Docs
BetaSDKsGet startedTalk to salesSign inSupportStatusPricing

Verify API - Authenticate a user with QR Verify

📘

NOTE:

LIMITED RELEASE: For customers who opt in to our early access program, QR Verify is now available for use with Verify API. Contact a Telesign expert or your Customer Success Manager for more details.


To add Verify API to your account, contact a Telesign expert. This product is available for full-service accounts only.

This page explains step-by-step how to authenticate a user trying to log in on your website, using a QR scanned using the user's registered device.

This procedure assumes that each step in the flow is successful and that you have registered the device with QR Verify.

These instructions also assume the use of a verification policy with:

  • QR Verify set as the primary verification method.
  • SMS one-time passcode (OTP) set as the fallback verification method.

Before you begin

  • Review Verify API - Get started and its key terms for Verify API.
  • Install the Telesign Verify Android SDK or Telesign Verify iOS SDK, depending on your specific needs. Contact Telesign Customer Support or your Telesign contact to get access.
  • Implement Verify API and Verify Mobile SDK to your website as well as to your mobile app. This is required in order for QR Verify to work successfully.

Telesign Verify Android SDK

  1. APP uses TSVerify.init(AppContext) to contact the Telesign SDK (SDK).
  2. USER opens your WEBSITE and attempts a high value action (like logging in, making a purchase, etc.)
  3. WEBSITE initiates verification with YOUR SERVER.
  4. YOUR SERVER initiates a verification process with Telesign VERIFY using our REST API.
  5. VERIFY sends the challenge data that your app will need to create the QR.
  6. Your SERVER sends the QR data to your WEBSITE for rendering and display.
  7. WEBSITE renders and displays the QR code to be scanned by the user using the registered device.
  8. WEBSITE begins polling your SERVER to get final verification status. Do not poll any more frequently than once every 5 seconds.
  9. Each time the WEBSITE sends a polling request, your SERVER sends a request to VERIFY using our REST API to retrieve the verification process.
  10. Your SERVER responds to your WEBSITE with the verification status. At this moment, the STATE is ONGOING because the user has not yet scanned the QR code on their authorized device.
  11. USER launches your APP’s QR feature to scan and parse the QR code on their registered device.
  12. APP generates an app ID, using this format: com.{app name}:{app version number}. For example:  com.your.app:1.2.0.
  13. APP uses the method TSVerify.finalizeVerificationStamp(appId: String, message: String) to report the QR code data to the Telesign SDK and begin finalizing the transaction. The  message  parameter includes the previous parsed mobile app token and challenge.
  14. The SDK reports the QR verification attempt to Telesign VERIFY.
  15. VERIFY performs authentication on the request and then if that succeeds, changes the verification state to "VERIFIED".
  16. VERIFY then responds to the SDK reporting that verification was successful.
  17. The SDK sends a TSVerifyEvent.VerificationCompleted response to your APP indicating that verification is complete.
  18. The polling that you began earlier should now return {"state": "VERIFIED"} as part of the response to your SERVER.
  19. Your SERVER responds back to YOUR WEBSITE that verification is successful, and the polling loop ends.
  20. Your WEBSITE allows the user to proceed with their high value action that initiated this verification flow.

Telesign Verify iOS SDK

  1. APP uses TSVerify.init() to contact the Telesign SDK (SDK).
  2. USER opens your WEBSITE and attempts a high value action (like logging in, making a purchase, etc.)
  3. WEBSITE initiates verification with YOUR SERVER.
  4. Your SERVER initiates a verification process with Telesign VERIFY using our REST API.
  5. VERIFY sends the challenge data that your app will need to create the QR.
  6. Your SERVER sends a response to your WEBSITE, saying that verification is in progress.
  7. WEBSITE renders and displays the QR code to be scanned by the user using the registered device.
  8. WEBSITE begins polling your SERVER to get final verification status. Do not poll any more frequently than once every 5 seconds.
  9. Each time the WEBSITE sends a polling request, your SERVER sends a request to VERIFY using our REST API to retrieve the verification process.
  10. Your SERVER responds to your WEBSITE with the verification status. At this moment, the STATE is ONGOING because the user has not yet scanned the QR code on their authorized device.
  11. USER launches your APP’s QR feature to scan and parse the QR code on their registered device.
  12. APP generates an app ID, using this format: com.{app name}:{app version number}. For example:  com.your.app:1.2.0.
  13. APP uses the method TSVerify.finalizeVerificationStamp(appId: String, message: String) to report the QR code data to the Telesign SDK and begin finalizing the transaction. The  message  parameter includes the previous parsed mobile app token and challenge.
  14. The SDK reports the QR verification attempt to Telesign VERIFY.
  15. VERIFY performs authentication on the request and then if that succeeds, changes the verification state to "VERIFIED".
  16. VERIFY then responds to the SDK reporting that verification was successful.
  17. The SDK sends a TSVerifyEvent.verificationCompleted response to your APP indicating that verification is complete.
  18. The polling that you began earlier should now return {"state": "VERIFIED"} as part of the response to YOUR SERVER.
  19. Your SERVER responds back to your WEBSITE that verification is successful, and the polling loop ends.
  20. Your WEBSITE allows the user to proceed with their high value action that initiated this verification flow.

Updated 2 days ago

© 2025 Telesign / Terms & Conditions / Privacy Notice / Privacy Hub