User verification events
ID.me requires two bits of information to create a User Verification Event Stream:
- Receiver URL: The public URL to which ID.me should stream events.
Example:https://example.com/api/v1/events - Authentication Method: If protected by authentication, the details of the auth pattern. We support:
If your Receiver URL uses another form of authentication, please reach out to us at partnersupport@id.me.
Architecture
Setup your audience
Set up your Receiver URL
Specify one or more applications you want your audience to subscribe to
Specify the event handles you want to receive
Process
A user begins the verification process for an Audience’s application
Events are emitted
If the Audience is subscribed to the event handle, the event proceeds through the pipeline
A check is performed to see if the user has consented to share information with your application
If consent has been granted by the user, the event is emitted to your Audience’s Receiver URL
If consent has not been granted by the user, the event is embargoed
After the user consents to sharing information with your application, embargoed events are released and delivered to your Receiver URL
Real-time events
| Event | Description |
|---|---|
2fa.complete | Successful completion of multifactor authentication. |
2fa.delivery | The user’s chosen multifactor authentication option is sent to the user’s device |
2fa.download | User downloaded the recovery code |
2fa.initiate | MFA method is selected |
2fa.options | MFA methods are presented to the user |
2fa.recovery.complete | The recovery code is successfully used for MFA |
2fa.recovery.confirm | User clicks link in email to confirm updating MFA settings |
2fa.recovery.delivery | Email sent to the user after requesting to change their MFA settings when logging in |
2fa.recovery.failure | User’s information entered to update their MFA cannot be validated and fails |
2fa.response | The user enters the MFA code during authentication |
2fa.revoke | User removes an MFA method from My Account |
account.agreement | User accepts Terms of Service and Privacy Policy |
account.lockout.delivery | The user is sent an email to help with account recovery after lockout due to too many bad password attempts |
account.password.change | Email notification to the user once they’ve reset their password in the “forgot password” flow |
account.password.complete | Password was successfully reset |
account.password.delivery | User submitted their username in the “forgot password” flow and receives an email to start reset password flow |
account.password.failure | Reset password failed because the link clicked from the email to reset password is no longer valid |
account.password.response | User clicked link in the email taking them to the reset password page |
appointment.start | User starts the supervised flow |
consent.allow | User allowed consent to authorize the [integration] to access identity verification data |
consent.deny | User denied consent to authorize the [integration] to access identity verification data |
consent.revoke | User revoked consent for an integration to access their data from their My Account settings |
email.account.confirm | The newly added email address to My Account was confirmed (via link click in email) |
email.account.delivery | The “confirm email” is sent to newly added email to confirm ownership before officially adding the email to My Account |
email.confirmation.complete | Email was successfully confirmed by clicking the prompt in the email or entering the 6 digit code into the screen |
email.confirmation.delivery | An email was sent to the registered email to confirm ownership of the email |
email.create | An email is added in the user’s ID.me My Account |
email.primary | Email in My Account was made the primary email |
email.remove | Email listed in My Account was removed |
federation.confirmation.complete | User taps the CTA in their email to confirm connecting their account |
federation.confirmation.delivery | User signs in using a social login (LinkedIn, etc.) and taps “Connect” to connect their ID.me account using that email |
federation.connect | Social login is added as an option from My Account |
federation.remove | Social login is removed as an option from My Account |
inperson.appointments.attempt_created | An identity attempt is created for the user. |
inperson.appointments.booked | The appointment is scheduled for the selected timeslot at the selected location. |
inperson.appointments.closed | Other in-progress appointments for a user are closed when an appointment is marked as credentialed. |
inperson.appointments.credentialed | The user identity verification is completed and accepted. |
inperson.appointments.denied | An ID.me document reviewer has rejected one or more identity documents. |
inperson.appointments.documents_uploaded | The user’s identity documents have been uploaded. |
inperson.appointments.expired | The appointment expires if the user does not complete in-person verification within 30 days. This is followed by a request to Sterling to cancel the order. |
