (1) – faces are similar, media represent the same person,
0% (0) – faces are not similar and belong to different people
The Liveness detection (Quality) algorithm aims to check whether a person in a media is a real human acting in good faith, not a fake of any kind.
The Best Shot algorithm checks for the best shot from a video (a best-quality frame where the face is seen the most properly). It is an addition to liveness.
After checking, the analysis shows the chance of a spoofing attack in percents.
100% (1) – an attack is detected, the person in the video is not a real living person,
0% (0) – a person in the video is a real living person.
*Spoofing in biometry is a kind of scam when a person disguises as another person using both program and non-program tools like deepfake, masks, ready-made photos, or fake videos.
The Documents analysis aims to recognize the document and check if its fields are correct according to its type.
As an output, you'll get a list of document fields with recognition results for each field and a result of checking that can be:
The documents passed the check successfully,
The documents failed to pass the check.
Additionally, the result of Biometry check is displayed.
The Collection checking algorithm is used to determine whether the person on a photo or video is present in the database of pre-uploaded images. The person's face is being compared with the faces of known swindlers or a list of VIPs depending on your needs.
After comparison, the algorithm provides a number that represents the similarity level. The number varies from 100 to 0% (1 to 0), where:
100% (1) – the person in an image or video matches with someone in the collection,
0% (0) – the person is not found in the collection.
Media Tags
What tags are for
To work properly, the resolution algorithms need each uploaded media to be marked with special tags. For video and images, the tags are different. They help algorithms to identify what should be in the photo or video and analyze the content.
Tags for video files
The following tag types should be specified in the system for video files.
To identify the data type of the video:
video_selfie
To identify the orientation of the video:
orientation_portrait – portrait orientation;
orientation_landscape – landscape orientation.
To identify the action on the video:
video_selfie_left – head turn to the left;
video_selfie_right – head turn to the right;
On January 1, 2027, the One Shot gesture will become unavailable. Please plan your.
The tags listed allow the algorithms recognizing the files as suitable for the (Liveness) and analyses.
Important: in API 4.0.8 and below, to launch the Quality analysis for a photo, pack the image into a .zip archive, apply the SHOTS_SET type, and mark it with video_*. Otherwise, it will be ignored by algorithms.
Example of the correct tag set for a video file with the “blink” action:
The following tag types should be specified in the system for photo files:
A tag for selfies:
photo_selfie – to identify the image type as “selfie”.
Tags for photos/scans of ID cards:
Important: in API 4.0.8 and below, to launch the Quality analysis for a photo, pack the image into a .zip archive, apply the SHOTS_SET type, and mark it with video_*. Otherwise, it will be ignored by algorithms.
Example of the correct tag set for a “selfie” photo file:
Example of the correct tag set for a photo file with the face side of an ID card:
Example of the correct set of tags for a photo file of the back of an ID card:
API Error Codes
HTTP response codes
Response codes 2XX indicate a successfully processed request (e.g., code 200 for retrieving data, code 201 for adding a new entity, code 204 for deletion, etc.).
Response codes 4XX indicate that a request could not be processed correctly because of some client-side data issues (e.g., 404 when addressing a non-existing resource).
Response codes 5XX indicate that an internal server-side error occurred during the request processing (e.g., when database is temporarily unavailable).
Each response error includes HTTP code and JSON data with error description. It has the following structure:
error_code – integer error code;
error_message– text error description;
details – additional error details (format is specified to each case). Can be empty.
Sample error response:
Error codes:
0 – UNKNOWN Unknown server error.
1 - NOT ALLOWED An unallowed method is called. Usually is followed by the 405 HTTP status of response. For example, trying to request the PATCH method, while only GET/POST ones are supported.
2 - NOT REALIZED
Getting a License for Android SDK
You can generate the trial license here or contact us by email to get a productive license. To create the license, your applicationId (bundle id) is required.
To pass your license file to the SDK, call the OzLivenessSDK.init method with a list of LicenseSources. Use one of the following:
LicenseSource.LicenseAssetId should contain a path to a license file called forensics.license, which has to be located in the project's res/raw folder.
LicenseSource.LicenseFilePath should contain a file path to the place in the device's storage where the license file is located.
In case of any license errors, the onError function is called. Use it to handle the exception as shown above. Otherwise, the system will return information about license. To check the license data manually, use the getLicensePayload method.
Error message
What to Do
Connecting SDK to API
To connect SDK to Oz API, specify the API URL and access token as shown below.
In your host application, it is recommended that you set the API address on the screen that precedes the liveness check. Setting the API URL initiates a service call to the API, which may cause excessive server load when being done at the application initialization or startup. We recommend calling the setApiConnection method once, for example, in the Application class.
Alternatively, you can use the login and password provided by your Oz Forensics account manager:
Although, the preferred option is authentication via access token – for security reasons.
By default, logs are saved along with the analyses' data. If you need to keep the logs distinct from the analysis data, set up the separate connection for telemetry as shown below:
Clearing authorization:
Check for the presence of the saved Oz API access token:
LogOut:
Checking Liveness and Face Biometry
OzCapsula (SDK v8.22 and newer)
At the Capturing Videos step you've created a data container with all the required information in it , so now just send it to analysis using the addContainer(container) and run methods.
Kotlin
private fun runAnalysis(container: DataContainer?) {
if (container == null) return
AnalysisRequest.Builder()
.addContainer(container)
.build()
.run(
{ result ->
val isSuccess = result.analysisResults.all { it.resolution == Resolution.SUCCESS }
},
{ /* show error */ },
{ /* update status */ },
)
}
SDK 8.21 and older
To check liveness and face biometry, you need to upload media to our system and then analyze them.
To interpret the results of analyses, please refer to .
Here’s an example of performing a check:
analysisCancelable = AnalysisRequest.Builder()
// mediaToAnalyze is an array of OzAbstractMedia that were captured or otherwise created
.addAnalysis(Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaToAnalyze))// or ON_DEVICE if you want the on-device analysis
.build()
//initiating the analyses and setting up a listener
.run(object : AnalysisRequest.AnalysisListener {
override fun onStatusChange(status: AnalysisRequest.AnalysisStatus) { handleStatus(status) // or your status handler
}
override fun onSuccess(result: RequestResult) {
handleResults(result) // or your result handler
}
override fun onError(error: OzException) { handleError(error) // or your error handler
}
})
analysisCancelable = new AnalysisRequest.Builder()
// mediaToAnalyze is an array of OzAbstractMedia that were captured or otherwise created
.addAnalysis(new Analysis(Analysis.Type.QUALITY, Analysis.Mode.SERVER_BASED, mediaToAnalyze)) // or ON_DEVICE if you want the on-device analysis
.build()
//initiating the analyses and setting up a listener
.run(new AnalysisRequest.AnalysisListener() {
@Override
public void onSuccess(@NonNull RequestResult list) { handleResults(list); } // or your result handler
@Override
public void onError(@NonNull OzException e) { handleError(e); } // or your error handler
@Override
public void onStatusChange(@NonNull AnalysisRequest.AnalysisStatus analysisStatus) { handleStatus(analysisStatus); } // or your status handler
})
To delete media files after the checks are finished, use the clearActionVideos method.
To add metadata to a folder, use the addFolderMeta method.
In the params field of the Analysis structure, you can pass any additional parameters (key + value), for instance, to extract the best shot on the server side.
To use a media file that is captured with another SDK (not Oz Android SDK), specify the path to it in OzAbstractMedia:
If you want to add your media to the existing folder, use the setFolderId method:
Checking Liveness and Face Biometry
OzCapsula (SDK v8.22 and newer)
At the Capturing Videos step you've created a data container with all the required information in it , so now just send it to analysis using the addContainer(container) and run methods.
func onResult(container: DataContainer) {
let analysisRequest = AnalysisRequestBuilder()
analysisRequest.addContainer(container)
analysisRequest.run(
statusHandler: { status in
},
errorHandler: { error in
}
) { result in
}
}
SDK 8.21 and older
To check liveness and face biometry, you need to upload media to our system and then analyze them.
To interpret the results of analyses, please refer to .
Below, you'll see the example of performing a check and its description.
let analysisRequest = AnalysisRequestBuilder()
// create one or more analyses
let analysis = Analysis.init(
media: mediaToAnalyze, // mediaToAnalyze is an array of OzMedia that were captured or otherwise created
type: .quality, // check the analysis types in iOS methods
mode: .serverBased) // or .onDevice if you want the on-device analysis
analysisRequest.uploadMedia(mediaToAnalyze)
analysisRequest.addAnalysis(analysis)
// initiate the analyses
analysisRequest.run(
statusHandler: { state in }, // scenario steps progress handler
errorHandler: { _ in }
) { result in
// receive and handle analyses results here
}
To delete media files after the checks are finished, use the cleanTempDirectory method.
Adding metadata
To add metadata to a folder, use AnalysisRequest.addFolderMeta.
In the params field of the Analysis structure, you can pass any additional parameters (key + value), for instance, to extract the best shot on the server side.
To use a media file that is captured with another SDK (not Oz iOS SDK), specify the path to it in the OzMedia structure (the bestShotURL property):
If you want to add your media to the existing folder, use the addFolderId method:
Oz Liveness Web SDK
Oz Liveness Web SDK is a module for processing data on clients' devices. With Oz Liveness Web SDK, you can take photos and videos of people via their web browsers and then analyze these media. Most browsers and devices are supported. Available languages: EN, ES, PT-BR, KK.
Please find a sample for Oz Liveness Web SDK here. To make it work, replace <web-adapter-url> with the Web Adapter URL you've received from us.
For Angular and React, replace https://web-sdk.sandbox.ohio.ozforensics.com in index.html.
sample
sample
Web SDK requires HTTPS (with SSL encryption) to work; however, at localhost and 127.0.01, you can check the resources' availability via HTTP.
Oz Liveness Web SDK consists of two components:
Client side – a JavaScript file that is being loaded within the frontend part of your application. It is called .
Server side – a separate server module with , the backend part. The module is called Liveness.
The integration guides can be found here:
Oz Web SDK can be provided via SaaS, when the server part works on our servers and is maintained by our engineers, and you just use it, or on-premise, when Oz Web Adapter is installed on your servers. for more details and choose the model that is convenient for you.
Oz Web SDK requires a to work. To issue a license, we need the domain name of the website where you are going to use our SDK.
This is a guide on how to start with Oz Web SDK:
the plugin into your page.
If you want to customize the look-and-feel of Oz Web SDK, please refer to .
Liveness, Face Matching, Collection Checks
This article describes the main types of analyses Oz software performs.
Liveness checks whether a person in a media is a real human.
Face Matching examines two or more media to identify similarities between the faces depicted in them.
Statuses in API
This article contains the full description of folders' and analyses' statuses in API.
Field name / status
analyses.state
analyses.resolution_status
folder.resolution_status
system_resolution
Rules of Assigning Analyses
This article covers the default rules of applying analyses.
Analyses in Oz system can be applied in two ways:
manually, for instance, when you choose the Liveness scenario in our demo application;
automatically, when you don’t choose anything and just assign all possible analyses (via API or SDK).
The automatic assignment means that Oz system decides itself what analyses to apply to media files based on its and type. If you upload files via the web console, you select the tags needed; if you take photo or video via Web SDK, the SDK picks the tags automatically. As for the media type, it can be
Master License for iOS
Master license is the offline license that allows using Mobile SDKs with any bundle_id, unlike the regular licenses. To get a master license, create a pair of keys as shown below. Email us the public key, and we will email you the master license shortly after that.
Your application needs to sign its bundle_id with the private key, and the Mobile SDK checks the signature using the public key from the master license. Master licenses are time-limited.
This section describes the process of creating your private and public keys.
To create a private key, run the commands below one by one.
You will get these files:
Security Recommendations
In 8.8.0, we’ve implemented SSL pinning to protect our clients from MITM attacks. We strongly recommend adding a built-in certificate whitelist to your application to prevent fraud with third-party certificates set as trusted.
You can add a list of certificates your application should trust at the moment of connection to Oz API via the optional sslPins field of OzConnection class. As an input, this field takes a list of public certificate key hashes with their expiration dates as shown below:
Go to the website.
Enter your domain address. Once the address is processed, you’ll see a list of your servers.
Using OzCapsula Data Container in Web SDK
In this mode, the SDK captures media from the user, packs all biometric and technical data into a container (application/octet-stream), and then either:
uploads it directly to Oz API (architecture: normal for stateful API or lite for Instant), or
returns it to your backend for forwarding (capture architecture).
The container appears to be affected by errors and can’t be unpackaged.
starting state
starting state
FAILED
system error
system error
system error
system error
FINISHED
finished successfully
-
finished successfully
-
DECLINED
-
check failed
-
check failed
OPERATOR_REQUIRED
-
additional check is needed
-
additional check is needed
SUCCESS
-
check succeeded
-
check succeeded
The details on each status are below.
This is the state when the analysis is being processed. The values of this state can be:
FAILED – the analysis failed due to some error and couldn't get finished;
FINISHED – job's done, the analysis is finished, and you can check the result.
Once the analysis is finished, you'll see one of the following results:
SUCCESS – everything went fine, the check succeeded (e.g., faces match or liveness confirmed);
OPERATOR_REQUIRED (except the Liveness analysis) – the result should be additionally checked by a human operator;
DECLINED – the check failed (e.g., faces don't match or some spoofing attack detected).
If the analysis hasn't been finished yet, the result inherits a value from analyses.state.
A folder is an entity that contains media to analyze. If the analyses have not been finished, the stage of processing media is shown in resolution_status:
INITIAL – no analyses applied;
FAILED – any of the analyses failed due to some error and couldn't get finished;
FINISHED – media in this folder are processed, the analyses are finished.
Folder result is the consolidated result of all analyses applied to media from this folder. Please note: the folder result is the result of the last-finished group of analyses. If all analyses are finished, the result will be:
SUCCESS – everything went fine, all analyses completed successfully;
OPERATOR_REQUIRED (except the Liveness analysis) – there are no analyses with the DECLINED status, but one or more analyses have been completed with the OPERATOR_REQUIRED status;
DECLINED – one or more analyses have been completed with the DECLINED status.
INITIAL
-
-
Analysis state (analyses.state)
Analysis result (analyses.resolution_status)
The OPERATOR_REQUIRED status appears only if it is set up in biometry settings.
Folder status (folder.resolution_status)
Folder result (system_resolution)
The analyses you send in a single POST request form a group. The group result is the "worst" result of analyses this group contains: INITIAL > FAILED > DECLINED > OPERATOR_REQUIRED > SUCCESS, where SUCCESS means all analyses in the group have been completed successfully without any errors.
The method is documented but is not realized by any temporary or permanent reason.
3 - INVALID STRUCTURE Incorrect structure of request. Some required fields missing or a format validation error occurred.
4 - INVALID VALUE Incorrect value of the parameter inside request body or query.
5 - INVALID TYPE The invalid data type of the request parameter.
6 - AUTH NOT PROVIDED Access token not specified.
7 - AUTH INVALID The access token does not exist in the database.
8 - AUTH EXPIRED Auth token is expired.
9 - AUTH FORBIDDEN Access denied for the current user.
10 - NOT EXIST the requested resource is not found (alternative of HTTP status_code = 404).
11 - EXTERNAL SERVICE Error in the external information system.
12 – DATABASE Critical database error on the server host.
Invalid request data
Container is damaged
13
Invalid request data
API didn’t receive the container
14
Invalid request data
The container appears to be affected by errors and can’t be unpackaged.
Error code
Error message
Description
3
Invalid request data
Missing payload.json
4
Invalid request data
No media have been added into container
Response body with errors
OzCapsula errors
5
The order of SDK initialization and API connection does not matter, but both methods must be finished successfully before invoking the createStartIntent method.
You will get the public key file: publicKey.pub. To get a license, please email us this file. We will email you the license.
SDK initialization:
License setting:
Prior to the SDK initializing, create a base64-encoded signature for the host app bundle_id using the private key.
Signature creation example:
Pass the signature as the masterLicenseSignature parameter either during the SDK initialization or license setting.
If the signature is invalid, the initialization continues as usual: the SDK checks the list of bundle_id included into the license like it does it by default without a master license.
val file = File(context.filesDir, "media.mp4") // use context.getExternalFilesDir(null) instead of context.filesDir for external app storage
val media = OzAbsractMedia.OzVideo(OzMediaTag.VideoSelfieSmile, file.absolutePath)
.setFolderId(folderId)
let analysis = Analysis.init(media: mediaToAnalyze, type: .quality, mode: .serverBased)
var folderMeta: [String: Any] = ["key1": "value1"]
analysisRequest.addFolderMeta(folderMeta)
...
curl -L 'https://{{host}}/api/users/'
-H 'X-Forensic-Access-Token: token_id'
-H 'Content-Type: application/json'
--data-raw '{
"credentials": {
"email": "<your_new_service_user@email.com>",
"password": "<your_service_user_password>"
},
"profile": {
"company_id": " company_id",
<!-- the next line is for API 6 -->
"user_type": "CLIENT_SERVICE",
"first_name": "first_name",
"last_name": "last_name",
"middle_name": "",
"is_admin": false,
<!-- the next line is for API 5 and below -->
"is_service": true,
"can_start_analyse_biometry": true,
"can_start_analyse_collection": true,
"can_start_analyse_documents": true,
"can_start_analyse_quality": true
}
}
For Web SDK, specify this token’s value as api_token in the .
License error. Current date yyyy-mm-dd hh:mm:ss is later than license expiration date yyyy-mm-dd hh:mm:ss
Your license has expired. Please contact us.
License is not initialized. Call 'OzLivenessSDK.init before using SDK
You haven't initialized the license. Call OzLivenessSDK.init with your license data as explained above.
License error. License at (your_URI) not found
The license file is missing. Please check its name and path to the file.
License error. Cannot parse license from (your_URI), invalid format
The license file is somehow damaged. Please email us the file.
License error. Bundle company.application.id is not in the list allowed by license (bundle.id1, bundle.id2)
The bundle (application) identifier you specified is missing in the allowed list. Please check the spelling, if it is correct, you need to get another license for your application.
OzLivenessSDK.INSTANCE.getConfig().setBaseURL(BASE_URL);OzLivenessSDK.INSTANCE.init(context,Arrays.asList(new LicenseSource.LicenseAssetId(R.raw.forensics),new LicenseSource.LicenseFilePath("absolute_path_to_your_license_file")),newStatusListener<LicensePayload>(){@Overridepublicvoid onStatusChanged(@NullableStrings){}@Overridepublicvoid onSuccess(LicensePayloadlicensePayload){/*check the license payload*/@Overridepublicvoid onError(@NonNullOzExceptione){/*});
Collection looks for resemblances between an individual featured in a media and individuals in a pre-existing photo database.
These analyses are accessible in the Oz API for both SaaS and On-Premise models. Liveness and Face Matching are also offered in the On-Device model. Please visit this page to learn more about the usage models.
Liveness protects against two types of attacks:
A presentation attack, also known as a spoofing attack, refers to the attempt of an individual to deceive a facial recognition system by presenting into a camera video, photo, or any other type of media that mimics the appearance of a genuine user. These attacks can include the use of realistic masks or make up.
An injection attack is an attempt to deceive a facial recognition system by replacing physical camera input with a prerecorded image or video, manipulating physical camera output before it becomes input to a facial recognition, or injecting some malicious code. Virtual camera software is the most common tool for injection attacks.
Oz Liveness is able to detect both types of attacks. Any component can detect presentation attacks, and for injection attack detection, use Oz Liveness SDK. To learn about how to use Oz components to prevent attacks, check our integration quick start guides:
Once the Liveness check is finished, you can check both qualitative and quantitative analysis results.
Asking users to perform a gesture, such as smiling or turning their head, is a popular requirement when recording a Liveness video. With Oz Liveness Mobile and Web SDK, you can also request gestures from users. However, our Liveness check relies on other factors, analyzed by neural networks, and does not depend on gestures. For more details, please check Passive and Active Liveness.
Liveness check also can return the best shot from a video: a best-quality frame where the face is seen the most properly.
The Biometry algorithm allows comparing several media and checking whether the people on them are the same person. As sources, you can use images, videos, and scans of documents (with photo). To perform the analysis, the algorithm requires at least two media.
In Oz API, you can configure one or more face collections. These collections are databases of people depicted in photos. When the Collection analysis is being conducted, Oz software compares the face in a photo or video taken with faces of this pre-made database and shows whether a face exists in a collection.
For additional information, please refer to this article.
Liveness
Results overview
SUCCESS – everything went fine, the analysis has completed successfully;
DECLINED – the check failed (an attack detected).
If the analysis hasn't been finished yet, the result can be PROCESSING (the analysis is in progress) / FAILED (the analysis failed due to some error and couldn't get finished).
Face Matching
Results overview
SUCCESS – everything went fine, the analysis has completed successfully;
DECLINED – the check failed (faces don't match).
If the analysis hasn't been finished yet, the result can be PROCESSING (the analysis is in progress) / FAILED (the analysis failed due to some error and couldn't get finished).
Collection
Results overview
SUCCESS – everything went fine, the analysis has completed successfully;
DECLINED – the check failed (faces match).
If the analysis hasn't been finished yet, the result can be PROCESSING (the analysis is in progress) / FAILED (the analysis failed due to some error and couldn't get finished).
IMAGE
(a photo)/
VIDEO
/
SHOTS_SET
, where
SHOTS_SET
is a .zip archive equal to video.
Below, you will find the tags and type requirements for all analyses. If a media doesn’t match the requirements for the certain analysis, this media is ignored by algorithms.
The rules listed below act by default. To change the mapping configuration, please contact us.
This analysis is applied to all media, regardless of the gesture recorded (gesture tags begin from video_selfie).
Important: to process a photo in API 4.0.8 and below, pack it into a .zip archive, apply the SHOTS_SET type, and mark it with video_*. Otherwise, it will be ignored.
This analysis is applied to all media.
If the folder contains less than two matching media files, the system will return an error. If there are more than two files, then all pairs will be compared, and the system will return a result for the pair with the least similar faces.
This analysis works only when you have a pre-made image database, which is called collection. The analysis is applied to all media in the folder (or the ones marked as source media).
Best Shot is an addition to the Quality (Liveness) analysis. It requires the appropriate option enabled. The analysis is applied to all media files that can be processed by the Quality analysis.
The Documents analysis is applied to images with tags photo_id_front and photo_id_back (documents), and photo_selfie (selfie). The result will be positive if the system finds the selfie photo and matches it with a photo on one of the valid documents from the following list:
personal ID card
driver license
foreign passport
Code
Message
Description
202
Could not locate face on source media [media_id]
No face is found in the media that is being processed, or the source media has wrong (photo_id_back) or/and missing tag used for the media.
202
Biometry. Analysis requires at least 2 media objects to process
Click the server address needed to load a list of certificates. Certificate key is in the Pin SHA256 line of the Subject field. Expiration date is shown in the Valid until field.
Certificate number one is your host certificate. Your root certificate is in the very bottom of the list. Others are intermediate. For SSL pinning, any of them fits.
The higher the certificate is on the list, the better the level of protection against theft. Thus, if you use the host certificate to pin in your application, you get the highest security level. However, the lifetime of these certificates is significantly shorter than that of intermediate or root certificates. To keep your application secure, you will need to change your pins as soon as they expire; otherwise, functionality might become unavailable.
As a reasonable balance between safety and the resources needed to maintain it, we recommend using intermediate or even root certificate keys for pinning. While the security level is slightly lower, you won’t need to change these pins as often because these certificates have a much longer lifetime.
Certificate owner
Trust level
Resources requirements (depend on the certificate’s lifetime)
Host
Highest
High, but requires the most resources to maintain: keys’ list should be updated at the same time as certificate
Intermediate certificate authority
Above average; the application considers all certificates that have been issued by this authority as trusted
Average
To obtain the hash, run the following command with your server domain and port:
In the response, you’ll receive hash for your SslPin.
To get the certificate’s expiration date, run the next command – again with your server domain and port:
The date you require will be in the notAfter parameter.
We’ll provide you with the hash and date of our API server certificate.
Connection.fromServiceToken(
"your API server host",
"your token",
listOf(
SslPin(
"your hash", // SHA256 key hash in base64
<date> // key expiration date as a UNIX timestamp, UTC time
)
),
)
let pins = [SSLPin.pin(
publicKeyHash: "your hash", // SHA256 key hash in base64
expirationDate: date)] // key expiration date as a UNIX timestamp, UTC time
OZSDK.setApiConnection(.fromServiceToken(
host: "your API server host",
token: "your token",
sslPins: pins)) { (token, error) in
//
}
What is a MITM attack
MITM (man in the middle) attack is a type of attacks when a cyber fraudster breaks into the communication between application and backend, setting up a proxy to intercept and alter the traffic (e.g., substitute the video being sent). Typically, these attacks involve the fraudster setting their certificate as trusted on the user's device beforehand.
The commands listed in this section have been tested on Ubuntu, but they should work on other Linux-based OS as well.
When enabling container mode, the key parameters are:
Parameter
Value
Description
use_wasm_container
true
Enables data container generation
architecture
normal / lite/ capture
Defines who sends the data to Oz API (Web SDK or your backend)
In this mode, your backend obtains the session token before opening the Web SDK.
Steps:
Request a session token from Oz API:
The response will contain a short-term session_token:
Pass this token to the Web SDK Plugin:
In this mode, the SDK automatically retrieves the session token directly from Oz API.
You don’t need to request or provide it manually.
The flow is different depending on your architecture type.
In this mode, the Web SDK automatically uploads the generated container to Oz API.
You do not need to handle any upload manually.
In this mode, the Web SDK automatically uploads the generated container to Oz API.
You do not need to handle any upload manually.
In this mode, Web SDK only captures and packs data, but does not send it to the Oz API.
Your backend is responsible for receiving the container and forwarding it to Oz API.
Flow:
Web SDK performs video capture and calls the on_capture_complete(result, container) callback, where the second argument (container) is a Blob object (application/octet-stream).
You send this blob to your backend.
Your backend sends it to Oz API using an HTTPS POST request.
Example request:
The response will be similar to the one from the non-container flow.
The session token is valid only for a few minutes and must be requested before each capture session.
api_use_session_token: "api"
Flow for different architectures
architecture: "normal"
architecture: "lite"
architecture: "capture"
Possible errors
JDK
17
The possible results of the analyses are explained here.
Each of the analyses has its threshold that determines the output of these analyses. By default, the threshold for Liveness is 0.5 or 50%, for Collection and Biometry (Face Matching) – 0.85 or 85%.
Biometry: if the final score is equal to or above the threshold, the faces on the analyzed media are considered similar.
Collection: if the final score is equal to or above the threshold, the face on the analyzed media matches with one of the faces in the database.
Quality: if the final score is equal to or above the threshold, the result is interpreted as an attack.
To configure the threshold depending on your needs, please .
For more information on how to read the numbers in analyses' results, please refer to .
Biometry
Purpose
Output
Quality (Liveness, Best Shot)
Purpose
Output
Documents
This analysis type is deprecated.
Purpose
Oz API uses a third-party OCR analysis service provided by our partner. If you want to change this service to another one, please contact us.
Install our Web SDK. Our engineers will help you to install the components needed using the or manually. The license will be installed as well; to update it, please refer to .
Configure the .
SaaS
This part is fully covered by the Oz Forensics engineers. You get a link for Oz Web Plugin (see step 2).
How to Add Face Matching of Liveness Video with a Reference Photo From Your Database
Please note: this guide applies to the non-container flow only.
This guide describes how to match a liveness video with a reference photo of a person that is already stored in your database.
However, if you prefer to include a photo ID capture step to your liveness process instead of using a stored photo, then you can refer to another guide in this section.
By this time you should have already implemented liveness video recording and liveness check. If not, please refer to these guides:
In this scenario, you upload your reference image to the same folder where you have a liveness video, initiate the BIOMETRY analysis, and poll for the results.
Given that you already have the liveness video recorded and uploaded, you will be working with the same Oz API folder where your liveness video is. Obtain the folder ID as described below, and pass it to your back end.
For a video recorded by Web SDK, get the folder_id as described .
For a video recorded by Android or iOS SDK, retrieve the folder_id from the analysis’ results as shown below:
Android:
iOS:
POST /api/folders/{{folder_id}}/media/ method, replacing the folder_id with the ID you’ve got in the previous step. This will upload your new media to the folder where your ready-made liveness video is located.
Set the appropriate tags in the payload field of the request, depending on the nature of a reference photo that you have.
To launch the analysis, POST /api/folders/{{folder_id}}/analyses/ with the folder_id from the previous step. In the request body, specify the biometry check to be launched.
Repeat GET /api/analyses/{{analysis_id}} with the analysis_id from the previous step once a second until the state changes from PROCESSING to something else. For a finished analysis:
get the qualitative result from resolution (SUCCESS or DECLINED).
get the quantitative results from analyses.results_data.min_confidence
Here is the Postman collection for this guide.
With these steps completed, you are done with adding face matching via Oz API. You will be able to access your media and analysis results in Web UI via browser or programmatically via API.
Oz API methods can be combined with great flexibility. Explore Oz API using the .
Capturing Videos
To start recording, use startActivityForResult:
To obtain the captured video, use onActivityResult:
If you use fragment, please refer to the example below. LivenessFragment is the representation of the Liveness screen UI.
To start recording, use thestartActivityForResult method:
}
handle the exception
*/
}
api_use_session_token
api / client
Defines who retrieves the session token (Web SDK or your backend)
The algorithms did not find the two appropriate media for analysis. This might happen when only a single media has been sent for the analysis, or a media is missing a tag.
202
Processing error - did not found any document candidates on image
The Documents analysis can't be finished because the photo uploaded seems not to be a document, or it has wrong (not photo_id_*) or/and missing tags.
5
Invalid/missed tag values to process quality check
The tags applied can't be processed by the Quality algorithm (most likely, the tags begin from photo_*; for Quality, they should be marked as video_*)
5
Invalid/missed tag values to process collection check
The tags applied can't be processed by the Collection algorithm. This might happen when a media is missing a tag.
Average; the application considers all certificates that have been issued by this authority as trusted, including the intermediate authority-issued certificates
Low
If you have analyzed multiple media, the aggregated status will be SUCCESS only if each analysis on each media has finished with the SUCCESS result.
100% (1) – an attack is detected, the person in the video is not a real living person,
0% (0) – a person in the video is a real living person.
After comparison, the algorithm provides numbers that represent the similarity level. The numbers vary from 100 to 0% (1 to 0), where:
100% (1) – faces are similar, media represent the same person,
0% (0) – faces are not similar and belong to different people
There are two scores to consider: the minimum and maximum. If you have analyzed two media, these scores will be equal. For three or more media, the similarity score is calculated for each pair. Once calculated, these scores get aggregated and analysis returns the minimum and maximum similarity scores for the media compared. Typically, the minimum score is enough.
After comparison, the algorithm provides a score that represents the similarity level. The number varies from 100 to 0% (1 to 0), where:
100% (1) – the person in an image or video matches with someone in your database,
0% (0) – the person is not found in the collection.
To ensure the license being processed properly, we recommend initializing SDK first, then opening the Liveness screen.
If you use our SDK just for capturing videos, omit the Checking Liveness and Face Biometry step.
AnalysisRequest.Builder()
...
.run(object : AnalysisRequest.AnalysisListener {
override fun onSuccess(result: List<OzAnalysisResult>) {
// save folder_id that is needed for the next step
val folderId = result.firstOrNull()?.folderId
}
...
})
analysisRequest.run(
scenarioStateHandler: { state in },
uploadProgressHandler: { (progress) in }
) { (analysisResults : [OzAnalysisResult], error) in
// save folder_id that is needed for the next step
let folderID = analysisResults.first?.folderID
}
}
{
"media:tags": {
"photo1": [
"photo_id", "photo_id_front" // for the front side of an ID
// OR
"photo_selfie" // for a non-ID photo
]
}
}
{
"analyses": [
{
"type": "biometry"
}
]
}
childFragmentManager.beginTransaction()
.replace(R.id.content, LivenessFragment.create(actions))
.commit()
// subscribing to the Fragment result
childFragmentManager.setFragmentResultListener(OzLivenessSDK.Extra.REQUEST_CODE, this) { _, result ->
when (result.getInt(OzLivenessSDK.Extra.EXTRA_RESULT_CODE)) {
OzLivenessResultCode.SUCCESS -> { /* start analysis */ }
else -> { /* show error */ }
}
}
getSupportFragmentManager().beginTransaction()
.replace(R.id.content, LivenessFragment.Companion.create(actions, null, null, false))
.addToBackStack(null)
.commit();
// subscribing to the Fragment result
getSupportFragmentManager().setFragmentResultListener(OzLivenessSDK.Extra.REQUEST_CODE, this, (requestKey, result) -> {
switch (result.getInt(OzLivenessSDK.Extra.EXTRA_RESULT_CODE)) {
case OzLivenessResultCode.SUCCESS: {/* start analysis */}
default: {/* show error */}
}
});
when (resultCode) {
Activity.RESULT_CANCELED -> *USER CLOSED THE SCREEN*
OzLivenessResultCode.SUCCESS -> {
val sdkMediaResult = OzLivenessSDK.getResultFromIntent(data)
*SUCCESS*
}
else -> {
val errorMessage = OzLivenessSDK.getErrorFromIntent(data)
*FAILURE*
}
}
How to Add Photo ID Capture and Face Matching to Your Web or Mobile Application
Please note: this guide applies to the non-container flow only.
Please note that the Oz Liveness Mobile SDK does not include a user interface for scanning official documents. You may need to explore alternative SDKs that offer that functionality or implement it on your own. Web SDK does include a simple photo ID capture screen.
This guide describes the steps needed to add face matching to your liveness check.
By this time you should have already implemented liveness video recording and liveness check. If not, please refer to these guides:
Simply add photo_id_front to the list of actions for the plugin, e.g.,
For the purpose of this guide, it is assumed that your reference photo (e.g., front side of an ID) is stored on the device as reference.jpg.
Modify the code that runs the analysis as follows:
For on-device analyses, you can change the analysis mode from Analysis.Mode.SERVER_BASED to Analysis.Mode.ON_DEVICE
Check also the Android source code.
For the purpose of this guide, it is assumed that your reference photo (e.g., front side of an ID) is stored on the device as reference.jpg.
Modify the code that runs the analysis as follows:
For on-device analyses, you can change the analysis mode from mode: .serverBased to mode: .onDevice
Check also the iOS source code.
You will be able to access your media and analysis results in Web UI via browser or programmatically via API.
Oz API methods as well as Mobile and Web SDK methods can be combined with great flexibility. Explore the options available in the section.
System Objects
The description of the objects you can find in Oz Forensics system.
Objects hierarchy
System objects on Oz Forensics products are hierarchically structured as shown in the picture below.
On the top level, there is a Company. You can use one copy of Oz API to work with several companies.
The next level is a User. A company can contain any amount of users. There are several roles of users with different permissions. For more information, refer to User Roles.
When a user requests an analysis (or analyses), a new folder is created. This folder contains media. One user can create any number of folders. Each folder can contain any amount of media. A user applies analyses to one or more media within a folder. The rules of assigning analyses are described here. The media quality requirements are listed on this page.
Parameter
Type
Description
Besides these parameters, each object type has specific ones.
For Flutter 8.24.0 or newer or Android Gradle plugin 8.0.0 or newer, add to android/gradle.properties:
The minimum SDK version should be 21 or higher:
For iOS, set the minimum platform to 13 or higher in the Runner → Info → Deployment target → iOS Deployment Target.
In ios/Podfile, comment the use_frameworks! line (#use_frameworks!).
Initialize SDK by calling the init plugin method. Note that the license file name and path should match the ones specified in pubspec.yaml (e.g., assets/license.json).
Use the API credentials (login, password, and API URL) that you’ve received from us.
In production, instead of hard-coding the login and password inside the application, it is recommended to get the access token on your backend via the API auth method, then pass it to your application:
By default, logs are saved along with the analyses' data. If you need to keep the logs distinct from the analysis data, set up the separate connection for as shown below:
or
To start recording, use the startLiveness method to obtain the recorded media:
Please note: for versions 8.11 and below, the method name is executeLiveness, and it returns the recorded media.
To obtain the media result, subscribe to livenessResult as shown below:
To run the analyses, execute the code below.
Create the Analysis object:
Execute the formed analysis:
If you need to run an analysis for a particular folder, pass its ID:
The analysisResult list of objects contains the result of the analysis.
If you want to use media captured by another SDK, the code should look like this:
The whole code block will look like this:
How to Integrate Oz Liveness into Your Web Application
Oz Liveness Web SDK implements the ready-to-use face capture user interface that is essential for seamless customer experience and accurate liveness results. The SDK detects both presentation and injection attacks.
This guide walks you through your first liveness check using Web SDK and Oz API. Here, we cover the SaaS model.
The described flow combines:
Capture mode – the Web SDK (or Mobile SDK) captures the Liveness video in the browser/app and the Client backend forwards it to Oz API. Capture results are not sent from the SDK straight to Oz API; the Client backend acts as an intermediary.
OzCapsula – a proprietary encrypted binary container. The SDK packages the captured media into it; only Oz API can decrypt and process it. On the device it is an opaque blob – you cannot decode or inspect it, only forward it as-is.
Each step is marked:
[Oz SDK] – call our SDK API.
[Your code] – call your own backend or your own code.
{{host}} in the examples below is the base URL of your Oz API deployment, provided to you during deployment setup.
Component
Minimum version
You require a dedicated Web Adapter. Expand the section below if it has not yet been configured for your company.
1
Oz provides the plugin URL (served by the Oz-hosted adapter). Add it to your page:
2
OzCapsula uses a session token. The token is mandatory for OzCapsula.
Your backend requests a session token from Oz API. Request it before each capture session, as close to the moment the user starts capture as possible.
Endpoint:
Request:
With these steps, you are done with basic integration of Web SDK into your web application. You will be able to access recorded media and analysis results in via browser or programmatically via (please find the instructions here: , ).
In the you can find instructions for common next steps:
Customizing plugin look-and-feel
Adding custom language pack
Tuning plugin behavior
Plugin parameters and callbacks
Please find a sample for Oz Liveness Web SDK . To make it work, replace <web-adapter-url> with the Web Adapter URL you've received from us.
For Angular and React, replace https://web-sdk.<link>.com in index.html.
sample
sample
Customizing Android SDK
We recommend applying these settings when starting the app.
To customize the Oz Liveness interface, use UIcustomization as shown below. For the description of customization parameters, please refer to Android SDK Methods and Properties.
By default, SDK uses the locale of the device. To switch the locale, use the code below:
Launching the Plugin
The plugin window is launched with open(options) method:
GET /api/folders/?meta_data=transaction_id==<your_transaction_id> to find a folder in Oz API from your backend by your unique identifier.
Read more about .
The full list of OzLiveness.open() parameters:
How to Perform a Face Matching Analysis
This article covers the use case when you need to perform face matching with an external photo while using for data transmission. Here is what you need to do.
Depending on the API configuration:
: run a Liveness analysis using OzCapsula with the extraction enabled. This best shot is then used for comparison.
Biometry (Face Matching)
The Biometry algorithm is intended to compare two or more photos and detect the level of similarity of the spotted faces. As a source media, the algorithm takes photos, videos, and documents (with photos).
You're .
You have already marked by correct tags into this folder.
1. Initiate the analysis for the folder: POST /api/folders/{{folder_id}}/analyses/
If True, uses the main camera, otherwise the front one.
Configuration
Interface customization
// connecting to the API serverOzLivenessSDK.setApiConnection(OzConnection.fromServiceToken(HOST, TOKEN))// settings for the number of attempts to detect an actionOzLivenessSDK.config.attemptSettings = attemptSettings // the possibility to display additional debug information (you can do it by clicking the SDK version number)OzLivenessSDK.config.allowDebugVisualization = allowDebugVisualization // logging settingsOzLivenessSDK.config.logging = ozLogging
OzConfigconfig=OzLivenessSDK.INSTANCE.getConfig();// connecting to the API serverOzLivenessSDK.setApiConnection(OzConnection.fromServiceToken(HOST, TOKEN));// settings for the number of attempts to detect an actionconfig.setAttemptSettings(attemptSettings);// the possibility to display additional debug information (you can do it by clicking the SDK version number)config.setAllowDebugVisualization(allowDebugVisualization);// logging settingsconfig.setLogging(ozLogging);
OzLivenessSDK.config.customization =UICustomization(// customization parameters for the toolbar toolbarCustomization =ToolbarCustomization( closeIconRes = R.drawable.ib_close, closeIconTint = Color.ColorRes(R.color.white), titleTextFont = R.font.roboto, titleTextSize =18, titleTextAlpha =100, titleTextColor = Color.ColorRes(R.color.white), backgroundColor = Color.ColorRes(R.color.black), backgroundAlpha =60, isTitleCentered =true, title ="Analysis", ),// customization parameters for the center hint centerHintCustomization =CenterHintCustomization( textFont = R.font.roboto, textColor = Color.ColorRes(R.color.text_color), textSize =20, verticalPosition =50, textStyle = R.style.Sdk_Text_Primary, backgroundColor = Color.ColorRes(R.color.color_surface), backgroundOpacity =56, backgroundCornerRadius =14, textAlpha =100, ),// customization parameters for the hint animation hintAnimation =HintAnimation( hintGradientColor = Color.ColorRes(R.color.red), hintGradientOpacity =80, animationIconSize =120, hideAnimation =false,),// customization parameters for the frame around the user face faceFrameCustomization =FaceFrameCustomization( geometryType = GeometryType.Rectangle(10), // 10 is the corner radius strokeDefaultColor = Color.ColorRes(R.color.error_red), strokeFaceInFrameColor = Color.ColorRes(R.color.success_green), strokeAlpha =100, strokeWidth =5, strokePadding =3, ),// customization parameters for the background outside the frame backgroundCustomization =BackgroundCustomization( backgroundColor = Color.ColorRes(R.color.black), backgroundAlpha =60, ),// customization parameters for the SDK version text versionTextCustomization =VersionTextCustomization( textFont = R.font.roboto, textSize =12, textColor = Color.ColorRes(R.color.white), textAlpha =100, ),// customization parameters for the antiscam protection text antiScamCustomization =AntiScamCustomization( textMessage ="", textFont = R.font.roboto, textSize =14, textColor = Color.ColorRes(R.color.text_color), textAlpha =100, backgroundColor = Color.ColorRes(R.color.color_surface), backgroundOpacity =100, cornerRadius =20, flashColor = Color.ColorRes(R.color.green), ),// custom logo parameters// should be allowed by license logoCustomization =LogoCustomization( image = Image.Drawable(R.drawable.ic_logo), size =Size(176, 64), verticalPosition =100, horizontalPosition =50, ))
If you want to use a webhook for response, add it to the payload at this step, as described here.
