Tokens (Yoti Key)

AI Tools

When a user visits a restricted content website, they’re sent to the Age Verification Service to verify their age. Yoti identifies the content provider, the age requirement, and any criteria specified for the verification. With this information, Yoti create a credential subject that contains the age token and a credential proof that contains a digital signature that proves the credential was issued by Yoti.

Age token

When the user lands on your site there will be a token request, a check is performed to see if the user has an age claim that matches your requirements.

If a user doesn’t have a token that meets your requirements, they’ll be sent through the age verification process to prove their age again. You will need to add rules to your configuration. This can be done by creating a specific rule ID, or by simply using your session creation payload as the requirements.

Yoti Key Method

Yoti Keys represent Yoti’s version of a passkey - a secure, user-friendly method for accessing websites and apps. Designed to replace traditional username and password authentication, passkeys use biometric data to ensure a seamless and secure login experience for users.

A passkey is made of two parts, which are cryptographically linked - a private key (stays in your passkey vault) and a public key (stored on a website). Neither key is useful without the other, so this adds an extra layer of security should a data breach occur.

Yoti Keys is a reusable age verification solution that only contains information on the initial age check, such as the age method used and the time the age token was created.

Each Yoti Key stores only non-personalised age verification data (like method and timestamp), making it privacy-first and regulation-friendly.

Key Benefits:

Reduce friction for returning users
Protect privacy and anonymity
Flexible and customisable to meet global regulatory requirements (each website defines its own criteria for accepting a Yoti Key, in line with its regulatory requirements)
Enhance trust and safety
Privacy-first approach
Only need to integrate with one Yoti AVS method to use Yoti Keys
Can be used across linked devices

You will need to configure the yoti_key method to enable the age token functionality.

JSON
    
xxxxxxxxxx
 
{    "type": "OVER",    "age_estimation": {        "allowed": true,        "threshold": 21,        "level": "PASSIVE",        "retry_limit": 1    },    "digital_id": {        "allowed": true,        "threshold": 18,        "retry_limit": 1    },    "doc_scan": {        "allowed": true,        "threshold": 18,        "authenticity": "AUTO",        "level": "PASSIVE",        "retry_limit": 1    },    "yoti_key": {      "allowed": true,      "authentication": true // true for Yoti key, false for Age token    },    "ttl": 900,    "reference_id": "over_18_example",    "callback": {       "auto": true,       "url": "https://www.yoti.com"    },    "notification_url": "https://yourdomain.example/webhook",    "cancel_url": "https://www.yoti.com",    "retry_enabled": false,    "resume_enabled": false,    "synchronous_checks": true}
Copy

Field	Types/Value	Description
allowed	`true` / `false`	Enable the verification method to be available for the user to use.
authentication	`true` / `false`	`False` - When the Yoti user interface launches, we check if the user has a token that matches the requirements set in the rule. If it matches, the user is immediately directed to the callback URL. `True` - When users finish any of the Yoti age verification methods, they have the option to create a passkey. They can then use this Yoti key to quickly pass any future age verification sessions that they need to undergo. If authentication is set to true, the Yoti user interface will be shown, and the user can then select the yoti_key method to verify their age, or they can use another method in the UI.

Last updated on

Was this page helpful?