inperson.appointments.failed_dupe | The user failed the dupe check |
inperson.appointments.in_store_verified | The user has submitted their information at a kiosk and it has been reviewed by the in person technician. The payload has been received by ID.me from Sterling. |
inperson.appointments.info_reviewed | The user has confirmed their submitted PII and appointment details |
inperson.appointments.location_selected | The users searches for a kiosk location by city or zip code and makes a selection. |
inperson.appointments.order_canceled | The appointment will be cancelled if it has been replaced by a new appointment or expired. |
inperson.appointments.order_created | The appointment request is sent to Sterling, which returns a registration code that the user can enter or scan via a QR code at the kiosk. (Note: this is distinct from the previous request to book the timeslot at the selected location). |
inperson.appointments.pending_review | The user is asked to review their PII and appointment details. |
inperson.appointments.pii_collected | The user has submitted their PII on the PII entry screen. |
inperson.appointments.pii_mismatch | The user failed pii mismatch |
inperson.appointments.replaced | The appointment was replaced by another. This is followed by a request to Sterling to cancel the order |
inperson.appointments.review_requested | An ID.me review of identity documents has been requested for the user. |
inperson.user.already_verified | A user attempted to create an appointment but was informed that they are already verified. |
session.failed | Incorrect password is provided when signing in |
session.limited | User is already signed in within a different browser |
session.lockout.applied | Account is locked after too many failed password attempts |
session.lockout.expired | 72 hours has passed after the locked has been applied. This re-enables the ability for the user to attempt login |
session.signin | User successfully signed in to their ID.me account |
session.signout | User logs out of their ID.me account |
session.signup | Successfully created a new ID.me account by inputting an email and password |
session.suspended | User attempts to take an action but cannot proceed due to account suspension |
session.timeout | A user’s session times out due to inactivity |
status.revocation.applied | User successfully closed their ID.me account |
status.revocation.requested | User in My Account takes action to close their account |
status.signal.applied | Indicates an account takeover (ATO) has been detected and the user is attempting to reclaim the account. The status allows the account to complete re-verification. |
status.suspension.applied | A user’s account is suspended preventing the user from using their ID.me login |
status.suspension.removed | The user’s account suspensions status is removed |
supervised.appointments.attended | User made an appointment, waiting for the appointment time, acknowledged they were present, then joined the video session |
supervised.appointments.canceled | User made an appointment, then either rescheduled or canceled the appointment before they were able to attend the appointment |
supervised.appointments.created | User created an appointment |
supervised.appointments.missed | User created an appointment, left, but did not rejoin the waiting room around the appointment time |
supervised.appointments.schedule_link_clicked | User clicked on the create appointment link on the waiting page |
transaction.complete | SAML or OAuth success or failure |
verification.choice.dtr_full | User chose “Video Chat Agent” on alternate options screen with DTR Lite not enabled |
verification.choice.dtr_lite | User chose “Video Chat Agent” on alternate options screen with DTR Lite enabled |
verification.choice.in_person | User chose In-Person Verification from alternate options screen |
verification.choice.unsupervised | User chose “Self Service” on alternate options screen |
verification.complete | Successfully completed verification |
verification.initiate | Unsupervised identity verification method is selected (i.e. document is selected) |
verification.liveness.checkup | Successfully completed liveness after initial NIST IAL2 + Liveness verification |
verification.options | Verification methods are presented to the user when DTR is enabled (i.e. Self-service or Verify on a video call) |
verification.phone.authorization.approved | Approved activity and email address associated with the account when transitioning to mobile |
verification.phone.authorization.denied | Denied activity and email address associated with the account when transitioning to mobile |
verification.progress | User is shown the “Review Info” screen at the end of unsupervised verification |
verification.redirect.alternate_supervised | User voluntarily selects to verify via the supervised flow rather than being routed to the supervised flow from unsupervised (i.e., Direct-to-TR) when TR Lite is not enabled for DTR |