ID Verification Flow

This guide explains the complete identity verification workflow in Cerebrum, from creating an invite to receiving verification results. The process involves three key participants and multiple steps to ensure secure and compliant identity verification.

Overview

The ID verification flow is designed to:

Verify user identities through document scanning and biometric validation
Ensure compliance with background screening regulations
Provide real-time updates via webhooks
Support multiple channels (web and mobile applications)

Flow Architecture

Key Participants

Organization: The entity requesting identity verification for their users
End User: The individual undergoing identity verification
Cerebrum: The verification platform that processes and validates identity data

Complete Verification Process

Visual Flow Diagram

flowchart TD
    Start([Start]) --> OrgInvite[Organization Creates Invite]
    OrgInvite --> UserReceives[User Gets Invite]
    
    UserReceives --> InviteType{Invite Type?}
    InviteType -->|App Invite| DownloadApp[User Downloads iOS/Android App]
    InviteType -->|Web Invite| WebBrowser[User Uses Web Browser]
    
    DownloadApp --> StartFlow[User Starts Flow]
    WebBrowser --> StartFlow
    
    StartFlow --> AcceptInvite[Accept Invite]
    AcceptInvite --> CaptureSelfie[Capture Selfie]
    CaptureSelfie --> ScanFrontID[Scan Front ID]
    ScanFrontID --> ScanBackID[Scan Back ID]
    ScanBackID --> ReviewInfo[Review Scanned Information]
    ReviewInfo --> EnterSSN[Enter SSN]
    EnterSSN --> SignDisclosures[Sign Disclosures]
    SignDisclosures --> ExtraData{Extra Data Needed?}
    ExtraData -->|Yes| FillExtraData[Fill Out Extra Data]
    ExtraData -->|No| PlaceOrder[Place Order]
    FillExtraData --> PlaceOrder
    
    PlaceOrder --> CerebrumVerify[Cerebrum Verifies ID]
    
    CerebrumVerify --> VerifyDecision{Verification Result?}
    VerifyDecision -->|Looks Good| IDVerified[Mark Order: ID Verified]
    VerifyDecision -->|Issues Found| IDNotVerified[Mark Order: ID Not Verified]
    
    IDVerified --> OrgWebhook[Organization Receives Webhook<br/>Order Status & Score]
    IDNotVerified --> OrgWebhook
    
    OrgWebhook --> End([End])
    
    style OrgInvite stroke:#0066cc,stroke-width:2px
    style UserReceives stroke:#cc8800,stroke-width:2px
    style CerebrumVerify stroke:#8800cc,stroke-width:2px
    style OrgWebhook stroke:#0066cc,stroke-width:2px
    style IDVerified stroke:#2e7d32,stroke-width:2px
    style IDNotVerified stroke:#c62828,stroke-width:2px

Step-by-Step Process

1. Create Invite

Organization initiates the verification process by creating an invite for the end user.

Overview

The Create Invite endpoint initiates the identity verification workflow by generating a unique invitation for an applicant. This invitation can be delivered via email or generated as a direct link, and supports both mobile app and web-based verification flows.

Prerequisites

Before creating an invite, ensure you have:

Valid API Key: Your organization's API key with appropriate permissions
Package ID: The ID of the verification package to use (obtain from List Package Sets)
Applicant Information: At minimum, email address and phone number
Webhook URL (Recommended): Endpoint to receive order and invite notifications

API Endpoint

Reference: Create vID Invite

POST /v1/vid/invites
Content-Type: application/json
apikey: YOUR_API_KEY

Key Parameters:

Parameter	Type	Required	Description
`packageId`	string	Yes	The ID of the verification package (e.g., `"PAC-81eb7401"`)
`contactInformation`	object	Yes	Applicant's contact details including email and phone
`deliveryMethod`	string	Yes	How to deliver the invite: `"EMAIL"` or `"NONE"`
`postbackWebhookUrl`	string	No	Your server URL to receive order and invite webhooks
`metadata`	object	No	Custom JSON data to associate with the invite
`web`	boolean	No	Set to `true` for web invite, `false` for app invite (default: `false`)
`onSubmitReturnUrl`	string	No	Redirect URL after user submits verification

Contact Information Object:

{
  "email": "string (required)",
  "phoneNumber": "string (required)",
  "firstName": "string (optional)",
  "middleName": "string (optional)",
  "lastName": "string (optional)",
  "suffix": "string (optional)",
  "dateOfBirth": "string (optional, YYYY-MM-DD)",
  "primaryContactMethod": "string (optional)"
}

