SICAP (Secure Image Capture) ensures the captured image has not been manipulated (for example, injected) before it is submitted to the Yoti backend for processing.
In order to use SICAP, you will need to:
- Install Yoti’s Face Capture Module (FCM)
- Set the secure prop to true
- Use the full FCM output for the image and secure data
- Add a query parameter when calling the Yoti API endpoints
- Ensure to pass both the image and secure body to Yoti API endpoints
FCM image output cannot be modified. Any change in ‘img’ will be rejected by the backend. For the best security, you should always ensure the latest version of the Face Capture module is being used, and keep this regularly updated.
Endpoints
If you wish to use the secure feature, you will need to add the query parameter ‘?secure=true’ to the applicable endpoint below:
- /v1/age?secure=true
- /v1/age-antispoofing?secure=true
- /v1/antispoofing?secure=true
If secure is requested, you will also need to add a “secure” field in the request body, or you will get an 'INVALID_REQUEST_BODY' error message.
If using the YotiSDK, the query parameter should be set with the appropriate query parameter function call, not directly to the endpoint.
Request body
Face capture module will automatically return “img” and “secure” on success. Do not modify these fields manually.
{ "img": "base64_image", "metadata": { "device": "mobile | laptop" }, "secure": { "version": "<module_version>", "token": "<session_jwt>", "signature": "<result_signature>", "verification": "<verification_data>" }}Response body
This remains the same as the response without the SICAP. Example for /v1/age-antispoofing:
{ "antispoofing": { "prediction": "real | fake" }, "age": { "st_dev": float, "age": float }}Error codes
SICAP feature error codes are below:
| HTTP Code | Error Code | Error Description |
|---|---|---|
| 400 | SECURE_REQUEST_IS_EMPTY | Secure request field is empty. |
| 400 | SECURE_SESSION_NOT_FOUND | Secure session not found. |
| 400 | SECURE_SIGNATURE_NOT_FOUND | Secure signature not found. |
| 400 | SECURE_VERSION_NOT_FOUND | Secure version not found. |
| 400 | INVALID_SECURE_SIGNATURE | Failed to verify secure session signature. |
| 400 | SECURE_VERIFICATION_NOT_FOUND | Secure verification not found. |
| 400 | UNTRUSTED_SECURE_SESSION | Untrusted secure session |
| 401 | INVALID_SECURE_SESSION | Invalid secure session token. |
End of policy
This page provides information on the released versions of our Secure Face Capture Module (FCM). We have a standard 18-month support cycle, whereby a module version will be active for 1 year and then 6 months in deprecation mode.
You should migrate to a supported version before the end of its deprecation period.
The tables below list the released versions and their support timeline.
| Module version | Deprecation date | Expiration date |
|---|---|---|
| SICAP 2.8.0 | 2026-09-15 | 2027-03-17 |
| SICAP 2.7.0 | 2026-07-16 | 2027-01-15 |
| SICAP 2.6.2 | 2026-05-27 | 2026-11-26 |
| SICAP 2.6.1 | 2026-04-30 | 2026-10-30 |
| SICAP 2.6.0 | 2026-04-03 | 2026-10-03 |
| SICAP 2.5.1 | 2026-02-18 | 2026-08-20 |
| SICAP 2.5.0 | 2026-01-28 | 2026-07-30 |
| SICAP 2.4.0 | 2025-09-26 | 2026-03-28 |
Deprecated/expired versions
| Module version | Deprecation date | Expiration date |
|---|---|---|
| SICAP 2.3.2 | 2025-09-11 | 2026-03-13 |
| SICAP 2.3.1 | 2025-08-14 | 2026-02-13 |
| SICAP 2.3.0 | 2025-08-13 | 2026-02-12 |
| SICAP 2.2.1 * | 2025-05-23 | 2025-11-22 |
| SICAP 2.2.0 * | 2025-04-11 | 2025-10-11 |
| SICAP 2.1.0 | 2025-02-21 | 2025-08-21 |
| SICAP 2.0 | 2024-12-20 | 2025-06-20 |
| SICAP 2.0-beta.1 | 2024-02-20 | 2024-04-20 |
| SICAP 1.4 | 2024-12-20 | 2025-06-20 |
| SICAP 1.3 | 2024-12-20 | 2025-06-20 |
| SICAP 1.2 | 2024-12-20 | 2025-06-20 |
| SICAP 1.1 | 2024-12-20 | 2025-06-20 |
| SICAP 1.0 | 2024-12-20 | 2025-06-20 |