You'll needanalysis_id or folder_id from response.
2. If you use a webhook, just wait for it to return the information needed. Otherwise, initiate polling:
GET /api/analyses/{{analysis_id}} – for the analysis_id you have from the previous step.
GET /api/folders/{{folder_id}} – for all analyses performed on media in the folder with the folder_id you have from the previous step.
Repeat until the resolution_status and resolution fields change status to any other except PROCESSING, and treat this as a result.
Check the response for the min_confidence value. It is a quantitative result of matching the people on the media uploaded.
OzLivenessSDK.INSTANCE.getConfig().setCustomization(new UICustomization(
// customization parameters for the toolbar
new ToolbarCustomization(
R.drawable.ib_close,
new Color.ColorRes(R.color.white),
R.style.Sdk_Text_Primary,
new Color.ColorRes(R.color.white),
R.font.roboto,
Typeface.NORMAL,
100, // toolbar text opacity (in %)
18, // toolbar text size (in sp)
new Color.ColorRes(R.color.black),
60, // toolbar alpha (in %)
"Liveness", // toolbar title
true // center toolbar title
),
// customization parameters for the center hint
new CenterHintCustomization(
R.font.roboto,
new Color.ColorRes(R.color.text_color),
20,
50,
R.style.Sdk_Text_Primary,
new Color.ColorRes(R.color.color_surface),
100, // background opacity
14, // corner radius for background frame
100 // text opacity
),
// customization parameters for the hint animation
new HintAnimation(
new Color.ColorRes(R.color.red), // gradient color
80, // gradient opacity (in %)
120, // the side size of the animation icon square
false // hide animation
),
// customization parameters for the frame around the user face
new FaceFrameCustomization(
GeometryType.RECTANGLE,
10, // frame corner radius (for GeometryType.RECTANGLE)
new Color.ColorRes(R.color.error_red),
new Color.ColorRes(R.color.success_green),
100, // frame stroke alpha (in %)
5, // frame stroke width (in dp)
3 // frame stroke padding (in dp)
),
// customization parameters for the background outside the frame
new BackgroundCustomization(
new Color.ColorRes(R.color.black),
60 // background alpha (in %)
),
// customization parameters for the SDK version text
new VersionTextCustomization(
R.style.Sdk_Text_Primary,
R.font.roboto,
12, // version text size
new Color.ColorRes(R.color.white),
100 // version text alpha
),
// customization parameters for the antiscam protection text
new AntiScamCustomization(
"Recording .. ",
R.font.roboto,
12,
new Color.ColorRes(R.color.text_color),
100,
R.style.Sdk_Text_Primary,
new Color.ColorRes(R.color.color_surface),
100,
14,
new Color.ColorRes(R.color.green)
)
// custom logo parameters
new LogoCustomization(
new Image.Drawable(R.drawable.ic_logo),
new Size(176, 64),
100,
50
)
)
);
{
"analyses": [{
"type": "biometry",
// optional; omit to include all media from the folder
"source_media": [
"1111aaaa-11aa-11aa-11aa-111111aaaaaa",
"2222bbbb-22bb-22bb-22bb-222222bbbbbb"
]
}]
}
[
{
// you may have multiple analyses in the list
// pick the one you need by analyse_id or type
"analysis_id": "1111aaaa-11aa-11aa-11aa-111111aaaaaa",
"type": "BIOMETRY",
"results_media": [
{
// if you have multiple media in one analysis, match score with media by source_video_id/source_shots_set_id
"source_video_id": "1111aaaa-11aa-11aa-11aa-111111aaaaab", // for shots_set media, the key would be source_shots_set_id
"results_data":
{
"max_confidence": 0.997926354,
"min_confidence": 0.997926354 // quantitative score for this media
}
...
]
"resolution_status": "SUCCESS", // qualitative resolution (based on all media)
...
}
...
]
Json
Any user parameters
technical_meta_data
Json
Module-required parameters; reserved for internal needs
String
Name
last_name
String
Surname
middle_name
String
Middle name
email
String
User email = login
password
String
User password (only required for new users or to change)
Original filename (how the file was called on the client machine)
analyse_id
UUID
ID of the analysis
folder_id
UUID
ID of the folder
Object parameters
Common parameters
Company
User
Folder
Media
Analysis
meta_data
first_name
original_url
type
The authorization mechanism for calls to Oz API (access_token) depends on your installation settings: when using Instant API, you can integrate it under your own authorization scheme. If access token is required in your case, please check Authentication. Never expose the access token in the browser. Also, please note that access and session token are different tokens issued for different purposes.
Response:
This token is short-lived (default lifetime: 900 seconds). Request one per capture session and pass it to the SDK immediately – do not cache or reuse tokens across sessions.
When capture completes, the SDK fires the on_capture_complete callback. The container is delivered as the second argument – a Blob with MIME type application/octet-stream.
The container is an opaque encrypted blob. You cannot decode it, inspect it, or extract individual images / frames / metadata from it on the device. It must be forwarded as-is to your backend. If you need access to captured images (e.g., the best shot), retrieve them from the Oz API analysis response on the server side.
Upload it to your backend as application/octet-stream.
5
(your code) Send the container to Oz API
Your backend submits the container in a single synchronous POST request.
X-Forensic-Access-Token: {{access_token}}. (optional, depends on installation settings).
Request body: the raw container bytes – no JSON envelope, no multipart, no base64 wrapping.
Request (Instant API):
Request (Full API):
On success: HTTP 201 with a JSON folder object describing the result. Check Step 6.
On container-level error: HTTP 400 – see .
This guide covers the Liveness analysis. To perform a Face Matching analysis within the OzCapsula flow, see .
6
(your code) Handle the response
Your backend now has the response – a JSON folder object describing the result.
Make the accept/reject decision using only these two top-level fields:
$.resolution_status // "FINISHED" – analyses completed; "FAILED" – error during analysis processing
$.system_resolution // "SUCCESS", "DECLINED", or "FAILED"
Interpret system_resolution:
SUCCESS – all checks passed; accept the user.
DECLINED – one or more checks failed; reject the user.
FAILED – a system error prevented at least one analysis from completing; do not treat as accept or reject.
For per-analysis verdicts (for example, to know whether liveness passed but biometry failed), read $.analyses[*].resolution_status with the values described above.
Step 3 passes that session_token into OzLiveness.open(...).
session_token – a specific token required to use OzCapsula data container.
token – (optional) the auth token;
license – an object containing the license data;
licenseUrl – a string containing the path to the license;
Warning: The license and licenseUrl parameters override the server-side license, including its expiration date. If you use a server-side license, omit these parameters from OzLiveness.open(), otherwise, you might be getting a license error.
lang – a string containing the identifier of one of the installed language packs;
meta – an object with names of meta fields in keys and their string values in values. is transferred to Oz API and can be used to obtain analysis results or for searching;
params – an object with identifiers and additional parameters:
extract_best_shot – true or false: run the best frame choice in the Quality analysis;
action – an array of strings with identifiers of actions to be performed.
Available actions:
photo_id_front – photo of the ID front side;
photo_id_back
overlay_options – the document's template displaying options:
show_document_pattern: true/false – true by default, displays a template image, if set to false, the image is replaced by a rectangular frame;
on_submit – a callback function (no arguments) that is called after submitting customer data to the server (unavailable for the ).
on_capture_complete – a callback function (with one argument) that is called after the video is captured and retrieves the information on this video. The example of the response is described .
on_result – a callback function (with one argument) that is called periodically during the analysis and retrieves an intermediate result (unavailable for the capture mode). The result content depends on the Web Adapter result_mode and is described .
on_complete – a callback function (with one argument) that is called after the check is completed and retrieves the analysis result (unavailable for the capture mode). The result content depends on the Web Adapter result_mode and is described .
on_error – a callback function (with one argument) that is called in case of any error happened during video capturing and retrieves the error information: an object with the error code, error message, and telemetry ID for logging.
on_close – a callback function (no arguments) that is called after the plugin window is closed (whether manually by the user or automatically after the check is completed).
style – .
device_id – (optional) identifier of camera that is being used.
enable_3d_mask – enables the 3D mask as the default face capture behavior. This parameter works only if load_3d_mask in the Web Adapter is set to true; the default value is false.
On January 1, 2027, 3D Mask will become unavailable.
cameraFacingMode (since 1.4.0) – the parameter that defines which camera to use; possible values: user (front camera), environment (rear camera). This parameter only works if the use_for_liveness option in the file is undefined. If use_for_liveness is set (with any value), cameraFacingMode gets overridden and ignored.
disable_adaptive_aspect_ratio (since 1.5.0) – if True, disables the video adaptive aspect ratio, so your video doesn’t automatically adjust to the window aspect ratio. The default value is False, and by default, the video adjusts to the closest ratio of 4:3, 3:4, 16:9, or 9:16. Please note: smartphones still require the portrait orientation to work.
get_user_media_timeout (since 1.5.0) – when Web SDK can’t get access to the user camera, after this timeout it displays a hint on how to solve the problem. The default value is 40000 (ms).
if the getUserMedia() function hangs, you can manage the SDK behavior using the following parameters (since 1.7.15):
get_user_media_promise_timeout_ms – set the timeout (in ms) after which SDK will throw an error or display an instruction. This parameter is an object with the following keys: "platform_browser", "browser", "platform", "default"
OzLiveness.open({
// omit session_token if your SDK version is older than 1.9.2 or you have set api_use_session_token to api
session_token,
lang: 'en',
action: [
'photo_id_front', // request photo ID picture
'video_selfie_blank' // request passive liveness video
],
meta: {
// an ID of user undergoing the check
// add for easier conversion calculation
'end_user_id': '<user_or_lead_id>',
// Your unique identifier that you can use later to find this folder in Oz API
// Optional, yet recommended
'transaction_id': '<your_transaction_id>',
// You can add iin if you plan to group transactions by the person identifier
'iin': '<your_client_iin>',
// Other meta data
'meta_key': 'meta_value',
},
on_error: function (result) {
// error details
console.error('on_error', result);
},
on_complete: function (result) {
// This callback is invoked when the analysis is complete
// It is recommended to commence the transaction on your backend,
// using transaction_id to find the folder in Oz API and get the results
console.log('on_complete', result);
},
on_capture_complete: function (result) {
// Handle captured data here if necessary
console.log('on_capture_complete', result);
}
});
Parameters
Please note: license and token must be added on the backend, except for specific cases.
Run a face matching request without OzCapsula. Matching happens on the backend, so secure data transmission isn't needed.
The instructions below show how to adjust the flow for each API configuration.
1
Run the Liveness Analysis with Best Shot
The best shot is a frame from the Liveness video where the face is most clearly seen. When best shot extraction is enabled, the server selects this frame during the Quality (Liveness) analysis and stores it in the same folder as the source video, so it can be reused as input for the face matching (Biometry) analysis without recapturing media.
1.1. Enable Best Shot Extraction
This section describes where to switch on the best shot extraction in each Oz SDK.
Add extract_best_shot to the params map of the AnalysisProfile whose type is QUALITY, inside CaptureRequest.analysisProfileList.
After this, run createMediaCaptureScreen(captureRequest, session_token) to get the data container and send it to analysis with addContainer(container) — exactly as in the standard OzCapsula flow.
Add extract_best_shot to the params of the AnalysisProfile whose type is .quality, inside CaptureRequest.analysisProfileList.
After this, run createMediaCaptureScreen(request: captureRequest, session_token: token) to get the data container and send it to analysis with addContainer(container).
Add extract_best_shot to the params of the object passed to OzLiveness.open(). Unlike the mobile SDKs, this parameter sits at the top level of the launch options, not nested per analysis, and works the same way regardless of whether you use the OzCapsula data container or the legacy flow.
Instant API returns the best shot in the base64 format. In the response, you will find it in folder.analyses.results_media → output_images → image_b64. Decode the base64 best shot from the Liveness response and save it as a file (e.g., best_shot.jpeg).
2
Face matching is launched directly via Oz API, without the SDK capture step.
Call POST /api/instant/folders/ with your reference photo and the best shot you've obtained from the Liveness analysis as shown in 1.2.
The response will contain the result of the biometry analysis.
1
Run the Liveness Analysis
val livenessProfile =AnalysisProfile( mediaList =
After this, run createMediaCaptureScreen(captureRequest, session_token) to get the data container and send it to analysis with addContainer(container) — exactly as in the standard OzCapsula flow.
let livenessProfile =AnalysisProfile( mediaList:
After this, run createMediaCaptureScreen(request: captureRequest, session_token: token) to get the data container and send it to analysis with addContainer(container).
OzLiveness.open({
session_token, // required for OzCapsula (Web SDK 1.9.2+)
action: ['video_selfie_blank'],
// ... other options
});
From the response, you need folder_id and the original name of your media file (video that has been taken) which is in folder.media → original_name.
2
1
Add your reference photo to the folder identified by the folder_id from the response of your Liveness request: POST /api/folders/{{folder_id}}/media/.
video_selfie_best – special action to select the best shot from a video and perform analysis on it instead of the full video.
On January 1, 2027, the One Shot gesture will become unavailable. Please plan your migration.
(the priority matches the sequence).
get_user_media_promise_timeout_throw_error – defines whether, after the time period defined in the parameter above, SDK should call an error (if true) or display a user instruction (if false).
OzCapsula is our proprietary data format, designed to provide end-to-end protection and maintain data integrity during transmission. We've introduced this format in 8.22 and implemented new methods to use it:
createMediaCaptureScreen(request) for video capture: this method takes a video and packages it into a data container.
AnalysisRequest.addContainer for processing data: this method adds container to the analysis request.
Capturing Video and Description of the on_capture_complete Callback
In this article, you’ll learn how to capture videos and send them through your backend to Oz API.
Here is the data flow for your scenario:
1. Oz Web SDK takes a video and makes it available for the host application as a frame sequence.
2. The host application calls your backend using an archive of these frames.
3. After the necessary preprocessing steps, your backend calls Oz API, which performs all necessary analyses and returns the analyses’ results.
4. Your backend responds back to the host application if needed.
On the server side, Web SDK must be configured to operate in the
Please follow the links below to access the examples. You can also refer to the illustrative examples shown below the links.
Please check the methods and properties below. You can also find them in the corresponding sections of iOS, Android, Flutter documentation sections.
This method replaces addAnalysis in the AnalysisRequest structure when you use the data container flow.
Input
Parameter
Type
Description
OzDataContainer
bytearray[]
An encrypted file containing media and collateral info, the output of the method
Captures media file with all information you need and packages it into a data container.
Input
Parameter
Type
Description
request
Detects a request for video capture
session_token
String
Token for current session
Output
Parameter
Type
Description
OzDataContainer
bytearray[]
An encrypted file containing media and collateral info
Detects a request for video capture.
Parameter
Type
Description
analysisProfileList
List<>
A list of objects that contain information on media and analyses that should be applied to them
folderMeta (optional)
Map<String, Any>
Additional folder metadata
Contains information on media files and analyses that should be applied to them.
Parameter
Type
Description
mediaList
List<>
A list of media to be analyzed
type
String (Type (Android) or AnalysisType (iOS))
Analysis type
Stores information about a media file.
Parameter
Type
Description
id
String (UUID v4)
Media ID
actionMedia
OzAction (Android) or OzVerificationMovement (iOS)
An action that user should perform in a video
Error
Text
Description
session_token_is_empty
Session token must not be empty
Session token is mandatory but hasn’t been provided
data_container_internal_failure_1
Internal failure occurred while processing the data container
The device doesn’t have enough memory to proceed
If, during the video capture, SDK encounters an error that prevents user scenario from completion, the data container is deleted.
Should you have any questions, please contact us.
Code examples
// capture and pack media
val referentPhoto = MediaRequest.UserMedia(OzAbstractMedia.OzDocumentPhoto(OzMediaTag.Blank, referentPhotoPath))
val blinkVideo = MediaRequest.ActionMedia(OzAction.EyeBlink)
val scanVideo = MediaRequest.ActionMedia(OzAction.Scan)
val intent = OzLivenessSDK.createMediaCaptureScreen(
CaptureRequest(
listOf(
AnalysisProfile(
Analysis.Type.BIOMETRY,
listOf(referentPhoto, scanVideo)
),
AnalysisProfile(
Analysis.Type.QUALITY,
listOf(referentPhoto, scanVideo, blinkVideo)
),
),
),
sessionToken
)
startActivityForResult(intent, REQUEST_CODE_SDK)
// subscription to result
override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
super.onActivityResult(requestCode, resultCode, data)
if (requestCode == REQUEST_CODE_SDK) {
when (resultCode) {
OzLivenessResultCode.USER_CLOSED_LIVENESS -> { /* user closed the screen */ }
OzLivenessResultCode.SUCCESS -> {
// result
val container = OzLivenessSDK.getContainerFromIntent(data)
...
}
else -> {
// error
val errorMessage = OzLivenessSDK.getErrorFromIntent(data)
...
}
}
}
}
// launching analyses
AnalysisRequest.Builder()
.addContainer(container)
.build()
.run(
object: AnalysisRequest.AnalysisListener {
override fun onSuccess(result: RequestResult) {
...
}
override fun onError(exception: OzException) {
...
}
}
)
// capture and pack media
let mediaRequest = MediaRequest.actionMedia(.selfie)
let profile = AnalysisProfile(mediaList: [mediaRequest],
type: .quality,
params: ["extract_best_shot" : true])
let request = CaptureRequest(analysisProfileList: [profile], cameraPosition: cameraPosition)
self.ozLivenessVC = try OZSDK.createMediaCaptureScreen(self, request, sessionToken: sessionToken)
self.present(ozLivenessVC, animated: true)
// subscription to result
extension ViewController: LivenessDelegate {
func onError(status: OZVerificationStatus?) {
// error handling
}
func onResult(container: DataContainer) {
let analysisRequest = AnalysisRequestBuilder()
analysisRequest.addContainer(container)
analysisRequest.run(statusHandler: { [weak self] state in
},
errorHandler: { [weak self] error in
// error
}) { result in
// result
}
}
// capture and pack media
final sessionToken = await _getSessionToken();
OZSDK.createMediaCaptureScreen(
CaptureRequest(
analysisProfileList: [
AnalysisProfile(
Type.quality,
mediaList: [ActionMedia(VerificationAction.blank)]
),
],
),
sessionToken,
);
// subscription to result
@override
void initState() {
super.initState();
_subscription = OZSDK.livenessResult.listen((result) {
if (result is DataContainer) {
// OzCapsula media
}
}, onError: (Object error) {
// handle error, in most cases PlatformException
});
}
// launching Liveness
final sessionToken = await _getSessionToken();
OZSDK.createMediaCaptureScreen(
CaptureRequest(
analysisProfileList: [
AnalysisProfile(
Type.quality,
mediaList: [ActionMedia(VerificationAction.blank)]
),
],
),
sessionToken,
);
Kotlin
Swift
Flutter
Methods and properties
addContainer
createMediaCaptureScreen
public data class CaptureRequest
public data class AnalysisProfile
public sealed class MediaRequest
Please note: you should add actionMedia OR userMedia, these parameters are mutually exclusive.
Exceptions
Capture
mode:
The architecture parameter must be set to capture in the app_config.json file.
In your Web app, add a callback to process captured media when opening the Web SDK plugin:
The result object structure depends on whether any virtual camera is detected or not.
Here’s the list of variables with descriptions.
Variable
Type
Description
best_frame
String
The best frame, JPEG in the data URL format
best_frame_png
String
The video from Oz Web SDK is a frame sequence, so, to send it to Oz API, you’ll need to archive the frames and transmit them as a ZIP file via the POST /api/folders request (check ourPostman collections).
You can retrieve the MP4 video from a folder using the /api/folders/{{folder_id}} request with this folder's ID. In the JSON that you receive, look for the preview_url in source_media. The preview_url parameter contains the link to the video. From the plugin, MP4 videos are unavailable (only as frame sequences).
Also, in the POST {{host}}/api/folders request, you need to add the additional_info field. It is required for the capture architecture mode to gather the necessary information about client environment. Here’s the example of filling in the request’s body:
Oz API accepts data without the base64 encoding.
