Create an ID Pass API
/idpass/register
Generates a secure, configurable identity verification link for a customer. ID Pass supports Australian driver licences, Australian passports, foreign passports with an Australian visa, Centrelink cards and Medicare cards. The flow routes through the DVS, with optional face liveness, biometric document-photo matching, customer-supplied ID photo, webhook event notifications, and configurable image retention. Sensitive fields are encrypted at rest using a per-pass cipher key that's returned once and never logged.
Example Request
POSTRequest Schema
link_validity_days
How many days the link stays live. Default 7.
image_retention_days
How many days to retain captured images. 0 deletes them on completion. Default 0.
check_liveness
Whether to run face liveness during the flow.
document_1_allowed_types
document_2_allowed_types
document_3_allowed_types
Allowed document types per slot: licence, passport, medicare, visa, centrelink.
document_verification
dvs (full DVS verification, requires DVS Identity OAC), basic (format-only validation), or idsp (Global Data acts as IDSP on the customer's behalf, requires liveness plus IDSP enrolment). Default dvs.
require_id_photo
Require a customer-supplied ID photo.
id_photo_purpose
Required when require_id_photo is true. Shown on the photo capture page (for example "the SampleCo Membership Card").
webhook_url
Webhook receiver for lifecycle events.
webhook_events
Which events to notify on: opened, in_progress, complete, expired, failed, cancelled.
return_url
Page to link to from the completion screen.
requested_identity
Customer identity to be verified. Optional first_name, middle_name, last_name, date_of_birth. At least one of first_name or last_name is required if the object is supplied.
Available Response Data
4 Data Pointsid: UUID identifier for this ID Pass
cipher_key: encryption key for decrypting sensitive response fields. Returned once. Deleted from systems on completion.
link: the hosted ID Pass URL to share with the user
API reference UUID
API Data Scale & Coverage tag
Unmatched data depth to power your compliance and verification workflows.
Technical Use Cases tag
Remote customer onboarding
Replace in-branch identity verification with a hosted, biometric-secured flow your customer completes on their own device. Standard pattern in banking, super, insurance and credit applications.
Embedded in mobile workflows
Generate a unique link mid-application and deep-link the customer into the flow, with return-url handling that brings them back to your app on completion.
Tenancy and property management
Verify tenant identity during a lease application with full document plus liveness plus selfie verification. A real improvement over photocopied driver licences emailed across
AUSTRAC-compliant KYC
Document verification via the DVS, plus optional liveness and biometric photo matching, satisfies high-assurance KYC controls under the AML/CTF Act for reporting entities.
Webhooks & Events tag
opened
The user has proceeded past the welcome page of the ID Pass flow. Useful for tracking funnel drop-off at the entry point. | link: /idpass/details
in_progress
The user has given consent and started the verification flow proper. Once this fires, cancelling the pass no longer refunds the fee. | link: /idpass/detail
complete
The verification flow has completed. Hit /idpass/details with the cipher key to retrieve the full result, including pass/fail outcome, captured document data and validation summary. | link: /idpass/details
expired
The link validity window elapsed before the user completed the flow. Issue a new ID Pass if the customer still needs to be verified. | link: /idpass/register
failed
The flow terminated in a failed state. Pull the details for the human-readable verification_description and debug logs to understand why. | link: /idpass/details
cancelled
The ID Pass was cancelled (either by your app via /idpass/cancel or by the user abandoning the flow). | link: /idpass/cancel
Compliance & Security tag
Enterprise-grade infrastructure audited against the standards your regulators require.
Common Questions tag
Everything you need to know about implementation details and compliance infrastructure.
shield_lock Security
How does the encryption work?
add
How does the encryption work?
All PII fields are encrypted at rest using a unique per-ID-Pass cipher key. The key is returned once in the register response and deleted from GlobalData systems once the ID Pass completes. If you lose the cipher key, the data can’t be recovered or decrypted. Secure storage is your responsibility.
rocket_launch Implementation
dvs vs basic vs idsp — which one do I pick?
add
dvs vs basic vs idsp — which one do I pick?
dvs runs full DVS verification (needs a DVS Identity / OAC on your account for live use). basic validates document format only (card number patterns, Medicare checksums) without hitting the DVS. Useful when you don’t have a DVS Identity. idsp has Global Data perform verification on your behalf as an Identity Service Provider (needs liveness plus IDSP enrolment).
rocket_launch Implementation
What webhooks fire and when?
add
What webhooks fire and when?
Six event types. opened (user proceeded past the welcome page), in_progress (consent given), complete (flow complete), expired (link validity elapsed), failed, and cancelled. Subscribe to any subset via webhook_events.
gavel Compliance
Which document types are supported?
add
Which document types are supported?
Five. Australian driver licence, Australian passport, foreign passport (for visa holders), Medicare card, and Centrelink card. You can allow different types per document slot (licence-only for doc 1, passport-or-medicare for doc 2, for example).
API Testing Sandbox tag
Test the Create an ID Pass API directly in your browser with live mock data and see instant results.
rocket_launch Request Sandbox AccessAccess to live sandbox environments requires manual approval from our compliance team.