Recipient IDNow verification with Apex Toolkit
Learn how to configure your Apex app to use IDNow for QES identity verification
In this blog post, I will show you how to use IDNow from Apex Toolkit, as well as the difficulties you may face with implementation.
Let’s first look at what IDNow is and why you may need it. IDNow is a web-based platform for identity-proofing, providing Know Your Customer (KYC) and other identity verification services, including document (ID) verification and biometric verification for finance, insurance, government, and other industries.
Docusign partners with IDNow to provide identity verification for its electronic signature solutions. To comply with EU industry eSignature standards, including the eIDAS, Docusign delivers EU Advanced Electronic Signatures (AdES) and EU Qualified Electronic Signatures (QES). AdES require identity verification; QES require face-to-face identity verification and are best suited for high-value, regulated, or cross-border agreements. IDNow provides the face-to-face identity verification for Docusign-provided QES.
Using IDNow verification from your Apex app
To invoke recipient IDNow verification from Apex, use the withSignatureProviders method:
Requirements
So far, it seems very easy. However, before you request IDNow verification, you need to have some additional conditions in place before making the successful request. Without them, your request will result in an error:
You will need to make sure IDNow is included in your account list of signature providers. The AccountSignatureProviders:list method will return the full list enabled for your account. For Apex to work, you will need the “Pen 25” signature provider in your list. Here’s how that looks in the return JSON from the
AccountSignatureProviders:list
call:In addition to having “Pen 25” in your list of signature providers, you need to have an IDNow account. If you don’t already have such an account, contact Docusign Sales when requesting “Pen 25” and discuss any possible configuration details.
Note: This is required only for “Pen 25” as used by the Apex Toolkit.
Trying to use IDNow without an account will result in an error like this:
For testing in the developer environment, it is mandatory to use
X-MANUALTEST-HAPPYPATH
appended to the recipient username.Note: Trying to update the username by removing the
X-MANUALTEST-HAPPYPATH
in demo may prevent connection to IDNow.For example:
Note:
X-MANUALTEST-HAPPYPATH
use in production is not supported, and if used will lead to a blank page during the IDNow identification stage.
Once all conditions are met, you can create a sample request from Apex. After the recipient signs, they are going to be presented with a popup window asking them to continue to the next step.
At this point, the signer will be redirected to IDNow to complete the verification process.
Additional requirements
IDNow requires specific firewall settings in order to establish the connection. Allow communication from the following IP addresses and ports:
IPs 213.95.84.37, 213.95.145.0/27
Ports UDP 3478, UDP range 6200-7000, TCP 443. UDP protocol is required for IDNow to work. If UDP is not allowed, the workaround will be to use the IDNow mobile app and 4G.
The connection can be tested using the URL: https://video.idnow.de/call-quality-check
Supported browsers:
Chrome (Recommended)
Firefox (Supported)
Browsers not supported:
Edge
Internet Explorer
Safari
Opera
Now, when you have your code and all requirements in place, IDNow will help you comply with EU regulations and complete your agreements.
Additional resources
Related posts