Request Examples

Basic Email Invite

POST /v1/vid/invites

{
  "packageId": "PAC-81eb7401",
  "contactInformation": {
    "email": "[email protected]",
    "phoneNumber": "+12025551234",
    "firstName": "John",
    "lastName": "Doe"
  },
  "deliveryMethod": "EMAIL",
  "postbackWebhookUrl": "https://api.yourcompany.com/webhooks/cerebrum"
}

Web Invite with Metadata

POST /v1/vid/invites

{
  "packageId": "PAC-81eb7401",
  "contactInformation": {
    "email": "[email protected]",
    "phoneNumber": "+12025551234",
    "firstName": "Sarah",
    "middleName": "Jane",
    "lastName": "Smith",
    "dateOfBirth": "1990-05-15"
  },
  "deliveryMethod": "EMAIL",
  "postbackWebhookUrl": "https://api.yourcompany.com/webhooks/cerebrum",
  "web": true,
  "metadata": {
    "clientReferenceId": "EMP-2024-0158",
    "department": "Engineering",
    "positionTitle": "Senior Software Engineer",
    "internalNotes": "Priority candidate"
  },
  "onSubmitReturnUrl": "https://yourcompany.com/application/success"
}

Direct Link (No Email Delivery)

POST /v1/vid/invites

{
  "packageId": "PAC-81eb7401",
  "contactInformation": {
    "email": "[email protected]",
    "phoneNumber": "+12025551234"
  },
  "deliveryMethod": "NONE",
  "web": true,
  "postbackWebhookUrl": "https://api.yourcompany.com/webhooks/cerebrum"
}

Response Format

Success Response (200 OK):

{
  "inviteId": "8faf4d07-6fec-43b8-a32c-cd549c30b5e9",
  "packageId": "PAC-81eb7401",
  "packageName": "Standard ID Verification",
  "vIDInviteUrl": "https://cerebrum.app.link/fMPAbcUQNXyb",
  "vIDWebInviteUrl": "https://cognition.cerebrum.com/vid/i/eyJ...",
  "vIDQRCode": "data:image/png;base64,iVBORw0K...",
  "vIDShortCode": "ABC123",
  "inviteExpiry": "2024-07-20T00:00:00.000Z",
  "inviteData": {
    "contactInformation": {
      "email": "[email protected]",
      "phoneNumber": "+12025551234",
      "firstName": "John",
      "lastName": "Doe"
    },
    "metadata": {
      "clientReferenceId": "EMP-2024-0158"
    }
  }
}

Response Fields:

Field	Description
`inviteId`	Unique identifier for tracking the invite status
`vIDInviteUrl`	Deep link for mobile app (iOS/Android)
`vIDWebInviteUrl`	URL for web-based verification
`vIDQRCode`	Base64-encoded QR code image
`vIDShortCode`	6-character code for manual entry in app
`inviteExpiry`	Expiration date (default: 180 days from creation)

Best Practices

Webhook Configuration

Always configure a webhook URL to receive real-time notifications.

Your webhook endpoint should:

Accept POST requests with JSON payload
Respond with 2xx status code within 10 seconds
Implement retry logic for processing failures
Validate webhook signatures (if configured)

See Webhooks Documentation for implementation details.

Metadata Usage

Use the metadata field to store business-specific information:

Internal reference IDs
Workflow state information
Custom tracking fields

This data is returned in webhook notifications and when retrieving order/invite details. See Metada Documentation for more details.

Delivery Method Selection

EMAIL: Cerebrum sends a branded email with the invite link

Best for asynchronous workflows
Applicant receives invite at their convenience
Includes instructions and support information

NONE: No email sent; you distribute the link

Use for custom email templates
Embed in existing application flows
Display QR code in-person scenarios

Web vs App Invites

App Invites (web: false, default):

Better biometric capture quality
Native device camera access
Optimized user experience
Requires app download (iOS/Android)

Web Invites (web: true):

No app installation required
Works on any device with browser
May have slightly lower image quality

Security Considerations

Validate webhook signatures: Ensure requests are from Cerebrum
Use HTTPS for webhooks: Protect sensitive data in transit

2. User Completes Verification

The end user receives an invite via email and can complete verification through either the Cerebrum mobile app (iOS/Android) or web browser. They'll capture a selfie, scan both sides of their government-issued ID, review the extracted information, enter their SSN, sign required disclosures, and submit any additional data organization has configured. The entire process typically takes 2-3 minutes.

