SPID Services Flows

This document briefly describes the operation flows of the SPID Services, the API for integration with the SPID Client.

There are two essential flows, On-site Capture and Remote Capture, detailed below.

On-site Capture

The operation flow for on-site capture follows the diagram below, and the main differentiation depends on whether the consulted CPF already exists in the database. All operations mentioned in this flow are detailed in the manual SPID Services API.

SPID Services Flow: On-site Capture

Authentication

  1. The application must authenticate with the SPID Client using the call Login and make sure the operation was successful with the call Login Status.

  2. The application must start a verification by calling Verify with the individual's CPF.

If the individual's CPF is not in the database, the call will return PERSON_NOT_FOUND, and the application must follow Unregistered Individual. Otherwise, it must follow the Already Registered Individual.

Unregistered Individual

  1. The application needs to perform the enroll of the individual by calling Enroll (Enroll) and call Capture Status until it obtains the status CLIENT_CAPTURE_DONE.

  2. The application must start the biometric authentication of the operator with Operator Capture, and call Capture Status until it obtains the indication of success OPERATOR_CAPTURE_DONE.

  3. The application must send the capture with Capture Send (Send). In this case, the operation will be asynchronous, the expected response is CAPTURE_ENQUEUED.

  4. Optionally, the application can query the processing status of the enroll with Capture Result by ID. Enroll processing can be time-consuming, and the application should not assume it will receive a definitive response within a short waiting period.

  5. The application can obtain the operation report with Capture Report, completing the individual's processing flow.

Already Registered Individual

  1. The call Verify will return CLIENT_CAPTURING and the individual's biometric capture will be started. The application must call Capture Status until it gets an indication that the capture has been completed, CLIENT_CAPTURE_DONE.

  2. The application must start the biometric authentication of the operator with Operator Capture, and call Capture Status until it obtains the indication of success OPERATOR_CAPTURE_DONE.

  3. The application must send the capture with Capture Send (Send). In this case, the operation will be synchronous and will return the response VERIFIED indicating success.

  4. The application must obtain the biometric match status by calling Capture Result by ID with the TGUID received in the previous step. If there was no match (SEARCH_NOT_MATCH), the application may, if desired, perform the individual's enroll.

  5. The application can obtain the operation report with Capture Report, completing the individual's processing flow.

Resubmissions

Submissions (Capture Send) can fail due to transmission errors and temporary infrastructure failures (servers unavailable or overloaded). It is recommended that the application perform a daily retry of pending operations by calling Capture Resend All (Capture Resend All).

Remote Capture

The operation flow for remote capture through an external verification service, which includes an application installed on the client device (smartphone/tablet), follows the diagram below. All operations mentioned in this flow are detailed in the manual SPID Services API. Remote capture allows both verification of clients already registered in the database (Remote Verify) and registration of new clients (Remote Enroll).

SPID Services Flow: Remote Capture

Authentication

  1. The application must authenticate with the SPID Client using the call Login and make sure the operation was successful with the call Login Status.

Operator Capture

  1. The application must start the biometric authentication of the operator with Operator Capture, and call Capture Status until it obtains the indication of success OPERATOR_CAPTURE_DONE.

Remote Client Verification

  1. The application must start the client's remote verification with the call Remote Verify. This call will return a URL (used by the client's external application to submit the biometric data for verification) and an TGUID (transaction identifier).

  2. The URL is passed to the remote verification service, which will perform the biometric capture (through an application on the client's device) and will use the URL to submit the captured biometric data.

  3. The application must check the result of the biometric verification with the call Remote Verify Result by ID, which will return SEARCH_MATCH or SEARCH_NOT_MATCH, indicating the result of the operation.

Last updated

Was this helpful?