Upgrade to Onfido 3.6 (May 2023)
Currently, the Assure API is using Onfido's API v3.2. However, Onfido requires Signicat and all other integrators to upgrade to API version 3.6.
In the new version, Onfido has added two new mandatory fields:
location
: The end-user's location is now required for all verifications.privacy consent
: The end-user's agreement to Onfido's Privacy notices and consent language is now required for end-users residing in the USA and using Onfido services that involve Facial similarity or Liveness checks.
This page contains information about the changes and describes how you can prepare for them in advance.
These changes are only relevant if you use Onfido in your processes.
To comply to the changes, we are now updating the Assure API. This upgrade will take effect in May 2023. To ensure your integration will continue working, check the required changes below and make sure to perform them before that time.
If you have any questions, you can contact us by creating a support ticket in the Signicat Dashboard.
Changes per integration path
How the changes will affect you depends on how you are uploading the end-user's images to Onfido. Please, select your chosen integration path below:
- Direct upload via Assure API
- Onfido native SDKs
- Capture with `onfido` SDKs
- Capture with `capture` SDK
Direct upload via Assure API
This section contains the changes you must perform if you are using the generic integration flow. In this integration path, you upload the images to Onfido using the Set images endpoint.
1. Provide end-user's location
You must now always send the end-user's location in the Create process request. This must be done in all requests using the Onfido provider, otherwise you will receive an error in the Start verification endpoint.
For details on how to provide the location, see Integration use case 1 > Create process > Location.
2. Provide privacy consent from end-users in USA
If an end-user resides in USA, they must consent to the collection, use, and handling of biometric identifiers and information by Onfido.
For details on how to provide the consent from the end-user, see Integration use case 1 > Create process > Onfido privacy consent.
Using Onfido native SDKs
This section contains the changes you must perform if you are using the generic integration flow. In this integration path, you upload the images to Onfido using the Onfido native SDK.
Upgrade to the latest Onfido SDKs
You must upgrade the SDK to the latest version. For details, see Onfido's developer pages.
Your apps will continue working with Onfido 3.2 until May 2023.
Here is an example of Onfido's consent message on their native JS SDK (web):
Onfido privacy notices and consent (US)
See also Onfido SDKs Requirements section.
Using Capture with 'onfido' SDK
This section contains the changes you must perform when you are using the alternative integration flow (web only). In this integration path, you upload the images to Onfido using the Capture service and with onfido
set as sdk
.
Changes in the Assure API
You must upgrade the SDK to the latest version. For details, see Onfido's developer pages.
We have now upgraded the Onfido JS SDK version used in the Assure API Start capture flow service to version 12.2.2 for web.
This change only impacts end-users that resides in USA (see section 1 below).
We have also done a change in the Capture configurations structure (see section 2 below), but you do not need to change anything, since we have converted all existing configurations.
1. New consent required for end-users in the USA
If the Onfido SDK detects that the end-user is located in the USA, they will see a new screen with Onfido's privacy statement and terms of service.
Onfido privacy notices and consent for web (US)
If the end-user does not accept, the process will fail with failReason "USER_CONSENT_DENIED". Here is an example of an Assure process where the end-user was from USA and did not consent:
{
"status": "failed",
"processId": "49f8e1c7-7950-4ef4-af53-fb5e22ef5514",
"provider": "onfido",
"failReason": {
"type": "USER_CONSENT_DENIED",
"message": "User denied consent."
},
...
}
If the end-user accepts, the process will continue as usual.
2. New structure for Capture configurations
We have done some changes to the structure inside the onfidoConfigs
field. However, you dot not have to make any changes because we have automatically converted your configurations to the current format. You just need to make sure to continue using the configurations in this latest format.
If any of your configurations have stopped working or have not been upgraded to the latest format, please contact us so that we can quickly fix it for you.
To do this, you can either:
- Contact your customer success manager.
- Contact us by creating a support ticket in the Signicat Dashboard.
For details on the current structure accepted in the onfidoConfigs
field, check the Onfido documentation on GitHub: Onfido SDK UI Layer > Customizing the SDK.
Here is an example of a Capture configuration with onfidoConfigs
that is compatible with the latest version:
{
"id": "capture-config-example",
"pageTitle": "My custom onboarding",
"favicon": "data:image/png;base64,iVBOR",
"fontName": "Tangerine",
"fontUrl": "https://fonts.googleapis.com/css?family=Tangerine",
"fontColor": "#123456",
"buttonsColor": "#654321",
"buttonsHoverColor": "#000000",
"buttonsTextColor": "#FFFFFF",
"defaultCountry": "NLD",
"onfidoConfig": {
"language": "en",
"steps": [
{
"type": "document",
"options": {
"documentTypes": {
"passport": true,
"driving_licence": true,
"national_identity_card": false
},
"forceCrossDevice": true
}
}
],
"translations": {
"en": {
"locale": "en_US",
"phrases": {
"doc_select": {
"title": "Verify your identity",
"subtitle": "Select the type of document you would like to upload",
"button_license": "Driving licence"
},
"doc_submit": {
"title_license_back": "Submit licence (back)",
"title_license_front": "Submit licence (front)"
},
"doc_capture": {
"prompt": {
"title_license": "What type of licence do you have?"
}
},
"photo_upload": {
"body_license_back": "Take a photo of the back of your licence",
"body_license_front": "Take a photo of the front of your licence"
},
"cross_device_checklist": {
"title": "Great, that's everything we need",
"subtitle": "We're now ready to verify your identity",
"list_item_doc_one": "Document uploaded"
}
}
}
}
},
"customCss": ".onfido-sdk-ui-Theme-defaultLogo .onfido-sdk-ui-Theme-footer .onfido-sdk-ui-Theme-logo { background-image: none; } .ods-button { color: #FFFFFF !important; background-color: #284E80 !important; } .ods-button:hover { color: #FFFFFF !important; background-color: #000000 !important; }",
"createdAt": "2021-12-14T09:04:11Z",
"updatedAt": "2022-02-21T14:03:06Z"
}
Using Capture with 'capture' SDK
This section contains the changes that will impact your integration when you are using the alternative integration flow (for web only). In this integration path, you upload the images to Onfido using the Capture service and with capture
set as sdk
.
You do not need to prepare any changes in your implementation, since Signicat will enable these changes for you (from May 2023).
As for the end-users, this will only impact end-users residing in the USA (see below).
New consent required for end-users in the USA
If the Capture SDK detects that the end-user resides in USA, the end-user will be presented with a new consent screen with Onfido's privacy statement and terms of service, as required by Onfido.
Onfido privacy notices and consent (US)
If the end-user accepts, the process will continue as usual.
If the end-user does not accept, the process will fail with failReason "USER_CONSENT_DENIED". Here is an example of an Assure process where the end-user was from the USA and denied consent:
{
"status": "failed",
"processId": "49f8e1c7-7950-4ef4-af53-fb5e22ef5514",
"provider": "onfido",
"failReason": {
"type": "USER_CONSENT_DENIED",
"message": "User denied consent."
},
...
}
FAQ
Why did Onfido do this update?
Onfido did this upgrade to comply with US laws on biometric data (BIPA). See Onfido's release notes for details.
Can I disable this new screen?
Onfido requires that all end-users located in the USA are presented with this new consent screen. Also, they can only continue with the verification, using Onfido, if they accept Onfido's Privacy notices and consent language.
Will I see any impact on my transactions?
You should see no major difference in the success rate of your transactions. It is possible, however, that you see a few more failed
processes. The reason is that US end-users can deny consent to Onfido using their biometric data, which will cause the Assure process to fail.