Retrieve the profile
Retrieving a profile involves receiving a one-time-use token, and decrypting it to get a user profile.
When a user scans a QR code, Yoti makes a GET request to your callback URL, passing a token as a query string parameter. The token is URL encoded and should be decoded before being used with the Yoti SDK.
For a URL set as https://your-callback-url in Yoti Hub, the returned callback URL would look like the following: https://your-callback-url?token=
You can set and edit the callback URL within your Yoti application under the Integration tab. Yoti will automatically prefix the URL with your domain.
When your web application receives a token via the exposed endpoint as a query string parameter, you can easily retrieve the user profile. The user profile object provides a set of attributes corresponding to the user attributes you specified during the creation of your Yoti application on Hub.
SDK process
When you pass the token to the Yoti Client object, the SDK does the following:
- Decrypts the wrapped receipt key attribute, using the application private key.
- Uses the decrypted key to decrypt the other party profile content attribute.
- Decodes the decrypted profile and returns it to your application.
The profile attributes are central to the SDK and allow you to see and work with the information that your users share with you.
yotiClient.getActivityDetails(oneTimeUseToken) .then((activityDetails) => { const rememberMeId = activityDetails.getRememberMeId(); const parentRememberMeId = activityDetails.getParentRememberMeId(); const receiptId = activityDetails.getReceiptId(); const timestamp = activityDetails.getTimestamp(); const profile = activityDetails.getProfile(); const applicationProfile = activityDetails.getApplicationProfile(); const selfieImageData = profile.getSelfie().getValue(); const base64SelfieUri = profile.getSelfie().getValue().getBase64Content(); const fullName = profile.getFullName().getValue(); const familyName = profile.getFamilyName().getValue(); const givenNames = profile.getGivenNames().getValue(); const phoneNumber = profile.getPhoneNumber().getValue(); const emailAddress = profile.getEmailAddress().getValue(); const dateOfBirth = profile.getDateOfBirth().getValue(); const postalAddress = profile.getPostalAddress().getValue(); const structuredPostalAddress = profile.getStructuredPostalAddress().getValue(); const gender = profile.getGender().getValue(); const nationality = profile.getNationality().getValue(); const ageVerifications = profile.getAgeVerifications(); const ageVerified = profile.findAgeVerification('age_over:', 18).getValue(); // or 'age_under:' const documentDetails = profile.getDocumentDetails().getValue(); const applicationName = applicationProfile.getName().getValue(); const applicationUrl = applicationProfile.getUrl().getValue(); const applicationLogo = applicationProfile.getLogo().getValue(); const applicationReceiptBgColor = applicationProfile.getReceiptBgColor().getValue(); // You can retrieve the sources and verifiers for each attribute as follows const givenNamesObj = profile.getGivenNames() const givenNamesSources = givenNamesObj.getSources(); // list/array of anchors const givenNamesVerifiers = givenNamesObj.getVerifiers(); // list/array of anchor // You can also retrieve further properties from these respective anchors in the following way: // Retrieving properties of the first anchor const value = givenNamesSources[0].getValue(); // string const subtype = givenNamesSources[0].getSubType(); // string const timestamp = givenNamesSources[0].getSignedTimeStamp().getTimestamp(); // Date object const originServerCerts = givenNamesSources[0].getOriginServerCerts(); // list of X509 certificates })Well done! This is the end of the integration!
Sources and Verifiers
As discussed earlier, you have a choice to allow unverified attributes like full name and address. Before completing the share, the end-user can get the attribute verified. However, if they decide to share the attribute without verification, the share will still go through but the attribute will be unverified. In order to check the verification status for a profile attribute, you can retrieve its source and verifier as describe above.
As an example, if the user has manually entered their address without verification, the postal_address attribute will have a source of USER_PROVIDED and verifier will be blank. If however, they chose to verify their address before sharing, the attribute verifier will be YOTI_IDENTITY and the sub type will contain the processing method of its verification.