Retrieving a profile involves retrieving a Receipt ID, and decrypting it to get the user profile.
After the user scans a QR code and share their profile, the webshare script will perform an redirection from the QR code page to your redirect URI, passing the receipt Id as a query string parameter. This receipt id is URL encoded and should be decoded before being used with the Yoti SDK.
For a Redirect URI set as https://your-redirect-uri in the Share session configuration, the returned URL would look like the following: https://your-redirect-uri?receiptId=.
Yoti will automatically prefix this URL with domain name specified in your Yoti Hub app.
When your web application receives the receipt id via the defined endpoint as a query string parameter, you can easily retrieve the user profile. The user profile object provides a set of user attributes corresponding to the attributes that you request in the share session.
SDK process
When you pass the receipt id to the Yoti Identity Client object, the SDK does the following:
- Decrypts the wrapped receipt key attribute, using the application private key.
- Uses the decrypted key to decrypt the other party profile content attribute.
- Decodes the decrypted profile and returns it to your application.
The profile attributes are central to the SDK and allow you to see and work with the information that your users share with you.
yotiClient.getShareReceipt(receiptId) .then((shareReceipt) => { const sessionId = shareReceipt.getSessionId(); const rememberMeId = shareReceipt.getRememberMeId(); const parentRememberMeId = shareReceipt.getParentRememberMeId(); const profile = shareReceipt.getProfile(); const fullName = profile.getFullName().value; const dateOfBirth = profile.getDateOfBirth().getValue(); const gender = profile.getGender().getValue(); const nationality = profile.getNationality().getValue(); const postalAddress = profile.getPostalAddress().getValue(); const emailAddress = profile.getEmailAddress().getValue(); const phoneNumber = profile.getPhoneNumber().getValue(); const selfieImageData = profile.getSelfie().getValue(); const base64SelfieUri = selfieImageData.getBase64Content(); const documentDetails = profile.getDocumentDetails().getValue(); })Response codes
| Code | Description |
|---|---|
| 200 | OK |
| 404 | Receipt not found. |
Sources and Verifiers
You have a choice to allow unverified attributes like full name and address. Before completing the share, the end-user can get the attribute verified. However, if they decide to share the attribute without verification, the share will still go through but the attribute will be unverified. In order to check the verification status for a profile attribute, you can retrieve its source and verifier as describe above.
As an example, if the user has manually entered their address without verification, the postal_address attribute will have a source of USER_PROVIDED and verifier will be blank. If however, they chose to verify their address before sharing, the attribute verifier will be YOTI_IDENTITY and the sub type will contain the processing method of its verification.
Below represents an explanation of what is shown through our SDKs.
Sources
| Value | Description | Possible subtypes |
|---|---|---|
| USER_PROVIDED | Indicates that this attribute value was self-asserted by the user, with no supporting document as proof. | DAY_MONTH |
| PASSPORT | Indicates that this attribute value was extracted from a passport. The two subtypes available are via:- OCR or NFC. | OCR, NFC |
| DRIVING_LICENCE | Indicates that this attribute value was extracted from a driving licence. | N/A |
| NATIONAL_ID | The attribute was extracted from a National ID card / document | AADHAAR, STATE_ID, MYKAD |
| PASS_CARD | The attribute was extracted from a PASS card/document. | CITIZENCARD |
Verifiers
| Value | Description |
|---|---|
| YOTI_ADMIN | Indicates that this attribute value has been manually checked by staff at the Yoti security centre. |
| YOTI_IDENTITY | Indicates that the attribute value has been verified with a recognised identity database, or otherwise known as an Identity Verifier (IDV). |
| YOTI_OTP | The attribute has been verified by sending a generated one time passcode to it and checking it has been received |
| PASSPORT_NFC_SIGNATURE | The attribute was verified by its passport NFC signature |
| YOTI_UIDAI | Indicates that the attribute value has been verified with the Indian UIDAI system. |
| ISSUING_AUTHORITY | The attribute has been verified with a recognised document database |
| ISSUING_AUTHORITY_PKI | The signature that signed over the value on the original document has been verified with the relevant certificate authority |
// Get full name attribute and its sources/verifiersconst fullNameAttr = profile.getFullName();const fullNameSources = fullNameAttr.getSources().map(source => ({ value: source.getValue(), subType: source.getSubType(),}));const fullNameVerifiers = fullNameAttr.getVerifiers().map(verifier => ({ value: verifier.getValue(), subType: verifier.getSubType(),}));// Get all attributes and their sources/verifiersconst attributes = profile.getAttributesList();attributes.forEach(attribute => { const name = attribute.getName(); const value = attribute.getValue(); const sources = attribute.getSources().map(source => ({ value: source.getValue(), subType: source.getSubType(), })); const verifiers = attribute.getVerifiers().map(verifier => ({ value: verifier.getValue(), subType: verifier.getSubType(), }));});Fetch Session
Integrators also have the ability to retrieve a session's details by utilising an API call. This will return the status of the session and will also contain the Receipt ID that can be used to retrieve the decrypted user profile. Our SDKs can again be used to facilitate the API request to fetch a session.
yotiClient.getShareSession(sessionId) .then((shareSession) => { const shareId = shareSession.getId(); const status = shareSession.getStatus(); const expiry = shareSession.getExpiry(); const updatedDate = shareSession.getUpdated(); const createdDate = shareSession.getCreated(); const qrCodeId = shareSession.getScannedQrCodeId(); const receiptId = shareSession.getReceiptId(); })Session status
A Session state could be one of the following:
| Status | Description |
|---|---|
| COMPLETED | The share associated with the session was completed (with success receipt available). |
| FAILED | The share associated with the session was completed (with failure receipt available). |
| CANCELLED | Mobile app requested the session to be cancelled (before share was completed). |
| EXPIRED | The share associated with the session was never completed (no receipt available). |
| ERROR | A "catch-all" status for unexpected/unrecoverable errors that might happen during execution (e.g. we get a receipt but the service fails to parse it, required parameter not present). |
Error codes
| Error code | Description |
|---|---|
| 404 | No session exists for the specified ID. |
| 410 | Session has expired. |