1. Overview
2. Implementation
OzLiveness.open({
... // other parameters
on_capture_complete: function(result) {
// Your code to process media/send it to your API, this is STEP #2
}
})
How to Integrate Oz Liveness Using the Non-Persistent Oz API Mode
This guide walks you through the full integration: getting a session token, capturing media with the SDK, sending the resulting OzCapsula container to Oz API Instant, reading the response, making the accept/reject decision, reducing the response size, and running minimal diagnostics.
This flow combines three things:
Capture mode – the Web SDK (or Mobile SDK) captures the Liveness video in the browser/app and the Client backend forwards it to Oz API. Capture results are not sent from the SDK straight to Oz API; the Client backend acts as an intermediary.
OzCapsula – a . The SDK packages captured media and metadata into it; Oz API decrypts and processes it. It protects the captured data from tampering between the user's device and Oz API. The container is an opaque encrypted blob. You cannot decode it, inspect it, or extract individual images / frames / metadata from it on the device. It must be forwarded as-is to your backend. If you need access to captured images (e.g., the best shot), retrieve them from the Oz API analysis response on the server side.
Instant API – the non-persistent mode of Oz API. Results are returned immediately in the response and nothing is stored.
Together: the SDK captures and packages media into OzCapsula → your backend forwards the container to Oz API Instant → Oz API returns the result synchronously, storing nothing.
A few terms used throughout this guide:
{{host}} – the base URL of your Oz API deployment. Provided to you during deployment setup.
Session token – a short-lived token that ties an OzCapsula to a specific capture session, preventing replay of the same container later. Mandatory for OzCapsula.
Folder – the response object Oz API creates for a single submission. It groups the submitted media and the analyses that were applied to them.
Component
Minimum version
1
OzCapsula requires a session token for each capture session.
To enable the session token functionality, generate a pair of JWT keys. Please find the instructions on how to create them in the : proceed to readme.md and, in the Preparation section, locate sub-section Create a JWT secret. Once you have keys, create a folder within your installation, place keys there, and put this path into API_KEYS_DIR (e.g., API_KEYS_DIR=/opt/oz/api/keys). This should be done once for the installation.
Request a session token from Oz API Instant. Request it before each capture session, as close to the moment the user starts capture as possible.
Analysis type – what Oz API runs on the media. The API returns QUALITY for Liveness analyses and BIOMETRY for Face Matching analyses.
Endpoint:
Headers:
Content-Type: application/json
Request:
Response:
The token is short-lived (default lifetime: 900 seconds). Request one per capture session and pass it to the SDK immediately – do not cache or reuse tokens across sessions.
Authorization mechanism for the call to Oz API depends on installation, by default, no access token is required in the headers. If it is required in your case, please check Authentication.
2
Capture and package on the device
The SDK captures media from the user and packages it into an OzCapsula container.
Mobile SDK (iOS, Android)
Launch analysis with the session token. The container is returned through the result callback.
Android (Kotlin)
// Launch the capture screen
val captureRequest = CaptureRequest(
listOf(
AnalysisProfile(
Analysis.Type.QUALITY,
listOf(MediaRequest.ActionMedia(OzAction.Blank))
)
)
)
val intent = OzLivenessSDK.createMediaCaptureScreen(captureRequest, sessionToken)
startActivityForResult(intent, REQUEST_LIVENESS_CONTAINER)
// Obtain the result
override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
super.onActivityResult(requestCode, resultCode, data)
if (requestCode == REQUEST_LIVENESS_CONTAINER) {
when (resultCode) {
OzLivenessResultCode.SUCCESS -> {
val container = OzLivenessSDK.getContainerFromIntent(data)
handleContainer(container)
}
OzLivenessResultCode.USER_CLOSED_LIVENESS -> { /* user closed the screen */ }
else -> {
val errorMessage = OzLivenessSDK.getErrorFromIntent(data)
/* show error */
}
}
}
}
iOS (Swift)
// Launch the capture screen
let mediaRequest = MediaRequest.action(.selfie)
let profile = AnalysisProfile(
mediaList: [mediaRequest],
type: .quality,
params: [:]
)
let request = CaptureRequest(
analysisProfileList: [profile],
cameraPosition: .front
)
let livenessVC = try OZSDK.createMediaCaptureScreen(
delegate,
request,
sessionToken: sessionToken
)
livenessVC.modalPresentationStyle = .fullScreen
parent.present(livenessVC, animated: true)
// Obtain the result
extension YourViewController: LivenessDelegate {
func onResult(container: DataContainer) {
// Pass container to Step 5
handleContainer(container)
}
func onError(status: OZVerificationStatus?) {
// user cancelled, capture failed, etc.
}
}
The container is returned as a bytearray (Android) or DataContainer (iOS). Forward it to your backend without any transformation.
Web SDK
Call OzLiveness.Open() with the session token. When capture completes, the SDK fires the on_capture_complete callback. The container is delivered as the second argument.
The container arrives as a Blob with MIME type application/octet-stream. Forward it to your backend without any transformation.
3
Liveness analysis: send the container to Instant API
Your backend submits the container in a single synchronous POST request.
The response will contain the result of the biometry analysis.
5
Read the response
Top-level fields
Field
Use
folder_id
Unique identifier of the request
resolution_status
Whether processing completed: FINISHED or FAILED
Field
Use
Use only these two top-level fields:
Interpret system_resolution:
SUCCESS – all checks passed; accept the user.
DECLINED – one or more checks failed; reject the user.
FAILED – a system error prevented at least one analysis from completing; do not treat as accept or reject (see Non-success outcomes).
For per-analysis verdicts (for example, to know whether liveness passed but biometry failed), read $.analyses[*].resolution_status with the same three values.
The response also contains internal identifiers (group_id, media_association_id), file hashes, operator-related fields (operator_comment, operator_status, is_cleared), and other system fields. They are not needed for the integration flow described in this guide.
6
Non-success outcomes
Invalid container – HTTP 400
When the container fails validation, Oz API responds with HTTP 400 and error_message: "Invalid request data". The specific error_code indicates the cause:
error_code
Condition
Codes 13 and 14 fire before the container is unpackaged; codes 3, 4, 5 fire after unpackaging when the payload itself fails business-level validation.
For code 14, send the container instance and the error_code to Oz Forensics support – the specific cause is only available in server-side logs.
The container was valid and the analyses ran, but at least one check did not pass.
resolution_status: FINISHED.
system_resolution: DECLINED.
resolution_comment: "[]" (not informative – the decline reason is implicit in the per-analysis result).
A system error prevented at least one analysis from completing.
resolution_status: FAILED.
system_resolution: FAILED.
resolution_comment – string listing which analyses failed and with what code.
Generated media items. For the QUALITY analysis, contains the best shot in output_images[] – see Step 3
source_media
Input media
Per-analysis resolution_status: DECLINED.
Per-analysis state: FAILED, resolution_status: FAILED, error_code and error_message populated.
system_resolution
Overall result: SUCCESS, DECLINED, or FAILED
resolution_comment
Note about the analysis resolution. Useful on FAILED (lists which analyses failed)
meta_data
Metadata block. The block contains event_session_id, the session identifier which is required for tracing the request back to the user session in your frontend
media
Media files submitted in the container
analyses
Array of per-analysis results
type
QUALITY for liveness, BIOMETRY for face matching
state
Processing state of this analysis: FINISHED or FAILED
resolution_status
Outcome of this analysis: SUCCESS, DECLINED, or FAILED
error_code, error_message
3
Missing payload
4
No media in the container
5
Container is damaged
13
No container in the request
14
Invalid container – any reason (decryption, signature, hash, or session_token validation failure)
Inside analyses[]
Make the accept/reject decision
Other fields
Declined – HTTP 201
Failed – HTTP 201
Shown only when the analysis failed technically
OzLiveness.open({
lang: 'en',
session_token: session_token,
action: ['video_selfie_blank'], // request passive liveness video
on_capture_complete: function(action, ozCapsula) {
// ozCapsula is a Blob (application/octet-stream)
// forward it to your backend
},
on_error: function (err) { /* handle error */ }
});
Migrating to the new design from the previous versions (before 1.0.1)
Changelog
Web SDK changes
1.9.10 – June 15, 2026
Deprecated the video_file_format parameter. It will be removed in 2.0.0, and the MOV format will no longer be accepted.
Added the antiscamCustomization.verticalPosition parameter to control the vertical position of the antiscam hint.
Resolved a memory growth issue in the adapter under heavy load.
The on_capture_complete callback now caps frame_list length by max_jpeg_frames_to_api. If max_jpeg_frames_to_api is not set, the callback returns all frames (unchanged).
Reduced memory required to encode frames when using WASM container.
Added the error_face_detector_no_result error code. The capture screen no longer hangs indefinitely when the face detector fails during initialization; if no face is found within 5 seconds, the new error is returned.
Resolved a TypeError in the on_capture_complete callback in the serverless build.
Corrected the invalid orientation_portrait1 tag in the helper script.
Removed the unused photo_source parameter.
Enhanced security.
Added the closeButtonSlot option. Accepts an HTML string or HTMLElement to replace the default close button content.
Added the options.position parameter for the logo. Supported values: bottom-left (default) and bottom-center.
Implemented a new proprietary data format: OzCapsula Data Container.
You can now customize face oval using new CSS class (stroke color, glow effects, etc.). All standard CSS properties are supported.
We now support the kk language code as alias for kz (Kazakh). OzLiveness.set_lang('kk')
Web SDK no longer returns an error when you call OzLiveness.hide() immediately after launching the plugin.
Improved performance.
Enhanced security.
You can now launch Web Plugin in the windowed mode. Define parent_container in OpenOptions: parent_container: string | HTMLElement.
Loader transitions are now customizable. Please refer to the settings.
Improved handling of head movement gestures (up / down).
You can now replace the default loader with your custom one. Please refer to the settings.
The behavior of SDK, when getting camera access takes too long, is now manageable. Please refer to get_user_media_promise_timeout_* parameters listed .
Security and telemetry updates.
Breaking changes: we no longer transmit scores in callbacks. Replace confidence_spoofing with 0 for SUCCESS and with 1 for other statuses.
Fixed the bug with Web SDK being unable to read the image_data_tensor properties.
Added support for API 6.0.
CORS headers in should now be specified without quotation marks.
Added a new parameter to manage authorization. auth defines whether and what authorization is used:
Simplified the checks that require user to move their head: turning left or right, tilting, or looking down.
Decreased the distance threshold for the head-moving actions: turning left or right, tilting, or looking down.
The application's behavior when the opened dev-tools are detected is now manageable.
Security updates.
Resolved the issue where a video could not be generated from a sequence of frames.
The on_complete callback now is called upon folder status change.
Updated instructions for camera access in the Android Chrome and Facebook browsers. New keys:
error_no_camera_access,
In case of camera access timeout, we now display a page with instructions for users to enable camera access: default for all browsers and specific for Facebook.
Added several localization records to the . New localization keys:
accessing_camera_switch_to_another_browser,
Improved user experience for card printer machines. Users no longer need to get that close to the screen with face frame.
Added the disable_adaptive_aspect_ratio parameter to the Web Plugin. This parameter switches off the default video aspect ratio adjustment to the window.
Implemented the get_user_media_timeout parameter for Web Plugin: when SDK can’t get access to the user camera, after this timeout it displays a hint on how to solve the problem.
Fixed the bug where the warning about incorrect device orientation was not displayed when a mobile user attempted to take a video with their face in landscape orientation.
Some users may have experienced freezes while using WebView. Now, users can tap a button to continue working with the application. The corresponding string has been added to the string file in the . Key: tap_to_continue.
Debugging improvements.
Major security updates: improved protection against virtual cameras and JavaScript tampering.
Improved WebView support:
Added camera access instructions for applications within the generic WebView browsers on Android and iOS. The corresponding events are added to telemetry.
You can now use Web SDK for the analysis: to compare the face from your Liveness video with faces from your database. Create a collection (or collections) with these photos via or , and add the corresponding ID (or IDs) to the analyses.collection_ids array in the Web Adapter configuration file.
The iframe support is back: set the iframe_allowed parameter in the Web Adapter configuration file to True.
Improved the protection against injection attacks.
Replaced the code for Brazilian Portuguese from pt to pt-br to match the ISO standard.
Removed the lang_default
Internal SDK improvements.
To enhance your clients’ experience with Web SDK, we implemented the 3D-mask that replaces the oval during face capture. To make it work, set the load_3d_mask in to true.
Updated telemetry (logging).
Logging updates.
Security updates.
Internal SDK improvements.
Internal SDK improvements.
Fixed some bugs.
Changed the signature of the on_error() callback: now it returns an object with the error code, error message, and telemetry ID for logging.
Added the configuration parameter for the debug mode. If True, the Web SDK enables access to the /debug.php page, which contains information about the current configuration and the current license.
If your device has multiple cameras, you can now choose one when launching the Web Plugin.
Implemented the new design for SDK and demo, including the scam protection option: the antiscam message warns user about their actions being recorded. Please check the new customization options .
Added the Portuguese, Spanish, and Kazakh locales.
Added the combo gesture.
In the capture architecture, when a virtual camera is detected, the additional_info parameter is inside the from_virtual_camera section.
You can now crop the lossless frame without losing quality.
Improved the recording quality;
Reforged :
added detailed error descriptions;
Changed the extension of some Oz system files from .bin to .dat.
Additional scripts are now called using the main script's address.
Web SDK now can be installed via static files only (works for the capture type of architecture).
Web SDK can now work with CDN.
Now, you can launch several Oz Liveness plugins on different pages. In this case, you need to specify the path to scripts in head of these pages.
Fixed a bug with the shooting screen.
Added licensing (requires origin).
You can now of Web SDK.
Fixed Angular integration.
Fixed the bug where the IMAGE_FOLDER section was missed in the JSON response with the lossless frame enabled.
Fixed issues with the ravenjs library.
A frame for taking a documents photo is now customizable.
Implemented security updates.
Metadata now contains names of all cameras you can use.
Video and zip formats now allow loading a lossless image.
Fixed Best Shot.
Separated the error code and error description in server responses.
If the SDK mode is set in the environment variables architecture, api_url, it is passed to settings automatically.
In the Lite mode, you can select the best frame for any action.
In the Lite mode, an image sent via API gets the on_complete
Added the folder value for result_mode: it returns the same value as status but with folder_id.
Updated encryption: now only metadata required to decrypt an object is encrypted.
Updated data transfer: images are being sent in separate form fields.
Added the camera parameters check.
Enabled a new method for image encryption.
Optimized image transfer format.
Added the use_for_liveness option: mobile devices use back camera by default, on desktop, flip and oval circling are off. By default, the option is switched off.
Decreased video length for video_selfie_best (the Selfie gesture) from 1 to 0,2 sec.
Loading scripts is now customizable.
Improved UX.
Added the Kazakh locale.
Added a guide for accessing the camera on a desktop.
Improved logging: plugin_liveness.php requests and recording user-agent to the server log.
Added encryption.
Updated libraries.
You can now hide the Oz Forensics logo.
Updated a guide for Facebook, Instagram, Samsung, Opera.
Added handlers for unknown variables and a guide for “unknown” browsers.
Optimized memory usage for a frame.
Added a guide on how to switch cameras on using Android browsers.
How to Integrate Oz Liveness into Your Mobile Application
Oz Liveness Mobile SDK implements the ready-to-use face capture user interface that is essential for seamless customer experience and accurate liveness results.
This guide walks you through your first liveness check using Mobile SDK (iOS or Android) and Oz API.
The described flow combines:
Capture mode – the Mobile SDK captures the Liveness video in the app and the Client backend forwards it to Oz API. Capture results are not sent from the SDK straight to Oz API; the Client backend acts as an intermediary.
OzCapsula – a proprietary encrypted binary container. The SDK packages the captured media into it; only Oz API can decrypt and process it. On the device it is an opaque blob – you cannot decode or inspect it, only forward it as-is.
Each step is marked:
[Oz SDK] – call our SDK API.
[Your code] – call your own backend or your own code.
{{host}} in the examples below is the base URL of your Oz API deployment, provided to you during deployment setup.
Component
Minimum version
Use Content-Type: application/octet-stream for any container uploaded to Oz API.
Before you begin, make sure you have Oz API credentials. When using SaaS API, you get them :
For the on-premise Oz API, you need to create a user yourself or ask your team that manages the API. See the . Consider the proper user role (CLIENT in most cases or CLIENT ADMIN, if you are going to make SDK work with the pre-created folders from other API users). In the end, you need to obtain a similar set of credentials as you would get for the SaaS scenario.
We also recommend that you use our logging service called telemetry, as it helps a lot in investigating attacks' details. For Oz API users, the service is enabled by default. For on-premise installations, we'll provide you with credentials.
Oz Liveness Mobile SDK requires a license. License is bound to the bundle_id of your application, e.g., com.yourcompany.yourapp.
1
2
Call once per app launch.
3
OzCapsula uses a session token. The token is mandatory for OzCapsula.
Your backend requests a session token from Oz API. Request it before each capture session, as close to the moment the user starts capture as possible.
With these steps, you are done with basic integration of Mobile SDKs. You will be able to access recorded media and analysis results in Web Console via browser or programmatically via API.
In developer guides, you can also find instructions for customizing the SDK look-and-feel and access the full list of our Mobile SDK methods. Check out the table below:
textStyle
Font style
textStyle
Font style
textStyle
Font style
textColorPrimary
Main text color
backgroundColorPrimary
Main background color
textColorSecondary
Secondary text color
backgroundColorSecondary
Secondary background color
cornerRadius
Button corner radius
textStyle
Font style
textColor
Text color
backgroundColor
Background color
backgroundOpacity
Background opacity
backgroundCornerRadius
Frame corner radius
verticalPosition
Vertical position
animationIconSize
Animation icon size
strokeFaceInFrameColor
Frame color when a face is aligned properly
strokeOpacity
Stroke opacity
strokeWidth
Stroke width
strokePadding
Padding from stroke
textSize
Font size
textWeight
Font weight
textStyle
Font style
textColor
Text color
textOpacity
Text opacity
backgroundColor
Background color
backgroundOpacity
Background opacity
backgroundCornerRadius
Frame corner radius
flashColor
Flashing indicator color
verticalPosition
Vertical position of the antiscam message; if not set, the message is bound the the top of the oval
textStyle
Font style
textColor
Text color
textOpacity
Text opacity
maxAlpha
Maximum mask transparency level. Implemented in 1.3.1
loader:cameraReady
when access is granted and loader should be hidden
loader:processing
{phase: 'start' | 'end'}
before / after data preparation
loader:uploading
{phase: 'start' | 'progress' | 'end', percent?}
before / during / after data transmission
loader:destroy
when you need to hide the slot
centerHint.textSize
centerHintCustomization.textSize
centerHint.color
centerHintCustomization.textColor
centerHint.yPosition
centerHintCustomization.verticalPosition
centerHint.letterSpacing
-
centerHint.fontStyle
centerHintCustomization.textStyle
closeButton.image
-
backgroundOutsideFrame.color
backgroundCustomization.backgroundColor
Resolved excessive error_recorder_face_detector and camera_preparation_error errors.
Resolved the issue with an increased number of rejects in Safari's private mode.
Resolved a race condition in add_lang() where the chosen language could be randomly reset to English during SDK initialization.
SDK now correctly distinguishes between internet connection loss (error_connection_lost) and server unavailability (error_service_unavailable).
Web SDK no longer initializes the plugin screen twice within a single session when the gesture selection button is clicked repeatedly during resource loading.
Resolved the plugin_already_running error on subsequent open() calls after session completion (SPA, long-lifecycle pages) or abnormal termination (network errors, page unload, init errors).
Resolved resource loading errors on Safari where the plugin screen failed to launch while the camera remained active.
Web SDK no longer breaks when its loader script is loaded on the page a second time.
Resolved the issue with freezes appearing if Web SDK was launched a second time shortly after the first.
Enhanced stability and security.
and
OzLiveness.set_lang('kz')
work equally.
The OzLiveness.hide() and show() methods now support global UI visibility state. You don’t need to call them each time, the state is saved between sessions.
Added new callbacks:
on_media_stream_start is called when getUserMedia is completed successfully,
on_media_stream_stop is called once video is captured.
The ready() promise is now exposed as the plugin initialization event. Added new methods:
OzLiveness.ready(): Promise<void> to return the Promise that is resolved after all plugin resources are loaded,
OzLiveness.isReady(): Boolean to check the initialization state.
Fixed the bug with empty loader been displayed on screen between processing and uploading.
If you enter the wrong language code, SDK now shows the proper error.
The non-English locales are now being applied properly on the first open() call.
Enhanced security.
Resolved an issue with excessive error messages in console.
Updated telemetry.
Enhanced security.
Resolved the issue when OzLiveness was sometimes called later than expected.
Security update.
true (the default value) – authorization is required and is based on the generated key;
user:pass – authorization is required and is based on the user login and password;
Fixed the bug with colors being applied incorrectly during 3D mask customization.
Resolved the issue with incorrect mirroring when the use_for_liveness parameter is not set.
The document scan in plugin now works properly.
Improved accessibility: the hints throughout the customer journey (camera access, processing data, uploading data, requesting results) are now properly and completely voiced by screen readers in assertive mode (changes in hints are announced immediately).
