Verify API - Register a new device with QR Verify

📘

NOTE:

LIMITED RELEASE: For customers who opt in to our early access program, QR Verify is now available for use with Verify API. Contact a Telesign expert or your Customer Success Manager for more details.


To add Verify API to your account, contact a Telesign expert. This product is available for full-service accounts only.

This page explains step-by-step how to register a user's new device with QR Verify, so they can use it to scan a QR code and verify their identity when logging in on your website.

This procedure assumes that each step in the flow is successful and that the device has not already been registered for QR Verify.

These instructions also assume the use of a verification policy with:

• QR Verify set as the primary verification method.
• SMS one-time passcode (OTP) set as the fallback verification method.
• Implement Verify API and Verify Mobile SDK to your website as well as to your mobile app. This is required in order for QR Verify to work successfully.

Before you begin

• Review Verify API - Get started and its key terms for Verify API.
• Install the Telesign Verify Android SDK or Telesign Verify iOS SDK, depending on your specific needs. Contact Telesign Customer Support or your Telesign contact to get access.

Steps

Telesign Verify Android SDK

1. USER downloads, installs, and opens your mobile app (APP).
2. APP initiates the registration process through your BACKEND server and receives a MOBILE_APP_TOKEN for registration.
3. APP uses TSVerify.init(context = this) to initialize the SDK in Android.
4. APP subscribes to SDK Events: TSVerify.getEventsFlow()
5. APP uses isDeviceRegisteredStamp() to check with the SDK if the device is registered for Stamp (for both Push & QR Verify). Here, we assume it is not registered yet: TSVerify.isDeviceRegisteredStamp()
6. APP uses the activate method with the MOBILE_APP_TOKEN to begin the registration process: TSVerify.activate(mobileAppToken: String)
7. Verify API sends verification code through one of the preconfigured channels (usually is SMS but can be WhatsApp, email, or others).
8. SDK emits the ExpectsOTP event so the APP can prompt the USER to enter the OTP.
9. USER enters the OTP in the APP.
10. APP generates an app ID, using this format: com.{app name}:{app version number}. For example: com.your.app:1.2.0.
11. APP calls the finalizeRegistrationStamp method of the SDK with phone number, app ID and the entered the OTP to finalize registration.
12. Verify API checks the asserted OTP against the original OTP. If they match, TELESIGN sends a response to the SDK indicating that the validation was successfully completed.
13. If everything is correct, SDK emits the registrationCompleted event.
14. The IsDeviceRegisteredStamp method should return true now: TSVerify.isDeviceRegisteredStamp()
15. APP is ready to be used for Push and QR Verification.

Telesign Verify iOS SDK

1. USER downloads, installs, and opens your mobile app (APP).
2. APP initiates the registration process through your BACKEND server and receives a MOBILE_APP_TOKEN for registration.
3. APP uses TSVerify() to initialize the SDK in iOS.
4. APP subscribes to SDK Events: let events = TSVerify.shared.getEventsStream().
5. APP uses isDeviceRegisteredStamp() to check with the SDK if the device is registered for Stamp (for both Push & QR Verify). Here, we assume it is not registered yet: TSVerify.shared.isDeviceRegisteredStamp()
6. APP uses the activate method with the MOBILE_APP_TOKEN to begin the registration process: TSVerify.shared.activate(mobileAppToken: String)
7. Verify API sends verification code through one of the preconfigured channels (usually is SMS but can be WhatsApp, email, or others).
8. SDK emits the ExpectsOTP event so the APP can prompt the USER to enter the OTP.
9. USER enters the OTP in the APP.
10. APP generates an app ID, using this format: com.{app name}:{app version number}. For example: com.your.app:1.2.0.
11. APP calls the finalizeRegistrationStamp method of the SDK with phone number, app ID and the entered the OTP to finalize registration.
12. Verify API checks the asserted OTP against the original OTP. If they match, TELESIGN sends a response to the SDK indicating that the validation was successfully completed.
13. If everything is correct, SDK emits the registrationCompleted event.
14. The IsDeviceRegisteredStamp method should return true now: TSVerify.shared.isDeviceRegisteredStamp()
15. APP is ready to be used for Push and QR Verification.