User verification events

ID.me requires two bits of information to create a User Verification Event Stream:

  • Receiver URL: The public URL to which ID.me should stream events.
    Example: https://example.com/api/v1/events
  • Authentication Method: If protected by authentication, the details of the auth pattern. We support:
No auth
Basic auth
Bearer tokens
OAuth2

If your Receiver URL uses another form of authentication, please reach out to us at partnersupport@id.me.

Architecture

Setup your audience

1

Set up your Receiver URL

2

Specify one or more applications you want your audience to subscribe to

3

Specify the event handles you want to receive

Process

1

A user begins the verification process for an Audience’s application

2

Events are emitted

3

If the Audience is subscribed to the event handle, the event proceeds through the pipeline

4

A check is performed to see if the user has consented to share information with your application

5

If consent has been granted by the user, the event is emitted to your Audience’s Receiver URL

6

If consent has not been granted by the user, the event is embargoed

7

After the user consents to sharing information with your application, embargoed events are released and delivered to your Receiver URL

Real-time events

EventDescription
2fa.completeSuccessful completion of multifactor authentication.
2fa.deliveryThe user’s chosen multifactor authentication option is sent to the user’s device
2fa.downloadUser downloaded the recovery code
2fa.initiateMFA method is selected
2fa.optionsMFA methods are presented to the user
2fa.recovery.completeThe recovery code is successfully used for MFA
2fa.recovery.confirmUser clicks link in email to confirm updating MFA settings
2fa.recovery.deliveryEmail sent to the user after requesting to change their MFA settings when logging in
2fa.recovery.failureUser’s information entered to update their MFA cannot be validated and fails
2fa.responseThe user enters the MFA code during authentication
2fa.revokeUser removes an MFA method from My Account
account.agreementUser accepts Terms of Service and Privacy Policy
account.lockout.deliveryThe user is sent an email to help with account recovery after lockout due to too many bad password attempts
account.password.changeEmail notification to the user once they’ve reset their password in the “forgot password” flow
account.password.completePassword was successfully reset
account.password.deliveryUser submitted their username in the “forgot password” flow and receives an email to start reset password flow
account.password.failureReset password failed because the link clicked from the email to reset password is no longer valid
account.password.responseUser clicked link in the email taking them to the reset password page
appointment.startUser starts the supervised flow
consent.allowUser allowed consent to authorize the [integration] to access identity verification data
consent.denyUser denied consent to authorize the [integration] to access identity verification data
consent.revokeUser revoked consent for an integration to access their data from their My Account settings
email.account.confirmThe newly added email address to My Account was confirmed (via link click in email)
email.account.deliveryThe “confirm email” is sent to newly added email to confirm ownership before officially adding the email to My Account
email.confirmation.completeEmail was successfully confirmed by clicking the prompt in the email or entering the 6 digit code into the screen
email.confirmation.deliveryAn email was sent to the registered email to confirm ownership of the email
email.createAn email is added in the user’s ID.me My Account
email.primaryEmail in My Account was made the primary email
email.removeEmail listed in My Account was removed
federation.confirmation.completeUser taps the CTA in their email to confirm connecting their account
federation.confirmation.deliveryUser signs in using a social login (LinkedIn, etc.) and taps “Connect” to connect their ID.me account using that email
federation.connectSocial login is added as an option from My Account
federation.removeSocial login is removed as an option from My Account
inperson.appointments.attempt_createdAn identity attempt is created for the user.
inperson.appointments.bookedThe appointment is scheduled for the selected timeslot at the selected location.
inperson.appointments.closedOther in-progress appointments for a user are closed when an appointment is marked as credentialed.
inperson.appointments.credentialedThe user identity verification is completed and accepted.
inperson.appointments.deniedAn ID.me document reviewer has rejected one or more identity documents.
inperson.appointments.documents_uploadedThe user’s identity documents have been uploaded.