3. Cerebrum Verifies Identity

Cerebrum processes the submitted information, including document authentication (tamper detection, security features), facial recognition matching the selfie to ID photo and data cross-referencing against authoritative sources.

Processing Time: Typically 30 seconds to 2 minutes

4. Receive Updates

Once verification is complete, Cerebrum sends a webhook notification to your configured endpoint.

Here is sample webhook payload for Order status change event.

{
  "id": "ORD_8f3a92kd1",
  "idType": "order",
  "additionalMetadata": {
    "userId": "cust_4451",
  },
  "event": "ORDER_STATUS_CHANGE",
  "eventDate": "2026-02-08T14:32:10Z",
  "svixAppId": "app_92ksla81"
}

You can find complete information on how to set up webhook in Webhooks documentation.

4. Retrieve Order Details

After receiving the webhook notification, you can retrieve complete order details including verification results and extracted data.

Endpoint: GET /v1/orders/{id} - Get Order Details

Parameters:

Parameter	Type	Required	Description
`id`	string	Yes	The unique order identifier (path parameter)
`expand`	array	No	Additional data to include in response. Options: `id_verification_data`, `reportable_results`, `signed_disclosure`, `vid_report`, `verification_check_results`, `credentials`, `selfie`

Example Request:

curl -X GET "https://api.cerebrum.com/v1/orders/ORD-123456?expand=id_verification_data&expand=selfie" \
  -H "apikey: YOUR_API_KEY"

Response Fields:

Field	Type	Description
`id`	string	Unique order identifier
`status`	string	Order status: `PENDING` or `COMPLETE`
`score`	string	Verification score (e.g., "No Alerts")
`customScore`	string	Optional custom scoring based on your configuration
`alert`	string	Alert status: `ALERTS_FOUND` or `NO_ALERTS_FOUND`
`backgroundReportUrl`	string	URL to view the complete verification report
`selfieUrl`	string	URL of the user's selfie (when expanded)
`orderDeliveryType`	string	Delivery method: `rapidRequest`, `vidScreen`, `standard`, or `vIDWeb`
`additionalMetadata`	object	Custom metadata passed during invite creation

Example Response:

{
  "id": "0bb0f6f8-459f-482a-952e-7caf029517f6",
  "status": "COMPLETE",
  "score": "No Alerts",
  "customScore": null,
  "alert": "NO_ALERTS_FOUND",
  "backgroundReportUrl": "https://cognition.cerebrum.com/order/0bb0f6f8-459f-482a-952e-7caf029517f6",
  "selfieUrl": "https://...",
  "orderDeliveryType": "vidScreen",
  "additionalMetadata": {},
  "idVerificationData": {
    "idScanBiometricMatch": true,
    "idScanData": {
      "name": {
        "firstName": "John",
        "middleName": "Michael",
        "lastName": "Doe",
        "suffix": ""
      },
      "gender": "male",
      "dateOfBirth": "1990-10-28",
      "address": {
        "addressLineOne": "123 Main Street",
        "addressLineTwo": "Apt 4B",
        "city": "San Francisco",
        "state": "CA",
        "postalCode": "94102",
        "country": "US"
      },
      "documentSpecificData": {
        "type": "DriversLicense",
        "number": "D1234567",
        "expiryDate": "2027-10-28",
        "issueDate": "2019-10-28"
      }
    },
    "applicantAliasData": {
      "names": [...],
      "addresses": [...],
      "socialSecurityNumber": "***-**-4649"
    }
  }
}

Expand Options:

Use the expand query parameter to include additional data in the response. You can specify multiple expand options by repeating the parameter.

Expand Value	Response Field Added	Description
`id_verification_data`	`idVerificationData`	Detailed ID verification results including biometric match, extracted ID data, and applicant-provided information
`selfie`	`selfieUrl`	URL to access the user's selfie image
`signed_disclosure`	`signedDisclosurePdf`	User's signed disclosure documents and consent forms
`reportable_results`	`reportableResults`	Detailed reportable verification results
`vid_report`	`vIDReportPdf`	Complete vID verification report data
`verification_check_results`	`verificationCheckResults`	Individual verification check results and statuses
`credentials`	`credentials`	User credential information