# Schufa Identity Check API

Schufa Identity Check is a verification service used in Germany for validating a customer's identity. Schufa Holding AG (opens new window) is a German private credit bureau supported by creditors. Schufa's purpose is to protect its clients from credit risks. It also offers protection from insolvency to borrowers.

Signicat supports identity and address validation through Schufa's Identity Check Premium (opens new window). This premium version includes:

  • Schufa's standard Identity Check: This provides a comparison of the inquiry data with the person's identity and address data stored at the Schufa server. The check returns a percentage match score of the similarity of the comparison data of the individual data fields. In addition, it returns a total match score that results from the individual match scores. The check also recognises alternative spelling and common spelling mistakes.
  • Schufa's Identity Check Premium: This is an extension of the standard product. It is used by contractual partners that are legally obligated to check the identity and verify age in accordance with Section 5 JMStV (Interstate Treaty on the protection of minors). The check confirms that a person is known to Schufa and at the same time verifies the stated date of birth. In addition, the report contains information regarding proven identity, e.g. by means of an identity document presented to a bank and/or upon provision of a Schufa self-enquiry report.

# Use cases

The identity check is useful in many scenarios, for example when onboarding new customers, verifying identities and/or checking people against AML regulations (Anti Money laundering).

# Digital onboarding of a new customer

A customer wants to open a new bank account online. The bank (merchant) wants to check the identity and address score by using Schufa's identity check.

  1. The customer uploads the identity papers.
  2. The merchant presents a registration form to the customer and the customer fills in personal details like name, date of birth and address etc.
  3. The input data is sent via Signicat to Schufa to compare the entered user data with data stored at Schufa.
  4. The service sends back a response to the merchant with a percentage match score.

# Checking a customer against fraud

A merchant wants to check if the address of a customer is valid before billing the customer. In this case, the merchant already has some customer data but wants to run an additional check by using Schufa's identity check.

  1. The merchant sends existing customer data via Signicat to Schufa to check if the identity and address match.
  2. The service sends back a response to the merchant with a percentage match score.

# How to integrate via Signicat

Integration with the service is done via the same API as Signicat’s ID methods. See Getting started with authentication for more information. Through the single point of integration, you will get access to Signicat’s wide portfolio of integrated ID methods and other services like identity verification and registry lookups.

# Data flow

This is the basic data flow when using Schufa's identity check to verify a person's identity and address:

Step Processor Role Result
1 Merchant Data controller The merchant collects the end-user's personal information in a prepared dataflow. Typically this is the full name, gender, date of birth and an address.
2 Signicat Data processor The data is sent to Signicat for validation.The data is stored in Signicat's environment during processing.No data is stored after the processing is done. The information is forwarded to Schufa.
3 Schufa Data controller The information is received from SignicatSchufa validates the information towards their services. The result is returned to Signicat.No data is stored after the processing is finalized.
4 Signicat Data processor The result is received from the service and forwarded to the merchant.No data is stored after the processing is finalized.
5 Merchant Data controller The result is presented to the merchant.

# How to set up the Schufa Identity Check service

This section describes how to interact with the Schufa Identity Check service through Signicat's API. Signicat's Schufa service supports JSON for accessing the API.

# Authentication

All requests must be authenticated by means of an OIDC access token, supplied as an Authorization header of the Bearer type. For information on how to obtain such a token, see Accessing Signicat REST services.


Environment Base URL
Beta https://beta.signicat.com
Preproduction https://preprod.signicat.com
Production https://id.signicat.com
Path Verb Scope Content type Input Output
/idcheck POST client.schufa.idcheck application/json DigitalIdentityCheckRequest PersonResponse

# HTTP headers

You must set the Accept HTTP header (receiving content type) to application/json.

# How to use the Schufa Identity Check service

Digital Identity Check performs address validation for the supplied person at the given address. The entered data is checked against data in the Schufa database. The match scores range from 0.0 to 100.0 percent, where 100.0 is an exact match (see Response example below).