Created an endpoint for license verification: [GET] /check_license.php.
Reduced the bundle size.
Fixed the issue with missing analysis details in the on_complete callback when using result_mode: full.
Fixed the issue when the camera switch button might have been missed.
The front camera no longer displays the user's actions as in a mirror image.
Improved error handling.
Improved support for low-performance devices.
Added the closed eyes check to the Scan gesture.
Internal improvements, bug fixes, major telemetry and security updates.
You can now configure method signatures to make them trusted via checksum of the modified function.
Changed the wording for the head_down gesture: the new wording is “tilt down”.
For possible regulatory requirements, updated the Web Adapter configuration file with a new parameter: extract_action_shot. If True, for each gesture, the system saves the corresponding image to display it in report, e.g., closed eyes for blinking, instead of random frame for thumbnail.
Fixed an issue where an arrow incorrectly appeared after capturing head-movement gestures.
Fixed an issue where the oval disappeared when the "Great!" phrase was displayed.
Improved the localization: when SDK can’t find a translation for a key, it displays a message in English.
You can now distribute the serverless Web SDK via Node Package Manager.
You can switch off the display of API errors in modal windows. Set the disable_adapter_errors_on_screen parameter in the configuration file to True.
The mobile browsers now use the rear camera to take the documents’ photos.
Updated samples.
Fixed the bug with abnormal 3D mask reaction when user needs to repeat a gesture.
Logging and security updates.
Improved the React Native app integration by adding the webkit-playsinline attribute, thereby fixing the issue of the full-screen camera launch on iOS WebView.
The iFrame using error when iframe_allowed = False is now shown properly.
New localization keys:
oz_tutorial_camera_android_webview_browser
oz_tutorial_camera_android_webview_instruction
oz_tutorial_camera_android_webview_title
The interval for polling for the analyses’ results is now configurable. Change it in the results_polling_interval parameter of the Web Adapter configuration file if necessary.
You can now select the front or back camera via Web Plugin. In the OzLiveness.open() method, set cameraFacingMode to user for the front camera and environment for the back one. This parameter only works when the use_for_liveness option in the Web Adapter configuration file is not set.
The plugin styles are now being added automatically. Please remove <link rel="stylesheet" href="/plugin/ozliveness.css" /> from your page to prevent style conflicts.
Fixed some bugs and updated telemetry.
adapter parameter.
The 3D mask transparency became customizable.
Implemented the possibility of using a master license that works with any domain.
Added the master_license_signature option into Web Adapter configuration parameters.
Fixed some bugs.
Fixed some bugs and improved logging.
Added the progress bar for media upload.
Removed the Zoom in / Zoom out gestures.
On tablets, you can now capture video in landscape orientation.
Removed the lang_allow option from Web Adapter configuration file.
Fixed face landmarks for the capture architecture.
now you can set the license in JS during the runtime;
when you set a license in OzLiveness.open(), it rewrites the previous license;
the license no longer requires port and protocol;
you can now specify subdomains in the license;
upon the launch of the plugin on a server, the license payload is displayed in the Docker log;
localhost and 127.0.0.1 no longer ask for a license;
The on_capture_complete callback is now available on any architecture: it is called once a video is taken and returns info on actions from the video;
Oz Web Liveness and Oz Web Adapter versions are displayed in the Docker log upon launch;
Deleted the deprecated adapter_version field from order metadata;
Added the parameters to pass the information about the bounding box – landmarks that define where the face in the frame is;
Fixed the Switch camera button in Google Chrome;
Upon the start of Web SDK, the actual configuration parameters are displayed in the Docker log.
status only after a successful liveness.
You can manage CORS using the environment variables (CORS headers are not added by default).
Added the Lite mode.
1.9.7 – Apr. 24, 2026
1.9.2-15 – Dec. 30, 2025
1.8.1 – Oct. 09, 2025
1.8.0 – Sept. 26, 2025
1.7.15 – Aug. 12, 2025
1.7.14-89-1 – July 09, 2025
1.7.14 – June 13, 2025
1.6.15 – Dec. 27, 2024
1.6.12 – Oct. 18, 2024
1.6.0 – June 24, 2024
1.5.3 – May 28, 2024
1.5.0 – May 05, 2024
1.4.3 – Apr. 15, 2024
1.4.2 – Mar. 14, 2024
1.4.1 – Feb. 27, 2024
1.4.0 – Feb. 07, 2024
1.3.1 – Jan. 12, 2024
1.2.2 – Dec. 15, 2023
1.2.1 – Nov. 04, 2023
1.1.5 – Oct. 27, 2023
1.1.4 – Oct. 2023
1.1.3 – Sept. 29, 2023
1.1.2 – Sept. 21, 2023
1.1.1 – Aug. 29, 2023
1.1.0 – Aug. 24, 2023
1.0.2 – July 06, 2023
1.0.1 – July 01, 2023
0.9.1 – Mar. 01, 2023
0.9.0 – Feb. 20, 2023
0.7.6 – Sept. 27, 2022
0.7.5
0.7.4
If you update the Web SDK version from 0.4.0, the license should be updated as well.
This token is short-lived (default lifetime: 900 seconds). Request one per capture session and pass it to the SDK immediately – do not cache or reuse tokens across sessions.
4
(Oz SDK) Launch the capture screen with the session_token
Pass the session_token from Step 3.
AndroidiOS
5
(Oz SDK) Get the OzCapsula container
The container is an opaque encrypted blob. You cannot decode it, inspect it, or extract individual images / frames / metadata from it on the device. It must be forwarded as-is to your backend. If you need access to captured images (e.g., ), retrieve them from the Oz API analysis response on the server side.
Android
Extract the DataContainer from the result intent.
iOS
Implement the delegate. On success you receive a DataContainer.
6
(your code) Send the container to Oz API
Send the encrypted container to your own backend as raw bytes (application/octet-stream). Your backend forwards it to Oz API and returns the analysis response.
Do not run the analysis directly from the mobile SDK. In the embedded-SDK integration flow, the analysis call must go through your own backend.
AndroidiOS
Your backend submits the container to Oz API in a single synchronous POST request.
X-Forensic-Access-Token: {{access_token}}. (optional, depends on installation settings).
Request body: the raw container bytes – no JSON envelope, no multipart, no base64 wrapping.
Request (Instant API):
Request (Full API):
On success: HTTP 201 with a JSON folder object describing the result. Check Step 7.
On container-level error: HTTP 400 – see .
This guide covers the Liveness analysis. To perform a Face Matching analysis within the OzCapsula flow, see .
7
(your code) Handle the response
Your backend now has the response – a JSON folder object describing the result.
Make the accept/reject decision using only these two top-level fields:
$.resolution_status // "FINISHED" – analyses completed; "FAILED" – error during analysis processing
$.system_resolution // "SUCCESS", "DECLINED", or "FAILED"
Interpret system_resolution:
SUCCESS – all checks passed; accept the user.
DECLINED – one or more checks failed; reject the user.
FAILED – a system error prevented at least one analysis from completing; do not treat as accept or reject.
For per-analysis verdicts (for example, to know whether liveness passed but biometry failed), read $.analyses[*].resolution_status with the values described above.
session_token
from your backend before every capture.
Oz API
6.6.1
iOS SDK
10.0.0
Android SDK
10.0.0
Login: j.doe@yourcompany.com
Password: …
API: https://<link>.com
Web Console: https://<link>.com
To integrate OZLivenessSDK into an Xcode project, add to Podfile:
pod 'OZLivenessSDK', :git => 'https://gitlab.com/oz-forensics/oz-liveness-ios', :tag => '<version>' // You can find the version needed in iOS changelog
After the license is loaded, point the SDK at the Oz telemetry receiver so it can send telemetry. Pass the event host along with a service token.
let eventsConnection = Connection.fromServiceToken(
host: "<telemetry-receiver-host>",
token: "<telemetry-service-token>",
sslPins: nil
)
OZSDK.setEventsConnection(eventsConnection) { accessToken, error in
if let error = error {
// handle events connection error
} else {
// telemetry receiver ready — proceed to Step 2
}
}
The event host and service token are provided by Oz Forensics. They are distinct from the session_token used for capture in Step 2.
During development, the SDK's security checks can cause the analysis to be declined – for example, when the app runs with a debugger attached. If you need to run the SDK under these conditions while developing, lower the strictness of the security checks by setting the SDK environment to the debug mode:
AndroidiOS
The debug must be used only during development and testing. All release builds must use the default PRODUCTION (Android) or .prod (iOS) value, where all security checks are enabled.
The code below is illustrative – YourBackend.uploadOzContainer(...) is not part of Oz SDK. You implement this method yourself in your own backend client; Oz SDK does not provide an upload helper for this integration path.
Do not call AnalysisRequest.Builder().addContainer(...).build().run(...).
The code below is illustrative – YourBackend.uploadOzContainer is not part of Oz SDK. You implement this method yourself in your own backend client; Oz SDK does not provide an upload helper for this integration path.
Do not call AnalysisRequestBuilder / AnalysisRequest.run(...).
API now can process an OzCapsula container that has other OzCapsula containers inside. This applies to the Mobile SDK integration flow only.
We now support OpenTelemetry.
You can now obtain the full-size action shot from API for the Liveness analysis. In the payload, set extract_action_shot to 1 or true. In an API response, check analyses[].results_media[].output_images[]. Action shot has original_name = ResultImageActionShot.jpeg. The default report template has been changed accordingly and is included into API image.
Optimized shotset processing.
To prevent TFSS overload, you can now manage the number of concurrent requests API sends to TFSS. Please refer to for details.
We no longer hide the best shot in base64 from response by default. The best shot can be found in analyses[].results_media[].output_images[].image_b64.
OzCapsula requests now include the analyses[] section in the response even when the request is declined with a non-null decline_reason, so integrations relying on analyses[] (e.g., using the on_complete callback in Web SDK) work properly.
expire_date in the /api/authorize/auth response is no longer affected by the timezone that is set in API.
By default, all OzCapsula-related errors now return the "Invalid request data" error message. Error codes stay unchanged.
To S3, we now save multiple engine_response.json files for a single media file: one for each analysis applied (naming: {analysis_id}_{source_media_id}_engine_response.json).
GET /api/collections/{collection_id}/persons/ no longer returns a 500 Internal Server Error for legacy image path formats; an invalid path now produces a meaningful error without a stack trace.
Resolved an AttributeError that might have occurred in case of failed JSON serialization.
Enhanced security.
Updated internal dependencies.
Updated models.
API no longer returns a 500 error when viewing analysis details or printing reports under the CLIENT role in Web UI.
Breaking changes: this version doesn’t support Celery.
Breaking changes: Renamed the oz_instant_save_artifacts_s3 config parameter to OZ_INSTANT_SAVING_ARTIFACTS_ENABLED. If you use this parameter, please rename it manually.
Breaking changes: if you use S3, set OZ_STATIC_S3_BUCKET_URL="None" to avoid breaking of the S3 connection. This is fixed in 6.5.0.
You can now add container to the existing folder using the POST api/folders/{folder_id}/media method.
Improved performance of the
Implemented a new proprietary data format: OzCapsula Data Container.
Instant API now can save static and JSON payload to S3. To enable this functionality, set oz_instant_save_artifacts_s3 to true.
Resolved the issue with occasional false rejections using videos received from Web SDK.
Updated API to support upcoming features.
Fixed bugs that could cause the GET /api/folders/ request to return incorrect results.
Updated API to support upcoming features.
Fixed bugs.
Resolved an issue with POST /api/instant/folders/ and POST /api/folders/ returning “500 Internal Server Error” when the video sent is corrupted. Now system returns “400 Bad Request”.
Updated API to support upcoming features.
Updated API 6 to support Kazakhstan regulatory requirements: added the functionality of extracting action shots from videos of a person performing gestures.
You can remove admin rights from a CLIENT ADMIN user and change their role to CLIENT via PATCH /api/users/{{user_id}}.
You can generate a service token for a user with the OPERATOR role.
Optimization and performance updates.
Analyses can now be done in parallel with each other. To enable this feature, add the OZ_ANALYSE_PARALLELED_CHECK_MEDIA_ENABLED parameter to config.py and set it to true (the default value is false).
For the instant mode, authorization can be disabled. Add the OZ_AUTHORIZE_DISABLED_STATELESS parameter to config.py
Please note: this version doesn't support the Kazakhstan regulatory requirements.
Optimized storage and database.
Implemented the which involves creating a folder and executing analyses in a single request by attaching a part of the analysis in the payload.
Implemented the without storing any data locally or in database. This mode can be used either with or without other API components.
Deprecated Endpoint or Parameter
Replacement
Improved the resource efficiency of server-based biometry analysis.
API can now extract action shots from videos of a person performing gestures. This is done to comply with the new Kazakhstan regulatory requirements for biometric identification.
Created a new report template that also complies with the requirements mentioned above.
If action shots are enabled, the thumbnails for the report are generated from them.
Updated the Postman collection. Please see the new collection and at .
Added the new method to check the timezone settings: GET {{host}}/api/config
Added parameters to the GET {{host}}/api/event_sessions method:
Security updates.
Face Identification 1:N is now live, significantly increasing the data processing capacity of the Oz API to find matches. Even huge face databases (containing millions of photos and more) are no longer an issue.
The Liveness (QUALITY) analysis now ignores photos tagged with photo_id, photo_id_front, or photo_id_back, preventing these photos from causing the tag-related analysis error.
Security updates.
You can now apply the Liveness (QUALITY) analysis to a single image.
Fixed the bug where the Liveness analysis could finish with the SUCCESS result with no media uploaded.
The default value for the extract_best_shot parameter is now True.
Security updates.
Set the autorotation of logs.
Added the CLI command for user deletion.
You can now switch off the video preview generation.
For the sliced video, the system now deletes the unnecessary frames.
Added new methods: GET and POST at media/<media_id>/snapshot/.
Replaced the default report template.
The Photo Expert and KYC modules are now removed.
The endpoint for the user password change is now POST users/user_id/change-password instead of PATCH.
Provided log for the Celery app.
Added filters to the Folder [LIST] request parameters: analyse.time_created, analyse.results_data for the Documents analysis, results_data for the Biometry analysis, results_media_results_data for the QUALITY analysis. To enable filters, set the with_results_media_filter query parameter to True.
Added a new attribute for users – is_active (default True). If is_active == False, any user operation is blocked.
Added a new exception code (1401 with status code 401) for the actions of the blocked users.
Added shots sets preview.
You can now save a shots set archive to a disk (with the original_local_path, original_url attributes).
A new original_info attribute is added to store md5, size, and mime-type of a shots set
Added health check at GET api/healthcheck.
Fixed the shots set thumbnail URL.
Now, the first frame of shots set becomes this shots set's thumbnail URL.
Modified the retry policy – the default max count of analysis attempts is increased to 3 and jitter configuration introduced.
Changed the callback algorithm.
Refactored and documented the command line tools.
Changed the delete personal information endpoint and method from delete_pi to /pi and from POST to DELETE, respectively.
Improved the delete personal information algorithm.
It is now forbidden to add media to cleaned folders.
Changed the authorize/restore endpoint name from auth to auth_restore.
Added a new tag – video_selfie_oneshot.
Fixed a bug with no error while trying to synchronize empty collections.
If persons are uploaded, the analyse collection TFSS request is sent.
Added the fields_to_check parameter to document analysis (by default, all fields are checked).
Added the double_page_spread parameter to document analysis (True by default).
Fixed collection synchronization.
Authorization token can be now refreshed by expire_token.
Added support for application/x-gzip.
Renamed shots_set.images to shots_set.frames.
Added user sessions API.
Users can now change a folder owner (limited by permissions).
Changed dependencies rules.
Move oz_collection_binding (collection synchronization functional) to oz_core.
Simplified the shots sets functionality. One archive keeps one shot set.
Improved the document sides recognition for the docker version.
Moved the orientation tag check to liveness at quality analysis.
Added a default report template for Admin and Operator.
Updated the biometric model.
A new ShotsSet object is not created if there are no photos for it.
Updated the data exchange format for the documents' recognition module.
You can’t delete a Collection if there are associated analyses with Collection Persons.
Added time marks to analysis: time_task_send_to_broker, time_task_received, time_task_finished.
Added a new authorization engine. You can now connect with Active Directory by LDAP (settings configuration required).
A new type of media in Folders – "shots_set".
You can’t delete a CollectionPerson if there are analyses associated with it.
Renamed the folder field resolution_suggest to operator_status.
Added a folder text field operator_comment.
Fixed a deletion error: when report author is deleted, their reports get deleted as well.
Client can now view only their own profile.
Client Operator can now edit only their profile.
Client can't delete own folders, media, reports, or analyses anymore.
Client Service can now create Collection Person and read reports within their company.
Client, Client Admin, Client Operator have read access to users profiles only in their company.
A/B testing is now available.
Added support for expiration date header.
Added a new role of Client Operator (like Client Admin without permissions for company and account management).
Client Admin and Client Operator can change the analysis status.
Only Admin and Client Admin (for their company) can create, update and delete operations for Collection and CollectionPerson models from now on.
Changelog
Breaking change:for the OzCapsula flow, this SDK version requires API 6.6.0.1 or newer.
The Scan gesture is now easier to pass: resolved the issue with conflicting hints.
Files passed via UserMedia in MediaRequest (OzCapsula) are now named using a UUID v4 identifier with the original file extension. The original file name can still be transmitted via the
Added integration with OLAP.
Improved performance under high load.
Increased the total attachment size (OZ_ATTACHMENT_MAX_SIZE) from 10 MB to 24 MB.
Resolved the issue with improper processing of POST /api/folders/{{folder_id}}/media/request that could result in incomplete responses with missing media files.
Added timezone-safe handling for database records to ensure consistent timestamps regardless of the timezone used.
OzCapsula now returns specific error codes for different container damage types instead of a generic "Invalid Data Container" error.
Resolved API errors in multi-storage mode.
Setting OZ_STATIC_S3_BUCKET_URL as an empty string no longer leads to the S3 misconfiguration error.
Sending a container without media no longer causes a 500 error.
Fixed the bug where Instant API could save artifacts to local storage when persistence was disabled.
Fixed the bug where Instant API might create a database record when processing an invalid container.
Fixed the bug with time_created and time_updated that might have appeared incorrect.
Enhanced security.
Collection
analysis.
You can now trim a video if it is too long. Set the OZ_FFMPEG_VIDEO_CROPPING_ENABLED parameter to true to enable automatic trimming of videos longer than OZ_VIDEO_DURATION_MAX. If a video is trimmed, the corresponding records will be added to logs.
If a container cannot be processed (error 14), we now save the corresponding order’s data to ease investigation.
If a container is considered invalid, API logs now include the corresponding folder_id to simplify the search.
Fixed folder deletion in local-local and local-s3 configurations to properly remove static files.
The Collection analysis now ignores images tagged with photo_id_back.
Internal improvements.
Enhanced security.
and set it to
true
(the default value is
false
) to use instant API without authorization.
Fixed the issue with MP4 videos that sometimes could not be played after downloading from SDK.
We now return the correct error for the non-authorized requests.
Fixed the bug with “spontaneous” error 500 that had been caused by too few frames in video. Added the check for the number of frames and more descriptive error messages.
Performance, security, and installation updates.
You can now combine working systems based on asynchronous method or celery worker (local processing, celery processing). Added S3 storage mechanics for each of the combinations.
Enhanced security.
We no longer support RAR archives.
We no longer support Active Directory. This functionality will be returned in the upcoming releases.
Improved mechanics for calculating analysis time.
Replaced the is_admin and is_service flags for the CLIENT role with new roles: CLIENT ADMIN and CLIENT SERVICE, respectively. Set the roles in user_type.
To issue a service token for a user via {{host}}/api/authorize/service_token/, this user must have the CLIENT SERVICE role. You can also create a token for another user with this role: call {{host}}/api/authorize/service_token/{user_id}.
Removed collection and person attributes from COLLECTION.analysis.
We no longer store separate objects for each frame in SHOTS_SET. If you want to save an image from your video, consider enabling best shot.
expire_date in {{host}}/api/authorize/auth and {{host}}/api/authorize/refresh
access_token.exp from payload
session_id in {{host}}/api/authorize/auth and {{host}}/api/authorize/refresh
token_id
time_created
time_created.min
time_created.max
time_updated
time_updated.min
time_updated.max
session_id
session_id.exclude
sorting
offset
limit
total_omit
If you create a folder using SHOT_SET, the corresponding video will be in media.video_url.
Fixed the bug with CLIENT ADMIN being unable to change passwords for users from their company.
RAR archives are no longer supported.
By default, analyses.results_media.results_data now contain the confidence_spoofing parameter. However, if you need all three parameters for the backward compatibility, it is possible to change the response back to three parameters: confidence_replay, confidence_liveness, and confidence_spoofing.
Updated the default PDF report template.
The name of the PDF report now contains folder_id.
The ADMIN access token is now valid for 5 years.
Added the folder identifier folder_id to the report name.
Fixed bugs and optimized the API work.
The shot set preview now keeps images’ aspect ratio.
