Create a Liveness Check API

Q: How do webhook signatures work?

When an event fires, GlobalData POSTs the JSON body with a Signature HTTP header containing an HMAC SHA-256 hex digest of the payload, signed with the secret returned at creation. Verify the signature server-side to confirm authenticity. Webhooks come from a known set of IPs you can whitelist.

Q: What's lc_token and should I trust it?

When the user is redirected back to your return_url, an lc_token query parameter is added (and an error parameter on terminal failure states). Treat lc_token as untrusted input. Always fetch the definitive result from the GET endpoint under your authenticated server context.

Q: What's the difference between threshold and audit images?

threshold (0 to 99) is the score cutoff above which the liveness check is considered passed. audit_images (0 to 4) controls how many additional intermediate frame images are retained for around 30 minutes for audit and review purposes. The two are independent of each other.

POST

/liveness_check

LIVE

Creates a hosted liveness verification link. The end user is guided through a face liveness capture flow in their browser. The result (live human vs spoof attempt) can then be retrieved via the GET endpoint or pushed to your webhook. Configurable link validity, threshold and audit-image retention give you control over the flow without writing your own capture UI.

calendar_today Request a Demo Contact Sales

Home
API
Endpoints
Liveness Check
Create a Liveness Check API

Create a Liveness Check API

Example Request

POST

request.json

key Auth: BearerAuth

{
  "return_url": "https://example.com/return",
  "webhook_url": "https://example.com/webhook",
  "link_valid_mins": 10,
  "threshold": 70,
  "audit_images": 2
}

Request Schema

return_url

Required

url

Where to redirect the user after the flow completes (or hits a terminal state).

webhook_url

Optional

url

Optional webhook for lifecycle events.

link_valid_mins

Optional

integer · (5 to 30)

Link validity window. Default 10.

threshold

Optional

integer · (0 to 99)

Custom liveness score threshold. Default is the system value (currently 70).

audit_images

Optional

integer · (0 to 4)

Number of additional audit frame images to retain (beyond the single probe image).

Available Response Data

5 Data Points

inventory_2 What You Receive

fingerprint

token

used with the GET endpoint to fetch the result

data_object

url

hosted liveness capture URL to share with the end user

data_object

secret

used for webhook signature verification HMAC SHA-256 hex digest of the payload

data_object

webhook_url

echoed when supplied

fingerprint

API reference UUID

lock Full API documentation provided after vetting from our compliance team. Request sample response arrow_forward

By The Numbers

API Data Scale & Coverage tag

Unmatched data depth to power your compliance and verification workflows.

50M+

Phone & Email Records

40M+

Adverse Court Records

2BN+

Australian Universe Records

18M+

Real Estate Records

7M+

Deceased Records

980M+

Social Media & Employment Records

Practical Applications

Technical Use Cases tag

verified_user

Standalone liveness verification

Run liveness as an independent step. For example, before a high-value transaction, account recovery, or password reset, without invoking the full ID Pass flow

security

Anti-spoofing for sensitive workflows

Defend against photo, screen replay and mask attacks at high-risk customer touchpoints using NIST-grade liveness detection.

Real-time Notifications

Webhooks & Events tag

notifications

complete

The user has finished the liveness capture flow. Call GET /liveness_check?token=... from your authenticated backend to retrieve the result (passed boolean, confidence score, threshold applied, probe image, optional audit images). | link: /liveness_check (GET)

warning

expired

The link expired before the user completed the capture. The result endpoint will return HTTP 410 for this token. Create a new liveness check if the customer still needs to be verified. | link: /liveness_check (POST)

Trust & Assurance

Compliance & Security tag

Enterprise-grade infrastructure audited against the standards your regulators require.

verified_user

ISO 27001 Certified

enhanced_encryption

AES-256 Encryption

public

Australian Data Sovereignty

Integration & Support

Common Questions tag

Everything you need to know about implementation details and compliance infrastructure.

Filter by topic

help

Compliance Team

Global Data Support

Need help planning your custom integration or understanding our compliance coverage? Our team is here to assist.

shield_lock Security

How do webhook signatures work?

add

When an event fires, GlobalData POSTs the JSON body with a Signature HTTP header containing an HMAC SHA-256 hex digest of the payload, signed with the secret returned at creation. Verify the signature server-side to confirm authenticity. Webhooks come from a known set of IPs you can whitelist.

shield_lock Security

What's lc_token and should I trust it?

add

When the user is redirected back to your return_url, an lc_token query parameter is added (and an error parameter on terminal failure states). Treat lc_token as untrusted input. Always fetch the definitive result from the GET endpoint under your authenticated server context.

rocket_launch Implementation

What's the difference between threshold and audit images?

add

threshold (0 to 99) is the score cutoff above which the liveness check is considered passed. audit_images (0 to 4) controls how many additional intermediate frame images are retained for around 30 minutes for audit and review purposes. The two are independent of each other.

Try it Live

API Testing Sandbox tag

Test the Create a Liveness Check API directly in your browser with live mock data and see instant results.

rocket_launch Request Sandbox Access

Access to live sandbox environments requires manual approval from our compliance team.