Skip to content

Complete Server-Side Verification

While it's true that a significant number of authenticity checks can be successfully completed in the browser, it might not be sufficient. There's a potential risk of verification results being intercepted and modified by fraudsters directly on the same device. So, Regula introduces an additional layer of protection against such a fraud through the Complete Server-Side Verification.

Architecture scheme of Complete Server-Side verification functionality

Let's have a look at the feature implementation step by step.

Preparation

Enable the backend processing feature on the Web Components side and set the URL to your Web Service:

window.RegulaDocumentSDK.recognizerProcessParam = {
  processParam: {
    scenario: InternalScenarios.MrzAndLocate,
    backendProcessing: {
      serviceURL: 'YOUR_SERVICE_URL'
    }
  },
};

For the Complete Server-Side Verification, you need to run Regula Web Service in your environment. Refer to the Web Service section for instructions on how to do that.

HTTP Headers

Since Regula Web Service is involved when working with Regula Web Components, you may need to adjust HTTP request headers in your application to pass additional information to the Web Service, for example, the authentication token. That can be achieved in the following way:

window.RegulaDocumentSDK.recognizerProcessParam = {
  processParam: {
    scenario: InternalScenarios.MrzAndLocate,
    backendProcessing: {
      serviceURL: 'YOUR_SERVICE_URL', // Web API service URL
      httpHeaders: { // optional
        key1: 'header1',
        key2: 'header2',
        key3: 'header3'
      }
    }
  },
};

Step 1: Optical Processing

The first step is the optical processing, performed on the browser side.

Optical processing step of the Complete Server-Side Verification procedure

To initiate the optical processing, follow the Add Component guide.

Once the optical processing is completed, the encrypted result package is generated.

Step 2: Finalize Package

The next step is to finalize the data. It means that the results are encrypted on the browser side and then transmitted to Regula Web Service via the secure communication channel.

Finalizing package step of the Complete Server-Side Verification procedure

During transmission, the Storage and Database are involved in saving the transaction info, metadata, processing results, etc.

Transfer of the finalized and encrypted data package from the Web Component to Regula Web Service

const component = document.querySelector('document-reader');

function listener(event) {
  if (event.detail.action === 'PROCESS_FINISHED' && event.detail.data.status === 1) {
    window.RegulaDocumentSDK.finalizePackage();
  }
}

component.addEventListener('document-reader', listener);

After receiving the encrypted package from the Web Component, Regula Web Service returns the transaction ID in the callback. You need to handle this transaction ID on the Web Component side for further sending it to your Web Service.

Handling transaction on the Web Component side for the Complete Server-Side Verification

Step 3: Sending Transaction ID to Backend

Send the transaction ID to your backend to prepare the request that will be sent to the Regula Web Service for reprocessing later.

Sending the transaction ID from the Web Component to your Custom Service for the Complete Server-Side Verification procedure

Step 4: Reprocessing on Web Service

Now that you have the encrypted results, you can prepare the request to perform the reprocessing on the Regula Web Service side.

Reprocessing of the transaction on the Regula Web Service side

The request body should include at least the scenario and other settings depending on your needs:

{
    "processParam": {
        "scenario": "FullAuth"
    }
}

To perform the reprocessing, send the request the following endpoint of Regula Web Service:

POST /api/v2/transaction/{transaction_id}/process

where {transaction_id} is the transaction ID you received in the Step 2.

Request example using cURL

curl --request POST \
--url "http://localhost:8088/api/v2/transaction/76fa69d1-5ba6-4aa0-8dd5-477c8f81df91/process" \
--header "Content-Type: application/json" \
--data '{ "processParam": { "scenario": "FullAuth" } }'

Info

Please note that the request demonstrated above doesn't contain any data, so you won't receive any results from Regula Web Service if you run it.

The request demonstrates only the structure that should be followed.

During the reprocessing, Regula Web Service fetches data from the Storage and Database.

This marks the final step of the Complete Server-Side Verification. Once the reprocessing is completed, you can then decide whether you should trust the browser results or not.

Congrats! 🎉

You've successfully set up the Complete Server-Side Verification!

Example

See the sample project, demonstrating how to set up the Complete Server-Side Verification on Web Components.

Next Steps