ADMIN and OPERATOR receive system_company as a company they belong to.
Added the company_id attribute to User, Folder, Analyse, Media.
Added the Analysis group_id attribute.
Added the system_resolution attribute to Folder and Analysis.
The analysis resolution_status now returns the system_resolution value.
Removed the PATCH method for collections.
Added the resolution_status filter to Folder Analyses [LIST] and analyse.resolution_status filter to Folder [LIST].
Added the audit log for Folder, User, Company.
Improved the company deletion algorithm.
Reforged the blacklist processing logic.
Fixed a few bugs.
Fixed ReportInfo for shots sets.
Refactored modules.
Added the password validation setting (OZ_PASSWORD_POLICY).
Added auth, rest_unauthorized, rps_with_token throttling (use OZ_THROTTLING_RATES in configuration. Off by default).
User permissions are now used to access static files (OZ_USE_PERMISSIONS_FOR_STATIC in configuration, false by default).
Added a new folder endpoint – /delete_pi. It clears all personal information from a folder and analyses related to this folder.
Changed the access_token prolongation policy to fix bug of prolongation before checking the expiration permission.
The folder fields operator_status and operator_comment can be edited only by Admin, Operator, Client Service, Client Operator, and Client Admin.
Only Admin and Client Admin can delete folder, folder media, report template, report template attachments, reports, and analyses (within their company).
Telemetry observer callbacks (EventObserver.update() and EventObserver.onDetected()) are now dispatched on a background thread.
Enhanced security.
Android:
Added edge-to-edge display support required for Android 16. The UI now correctly adapts to system insets — the close button no longer overlaps the status bar.
The Action rules unavailable error no longer appears on the first liveness attempt.
Sessions that failed with the CameraDevice was already closed error due to a camera pipeline race condition now complete successfully. The VIDEO_RECORD_ERROR result code is now correctly returned for the remaining edge cases.
Videos captured in the Hybrid analysis flow are now compressed correctly.
A rare codec-related crash during liveness recording no longer appears.
Rebuilt TensorFlow Lite with 16 KB page alignment to comply with Google's updated requirements; the RELRO alignment warning at build/publish no longer occurs.
Removed the OzForensics namespace reference from the Android manifest.
iOS:
Removed the OZ_ prefix from cases of the ContainerType.
The One Shot gesture media is now sent as ZIP instead of JPEG.
Updated the SDK to comply with Apple Required Reasons API.
The unbalanced dispatch_group_leave() crash on session timeout no longer occurs.
Resolved the SQLCipher integration conflict.
Implemented OzCapsula functionality.
The analyze method now correctly handles errors from native SDK’s AnalysisRequest.
Android:
Fixed the bug with SDK crashes caused by the “Invalid to call at Released state” and “Pending dequeue output buffer request cancelled” errors.
Fixed the bug with "java.util.concurrent.TimeoutException" causing crashes.
Android SDK now passes orientation and media type tags along with the action one.
Fixed the bug with green videos appearing on some devices.
Resolved the issue with occasional SDK crashes caused by restrictions of device camera.
Fixed minor bugs.
Enhanced security.
iOS:
Now you can set a custom localization. Use the setLocalizationValue method.
Long antiscam messages are now displayed properly.
Changed the way you add our SDK to pubspec.yaml. Please check the installation section.
Android:
Fixed the bug with green videos on some smartphone models.
Fixed occasional SDK crashes in specific cases and / or on specific devices.
Resolved the issue with mediaId appearing null.
Improved SDK performance for some devices.
Updated SDK to support the upcoming security features.
Enhanced security.
iOS:
Fixed the bug with crashes that might happen during the Biometry analysis after taking a reference photo using camera.
Resolved the issue with SDK not returning the license-related callbacks.
Android:
Resolved an issue with warning that could appear when running Fragment.
SDK no longer crashes when calling copyPlane.
When you choose to send compressed videos for a hybrid analysis, SDK no longer saves original media as well as compressed.
iOS:
The Scan gesture animation now works properly.
Fixed the bug where SDK didn’t call completion during initialization in debug mode.
Enhanced security.
initSDK in the iOS debugging mode now works properly.
If you try to delete the reference photo, SDK now asks you to confirm deletion.
Background is no longer dark when you launch SDK.
SDK no longer flips one of the images during the Biometry analysis.
Fixed some bugs related to the on-device and hybrid analysis types.
Android:
Added support for Google Dynamic Feature Delivery.
Resolved the issue with possible SDK crashes when closing the Liveness screen.
iOS:
Resolved the issue with integration via Swift UI.
Enhanced security and updated telemetry.
Changed the wording for the head_down gesture: the new wording is “tilt down”.
Updated the authorization logic.
Improved voiceover.
Bug fixes.
Security updates.
Android: you can now disable video validation that has been implemented to avoid recording extremely short videos (3 frames and less).
iOS:
SDK now compresses videos if their size exceeds 10 MB.
Head movement gestures are now handled properly.
Xcode updated to version 16 to comply with Apple requirements.
Security and telemetry updates.
The SDK hints and UI controls can be voiced in accordance to WCAG requirements.
Improved user experience with head movement gestures.
Android:
Moved the large video compression step to the Liveness screen closure.
Fixed the bug when the best shot frame could contain an image with closed eyes.
Resolved codec issues on some smartphone models.
iOS:
Added Xcode 16 support.
The screen brightness no longer changes when the rear camera is used.
Fixed the video recording issues on some smartphone models.
The executeLiveness method is now deprecated, please use startLiveness instead.
Updated the code needed to obtain the Liveness results.
Security and telemetry updates.
Added descriptions for the errors that occur when providing an empty string as an ID in the addFolderID (iOS) and setFolderID (Android) methods.
Android:
Fixed a bug causing an endless spinner to appear if the user switches to another application during the Liveness check.
Fixed some smartphone model specific-bugs.
Security and logging updates.
Android:
Upgraded the on-device Liveness model.
Security updates.
iOS:
The messages displayed by the SDK after uploading media have been synchronized with Android.
The bug causing analysis delays that might have occurred for the One Shot gesture has been fixed.
The length of the Selfie gesture is now configurable (affects the video file size).
Removed the pause after the Scan gesture.
Security and logging updates.
Bug fixes.
Android: if the recorded video is larger than 10 MB, it gets compressed.
Android: updated the on-device Liveness model.
iOS: changed the default behavior in case a localization key is missing: now the English string value is displayed instead of a key.
Fixed some bugs.
Implemented the possibility of using a master license that works with any bundle_id.
Fixed the bug with background color flashing.
Video compression failure on some phone models is now fixed.
Initial release.
10.0.0 — June 12, 2026
9.1.0 – May 15, 2026
8.23.1 – Mar. 27, 2026
8.22.0 – Dec. 23, 2025
8.19.0 – Nov. 24, 2025
8.18.1 – Sept. 10, 2025
8.18.0 – Aug. 26, 2025
8.16.0 – Apr. 30, 2025
8.14.0 – Dec. 17, 2024
8.12.0 – Oct. 11, 2024
8.8.2 – June 27, 2024
8.6.0 – Apr. 15, 2024
8.5.0 – Mar. 20, 2024
8.4.0 – Jan. 11, 2024
8.3.0 – Nov. 30, 2023
8.2.0 – Nov. 17, 2023
SDK no longer crashes when Liveness screen is called several times in a row with short intervals.
Resolved the issue with container errors not being returned.
Resolved the issue with SDK sometimes not responding to user actions on some devices.
Updated SDK to support the upcoming security features.
Enhanced security.
Fixed the bug when the recorded videos might appear green.
Changelog
Android SDK changes
10.0.0 – June 05, 2026
Breaking changes: for the OzCapsula flow, this SDK version requires API 6.6.0.1 or newer.
Updated internal dependencies.
Enhanced security.
9.3.0 – May 14, 2026
The files passed via UserMedia in MediaRequest (OzCapsula) are now named using a UUID v4 identifier with the original file extension. The original file name can still be transmitted via the mediaMeta field.
Telemetry observer callbacks (EventObserver.update() and EventObserver.onDetected()) are now dispatched on a background thread.
Removed the OzForensics namespace reference from the Android manifest.
Rebuilt TensorFlow Lite with 16 KB page alignment to comply with Google's updated requirements; the RELRO alignment warning at build/publish no longer occurs.
A rare codec-related crash during liveness recording no longer appears.
The sample app now covers the scenario of biometric authentication using OzCapsula.
Videos captured in the Hybrid analysis flow are now compressed correctly.
Added the new addAnalysisProfile method. It allows appending an additional AnalysisProfile (e.g., a reference photo) to an existing OzCapsula container generated during capture, forming a multi-container package for biometric or comprehensive analyses. The session token and the existing OzCapsula instance are read from device memory automatically; no additional parameters are needed. Warning: requires API 6.6.1 and above.
The Scan gesture has been made easier to pass: resolved the issue with conflicting hints.
The Action rules unavailable error
Selfie gesture recording now stops strictly at the configured timeout to normalize video duration across devices.
If user can’t take a video, the new timeout counter for video capture now starts after the error timeout dialog is shown.
Updated internal dependencies.
Fixed the bug with “Unknown Error” being returned even in case of successful video capture.
Resolved the issue with occasional crashes caused by improper preview scaling on some devices.
You can now (if allowed by license).
In case of lost internet connection during license checking, SDK now returns the proper error.
Updated code sample to align with OzCapsula functionality.
Fixed the bug with green videos appearing on some devices.
Resolved the issue with occasional SDK crashes caused by restrictions of device camera.
Fixed minor bugs.
Fixed the bug with SDK crashes caused by the “Invalid to call at Released state” and “Pending dequeue output buffer request cancelled” errors.
Fixed the bug with "java.util.concurrent.TimeoutException" causing crashes.
Android SDK now passes orientation and media type tags along with the action one.
Fixed a minor bug.
Implemented a new proprietary data format: OzCapsula Data Container.
Fixed occasional SDK crashes in specific cases and / or on specific devices.
Enhanced security.
Improved SDK performance for some devices.
Updated SDK to support the upcoming security features.
Fixed the bug with green videos on some smartphone models.
Resolved the issue with mediaId appearing null.
Enhanced security.
Resolved an issue with warning that could appear when running Fragment.
SDK no longer crashes when calling copyPlane.
When you choose to send compressed videos for a hybrid analysis, SDK no longer saves original media as well as compressed.
To support memory page size of 16 KB, switched TensorFlow to LiteRT.
Fixed the bug that caused video duration and file size to increase.
Added support for Google Dynamic Feature Delivery.
Resolved an issue that might have caused crashes when taping the close button on the Liveness screen.
Fixed a bug where the SDK would crash with "CameraDevice was already closed" exception.
Resolved the issue with OkHttp compatibility.
Fixed the bug with Fragment missing context.
Resolved a camera access issue affecting some mobile device models.
Security updates.
Security updates.
Security updates.
Resolved the issue with possible SDK crashes when closing the Liveness screen.
Security updates.
Updated the authorization logic.
Improved voiceover.
Fixed the issue with SDK lags and the non-responding error that users might have encountered on some devices after completing the video recording.
Resolved the issue with SDK crashes on some devices that might have occurred because of trying to access non-initialized or closed resources.
Security updates.
You can now disable video validation that has been implemented to avoid recording of extremely short videos (3 frames and less): switch the option off using .
Fixed the bug with green videos on some smartphone models.
Security updates.
Fixed bugs that could have caused crashes on some phone models.
Changed the wording for the head_down gesture: the new wording is “tilt down”.
Added proper focus order for TalkBack when the antiscam hint is enabled.
Added the public setting extract_action_shot in the Demo Application.
Fixed the bug when the recorded videos might appear green.
Resolved codec issues on some smartphone models.
Accessibility updates according to WCAG requirements: the SDK hints and UI controls can be voiced.
Improved user experience with head movement gestures.
Moved the large video compression step to the Liveness screen closure.
Security and telemetry updates.
Security updates.
Security updates.
Security and telemetry updates.
Fixed the RuntimeException error with the server-based Liveness that appeared on some devices.
Security updates.
Security updates.
Bug fixes.
Updated the Android Gradle plugin version to 8.0.0.
Internal SDK improvements.
Internal SDK improvements.
Security updates.
Security updates.
Security updates.
Security updates.
Added a description for the error that occurs when providing an empty string as an ID in the setFolderID method.
Fixed a bug causing an endless spinner to appear if the user switches to another application during the Liveness check.
Fixed some smartphone model specific-bugs.
Upgraded the on-device Liveness model.
Security updates.
The length of the Selfie gesture is now (affects the video file size).
You can instead of Oz logo if your license allows it.
Removed the pause after the Scan gesture.
Changed the master license validation algorithm.
Downgraded the required compileSdkVersion from 34 to 33.
Security updates.
Updated the on-device Liveness model.
Fixed some bugs.
Internal licensing improvements.
Internal SDK improvements.
Bug fixes.
Implemented the possibility of using a master license that works with any bundle_id.
Video compression failure on some phone models is now fixed.
Bug fixes.
The Analysis structure now contains the sizeReductionStrategy field. This field defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully.
The messages for the errors that are retrieved from API are now detailed.
If multiple analyses are applied to the folder simultaneously, the system sends them as a group. It means that the “worst” of the results will be taken as resolution, not the latest. Please refer to this article for details.
For the Liveness analysis, the system now treats the highest score as a quantitative result. The Liveness analysis output is described .
Updated the Liveness on-device model.
Added the Portuguese (Brazilian) locale.
You can now add a custom or update an existing language pack. The instructions can be found .
Fixed errors.
The SDK now works properly with baseURL set to null.
The dependencies' versions have been brought into line with Kotlin version.
Added the new analysis mode – hybrid (Liveness only). If the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.
Kotlin version requirements lowered to 1.7.21.
Improved the on-device models.
Restructured the settings screen.
Added the center hint background customization.
Added new face frame forms (Circle, Square).
Improved the SDK algorithms.
Updated the model for the on-device analyses.
Fixed the animation for sunglasses/mask.
The oval size for Liveness is now smaller.
Fixed the error with the server-based analyses while using permanentAccessToken for authorization.
Added customization for the .
You can now hide the status bar and system buttons (works with 7.0.0 and newer).
OzLivenessSDK.init now requires context as the first parameter.
Fixed crashes for Android v.6 and below.
Fixed oval positioning for some phone models.
Internal fixes and improvements.
Updated security.
Implemented some internal improvements.
The addMedia method is now deprecated, please use uploadMedia for uploading.
Changed the way of sharing dependencies. Due to security issues, now we share two types of libraries as shown below: sdk is a server analysis only, full provides both server and on-device analyses:
UICustomization has been implemented instead of OzCustomization.
Implemented a range of options and switched to the new design. To restore the previous settings, please refer to .
Fixed the bug with freezes that had appeared on some phone models.
SDK now captures videos in 720p.
Synchronized the names of the analysis modes with iOS: SERVER_BASED and ON_DEVICE.
Fixed the bug with displaying of localization settings.
Now you can use Fragment as Liveness screen.
Added a new field to the Analysis structure. The params field is for any additional parameters, for instance, if you need to set extracting the best shot on server to true. The best shot algorithm chooses the most high-quality frame from a video.
The Zoom in and Zoom out gestures are no longer supported.
Updated the biometry model.
Added a new simplified API – AnalysisRequest. With it, it’s easier to create a request for the media and analysis you need.
Published the on-device module for on-device liveness and biometry analyses. To add this module to your project, use:
To launch these analyses, use runOnDeviceBiometryAnalysis and runOnDeviceLivenessAnalysis methods from the OzLivenessSDK class:
Liveness now goes smoother.
Fixed freezes on Xiaomi devices.
Optimized image converting.
New metadata parameter for OzLivenessSDK.uploadMedia and new OzLivenessSDK.uploadMediaAndAnalyze method to pass this parameter to folders.
Added functions for SDK initialization with LicenseSources: LicenseSource.LicenseAssetId and LicenseSource.LicenseFilePath. Use the OzLivenessSDK.init method to start initialization.
Now you can get the license info upon initialization val licensePayload = OzLivenessSDK.getLicensePayload().
Added the Kyrgyz locale.
Added local analysis functions.
You can now configure the face frame.
Fixed version number at the Liveness screen.
Added the main camera support.
Added configuration from license support.
Added the OneShot gesture.
Added new states for OzAnalysisResult.Resolution.
Added the uploadMediaAndAnalyze method to load a bunch of media to the server at once and send them to analysis immediately.
Access token updates automatically.
Renamed accessToken to permanentAccessToken.
Added R8 rules.
Fixed the oval frame.
Removed the unusable parameters from AnalyseRequest.
Removed default attempt limits.
To customize the configuration options, the config property is added instead of baseURL, accessToken, etc. Use OzConfig.Builder for initialization.
Added license support. Licences should be installed as raw resources. To pass them to OzConfig, use setLicenseResourceId.
, which might have appeared on the first liveness attempt, no longer occurs.
Sessions that might have failed with the CameraDevice was already closed error due to a camera pipeline race condition now complete successfully. The VIDEO_RECORD_ERROR result code is now correctly returned for the remaining edge cases.
Added edge-to-edge display support required for Android 16. The UI now correctly adapts to system insets — the close button no longer overlaps the status bar.
Enhanced security.
Updated Oz Forensics website link.
Enhanced security.
Security and telemetry updates.
Security updates.
Fixed bugs.
Security updates.
Fixed the bug when the best shot frame could contain an image with closed eyes.
Minor bug fixes and telemetry updates.
If the recorded video is larger than 10 MB, it gets compressed.
Security and logging updates.
If a media hasn't been uploaded correctly, the system repeats the upload.
Created a new method to retrieve the telemetry (logging) identifier: getEventSessionId.
The login and auth methods are now deprecated. Use the setAPIConnection method instead.
OzConfig.baseURL and OzConfig.permanentAccessToken are now deprecated.
If a user closes the screen during video capture, the appropriate error is now being handled by SDK.
Fixed some bugs and improved the SDK work.
For some phone models, fixed the fatal device error.
The hint text width can now exceed the frame width (when using the main camera).
Photos taken during the One Shot analysis are now being sent to the server in the original size.
Removed the OzAnalysisResult class. The onSuccess method ofAnalysisRequest.run now uses the RequestResult structure instead of List<OzAnalysisResult>.
All exceptions are moved to the com.ozforensics.liveness.sdk.core.exceptions package (See changes below).
Classes related to AnalysisRequest are moved to the com.ozforensics.liveness.sdk.analysispackage (See changes below).
The methods below are no longer supported:
OzLivenessSDK.runOnDeviceLivenessAnalysis
AnalysisRequest.run
AnalysisRequest.build(): AnalysisRequest
-
AnalysisRequest.Builder.addMedia
AnalysisRequest.Builder.uploadMedia
Added the antiscam widget and its customization. This feature allows you to alert your customers that the video recording is being conducted, for instance, for loan application purposes. The purpose of this is to safeguard against scammers who may attempt to deceive an individual into approving a fraudulent transaction.
The OzLivenessSDK::init method no longer crashes if there is a StatusListener parameter passed.
Changed the scan gesture animation.
OzAnalysisResult now shows the server-based analyses' scores properly.
Fixed initialization issues, displaying of wrong customization settings, authorization failures on Android <7.1.1.
Added the Spanish locale.
OzMedia is renamed to OzAbstractMedia and got subclasses for images and videos.
Fixed camera bugs for some devices.
Configuration became easier: config settings are mutable.
Replaced the context-dependent methods with analogs.
val mediaList: List<OzAbstractMedia> = ...
val biometryAnalysisResult: OzAnalysisResult = OzLivenessSDK.runOnDeviceBiometryAnalysis(mediaList)
val livenessAnalysisResult: OzAnalysisResult = OzLivenessSDK.runOnDeviceLivenessAnalysis(mediaList)
9.2.0 – Apr. 16, 2026
9.1.0 – Mar. 12, 2026
9.0.2 – Feb. 25, 2026
9.0.1 – Feb. 18, 2026
9.0.0 – Feb. 10, 2026
8.23.1 – Jan. 30, 2026
8.23.0 – Dec. 30, 2025
8.22.1 – Dec. 10, 2025
8.22.0 – Dec. 01, 2025
8.21.0 – Nov. 12, 2025
8.20.0 – Oct. 10, 2025
8.19.0 – Sept. 15, 2025
8.18.4 – Aug. 29, 2025
8.18.2 – Aug. 7, 2025
We highly recommend updating to this version.
