Widget can be integrated using iframe.
Iframe src attribute MUST contain clientId and client_token parameters. Also it MAY contain referenceId parameter.
Before iframe initialization you MUST retrieve one-time token:
Step 1 - One-time token generation
You must use your client secret for one-time token generation. Please DO NOT use your client secret for iframe initialization as it's not secure.
$clientSecret = 'clientSecret'; $tokenGenerationUrl = 'https://kyc.passport.io/api/v1/verification-token'; $tokenGenerationContext = stream_context_create([ 'http' => [ 'method' => 'POST', 'header' => [ 'Content-type: application/x-www-form-urlencoded', 'Authorization: Bearer ' . $clientSecret , ], 'content' => http_build_query([ 'verify_request_type' => 'user_verification', ]), 'timeout' => 5, ] ]); $token = json_decode(file_get_contents($tokenGenerationUrl , false, $tokenGenerationContext ), true)['token'];
Step 2 - Verification Widget
<iframe src="https://my.passport.io/widget-endusers/?clientId=CLIENT_ID&client_token=SOME_GENERATED_TOKEN_VALUE&referenceId=INTERNAL_USER_ID">
When data is sent, widget will make postMessage({'messageType': 'triggerCloseWidget'}, '*') call to parent window, which is a trigger to close it on client's side.
To receive message from iframe, add event listener "message" to window:
window.addEventListener("message", receiveMessage, false) function receiveMessage(event) { if( event.data['messageType'] == 'triggerCloseWidget') { // close iframe } }
Step 3 - Pingback
Once the user is verified, we will send a server-to-server Pingback to your Pingback URL (configurable during onboarding) using the following format:
{ "data": { "status": "approved", "resources": [ { "resource": "profile#firstname", "value": "Zakhar", "status": "approved", "properties": { "user_uuid": 123 } }, { "resource": "profile#lastname", "value": "Sydorenko", "status": "approved", "properties": { "user_uuid": 123 } }, ... { "resource": "profile#document", "value": { "id": 789, "url": "http://url.com/download.php", "name": "picture.png", "type": "user_identity_verification", "deletedAt": null }, "status": "approved", "properties": { "is_deleted": 0, "profile_document_id": 123, "profile_uuid": 123, } }, ... ] } }
Integrate Login via QR code
<script type="text/javascript" src="https://auth.passport.io/js/passport-qr-login.js"></script> <script type="text/javascript"> passportIo.renderButton({ baseUrl: 'https://auth.passport.io', clientId: 'CLIENT_ID', clientSecret: 'CLIENT_SECRET', container: PARENT_ELEMENT, tokenCallback: function(jsonResponse) { if (jsonResponse && jsonResponse.access_token) { // success login callback } } }); </script>