This simple tutorial guides you through some basic steps to test your connectivity, authenticate, request some data, and verify your first individual through the Qual-ID API. Each step is simple, building upon the one before it, letting you get up and running with a full identity verification solution in no time.
If you would like to test the API calls yourself, you will find a Postman collection under the downloads tab. After importing the collection into Postman, edit the collection to insert your Qual-ID credentials in the Variables associated with the collection. You should then be able to run all he calls.
Qual-ID requires product specific credentials, i.e. a Qual-ID username and password. The only action you can execute without credentials is step 1.
As of step 2 credentials are required. If you do not have any, please contact your local Refinitiv account manager.
In order to test your connectivity to the service, you can simply call the sayhello endpoint:
GET https://api.globaldatacompany.com/connection/v1/sayhello/Joe Napoli
You should receive a successful response with the value you sent in the request echoed back to you:
"Hello Joe Napoli"
You can try sending a different string instead of "Joe Napoli" to see what happens.
If you receive an error message, first check the syntax of the endpoint and try again. If that does not work then test your internet connectivity, check that DNS resolution works for the globaldatacompany.com domain name, and ensure your firewalls or proxies do not block access.
As stated in the prerequisites section, you should have a Qual-ID user account with username and password.
All API calls require an Authorization header, containing your ACCESS_TOKEN, as illustrated below. To generate the ACCESS_TOKEN portion of the header, combine your username and password into username:password and run the resulting string through Base64 encryption. Alternatively, you can use a program such as SOAPUI or Postman to construct the authorization header for you.
You can use the testauthentication endpoint to check that they are working. The only thing you need to provide in this request is the authorization header:
Request
GET https://api.globaldatacompany.com/connection/v1/testauthentication
Authorization: Basic ACCESS_TOKEN
You should receive a response containing your username:
Hello <YourUserName>
Troubleshooting
Here are the most common reasons for an error response:
Check for typos, and ensure that you are setting the Authorization header correctly, using a Qual-ID specific username and password (Base64 encrypted).
For more details on error handling, refer to the separate tutorial on Troubleshooting.
The Qual-ID API is structured to make calls by country. Your organization's contract with Qual-ID defines what countries are available. If you are not sure what countries are configured for your account, you can use an endpoint to retrieve this information at any time. Simply run the following request to receive the full list of country codes available to your account:
Request
GET https://api.globaldatacompany.com/configuration/v1/countrycodes/Identity Verification
Authorization: Basic ACCESS_TOKEN
Note: the authorization header must be present in all API calls. It is described under Step 2.
Response
[
"AU",
"CA",
"CN",
"IN",
"US",
"GB",
"IT",
"MY",
"NZ",
"BE"
]
If successful, the response contains a JSON Array of 2 letter country codes following ISO 3166.
Once you know what country codes are valid for your account, you can make a Get Fields request. This returns a detailed list of all of the fields that you need to provide to verify an identity in a given country. These fields vary based on country, as well as your organization's global account configuration:
Request
GET https://api.globaldatacompany.com/configuration/v1/fields/Identity Verification/AU
Authorization: Basic ACCESS_TOKEN
Response
{
"title": "DataFields",
"type": "object",
"properties": {
"PersonInfo": {
"title": "PersonInfo",
"type": "object",
"properties": {
"FirstGivenName": {
"type": "string"
},
"MiddleName": {
"type": "string"
},
"FirstSurName": {
"type": "string"
},
"DayOfBirth": {
"type": "int"
},
"MonthOfBirth": {
"type": "int"
},
"YearOfBirth": {
"type": "int"
},
"Gender": {
"type": "string"
}
},
"required": [
"DayOfBirth",
"FirstGivenName",
"FirstSurName",
"MonthOfBirth",
"YearOfBirth"
]
},
"Location": {
"title": "Location",
"type": "object",
"properties": {
"BuildingNumber": {
"type": "string"
},
"UnitNumber": {
"type": "string"
},
"StreetName": {
"type": "string"
},
"StreetType": {
"type": "string"
},
"Suburb": {
"type": "string"
},
"StateProvinceCode": {
"type": "string"
},
"PostalCode": {
"type": "string"
}
},
"required": [
"BuildingNumber",
"PostalCode",
"StateProvinceCode",
"StreetName"
]
},
"Communication": {
"title": "Communication",
"type": "object",
"properties": {
"MobileNumber": {
"type": "string"
},
"Telephone": {
"type": "string"
},
"EmailAddress": {
"type": "string"
}
},
"required": []
},
"CountrySpecific": {
"title": "CountrySpecific",
"type": "object",
"properties": {
"AU": {
"title": "AU",
"type": "object",
"properties": {
"AuImmiCardNumber": {
"type": "string"
}
},
"required": [
"AuImmiCardNumber"
]
}
}
}
}
}
In the JSON response you see each and every field available for the verification of an individual in Australia (ISO 2 code: AU). The response lists the required fields, with a short description of each, and the associated data type. In Step 6 - Verify, we shall use the values obtained here to create a successful verification request.
