Overview & Integration Guide

Here you will find an overview of the major steps required to integrate Passbase into your application. You can find more details on each step in the relevant sections.

Best Practice Implementation

The steps in this section will guide you to integrate Passbase with your App & Backend. The graph above gives an overview on how our identity platform works, where to receive notifications, and how you can interact with Passbase. We suggest you do the following:

  1. Create a Passbase developer account if you haven't done so (sign-up here)

  2. Integrate the Verification flow with one of our client-side SDKs

  3. Set up Webhooks, so that you are notified about completed or reviewed verification events

  4. Optional - Enable the Reauthentication flow

  5. Retrieve data via our API. Integrate one of our server-side libraries in your backend to handle the webhook events and query the Passbase API for details about a verification using identityAccessKey(client-side SDKs) or key (from the webhook).

1. Create a Passbase Developer Account

In order for your application to communicate with Passbase you need to signup for a Passbase developer account in our dashboard and retrieve your API keys from Settings > API Keys. You'll use your publishable API key for all client-side SDKs (e.g. your web App or mobile Applications).

You'll use your secret API key for all server-side libraries (e.g. your backend server).

You can find more details on API key configurations in the initial setup section of our documentation.

2. Integrate the Verification Flow

Depending on your requirements, you can integrate Passbase via one of our client-side SDKs (HTML + JavaScript, React, Angular, Web Link, iOS, Android, React Native).

The client-side integration process can be summarized in 3 steps:

  1. Install and import one of our client-side SDKs in your application

  2. Render the Verify Me button component in your view

  3. Your users will complete a Verification through the Verification flow - on completion, you need to track theVerification in your dashboard and handle it accordingly via the callbacks (e.g. onFinish function)

3. Setup Webhooks

Passbase uses webhooks to notify your backend when an event happens in your client-side SDK. Webhooks are useful for asynchronous events like when a user completes a Verification, or a Verification has been reviewed.

You can find more details on the events and the request body format in the webhooks section of our documentation.

4. Enable the Reauthentication Flow (Optional)

Currently in beta, please reach out to our customer support team to activate this feature for your account

Once you have received a successful webhook for a Verification, and you established a link between a user in your application and a Passbase User. This means you can hand off the login functionality of your application to Passbase, without having to worry about enforcing strong passwords and storing credentials. You can enable the Reauthentication functionality based on your security rules. For example, you can ask a user to Re-Authenticate before a high risk transaction.

You can find more details on how to proceed with this type of integration along the client-side SDK sections of our documentation.

5. Retrieve Data From the API

We recommend our clients request & store as few data points as possible. This decreases your data liability to the extent, that you only have to protect the data you truly need. If you only care that a user has been verified or is over a certain age, then you should store this as a boolean (true/false) about them after we have completed the identity or age verification of that user.

For security purposes, we recommend you to minimize the Data points stored on your server. That being said, if you need to retrieve information related to a Verification you can do so via the Passbase API. You can retrieve the following types of data:

  • Data points collected and shared during a Verification (E.g. first name, last name, document number, identity score)

  • Metadata related to the Verification (i.e. user agent, timestamp, user references)

  • [Requires special permission] Resources submitted by the User (E.g. ID document pictures, selfie videos)

You can find more details on the endpoints and the response format in the API section of our documentation.

Example Projects

You can find different sample projects on our official Github page, where you can test an integration and copy sample code:

Web:

Mobile Apps:

Fullstack:

Server: