Deploy and Monitor

Quality assurance testing

This page outlines the steps you need to complete before launching your integration in production.

QA screen share

A smooth launch starts with validating your integration through a QA screen share. This step is required before going live to ensure that your implementation meets ID.me’s best practices. Work with your ID.me solution consultant to schedule the session once your integration is complete and ready for review.

Need a dedicated solution consultant? Email us at partnersupport@id.me

What is a QA screen share?

The QA screen share is the final checkpoint before moving to production. During this session, your team will walk ID.me’s representatives through the complete user experience in a non-production environment where they will confirm that the integration is both fully functional and adheres to all ID.me standards.

Prerequisites

Before scheduling the QA screen share, please ensure to test your integration thoroughly in a lower (non-production) environment. This not only validates the authentication flow, but also confirms that your overall application is functioning as expected. Depending on your use case, you should test to ensure:

  • The ID.me verification screen loads properly (via full-page redirect or popup)
  • All test credentials have been used and verified
  • Your logo and branding appear on the verification screens
  • Privacy policy and terms of service links are present on the consent screen
  • The redirect URI functions correctly after verification
  • The authorization code is successfully generated and captured
  • If applicable, the refresh token is successfully generated and captured
  • The payload is decrypted successfully
  • The user data object is stored correctly in your database
  • All data is used appropriately (for example, triggering a discount based on user affiliation)

Complete the QA screen share

During the session, the ID.me team will review your full integration flow and confirm:

  • The user experience (UX) is accessible and functional on both desktop and mobile
  • Redirects route users to the appropriate pages
  • Application activity is visible to ID.me (user activity, authorization codes, returned user info)
  • The integration adheres to ID.me brand and UX best practices
  • No sensitive information is exposed or stored in the DOM
  • The ID.me button, copy, and optional “What is ID.me?” or FAQ links are visible
  • Success messaging is properly displayed post-verification
  • Returned attributes are correctly parsed and populate expected fields
  • Error handling is implemented (?error-access_denied is gracefully handled)
  • Test credentials produce expected results (both passing and failing cases)
  • Any subgroup or attribute-specific logic is working (military service end data, occupational criteria)

Use case-specific check (if required)

  • Promotion or offer is clearly displayed and discoverable (landing page, banner, footer link)
  • Promotion type is defined (promo code, cart rule)
  • “Return to partner” UX is functional and clear in failed verification scenarios

Final questions and context

To complete the QA process, your account team may ask for additional context to prepare for go-live:

  • Did you encounter any challenges during setup?
  • What could we have done better during the integration process?
  • Do you have any outstanding questions or support needs?
  • Are your servers located in the United States?
  • Are there special considerations related to data handling or infrastructure?

Best practices

The following are some additional best practices to follow before going live.

Validate with ID.me-provided test credentials

ID.me will provide pre-verified test credentials during the credential validation process. Use these credentials to simulate login, grant consent, and complete the full redirect flow back to your application.

Identity verification

Use the ID.me sandbox environment to test identity verification scenarios:

  • Create unlimited test accounts using the Create an ID.me account option
  • Use any valid or test email address for account creation
  • Submit fake but realistic test data to complete verification
  • After initial verification, reuse the sandbox account for ongoing testing

This allows you to test the entire flow from account creation through verification and consent.

Data expectations

ID.me provides verified user data based on the type of policy and verification method used. Work with your account team to understand:

  • Which attributes are always returned
  • Which attributes are conditional based on the verification source

Example

If a user verifies with a driver’s license, ID.me can return a verified address

If a user verifies with a passport, the address field may be null

Best practice

Design your integration to handle missing or null values gracefully to ensure stability across all scenarios

Data minimization

To reduce risk and improve privacy posture, ID.me follows a data minimization philosophy. Your application should only request and receive attributes relevant to your use case.

Work with your ID.me solution consultant to define which data points are necessary. Avoid storing unused or unnecessary information in your system to minimize exposure and liability.