Integrity Check API Reference Guide
Introduction
The Integrity Check API verifies the authenticity of the provided scanId and payloadId by comparing them to the stored records received on the DyScan backend. The payloadId is a checksum of the fraud results generated on the device. It is uploaded along with the results and scanId to the DyScan backend and can be accessed from the DyScan SDK by the mobile application. This ensures protection against any potential tampering of the fraud results. For convenience, the Integrity Check API will also return isFraud and declineReasons.
Results Overview
The Integrity Check API returns a status of "OK" when both the payloadId and the scanId match the stored records. The payloadId is optional. If you do not provide the payloadId, the API will still return a status of "OK" if the scanId matches.
If the payloadId does not match the data received on DyScan backend, it returns a status of "FAILED".
If the scanId is not found, the API returns a 404 status.
If the scanId points to an unsuccessful scan, the API returns a status of "NA". If no payloadId was received on DyScan backend, it also returns a status of "NA".
Endpoints
Scan Check
No OpenAPI specification URL provided
Here is a table summarizing all possible outputs when the status is 200:\
| Status | Message | Description |
|---|---|---|
| NA | Can't check unsuccessful scanId | The scanId provided is not a successful scan and cannot be authenticated. |
| NA | No payloadId received from scan | The client didn’t return any authentication ID. It cannot be authenticated |
| OK | scanId and payloadId are valid | Both the scanId and payloadId are valid and match our records. |
| OK | scanId is valid | The scan has been authenticated as valid from our backend |
| FAILED | payloadId mismatch | The payloadId provided does not match the authenticated payloadId. |
Example Code
- Python
- Node
- curl
import requests
endpoint = 'https://api.dyneti.com/scans/check'
apiKey = 'example_0123456789u0ALMrmV2RXa7YZMdZjAOoTxjM3EbVnRz6SQ5TFzY1'
r=requests.get(endpoint,
json={"scanId": "3d581785-2be8-44da-b6bf-7757e7553537",
"payloadId": "c02919d8-a389-30e2-b029-ae40a51be02d"},
headers={
"Content-Type":"application/json",
"X-REVIEW-ID": apiKey
})
r.json()
Response:
{"status": "OK", "message": "scanId and payloadId are valid","isFraud":false,"declineReasons":{"formatMismatch":false,"numberMismatch":false,"generatedImage":false,"rateLimited":false,"tamperedFeatures":false, "lastFourDigits": 1234}}
const axios = require('axios');
const endpoint = 'https://api.dyneti.com/scans/check';
const apiKey = 'example_0123456789u0ALMrmV2RXa7YZMdZjAOoTxjM3EbVnRz6SQ5TFzY1';
axios.get(endpoint, {
headers: {
'Content-Type': 'application/json',
'X-REVIEW-ID': apiKey
},
data: {
scanId: '3d581785-2be8-44da-b6bf-7757e7553537',
payloadId: 'c02919d8-a389-30e2-b029-ae40a51be02d'
}
})
.then(response => {
console.log(response.data);
})
.catch(error => {
console.error(error);
});
Response
{"status": "OK", "message": "scanId and payloadId are valid", "isFraud":false,"declineReasons":{"formatMismatch":false,"numberMismatch":false,"generatedImage":false,"rateLimited":false,"tamperedFeatures":false, "lastFourDigits": 1234}
curl -X GET \\
-H "Content-Type: application/json" \\
-H "X-REVIEW-ID: example_0123456789u0ALMrmV2RXa7YZMdZjAOoTxjM3EbVnRz6SQ5TFzY1" \\
-d '{"scanId": "3d581785-2be8-44da-b6bf-7757e7553537", "payloadId": "c02919d8-a389-30e2-b029-ae40a51be02d"}' \\
"https://api.dyneti.com/scans/check"
{"status": "OK", "message": "scanId and payloadId are valid", "isFraud":false,"declineReasons":{"formatMismatch":false,"numberMismatch":false,"generatedImage":false,"rateLimited":false,"tamperedFeatures":false}