8.18.0 – July 16, 2025
8.17.3 – July 02, 2025
8.17.2 – June 26, 2025
8.17.1 – June 23, 2025
8.17.0 – May 22, 2025
8.16.3 – Apr. 08, 2025
8.16.2 – Mar. 19, 2025
8.16.1 – Mar. 14, 2025
8.16.0 – Mar. 11, 2025
8.15.6 – Feb. 26, 2025
8.15.5 – Feb. 18, 2025
8.15.4 – Feb. 11, 2025
8.15.0 – Dec. 30, 2024
8.14.1 – Dec. 5, 2024
8.14.0 – Dec. 2, 2024
8.13.0 – Nov. 12, 2024
8.12.4 – Oct. 01, 2024
8.12.2 – Sept. 10, 2024
8.12.0 – Aug. 29, 2024
8.11.0 – Aug. 19, 2024
8.10.0 – July 26, 2024
8.9.0 – July 18, 2024
8.8.3 – July 11, 2024
8.8.2 – June 21, 2024
8.8.1 – June 12, 2024
8.8.0 – June 04, 2024
8.7.3 – June 03, 2024
8.7.0 – May 06, 2024
8.6.0 – Apr. 05, 2024
8.5.0 – Feb. 27, 2024
8.4.4 – Feb. 06, 2024
8.4.3 – Jan. 29, 2024
8.4.2 – Jan. 15, 2024
8.4.0 – Jan. 04, 2024
8.3.3 – Dec. 11, 2023
8.3.2 – Nov. 30, 2023
8.3.1 – Nov. 24, 2023
8.3.0 – Nov. 17, 2023
8.2.1 – Nov. 01, 2023
8.2.0 – Oct. 23, 2023
8.1.1 – Oct. 02, 2023
8.1.0 – Sept. 07, 2023
8.0.3 – Aug. 24, 2023
8.0.2 – July 13, 2023
8.0.1 – June 28, 2023
8.0.0 – June 19, 2023
Public interface changes
New entities
AnalysisRequest.Type.HYBRID in com.ozforensics.liveness.sdk.analysis.entity
AnalysisError in com.ozforensics.liveness.sdk.analysis.entity
SourceMedia in com.ozforensics.liveness.sdk.analysis.entity
ResultMedia in com.ozforensics.liveness.sdk.analysis.entity
RequestResult in com.ozforensics.liveness.sdk.analysis.entity
NoAnalysisException from com.ozforensics.liveness.sdk.exceptions в com.ozforensics.liveness.sdk.core.exceptions
NoNetworkException from com.ozforensics.liveness.sdk.exceptions в com.ozforensics.liveness.sdk.core.exceptions
OzLivenessSDK
Removed uploadMediaAndAnalyze
Removed uploadMedia
Removed runOnDeviceBiometryAnalysis
AnalysisRequest
Removed build(): AnalysisRequest
AnalysisRequest.Builder
Removed addMedia
Removed onSuccess(result: List<OzAnalysisResult>)
Added onSuccess(result: RequestResult)
7.3.1 – June 07, 2023
Please note: for this version, we updated Kotlin to 1.8.20.
TokenException from com.ozforensics.liveness.sdk.exceptions в com.ozforensics.liveness.sdk.core.exceptions
NoMediaInAnalysisException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions
EmptyMediaListException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions
NoSuchMediaException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions
LicenseException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.security.exception
Analysis from com.ozforensics.liveness.sdk.analysis.entity to com.ozforensics.liveness.sdk.core.model
AnalysisRequest from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
AnalysisListener from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
AnalysisStatus from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
AnalysisRequest.Builder from com.ozforensics.liveness.sdk.analysis to com.ozforensics.liveness.sdk.core
OzException from com.ozforensics.liveness.sdk.exceptions to com.ozforensics.liveness.sdk.core.exceptions
Removed runOnDeviceLivenessAnalysis
Moved entities
Changed classes
User Roles
Each of the new API users should obtain a role to define access restrictions for direct API connections. Set the role in the user_type field when you create a new user.
ADMIN is a system administrator, who has unlimited access to all system objects, but can't change the analyses' statuses;
OPERATOR is a system operator, who can view all system objects and choose the analysis result via the Make Decision button (usually needed if the is OPERATOR_REQUIRED);
CLIENT is a regular consumer account, who can upload media files, process analyses, view results in personal folders, generate reports for analyses.
can_start_analysis_biometry – an additional flag to allow access to analyses (enabled by default);
CLIENT ADMIN is a company administrator that can manage their company account and users within it. Additionally, CLIENT ADMIN can view and edit data of all users within their company, delete files in folders, add or delete report templates with or without attachments, the reports themselves and single analyses, check statistics, add new blacklist collections.
CLIENT OPERATOR is similar to OPERATOR within their company.
CLIENT SERVICE is a service user account for automatic connection purposes. Authentication with this user creates a long-live access token (5 years by default). The token lifetime for regular uses is 15 minutes by default (parameterized) and, also by default, the lifetime of a token is extended with each request (parameterized).
Here's the detailed information on access levels.
can_start_analysis_quality
– an additional flag to allow access to
(QUALITY) analyses (enabled by default);
can_start_analysis_collection – an additional flag to allow access to BLACK LIST analyses (enabled by default).
OPERATOR
-
+
-
-
CLIENT
-
their company data
-
-
CLIENT SERVICE
-
their company data
-
-
CLIENT OPERATOR
-
their company data
-
-
CLIENT ADMIN
-
their company data
their company data
their company data
OPERATOR
+
+
+
-
CLIENT
their folders
their folders
their folders
-
CLIENT SERVICE
within their company
within their company
within their company
-
CLIENT OPERATOR
within their company
within their company
within their company
-
CLIENT ADMIN
within their company
within their company
within their company
within their company
OPERATOR
+
+
+
-
CLIENT
-
within their company
-
-
CLIENT SERVICE
-
within their company
-
-
CLIENT OPERATOR
within their company
within their company
within their company
-
CLIENT ADMIN
within their company
within their company
within their company
within their company
+
+
-
CLIENT
-
within their company
-
CLIENT SERVICE
-
within their company
-
CLIENT OPERATOR
within their company
within their company
-
CLIENT ADMIN
within their company
within their company
within their company
+
+
-
CLIENT
in their folders
in their folders
-
CLIENT SERVICE
within their company
within their company
-
CLIENT OPERATOR
within their company
within their company
-
CLIENT ADMIN
within their company
within their company
within their company
OPERATOR
+
+
+
-
CLIENT
in their folders
in their folders
-
-
CLIENT SERVICE
within their company
within their company
within their company
-
CLIENT OPERATOR
within their company
within their company
within their company
-
CLIENT ADMIN
within their company
within their company
within their company
within their company
OPERATOR
-
+
-
-
CLIENT
-
within their company
-
-
CLIENT SERVICE
within their company
within their company
-
-
CLIENT OPERATOR
-
within their company
-
-
CLIENT ADMIN
within their company
within their company
within their company
within their company
-
+
-
CLIENT
-
within their company
-
CLIENT SERVICE
within their company
within their company
-
CLIENT OPERATOR
-
within their company
-
CLIENT ADMIN
within their company
within their company
within their company
-
+
-
CLIENT
-
within their company
-
CLIENT SERVICE
-
within their company
-
CLIENT OPERATOR
-
within their company
-
CLIENT ADMIN
within their company
within their company
within their company
OPERATOR
-
+
their data
-
CLIENT
-
their data
their data
-
CLIENT SERVICE
-
within their company
their data
-
CLIENT OPERATOR
-
within their company
their data
-
CLIENT ADMIN
within their company
within their company
within their company
within their company
Create
Read
Update
Delete
ADMIN
+
+
+
Create
Read
Update
Delete
ADMIN
+
+
+
Create
Read
Update
Delete
ADMIN
+
+
+
Create
Read
Delete
ADMIN
+
+
+
Create
Read
Delete
ADMIN
+
+
+
Create
Read
Update
Delete
ADMIN
+
+
+
Create
Read
Update
Delete
ADMIN
+
+
+
Create
Read
Delete
ADMIN
+
+
+
Create
Read
Delete
ADMIN
+
+
+
Create
Read
Update
Delete
ADMIN
+
+
+
For API versions below 6.0
For API 5.3 and below, to create a CLIENT user with admin or service rights, you require to set the corresponding flags to true:
is_admin – if set, the user obtains access to other users' data within this admin's company.
is_service is a flag that marks the user account as a service accountfor automatic connection purposes. Authentication with this user creates a long-live access token (5 years by default). The token lifetime for regular uses is 15 minutes by default (parameterized) and, also by default, the lifetime of a token is extended with each request (parameterized).
From 1.1.0, Oz API Lite works with base64 as an input format and is also able to return the biometric templates in this format. To enable this option, add Content-Transfer-Encoding = base64 to the request headers.
version – component version check
Use this method to check what versions of components are used (available from 1.1.1).
Call GET /version
Input parameters
-
Request example
GET localhost/version
Successful response
In case of success, the method returns a message with the following parameters.
HTTP response content type: “application/json”.
Output parameters
Use this method to check whether the biometric processor is ready to work.
Call GET /v1/face/pattern/health
-
GET localhost/v1/face/pattern/health
In case of success, the method returns a message with the following parameters.
HTTP response content type: “application/json”.
The method is designed to extract a biometric template from an image.
In case of success, the method returns a biometric template.
The content type of the HTTP response is “application/octet-stream”.
The method is designed to compare two biometric templates.
The content type of the HTTP request is “multipart / form-data”.
CallPOST /v1/face/pattern/compare
In case of success, the method returns the result of comparing the two templates.
HTTP response content type: “application/json”.
The method combines the two methods from above, extract and compare. It extracts a template from an image and compares the resulting biometric template with another biometric template that is also passed in the request.
The content type of the HTTP request is “multipart / form-data”.
Call POST /v1/face/pattern/verify
In case of success, the method returns the result of comparing two biometric templates and the biometric template.
The content type of the HTTP response is “multipart/form-data”.
The method also combines the two methods from above, extract and compare. It extracts templates from two images, compares the received biometric templates, and transmits the comparison result as a response.
The content type of the HTTP request is “multipart / form-data”.
Call POST /v1/face/pattern/extract_and_compare
In case of success, the method returns the result of comparing the two extracted biometric templates.
HTTP response content type: “application / json”.
Use this method to compare one biometric template to N others.
The content type of the HTTP request is “multipart/form-data”.
Call POST /v1/face/pattern/compare_n
In case of success, the method returns the result of the 1:N comparison.
HTTP response content type: “application / json”.
The method combines the extract and compare_n methods. It extracts a biometric template from an image and compares it to N other biometric templates that are passed in the request as a list.
The content type of the HTTP request is “multipart/form-data”.
Call POST /v1/face/pattern/verify_n
In case of success, the method returns the result of the 1:N comparison.
HTTP response content type: “application / json”.
This method also combines the extract and compare_n methods but in another way. It extracts biometric templates from the main image and a list of other images and then compares them in the 1:N mode.
The content type of the HTTP request is “multipart/form-data”.
Call POST /v1/face/pattern/extract_and_compare_n
In case of success, the method returns the result of the 1:N comparison.
HTTP response content type: “application / json”.
HTTP response content type: “application / json”.
Use this method to check whether the liveness processor is ready to work.
Call GET /v1/face/liveness/health
None.
GET localhost/v1/face/liveness/health
In case of success, the method returns a message with the following parameters.
HTTP response content type: “application/json”.
The detect method is made to reveal presentation attacks. It detects a face in each image or video (since 1.2.0), sends them for analysis, and returns a result.
The method supports the following content types:
image/jpeg or image/png for an image;
multipart/form-data for images, videos, and archives. You can use payload to add any parameters that affect the analysis.
To run the method, call POST /{version}/face/liveness/detect.
Accepts an image in JPEG or PNG format. No payload attached.
Accepts the multipart/form-data request.
Each media file should have a unique name, e.g., media_key1, media_key2.
The payload parameters should be a JSON placed in the payload field.
To extract the best shot from your video or archive, in analyses, set extract_best_shot = true (as shown in the request example below). In this case, API Lite will analyze your archives and videos, and, in response, will return the best shot. It will be a base64 image in analysis->output_images->image_b64.
Additionally, you can change the Liveness threshold. In analyses, set the new threshold in the threshold_spoofing parameter. If the resulting score will be higher than this parameter's value, the analysis will end up with the DECLINED status. Otherwise, the status will be SUCCESS.
HTTP response content type: “application / json”.
[String]
An array of model versions, each record contains model name and model version number.
*score
Float
The result of comparing the main and Nth templates.
*decision
String
Recommended solution based on the score.
approved – positive. The faces are match.
operator_required – additional operator verification is required.
declined – negative result. The faces don't match.
*score
Float
The result of comparing the template derived from the main image and the Nth template.
*decision
String
Recommended solution based on the score.
approved – positive. The faces are match.
operator_required – additional operator verification is required.
declined – negative result. The faces don't match.
*score
Float
The result of comparing the main and Nth images.
*decision
String
Recommended solution based on the score.
approved – positive. The faces are match.
operator_required – additional operator verification is required.
declined – negative result. The faces don't match.
400
BPE-002003
Failed to read the biometric sample*
400
BPE-002004
Failed to read the biometric template
400
BPE-002005
Invalid Content-Type of the multiparted HTTP request part
400
BPE-003001
Failed to retrieve the biometric template
400
BPE-003002
The biometric sample* is missing face
400
BPE-003003
More than one person is present on the biometric sample*
500
BPE-001001
Internal bioprocessor error
400
BPE-001002
TFSS error. Call the biometry health method.
400
LDE-002004
Failed to extract the biometric sample*
400
LDE-002005
Invalid Content-Type of the multiparted HTTP request part
500
LDE-001001
Liveness detection processor internal error
400
LDE-001002
TFSS error. Call the Liveness health method.
Parameter name
Type
Description
core
String
API Lite core version number.
tfss
String
TFSS version number.
Parameter name
Type
Description
status
Int
0 – the biometric processor is working correctly.
3 – the biometric processor is inoperative.
message
String
Parameter name
Type
Description
Not specified*
Stream
Required parameter. Image to extract the biometric template.
The “Content-Type” header field must indicate the content type.
Parameter name
Type
Description
Not specified*
Stream
A biometric template derived from an image
Parameter name
Type
Description
bio_feature
Stream
Required parameter.
First biometric template.
bio_template
Stream
Parameter name
Type
Description
score
Float
The result of comparing two templates
decision
String
Parameter name
Type
Description
sample
Stream
Required parameter.
Image to extract the biometric template.
bio_template
Stream
Parameter name
Type
Description
score
Float
The result of comparing two templates
bio_feature
Stream
Parameter name
Type
Description
sample_1
Stream
Required parameter.
First image.
sample_2
Stream
Parameter name
Type
Description
score
Float
The result of comparing the two extracted templates.
decision
String
Parameter name
Type
Description
template_1
Stream
This parameter is mandatory. The first (main) biometric template
templates_n
Stream
Parameter name
Type
Description
results
List[JSON]
A list of N comparison results. The Nth result contains the comparison result for the main and Nth templates. The result has the fields as follows:
*filename
String
Parameter name
Type
Description
sample_1
Stream
This parameter is mandatory. The main image.
templates_n
Stream
Parameter name
Type
Description
results
List[JSON]
A list of N comparison results. The Nth result contains the comparison result for the template derived from the main image and the Nth template. The result has the fields as follows:
*filename
String
Parameter name
Type
Description
sample_1
Stream
This parameter is mandatory. The first (main) image.
samples_n
Stream
Parameter name
Type
Description
results
List[JSON]
A list of N comparison results. The Nth result contains the comparison result for the main and Nth images. The result has the fields as follows:
*filename
String
HTTP response codes
The value of the “code” parameter
Description
400
BPE-002001
Invalid Content-Type of HTTP request
400
BPE-002002
Parameter name
Type
Description
status
Int
0 – the liveness processor is working correctly.
3 – the liveness processor is inoperative.
message
String
HTTP response codes
The value of the “code” parameter
Description
400
LDE-002001
Invalid Content-Type of HTTP request
400
LDE-002002
Response example
Biometry
health – biometric processor status check
Input parameters
Request example
Successful response
Output parameters
Response example
extract – the biometric template extraction
Input parameters
*
The name itself is not mandatory for a parameter of the Stream type.
To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.
Request example
Successful response
If you've passed Content-Transfer-Encoding = base64 in headers, the template will be in base64 as well.
Output parameters
*
The name itself is not mandatory for a parameter of the Stream type.
Response example
compare – the comparison of biometric templates
Input parameters
To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.
Request example
Successful response
Output parameters
Response example
verify – the biometric verification
Input parameters
To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.
Request example
Successful response
Output parameters
Response example
extract_and_compare – extracting and comparison of templates derived from two images
Input parameters
To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.
Request example
Successful response
Output parameters
Response example
compare_n – 1:N biometric template comparison
Input parameters
Request example
Successful response
Output parameters
Response example
verify_n – 1:N biometric verification
Input parameters
To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.
Request example
Successful response
Output parameters
Response example
extract_and_compare_n – 1:N template extraction and comparison
Input parameters
To transfer data in base64, add Content-Transfer-Encoding = base64 to the request headers.
Request example
Successful response
Output parameters
Response example
Method errors
*
A biometric sample is an input image.
Liveness
health – checking the status of liveness processor
Input parameters
Request example
Successful response
Output parameters
Response example
detect – presentation attack detection
Image
Request example
Successful response example
Multipart/form-data
Temporary IDs will be deleted once you get the result.
Request example
Successful response example
Multipart/form-data with Best Shot
Request example
Successful response example
The payload field
Method errors
*
A biometric sample is an input image.
models
Message.
Required parameter.
Second biometric template.
Recommended solution based on the score.
approved – positive. The faces match.
operator_required – additional operator verification is required.
declined – negative result. The faces don't match.
Required parameter.
The biometric template to compare with.
Biometric template derived from image
Required parameter.
Second image
Recommended solution based on the score.
approved – positive. The faces are match.
operator_required – additional operator verification is required.
declined – negative result. The faces don't match.
A list of N biometric templates. Each of them should be passed separately but the parameter name should be templates_n. You also need to pass the filename in the header.
A filename for the Nth template.
A list of N biometric templates. Each of them should be passed separately but the parameter name should be templates_n. You also need to pass the filename in the header.
A filename for the Nth template.
A list of N images. Each of them should be passed separately but the parameter name should be samples_n. You also need to pass the filename in the header.
Deletes all action videos from file system (iOS 8.4.0 and newer, Android).
Returns
Future<Void>.
getSDKVersion
Returns the SDK version.
Returns
Future<String>.
initSDK
Initializes SDK with license sources.
Returns
Authentication via credentials.
Returns
Authentication via access token.
Returns
Connection to the telemetry server via credentials.
Returns
Connection to the telemetry server via access token.
Returns
Checks whether an access token exists.
Returns
Deletes the saved access token.
Returns
Nothing (void).
Returns the list of SDK supported languages.
Returns
List<>.
Starts the Liveness video capturing process.
Sets the length of the Selfie gesture (in milliseconds).
Returns
Error if any.
Launches the analyses.
Returns
List<>.
Sets the SDK localization.
The number of attempts before SDK returns error.
Sets the UI customization values for OzLivenessSDK. The values are described in the Customization structures section. Structures can be found in the lib\customization.dart file.
Sets the timeout for the face alignment for actions.
Add fonts and drawable resources to the application/ios project.
Fonts and images should be placed into related folders:
Contains the information about customization parameters.
Toolbar customization parameters.
Center hint customization parameters.
Hint animation customization parameters.
Frame around face customization parameters.
SDK version customization parameters.
Background customization parameters.
Defined in the models.dart file.
Stores the language information.
The type of media captured.
The type of media captured.
Contains an action from the captured video.
TheOne Shotgesture is being discontinued. Support will end on December 31, 2026. Please plan your migration.
Stores information about media.
Stores information about the analysis result.
Stores data about a single analysis.
Analysis type.
Analysis mode.
Contains the action from the captured video.
On January 1, 2027, the One Shot gesture will become unavailable. Please plan your.
The general status for all analyses applied to the folder created.
Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully. By default, the system uploads the compressed video.
uploadOriginal
The original video
Contains information about the .
This is a Map to define the platform-specific resources on the plugin level.
This key is a Map for the close button icon.
This key is a Map containing the data on the uploaded fonts.
This key is a Map containing the data on the uploaded font styles.
This key is a Map containing the data on grame shape.
The methods below apply to the new feature – that has been implemented in 9.1.0.
Captures media file with all information you need and packages it into a data container.
Returns
Void. The captured container is delivered via the livenessResult stream: Stream<DataContainer>.
Retrieves the raw bytes of a data container. Use this when sending media to the backend yourself.
Returns
Future<Uint8List?>.
This signature replaces uploadMedia in the analyze method when you use the data container flow.
Returns
List<RequestResult>.
Detects a request for video capture.
Contains information on media files and analyses that should be applied to them.
Stores information about a media file.
A media file with an action the user should perform.