Due to the nature of some of our datasources , you may need to obtain consent from your customer for their data to be sent to that particular source.
You may or may not be configured to use any of these datasources, so it is recommended to run a Get Consents request for all the countries obtained in step 3. This will give you a list of datasources requiring additionalconsents in each country.
If applicable, you can obtain these special consents from your customer, and then provide them in the ConsentForDataSources field of the Verify request.
Request
GET https://api.globaldatacompany.com/configuration/v1/consents/Identity Verification/AU
Authorization: Basic ACCESS_TOKEN
Response
[
"Birth Registry",
"Visa Verification",
"DVS ImmiCard Search",
"DVS Citizenship Certificate Search",
"Credit Agency"
]
The returned JSON array of strings contains the names of the datasources requiring additional consent. Once consent is given from your customer for these datasources, it must be provided in the Verify request so that the datasource can be called.
Once steps 1 through 5 have been completed you should have everything needed to carry out a Verify request. Using one of the country codes from step 3, the fields from step 4, and any necessary consents from step 5, you can now run a Verify request.
Note on Sandbox Accounts: if you are configured for a sandbox account, make sure to call Get Test Entities to get test data for a country you want to try:
GET https://api.globaldatacompany.com/configuration/v1/testentities/Identity%20Verification/<countryCode>
Sandbox accounts only use these test entities, trying to verify with any other data will result in no matches being found.
Request
In Step 4 we retrieved the list of fields required for our request. A few more fields need to be added:
POST https://api.globaldatacompany.com/verifications/v1/verify
Authorization: Basic ACCESS_TOKEN
Content-Type: application/json
Request body:
{
"AcceptTruliooTermsAndConditions": true,
"CleansedAddress": false,
"ConfigurationName": "Identity Verification",
"ConsentForDataSources": [
"Birth Registry",
"Visa Verification",
"DVS ImmiCard Search",
"DVS Citizenship Certificate Search",
"Credit Agency"
],
"CountryCode": "AU",
"DataFields": {
"PersonInfo": {
"FirstGivenName": "John",
"MiddleName": "Henry",
"FirstSurName": "Smith",
"DayOfBirth": 5,
"MonthOfBirth": 3,
"YearOfBirth": 1983,
"Gender": "M"
},
"Location": {
"BuildingNumber": "10",
"UnitNumber": "3",
"StreetName": "Lawford",
"StreetType": "st",
"City": "NAPOLI",
"Suburb": "Doncaster",
"StateProvinceCode": "VIC",
"PostalCode": "3108"
},
"Communication": {
"Telephone": "03 9896 8785",
"EmailAddress": "testpersonAU@gdctest.com"
},
"CountrySpecific": {
"AU": {
"AuImmiCardNumber": "EIS123456",
}
}
},
"VerboseMode": false
}
There is a lot of information provided in the JSON response, which will be broken down in full detail in the next section Understanding a Verify Response. For now, the first things to pay attention to are:
{
"TransactionID": "d3e5d20c-3ad7-448d-9034-b28c68d6db07",
"UploadedDt": "2017-07-11T21:47:50",
"Record": {
"TransactionRecordID": "0ac8ccee-ab7a-495e-8b88-a6da1bdcb6ae",
"RecordStatus": "match",
"DatasourceResults": [
{
"DatasourceName": "Australia Citizen File",
"DatasourceFields": [
{
"FieldName": "BuildingNumber",
"Status": "match"