# Request

# IdentityCheckRequest

Name Type Mandatory Description
person Person Yes The person that is identity checked.

# Person

Name Type Mandatory Description
title String No maxLength: 30minLength: 0Example: Dr. Lady
firstName String Yes maxLength: 44minLength: 2
lastName String Yes maxLength: 46minLength: 1
gender String Yes maxLength: 46minLength: 1Exmple: w
dateOfBirth LocalDate Yes Format: yyyy-MM-dd
address Address Yes

# Address

Name Type Mandatory Description
street String Yes maxLength: 46minLength: 1Example: Abbingdon Road 142
postCode String Yes maxLength: 10minLength: 1Example: AL9 5NG
town String Yes maxLength: 44minLength: 1Example: Guilford
country String Yes maxLength: 3minLength: 3Three-letter ISO-3155 ALPHA-3 country code.Example: GBR

# Response

# IdentityCheckResponse

Name Mandatory Type
personCheckResult Yes PersonCheckResult
identityCheckResult No IdentityCheckResult

# PersonCheckResult

Name Type Mandatory Description
addressCheckResult AddressCheckResult Yes
schufaId String Yes The unique ID used to identify an end-user in the Schufa database.Example: ABC1DE2FGH
matchScoreFirstName String No
matchScoreLastName String No
matchScoreDateOfBirth String No
totalMatchScore String No
title String No
firstName String Yes
lastName String Yes
gender String No Valid input: 'W'/'w', 'M'/'m', or 'U'/'u'.Example: W
dateOfBirth String Yes Format: yyyy-MM-dd

# AddressCheckResult

Name Type Mandatory Description
street String Yes Example: Abbingdon Road 142
matchScoreStreet String No
postCode String Yes
matchScorePostCode String No
town String Yes
matchScoreTown String No
country String Yes Three-letter ISO-3155 ALPHA-3 country code.Example: GBR

# IdentityCheckResult

Name Type Mandatory Description
provenIdentity Boolean No Provides information as to whether the end-user's identity has been checked by means of an identity document.
foundWithPriorAddress Boolean No Indicates that the end-user's address data was found as a previous address in the Schufa database.
processingInfo ProcessingInfo No Indicates the type of report. For instance, if the end-user didn't match an entry in the database, processingInfo comes back as "No match".

# ProcessingInfo

Name Type Mandatory
text String Yes, if processingInfo is included
resultType String Yes, if processingInfo is included

# Understanding results

# Valid request: Code 200

The request was valid and resulted in a response message.

PersonCheckResult and AddressCheckResult contain information about the similarity value of the respective fields in the request and the entries stored in the Schufa database. The match scores range from 0.0 to 100.0 percent, where 100.0 is an exact match (see Response example below).

See IdentityCheckResult for a description of the field names.

# Invalid request: Code 400

The request was invalid. In this case, the response body will provide more information. Below is an example of what the response looks like when the firstName property is missing and the postCode format is wrong in the request.

JSON error response:

    "instance": "<ENVIRONMENT>/idcheck",    
     "method": "POST",
     "status": 400,
     "type": "base:constraint-violation-problem",
     "title": "400 Bad Request",
     "violations":[{"message":"The request property 'country' must be a valid three-letter ISO-3166 ALPHA-3 country code"},{"message":"The request property 'firstName' cannot be empty"}]

# Unexpected error: HTTP response code 500

An unexpected error occurred on the server-side.

# Example with values

# Request

curl -X POST
  -H "Content-Type: application/json"
  -H "Accept: application/json"
  -H "Authorization: Bearer <OIDC ACCESS TOKEN>"
  -d '{
  "person" : {
    "firstName" : "RALF",
    "lastName" : "ADRESSEINS",
    "gender" : "M",
    "dateOfBirth" : "1980-01-01",
    "address" : {
      "street" : "DORFSTR. 41",
      "postCode" : "66904",
      "town" : "BRUECKEN",
      "country" : "DEU"

# Response

        "provenIdentity": true,
        "foundWithPriorAddress": true
Last updated: 5/28/2021, 3:00:14 PM