Introducing the ID Evidence API
The new ID Evidence API can help developers get additional information about Docusign transactions that include identity verification components.
I’m thrilled to announce that we’re launching the ID Evidence API. Last year, we launched ID Verification through the Docusign platform, but some of our customers needed more. As they were used to keeping track of the ID verifications they did face-to-face, they also wanted Docusign to provide functionality to keep track of ID verifications done online. This led to the launch of ID Evidence, a feature provided as part of Docusign ID Verification to deliver evidence of the ID verification process.
What is the ID Evidence API?
Each time you ask Docusign to verify the identity of recipients, ID Evidence can store selected ID data in a proof file with the final status of the ID verification
Example of capture of ID data using ID Evidence
The ID Evidence API is the natural extension of ID Evidence. It enables our customers to keep the information they need within their own information system each time an ID verification has been done. This API can be useful for all ID Verification customers who need to prove, in an automated way, that they did what they were supposed to do. For instance, regulated customers, internal audit commitments, or governance processes may require keeping track of an ID verification. This API can also help customers to cross-check the information they already stored in their system with ID Evidence data.
What can you do with the ID Evidence API?
The ID Evidence API enables ID Verification customers to capture identification events or metadata and render related data into meaningful outputs. If you're using ID Verification to verify the identity of your recipients, you can use ID Evidence to store the identification data you want and use its API to export stored data, such as first name, last name, date of birth, expiration date, or copies of scanned IDs to JSON or PDF format.
Who controls PII?
By default, ID Evidence does not store Personally Identifiable Information (PII). It is up to you to decide whether you want to store the copies of IDs and other personal data. The choice of data to keep with ID Evidence is managed in the Admin configuration interface.
How do you use the ID Evidence API?
To use ID Evidence, you must have the ID Verification feature enabled in your account. Ask your Docusign representative for more information. Once ID Verification is enabled, you must configure in Docusign Settings the ID Evidence data you wish to store in the last part of the ID Verification configuration. If you want to return an image, you must select Front side of the ID and/or Back side of the ID. See Identity Verification Configurations in the Docusign Admin Guide for more information.
Note: If you have configured ID Evidence to store a copy of a photo ID, a honeycomb pattern is added to the image to help prevent any future use.
As with other Docusign APIs, ID Evidence API is secured through OAuth authentication. You first need to get an access token before you can access the ID Evidence API itself. Learn about OAuth authentication for our APIs on the Docusign Developer Center.
Uniquely among Docusign APIs, the ID Evidence API requires an additional authentication step. After getting an access token, you use that access token to request a resource token. You then use that resource token to authenticate your API requests. The lifetime of a resource token is currently set to two minutes for security reasons. Once a token expires, you must ask for another one to perform a new request for ID Evidence data. Otherwise you will receive a 401 error status response.
To learn about using the ID Evidence API, find these resources on the Developer Center:
How-to guides showing you how to use the API to get access to ID Evidence data
Additional resources
Remi Pifaut is a Lead Product Manager working on Docusign Identity and products related to digital signature including compliance with eIDAS European regulation. He is based in Paris, France.
Related posts