API reference
Send a selfie and an ID image (and/or a bank-statement PDF) to one endpoint. Get back a fraud-risk score, a decision (pass / review / flag), and the evidence behind it. One call, server-to-server.
Authentication
Every request carries your API key in the X-API-Key header. Create and manage keys in your dashboard. The key is a server-side secret: call the API from your backend only, never from a browser, mobile app, or public code. If a key is exposed, revoke it in the dashboard; other keys keep working.
Verify an identity
/v1/verify
A multipart/form-data request. Send at least one file. Each call costs one verification credit; the cost is charged only when the check runs.
| Field | Type | Notes |
|---|---|---|
| selfie | file | A live selfie image (JPG/PNG). Checked for AI / deepfake synthesis. |
| document | file | An ID image or a bank-statement PDF. Checked for tampering and structural validity. |
| reference | text | Optional. Your own user or case id. It is stored, echoed back in the response, and shown in your audit log so you can tie the verdict to the right user. |
curl -X POST https://truesecurix.com/v1/verify \
-H "X-API-Key: YOUR_KEY" \
-F "selfie=@selfie.jpg" \
-F "document=@id.jpg" \
-F "reference=user_12345"{
"verification_id": "9f3c...",
"reference": "user_12345",
"risk_score": 12.4,
"decision": "pass",
"selfie": { "synthetic_score": 0.04, "verdict": "real", "is_deepfake": false },
"document": { "tamper_score": 0.07, "verdict": "clean", "is_tampered": false, "deterministic": true },
"evidence": [
{ "check": "face_liveness", "finding": "natural skin texture and lighting", "weight": 0.3 }
],
"recommendation": "Approve. No fraud signals above threshold.",
"consensus_families": 0,
"credits_remaining": 982,
"processing_ms": 1840
}| Field | Meaning |
|---|---|
| risk_score | 0–100. Higher means more likely fraud. |
| decision | pass / review / flag (see below). |
| selfie | Deepfake/synthesis result for the face. |
| document | Tampering result; deterministic is true when a hard rule (e.g. ID checksum) decided it. |
| evidence | The signals behind the verdict, for your audit trail. |
| recommendation | A plain-language summary you can log or show a reviewer. |
| credits_remaining | Your balance after this call. |
Decisions
No fraud signals above threshold. Safe to approve automatically.
Uncertain. Route to a human; never auto-reject on this alone.
Strong fraud evidence (or a failed deterministic check). Hold and investigate.
Errors
| Status | Meaning |
|---|---|
| 400 | Bad request (no file sent, or an unreadable image). |
| 401 | Missing X-API-Key header. |
| 402 | No verification credits left. Top up in the dashboard. |
| 403 | Invalid or revoked key, or the account is suspended. |
| 429 | Rate limit exceeded. Slow down and retry. |
Rate limits
Per-key, per-minute. Exceeding it returns 429; the count resets each minute.
| Plan | Requests / minute |
|---|---|
| Free | 120 |
| Starter | 240 |
| Scale | 600 |
Questions about integrating? Write to contact@truesecurix.com.