An external media file, e.g., a reference or a document photo.
host
String
Server URL
sslPins (optional)
Whitelisted certificates
sslPins (optional)
Whitelisted certificates
host
String
Server URL
sslPins (optional)
Whitelisted certificates
sslPins (optional)
Whitelisted certificates
List<>
The list of the captures videos
params
Map<String, Any>
Additional parameters
titleText
String
Header text
titleFont
String
Text font
titleSize
int
Font size
titleFontStyle
String
Font style
titleColor
String
Color #XXXXXX
titleAlpha
int
Header text opacity
isTitleCentered
bool
Sets the text centered
backgroundColor
String
Header background color #XXXXXX
backgroundAlpha
int
Header background opacity
textColor
String
Color #XXXXXX
textSize
int
Font size
verticalPosition
int
Y position
textAlpha
int
Text opacity
centerBackground
bool
Sets the text centered
hintGradientColor
String
Color #XXXXXX
hintGradientOpacity
int
Gradient color
strokeWidth
int
Frame stroke width
strokeFaceNotAlignedColor
String
Color #XXXXXX
strokeFaceAlignedColor
String
Color #XXXXXX
strokeAlpha
int
Stroke opacity
strokePadding
int
Stroke padding
textColor
String
Color #XXXXXX
textSize
int
Font size
textAlpha
int
Text opacity
ky
Kyrgyz
tr
Turkish
es
Spanish
pt_br
Portuguese (Brazilian)
videoSelfieScan
A video with the scanning gesture
videoSelfieEyes
A video with the blink gesture
videoSelfieSmile
A video with the smile gesture
videoSelfieHigh
A video with the lifting head up gesture
videoSelfieDown
A video with the tilting head downwards gesture
videoSelfieRight
A video with the turning head right gesture
videoSelfieLeft
A video with the turning head left gesture
photoIdPortrait
A photo from a document
photoIdBack
A photo of the back side of the document
photoIdFront
A photo of the front side of the document
An action on a media
iOS
mediatype
String
A type of media
iOS
videoPath
String
A path to a video
bestShotPath
String
path of the best shot in PNG for video or image path for liveness
preferredMediaPath
String
URL of the API media container
photoPath
String
A path to a photo
archivePath
String
A path to an archive
tag
A tag for media
Android
The analysis type
errorCode
int
The error code
Android only
errorMessage
String
The error message
mode
The mode of the analysis
confidenceScore
Double
The resulting score
resolution
The completed analysis' result
status
Boolean
The analysis state:
true- success;
false- failed
mediaList
List<>
Media to analyze
params
Map<String, String>
Additional analysis parameters
sizeReductionStrategy
Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully
headRight
Head turned right
headLeft
Head turned left
headDown
Head tilted downwards
headUp
Head lifted up
eyeBlink
Blink
smile
Smile
operatorRequired
The result should be additionally checked by a human operator
List<>
Media files that you need to upload to server, but it's not necessary for analyses
cameraPosition (optional)
CameraPosition
front (default) – front camera; back – rear camera
Map<String, dynamic>
Additional analysis parameters
An external media file, e.g., a reference or a document photo
The algorithm that allows comparing several media and check if the people on them are the same person or not
quality
The algorithm that aims to check whether a person in a video is a real human acting in good faith, not a fake of any kind.
Case
Description
onDevice
The on-device analysis with no server needed
serverBased
The server-based analysis
hybrid
The hybrid analysis for Liveness: if the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.
Case
Description
oneShot
The best shot from the video taken
blank
A selfie with face alignment check
scan
Scan
Case
Description
failed
One or more analyses failed due to some error and couldn't get finished
declined
The check failed (e.g., faces don't match or some spoofing attack detected)
success
Everything went fine, the check succeeded (e.g., faces match or liveness confirmed)
uploadCompressed
The compressed video
uploadBestShot
The best shot taken from the video
uploadNothing
Nothing is sent (note that no folder will be created)
Parameter
Type
Description
hash
String
SHA256 key hash in base64
expired_at
UNIX timestamp, UTC time
Key
Value
Close
Android drawable resource / iOS Pods resource
Arrow
Android drawable resource / iOS Pods resource
Key
Value
Flutter application font name
Android font resource / iOS Pods resource, used to retrieve the font on the plugin level
Key
Value
Flutter application font style name
Name of the style retrieved for the font creation on the plugin level
Initializes OZSDK with the license data. The closure is either license data or LicenseError.
Parameter
Type
Description
licenseSources
Returns
-
Forces the license installation.
Parameter
Type
Description
Sets connection to Oz API.
Returns
The access token or an error.
Sets connection to the telemetry server.
Returns
The access token or an error.
Checks whether an access token exists.
Parameters
-
Returns
The result – the true or false value.
Deletes the saved access token
Parameters
-
Returns
-
Creates the Liveness check controller.
Returns
UIViewController or an exception.
Creates the Liveness check controller.
Returns
UIViewController or an exception.
Deletes all videos.
Parameters
-
Returns
-
Retrieves the telemetry session ID.
Parameters
-
Returns
The telemetry session ID (String parameter).
Sets the bundle to look for translations in.
Returns
-
Sets the length of the Selfie gesture (in milliseconds).
Generates the payload with media signatures.
Returns
Payload to be sent along with media files that were used for generation.
Sets the SDK environment.
SDK locale (if not set, works automatically).
The host to call for Liveness video analysis.
The holder for attempts counts before SDK returns error.
The SDK version.
A delegate for OZSDK.
Gets the Liveness check results.
Returns
-
The error processing method.
Returns
-
A protocol for performing checks.
Creates the AnalysisRequest instance.
Returns
The AnalysisRequest instance.
Adds an analysis to the AnalysisRequest instance.
Returns
-
Uploads media on server.
Returns
-
Adds the folder ID to upload media to a certain folder.
Returns
-
Adds metadata to a folder.
Returns
-
Runs the analyses.
Returns
The analysis result or an error.
Customization for OzLivenessSDK (use OZSDK.customization).
A set of customization parameters for the toolbar.
A set of customization parameters for the center hint that guides a user through the process of taking an image of themselves.
A set of customization parameters for the hint animation.
A set of customization parameters for the frame around the user face.
A set of customization parameters for the background outside the frame.
A set of customization parameters for the SDK version text.
A set of customization parameters for the alert message that warns user about their actions being recorded. This message is placed above the oval.
Logo customization parameters. Custom logo should be allowed by license. By default, logo is placed on the bottom left.
A source of a license.
The license data.
Contains action from the captured video.
On January 1, 2027, the One Shot gesture will become unavailable. Please plan your.
Contains the locale code according to .
Contains all the information on the media captured.
The type of media captured.
Error description.
Contains information on what media to analyze and what analyses to apply.
The type of the analysis.
The mode of the analysis.
Shows the media processing status.
Shows the files' uploading status.
Shows the analysis processing status.
Describes the analysis result for the single media.
Contains the consolidated analysis results for all media.
Contains the results of the checks performed.
The general status for all analyses applied to the folder created.
Contains the results for single analyses.
Frame shape settings.
Possible license errors.
The authorization type.
Defines the settings for the repeated media upload.
Parameter
Type
Description
Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully. By default, the system uploads the compressed video.
uploadOriginal
The original video
Contains information about the .
Defines what environment to use.
The method affects security checks only; the SDK functionality does not change.
The methods below apply to the new feature – that has been implemented in 8.22.
This method replaces addAnalysis in the AnalysisRequest structure when you use the data container flow.
Input
Captures media file with all information you need and packages it into a data container.
Input
Output
Detects a request for video capture.
Contains information on media files and analyses that should be applied to them.
Stores information about a media file.
Parameter
Type
Description
cameraPosition (optional)
AVCaptureDevice.Position
front – front camera (default),
back – rear camera
cameraPosition (optional)
AVCaptureDevice.Position
front – front camera (default),
back – rear camera
faceAlignmentTimeout
Float
Time needed to align face into frame
uploadMediaSettings
Sets the number of attempts and timeout between them
The algorithm that allows comparing several media and check if the people on them are the same person or not
quality
The algorithm that aims to check whether a person in a video is a real human acting in good faith, not a fake of any kind.
document (deprecated)
The analysis that aims to recognize the document and check if its fields are correct according to its type.
Case
Description
onDevice
The on-device analysis with no server needed. We recommend using server-based analyses whenever possible, as on-device ones tend to produce less accurate results
serverBased
The server-based analysis
hybrid
The hybrid analysis for Liveness: if the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.
Case
Description
addToFolder
The system is creating a folder and adding files to this folder
Currently, the .document analysis can't be performed in the on-device mode.
enum AnalysisMode
enum ScenarioState
struct AnalysisStatus
RequestStatus
ResultMedia
RequestResult
class AnalysisResult
enum AnalyseResolutionStatus
struct AnalyseResolution
enum GeometryType
enum LicenseError
enum Connection
struct UploadMediaSettings
enum SizeReductionStrategy
sslPin
environment
The .debug mode should only be used during active development and testing. All builds intended for end users must be configured to use the .production mode to maintain the security posture and compliance requirements expected of production deployments.
OzCapsula data container
addContainer
createMediaCaptureScreen
public data class CaptureRequest
public data class AnalysisProfile
public sealed class MediaRequest
Please note: you should add actionMedia OR userMedia, these parameters are mutually exclusive.
Utility function to get the SDK error from OnActivityResult's intent.
Returns
The – String.
Retrieves the SDK license payload.
Parameters
-
Returns
The license payload () – the object that contains the extended info about licensing conditions.
Utility function to get SDK results from OnActivityResult's intent.
Returns
A list of OzAbstractMedia objects.
Initializes SDK with license sources.
Returns
-
Enables logging using the Oz Liveness SDK logging mechanism.
Returns
-
Sets connection to Oz API.
Sets connection to the telemetry server.
Deletes the saved token.
Parameters
-
Returns
-
Retrieves the telemetry session ID.
Parameters
-
Returns
The telemetry session ID (String).
Retrieves the SDK version.
Parameters
-
Returns
The SDK version (String).
Generates the payload with media signatures.
Returns
Payload to be sent along with media files that were used for generation.
Sets the SDK environment for debugging or production.
A class for performing checks.
The analysis launching method.
A builder class for AnalysisRequest.
Creates the AnalysisRequest instance.
Parameters
-
Returns
The class instance.
Adds an analysis to your request.
Returns
Error if any.
Adds a list of analyses to your request. Allows executing several analyses for the same folder on the server side.
Returns
Error if any.
Adds metadata to a folder you create (for the server-based analyses only). You can add a pair key-value as additional information to the folder with the analysis result on the server side.
Returns
Error if any.
Uploads one or more media to a folder.
Returns
Error if any.
For the previously created folder, sets a folderId. The folder should exist on the server side. Otherwise, a new folder will be created.
Returns
Error if any.
Configuration for OzLivenessSDK (use OzLivenessSDK.config).
Sets the length of the Selfie gesture (in milliseconds).
Returns
Error if any.
The possibility to enable additional debug info by clicking on version text.
The number of attempts before SDK returns error.
Settings for repeated media upload.
Timeout for face alignment (measured in milliseconds).
Interface implementation to retrieve error by Liveness detection.
Locale to display string resources.
Logging settings.
Uses the main (rear) camera instead of the front camera for liveness detection.
Disables the option that prevents videos to be too short (3 frames or less).
Customization for OzLivenessSDK (use OzLivenessSDK.config.customization).
Hides the status bar and the three buttons at the bottom. The default value is True.
A set of customization parameters for the toolbar.
A set of customization parameters for the center hint that guides a user through the process of taking an image of themselves.
A set of customization parameters for the hint animation.
A set of customization parameters for the frame around the user face.
A set of customization parameters for the background outside the frame.
A set of customization parameters for the SDK version text.
A set of customization parameters for the alert message that warns user about their actions being recorded. This message is placed above the oval.
Logo customization parameters. Custom logo should be allowed by license. By default, logo is placed on the bottom left.
Contains the action from the captured video.
On January 1, 2027, the One Shot gesture will become unavailable. Please plan your.
Contains the extended info about licensing conditions.
A class for the captured media that can be:
A document photo.
A set of shots in an archive.
A Liveness video.
Contains an action from the captured video.
On January 1, 2027, the One Shot gesture will become unavailable. Please plan your.
A class for license that can be:
Contains the license ID.
Contains the path to a license.
A class for analysis status that can be:
This status means the analysis is launched.
This status means the media is being uploaded.
The type of the analysis.
The mode of the analysis.
Contains information on what media to analyze and what analyses to apply.
The general status for all analyses applied to the folder created.
Holder for attempts counts before SDK returns error.
Contains the locale code according to .
Contains logging settings.
A class for color that can be (depending on the value received):
Parameter
Type
Description
Frame shape settings.
Exception class for AnalysisRequest.
Parameter
Type
Description
Structure that describes media used in AnalysisRequest.
Parameter
Type
Description
Structure that describes the analysis result for the single media.
Consolidated result for all analyses performed.
Result of the analysis for all media it was applied to.
Defines the authentication method.
Authentication via token.
Authentication via credentials.
Defines the settings for the repeated media upload.
Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully. By default, the system uploads the compressed video.
Contains information about the .
Defines what environment to use.
The method affects security checks only; the SDK functionality does not change.
The methods below apply to the new feature – that has been implemented in 8.22.
This method replaces addAnalysis in the AnalysisRequest structure when you use the data container flow.
Input
Captures media file with all information you need and packages it into a data container.
Input
Output
Detects a request for video capture.
Contains information on media files and analyses that should be applied to them.
Stores information about a media file.
statusListener
StatusListener
Optional listener to check the license load result
onSuccess
A callback function as follows:
onSuccess(result:) {
handleResults() }
The function is executed when all the analyses are completed.
titleTextFont
Int (@FontRes)
Toolbar title text font
titleTextFontStyle
Int (values from android.graphics.Typeface properties, e.g., Typeface.BOLD)
Toolbar title text font style
titleTextSize
Int
Toolbar title text size (in sp, 12-18)
titleTextAlpha
Int
Toolbar title text opacity (in %, 0-100)
titleTextColor
Toolbar title text color
backgroundColor
Toolbar background color
backgroundAlpha
Int
Toolbar background opacity (in %, 0-100)
isTitleCentered
Boolean
Defines whether the text on the toolbar is centered or not
title
String
Text on the toolbar
textSize
Int
Center hint text size (in sp, 12-34)
textColor
Center hint text color
textAlpha
Int
Center hint text opacity (in %, 0-100)
verticalPosition
Int
Center hint vertical position from the screen bottom (in %, 0-100)
backgroundColor
Center hint background color
backgroundOpacity
Int
Center hint background opacity
backgroundCornerRadius
Int
Center hint background frame corner radius (in dp, 0-20)
animationIconSize
Int
A side size of the animation icon square
hideAnimation
Boolean
A switcher for hint animation, if True, the animation is hidden
strokeDefaultColor
Frame color when a face is not aligned properly
strokeFaceInFrameColor
Frame color when a face is aligned properly
strokeAlpha
Int
Frame opacity (in %, 0-100)
strokeWidth
Int
Frame stroke width (in dp, 0-20)
strokePadding
Int
A padding from the stroke to the face alignment area (in dp, 0-10)
textColor
SDK version text color
textAlpha
Int
SDK version text opacity (in %, 20-100)
textSize
Int
Antiscam message text size (in px, 12-18)
textColor
Antiscam message text color
textAlpha
Int
Antiscam message text opacity (in %, 0-100)
backgroundColor
Antiscam message background color
backgroundOpacity
Int
Antiscam message background opacity
cornerRadius
Int
Background frame corner radius (in px, 0-20)
flashColor
Color of the flashing indicator close to the antiscam message
Int (0-100), default: 100
Vertical offset
horizontalPosition
Int (0-100), default: 0
Horizontal offset
HeadRight
Head turned right
HeadLeft
Head turned left
HeadDown
Head tilted downwards
HeadUp
Head lifted up
EyeBlink
Blink
Smile
Smile
appIDS
[String]
An array of bundle IDs
additionalTags (optional)
String
Additional tags if needed (including those not from the OzMediaTag enum).
metaData
Map<String, String>
Media metadata
additionalTags (optional)
String
Additional tags if needed (including those not from the OzMediaTag enum)
metaData
Map<String, String>
Media metadata
bestShotPath (optional)
String
URL of the best shot in PNG
preferredMediaPath (optional)
String
URL of the API media container
additionalTags (optional)
String
Additional tags if needed (including those not from the OzMediaTag enum)
metaData
Map<String, String>
Media metadata
VideoSelfieScan
A video with the scanning gesture
VideoSelfieEyes
A video with the blink gesture
VideoSelfieSmile
A video with the smile gesture
VideoSelfieHigh
A video with the lifting head up gesture
VideoSelfieDown
A video with the tilting head downwards gesture
VideoSelfieRight
A video with the turning head right gesture
VideoSelfieLeft
A video with the turning head left gesture
PhotoIdPortrait
A photo from a document
PhotoIdBack
A photo of the back side of the document
PhotoIdFront
A photo of the front side of the document
from
Int
Objects quantity
percentage
Int
Completion percentage
mediaList
[]
An array of the OzAbstractMedia objects
params (optional)
Map<String, Any>
Additional parameters
sizeReductionStrategy
Defines what type of media is being sent to the server in case of the hybrid analysis once the on-device analysis is finished successfully
OPERATOR_REQUIRED
The result should be additionally checked by a human operator
KY
Kyrgyz
TR
Turkish
ES
Spanish
PT-BR
Portuguese (Brazilian)
journalObserver
StatusListener
An event listener to receive journal events on the application side
Square
Square frame
String
Original media name
ozMedia
Media object
tags
List<String>
Tags for media
resolution
Consolidated analysis result
sourceMedia
Source media
type
Type of the analysis
resolution
Consolidated analysis result
mode
Resulting score
resultMedia
List<>
A list of results of the analyses for single media
confidenceScore
Float
Resulting score
analysisId
String
Analysis identifier
params
@RawValue Map<String, Any>
Additional folder parameters
error
Error if any
serverRawResponse
String
Response from backend
sslPins (optional)
List<>
Whitelisted certificates
password
String
Password
sslPins (optional)
List<>
Whitelisted certificates
UPLOAD_NOTHING
Nothing is sent (note that no folder will be created)
List<>
Media files that you need to upload to server, but it’s not necessary for analyses
cameraPosition (optional)
String
front (default) – front camera
back – rear camera
Map<String, Any>
Additional analysis parameters
OzAbstractMedia
An external media file, e.g., a reference or a document photo.
VIDEO_RECORD_ERROR = 5
Error by video record.
An error happened during video recording
NO_ACTIONS_ERROR = 6
Error. OzLivenessSDK started without actions.
No found in a video
FORCE_CLOSED = 7
Error. Liveness activity is force closed from client application.
A user closed the Liveness screen during video recording
DEVICE_HAS_NO_FRONT_CAMERA = 8
Error. Device has not front camera.
No front camera found
DEVICE_HAS_NO_MAIN_CAMERA = 9
Error. Device has not main camera.
No rear camera found
DEVICE_CAMERA_CONFIGURATION_NOT_SUPPORTED = 10
Error. Device camera configuration is not supported.
Oz Liveness doesn't support the camera configuration of the device
FACE_ALIGNMENT_TIMEOUT = 12
Error. Face alignment timeout in OzLivenessSDK.config.faceAlignmentTimeout milliseconds
Time limit for the is exceeded
ERROR = 13
The check was interrupted by user
User has closed the screen during the Liveness check.
The algorithm that allows comparing several media and check if the people on them are the same person or not
QUALITY
The algorithm that aims to check whether a person in a video is a real human acting in good faith, not a fake of any kind.
DOCUMENTS (deprecated)
The analysis that aims to recognize the document and check if its fields are correct according to its type.
Case
Description
ON_DEVICE
The on-device analysis with no server needed
SERVER_BASED
The server-based analysis
HYBRID
The hybrid analysis for Liveness: if the score received from an on-device analysis is too high, the system initiates a server-based analysis as an additional check.
Parameter
Type
Description
type
Type
The type of the analysis
mode
Mode
Case
Description
FAILED
One or more analyses failed due to some error and couldn't get finished
DECLINED
The check failed (e.g., faces don't match or some spoofing attack detected)
SUCCESS
Everything went fine, the check succeeded (e.g., faces match or liveness confirmed)
Currently, the DOCUMENTS analysis can't be performed in the on-device mode.
enum Mode
We recommend using server-based analyses whenever possible, as on-device ones tend to produce less accurate results.
class Analysis
enum Resolution
class OzAttemptsSettings
enum OzLocalizationCode
class OzLogging
sealed class Color
ColorRes
ColorHex
ColorInt
enum GeometryType
class AnalysisError
class SourceMedia
class ResultMedia
class RequestResult
class AnalysisResult
class OzConnection
OzConnection.fromServiceToken
OzConnection.fromCredentials
class OzUploadMediaSettings
enum SizeReductionStrategy
sslPin
enum Environment
The DEBUG mode should only be used during active development and testing. All builds intended for end users must be configured to use the PRODUCTION mode to maintain the security posture and compliance requirements expected of production deployments.
OzCapsula data container
addContainer
createMediaCaptureScreen
public data class CaptureRequest
public data class AnalysisProfile
public sealed class MediaRequest
Please note: you should add actionMedia OR userMedia, these parameters are mutually exclusive.
Total number of attempts on all actions/gestures if you use a sequence of them
Allows logging to an internal file
originalName
Mode of the analysis
Folder identifier
Type of the analysis
Access token
User name
Timeout between attempts
The date of certificate expiration
additionalMediaList (optional)
params (optional)
userMedia
The number of action is exceeded
Since 9.3.0, files are named using a UUID v4 identifier with the original file extension. The original file name can be transmitted via the mediaMeta field
