User Guides
Home

DocV with Socure Pass

Verify users through government ID scans and biometric selfie capture, and let returning users skip repeat verification with Socure Pass.

Start building

Overview

This solution uses Document Verification (DocV) with Socure Pass to verify user identities through government ID scans and biometric selfie capture, and let returning users skip repeat verification entirely.

It enables you to:

  • Verify user identity through government-issued ID scan and biometric selfie capture
  • Allow returning users to skip repeat verification through passkey authentication
  • Let users control when and how their identity data is shared
  • Detect fraud and deepfakes with biometric liveness checks across global document types

Together, these capabilities help you verify identities with high confidence while reducing repeat verification costs.


Key behaviors

BehaviorDetail
Decision deliveryThe initial API response pauses the evaluation for the hosted flow (often returned as decision = REVIEW). The final decision is delivered asynchronously via evaluation_completed webhook after verification completes.
Socure Pass reuseReturning users with a valid, non-expired document skip Document Verification entirely through passkey authentication. If the document has expired, the user must complete full verification again.
ConsentBefore any data is shared, the user reviews exactly which information the system requests and must provide explicit consent. The system logs all consent events for compliance and auditing.
Document captureWhen Document Verification runs (for new users or expired documents), the hosted flow renders the Capture App for ID scan, selfie, and liveness checks.

How Socure Pass works

Socure Pass supports three user experiences, all handled automatically within the hosted flow:

  • Returning user (valid Socure Pass)

    The fastest path. The user authenticates with their passkey, reviews the requested data, and provides consent. No document scan or selfie is required—RiskOS™ reuses the prior verification to complete the evaluation.

  • New user (first-time verification)

    The user completes standard Document Verification, including ID scan, selfie capture, and liveness checks. After a successful verification, the user can enroll in Socure Pass to streamline future sessions.

  • Returning user (re-verification required)

    If the previously verified document has expired, the user must complete full Document Verification again. After success, the system updates their Socure Pass for future use.


Integration path

This solution uses a Hosted Flow integration, where RiskOS™ manages the entire verification experience in a Socure-hosted environment.

  • Socure-hosted onboarding experience with customizable branding (logo, colors, and copy)
  • Handles Socure Pass authentication, document capture, and consent within a pre-built UI
  • Works across desktop browsers, mobile browsers, and in-app WebViews
  • Final decision delivered via webhook after the hosted flow completes

End-to-end flow

📘

Decision model:

The initial response may include decision = REVIEW, which indicates the evaluation is paused for the hosted flow.

This is not a final decision. The evaluation resumes automatically, and the final outcome is always ACCEPT or REJECT.

  1. Your server creates an evaluation (POST /api/evaluation) with the Socure Pass workflow and a redirect_uri.
  2. RiskOS™ pauses the evaluation (eval_status: evaluation_paused) and returns a hosted redirect_uri.
  3. Your application redirects the user to the hosted flow.
  4. RiskOS™ presents the Socure Pass option:
    • Returning user with valid pass → Authenticate via passkey, verify consent, reuse stored verification.
    • New user or expired document → Complete Document Verification (ID scan, selfie, liveness).
  5. RiskOS™ resumes the evaluation and delivers the final decision via evaluation_completed webhook.
  6. Route the user:
    • ACCEPT → Continue onboarding
    • REJECT → Stop or route to fallback flow

sequenceDiagram
    autonumber
    participant User as End User
    participant App as Your Platform
    participant RiskOS as RiskOS™
    participant Webhook as Your Webhook

    User->>App: Start onboarding
    App->>RiskOS: POST /api/evaluation (redirect_uri)

    activate RiskOS
    RiskOS-->>App: 201 Created + redirect_uri (status ON_HOLD)
    deactivate RiskOS

    App-->>User: Redirect to hosted flow
    User->>RiskOS: Complete hosted experience

    activate RiskOS
    alt Returning user with valid Socure Pass
        Note over RiskOS: Authenticate via passkey, verify consent
        RiskOS->>RiskOS: Reuse stored verification
    else New user or expired document
        RiskOS-->>User: Prompt document + selfie capture
        User->>RiskOS: Submit document + selfie
        Note over RiskOS: Verify document and resume evaluation
    end
    RiskOS-->>App: Redirect to custom redirect_uri
    RiskOS-->>Webhook: Send evaluation_completed
    deactivate RiskOS

    Webhook-->>App: Final decision (ACCEPT / REJECT / REVIEW)
    App-->>User: Route based on decision

Next steps

Start an evaluation

Create the hosted flow session and redirect the user to the Socure-hosted experience.

Handle DocV and final decision

Process webhook events and route users based on the final decision.

API Reference

Explore endpoints, request formats, and response schemas.

Updated 5 days ago