inperson.appointments.expiredThe appointment expires if the user does not complete in-person verification within 30 days. This is followed by a request to Sterling to cancel the order.
inperson.appointments.failed_dupeThe user failed the dupe check
inperson.appointments.in_store_verifiedThe user has submitted their information at a kiosk and it has been reviewed by the in person technician. The payload has been received by ID.me from Sterling.
inperson.appointments.info_reviewedThe user has confirmed their submitted PII and appointment details
inperson.appointments.location_selectedThe users searches for a kiosk location by city or zip code and makes a selection.
inperson.appointments.order_canceledThe appointment will be cancelled if it has been replaced by a new appointment or expired.
inperson.appointments.order_createdThe appointment request is sent to Sterling, which returns a registration code that the user can enter or scan via a QR code at the kiosk. (Note: this is distinct from the previous request to book the timeslot at the selected location).
inperson.appointments.pending_reviewThe user is asked to review their PII and appointment details.
inperson.appointments.pii_collectedThe user has submitted their PII on the PII entry screen.
inperson.appointments.pii_mismatchThe user failed pii mismatch
inperson.appointments.replacedThe appointment was replaced by another. This is followed by a request to Sterling to cancel the order
inperson.appointments.review_requestedAn ID.me review of identity documents has been requested for the user.
inperson.user.already_verifiedA user attempted to create an appointment but was informed that they are already verified.
session.failedIncorrect password is provided when signing in
session.limitedUser is already signed in within a different browser
session.lockout.appliedAccount is locked after too many failed password attempts
session.lockout.expired72 hours has passed after the locked has been applied. This re-enables the ability for the user to attempt login
session.signinUser successfully signed in to their ID.me account
session.signoutUser logs out of their ID.me account
session.signupSuccessfully created a new ID.me account by inputting an email and password
session.suspendedUser attempts to take an action but cannot proceed due to account suspension
session.timeoutA user’s session times out due to inactivity
status.revocation.appliedUser successfully closed their ID.me account
status.revocation.requestedUser in My Account takes action to close their account
status.signal.appliedIndicates an account takeover (ATO) has been detected and the user is attempting to reclaim the account. The status allows the account to complete re-verification.
status.suspension.appliedA user’s account is suspended preventing the user from using their ID.me login
status.suspension.removedThe user’s account suspensions status is removed
supervised.appointments.attendedUser made an appointment, waiting for the appointment time, acknowledged they were present, then joined the video session
supervised.appointments.canceledUser made an appointment, then either rescheduled or canceled the appointment before they were able to attend the appointment
supervised.appointments.createdUser created an appointment
supervised.appointments.missedUser created an appointment, left, but did not rejoin the waiting room around the appointment time
supervised.appointments.schedule_link_clickedUser clicked on the create appointment link on the waiting page
transaction.completeSAML or OAuth success or failure
verification.choice.dtr_fullUser chose “Video Chat Agent” on alternate options screen with DTR Lite not enabled
verification.choice.dtr_liteUser chose “Video Chat Agent” on alternate options screen with DTR Lite enabled
verification.choice.in_personUser chose In-Person Verification from alternate options screen
verification.choice.unsupervisedUser chose “Self Service” on alternate options screen
verification.completeSuccessfully completed verification
verification.initiateUnsupervised identity verification method is selected (i.e. document is selected)
verification.liveness.checkupSuccessfully completed liveness after initial NIST IAL2 + Liveness verification
verification.optionsVerification methods are presented to the user when DTR is enabled (i.e. Self-service or Verify on a video call)
verification.phone.authorization.approvedApproved activity and email address associated with the account when transitioning to mobile
verification.phone.authorization.deniedDenied activity and email address associated with the account when transitioning to mobile
verification.progressUser is shown the “Review Info” screen at the end of unsupervised verification
verification.redirect.alternate_supervisedUser voluntarily selects to verify via the supervised flow rather than being routed to the supervised flow from unsupervised (i.e., Direct-to-TR) when TR Lite is not enabled for DTR