},
{
"FieldName": "MiddleName",
"Status": "match"
},
{
"FieldName": "StreetName",
"Status": "match"
},
{
"FieldName": "UnitNumber",
"Status": "match"
},
{
"FieldName": "Suburb",
"Status": "match"
},
{
"FieldName": "StreetType",
"Status": "match"
},
{
"FieldName": "Telephone",
"Status": "match"
},
{
"FieldName": "DayOfBirth",
"Status": "match"
},
{
"FieldName": "FirstSurName",
"Status": "match"
},
{
"FieldName": "StateProvinceCode",
"Status": "match"
},
{
"FieldName": "MonthOfBirth",
"Status": "match"
},
{
"FieldName": "PostalCode",
"Status": "match"
},
{
"FieldName": "FirstInitial",
"Status": "match"
},
{
"FieldName": "YearOfBirth",
"Status": "match"
},
{
"FieldName": "FirstGivenName",
"Status": "match"
},
{
"FieldName": "MiddleInitial",
"Status": "match"
}
],
"AppendedFields": [],
"Errors": [],
"FieldGroups": []
},
{
"DatasourceName": "Credit Agency",
"DatasourceFields": [
{
"FieldName": "StreetName",
"Status": "match"
},
{
"FieldName": "FirstInitial",
"Status": "match"
},
{
"FieldName": "BuildingNumber",
"Status": "match"
},
{
"FieldName": "FirstGivenName",
"Status": "match"
},
{
"FieldName": "StreetType",
"Status": "match"
},
{
"FieldName": "FirstSurName",
"Status": "match"
},
{
"FieldName": "Suburb",
"Status": "match"
},
{
"FieldName": "MiddleInitial",
"Status": "match"
},
{
"FieldName": "Telephone",
"Status": "match"
},
{
"FieldName": "MiddleName",
"Status": "match"
},
{
"FieldName": "UnitNumber",
"Status": "match"
},
{
"FieldName": "PostalCode",
"Status": "match"
},
{
"FieldName": "StateProvinceCode",
"Status": "match"
}
],
"AppendedFields": [],
"Errors": [],
"FieldGroups": []
}
],
"Errors": [],
"Rule": {
"RuleName": "Category 3 KYC v3",
"Note": "Match(FamilyAndGivenInitial, DOB) or Match(FamilyAndGivenInitial, FullAddress) or Match(FamilyAndGivenInitial, ID) MiddleName Ignored"
}
},
"Errors": []
}
By following a few simple set up steps, you are now able to send a verification request for any identity and receive a set of rich, detailed results. Qual-ID provides the overall match signal (RecordStatus), individual match signals for each field underneath the datasource results (Status), any additional information returned from a datasource (AppendedFields), and the rule being used to judge whether an individual is verified (Rule). This gives you full transparency into the results of all your verification requests.
There is a lot of information in a Verify response. This section helps you understand what that information means, and how to use it so you can get the most out of your verification results.
"Record": {
"TransactionRecordID": "0ac8ccee-ab7a-495e-8b88-a6da1bdcb6ae",
This is the unique ID for this particular verification. You can use this for your own reference, or in the Get Transaction Record method to review a past transaction:
GET https://api.globaldatacompany.com/verifications/v1/transactionrecord/<TransactionRecordID>
You should also use it in case you need to contact MyRefinitiv about a verification result.
Qual-ID provides you with a gateway to over 200 global datasources. Your verification response will contain an array of DatasourceResult objects for each datasource configured on your account. Each DatasourceResult contains a DatasourceName, and a DatasourceFields sub-array, which indicates the match status for each field sent to that datasource.
Some of the more common Datasources are:
An example DatasourceResults array:
"DatasourceResults": [
{
"DatasourceName": "Australia Citizen File",
"DatasourceFields": [
{
"FieldName": "BuildingNumber",
"Status": "match"
},
{
"FieldName": "MiddleName",
"Status": "missing"
},
{
"FieldName": "StreetName",
"Status": "match"
},
{
"FieldName": "UnitNumber",
"Status": "missing"
},
{
"FieldName": "Suburb",
"Status": "match"
},
{
"FieldName": "StreetType",
"Status": "match"
},
{
"FieldName": "Telephone",
"Status": "nomatch"
},
{
"FieldName": "DayOfBirth",
"Status": "match"
},
{
"FieldName": "FirstSurName",
"Status": "match"
},
{
"FieldName": "StateProvinceCode",
"Status": "match"
},
{
"FieldName": "MonthOfBirth",
"Status": "match"
},
{
"FieldName": "PostalCode",
"Status": "match"
},
{
"FieldName": "FirstInitial",
"Status": "match"
},
{
"FieldName": "YearOfBirth",
"Status": "match"
},
{
"FieldName": "FirstGivenName",
"Status": "match"
},
{
"FieldName": "MiddleInitial",
"Status": "missing"
}
],
"AppendedFields": [],
"Errors": [],
"FieldGroups": []
},
...
]
As shown in the example above, each DatasourceResult contains an array of DatasourceFields, which lists the fields this particular datasource has returned. Each Datasource Field consists of FieldName and Status.
FieldName describes the type of information that has been returned from the datasource, such as StreetName or YearOfBirth. You can use the API endpoint Get Fields to see all the fields available to you in a particular country. To ensure you get a response from every datasource, it is recommended that you include each field returned by Get Fields in your verification request if possible.
Status indicates whether or not a particular field matched what was on record in the datasource. It can take on the following values:
On occasion a datasource will respond with information that is not a match signal for a specific field, but might still be useful for you to know. A common example is the IsDeceased appended field, which indicates whether or not the person whose identity you are trying to verify is deceased. This information is included in the AppendedFields section for that datasource (underneath the DatasourceResults object):
"AppendedFields": [
"IsDeceased": "false"
],
The DatasourceResults object contains a section called Errors, which informs you of any errors that occurred during the verification. Errors are returned on a per-datasource basis because even if there is an issue with one particular datasource, the rest of the transaction will continue with the other sources. An example is when a field is formatted incorrectly. If that field is required for one datasource, but optional for all other sources, only the first datasource will return an error. The malformed field can be ignored by the remaining datasources, which will return match signals for all other fields.
At the end of the verification results is a Rule object, which describes how Qual-ID used the match signals in the datasource result fields to evaluate whether or not the identity was verified. You can work with support to configure your desired verification rules on a country-by-country basis, but the most commonly used rule is the Category 3 KYC rule shown below. This states that an individual will be verified if:
"Family" can encompass a number of data fields based on country, but in many cases it simply means "surname".
If any of the criteria of the verification rule are met, then the individual is considered verified, and the overall RecordStatus will be returned as a match (see below).
"Rule": {
"RuleName": "Category 3 KYC v3",
"Note": "Match(FamilyAndGivenInitial, DOB) or Match(FamilyAndGivenInitial, FullAddress) or Match(FamilyAndGivenInitial, ID) MiddleName Ignored"
}
The final portion of the Verify response, RecordStatus indicates the overall match status of the identity you provided, based on the datasource fields in combination with the verification rule discussed above. A RecordStatus of match means the identity was verified (i.e. one or more datasources provided match signals that satisfied the verification rule). A RecordStatus of nomatch means the identity could not be verified.
Text
"RecordStatus": "match",
The rich detail provided by Qual-ID's response allows you to make your application's own matching logic as simple or thorough as you like. You can take the RecordStatus value and use that to determine whether or not an identity was verified, or you can dig into the specific datasource results and perform your own field-by-field matching.