Journey Tokens expire in 10 minutes . Initialize the SDK immediately after creation.
Journey Types The journeyType field determines the verification flow. Choose based on your use case:
ONBOARDING
REKYC
AUTHORISE
First-time identity verification for new customers who have not been previously verified on the platform.Use case: A bank onboarding a new customer — the user presents their Emirates ID, passport, or GCC ID for the first time, completes liveness detection, and their identity is registered in the system.
No prior user identifier is needed
All configured document types are available
Liveness gestures (blink or smile) can be required
Re-verification of an existing customer whose identity was previously verified. Used to refresh or update KYC records.Use case: A financial institution performing periodic KYC renewal — the customer’s identity is re-verified against their existing record. If an identifier is provided (Emirates ID, passport, GCC ID, or UAE KYC ID), document capture is skipped and only liveness detection is performed.
User identifier is optional — when provided, skips document capture
Supports Emirates ID, passport, GCC ID, or UAE KYC ID as identifiers
Commonly used for regulatory compliance renewals
Transaction or action authorization using biometric verification of a previously verified customer. Confirms that the person initiating an action is the same person on record.Use case: A customer authorizing a high-value bank transfer — the system verifies their identity via liveness detection against their existing biometric record before approving the transaction.
User identifier is required — must provide one of: Emirates ID, passport, GCC ID, or UAE KYC ID
Only liveness detection is performed (no document capture)
Designed for step-up authentication and sensitive operations
Authentication Request Body Type of verification journey: ONBOARDING, REKYC, AUTHORISE, or ONE_TO_MANY.
Document types the user can present: passport, emirates_id, gcc_id. When omitted, all types permitted for your org are used. Only include types subscribed for your organization — unsubscribed types will cause the request to fail.
Active liveness gestures. Maximum 1 per journey: blink or smile. Omitting this skips active liveness entirely.
Show a consent page before the journey begins.
Skip the success page when verification completes.
Skip the result page at the end of the verification flow.
Enables NFC-based verification for the journey. Currently supported for passport documents only.
Special onboarding flag. Only applies to clients with this feature enabled. Read more → User Identifiers (REKYC & AUTHORISE) For REKYC and AUTHORISE journeys, provide one of the following to identify the user. For REKYC, this is optional (skips document capture). For AUTHORISE, it is required .
Emirates ID number. Format: 784XXXXXXXXXXXX (15 digits starting with 784). Hyphens are auto-stripped.
UDB person number (also known as Unified Database number). A unique identifier assigned to individuals in the UAE’s Unified Database system.
Passport-based identification. Passport type code (e.g., P for ordinary).
ISO 3166-1 alpha-3 nationality code (e.g., IND, GBR).
GCC ID-based identification. ISO 3166-1 alpha-3 nationality code (e.g., KWT, SAU).
Code Examples ONBOARDING
REKYC
AUTHORISE
curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "ONBOARDING", "gestures": ["blink"], "consent": true, "documentsAllowed": ["emirates_id", "passport", "gcc_id"], "skipSuccessPage": false, "skipResultPage": false, "nonVisitorOnboarding": false }'
curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "REKYC", "emiratesIdNumber": "<emirates-id-number>", "gestures": ["smile"], "consent": false, "skipSuccessPage": false, "skipResultPage": false }'
Alternative identifiers for REKYC
Using Passport Details: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "REKYC", "passportDetails": { "passportNumber": "<passport-number>", "passportType": "<passport-type>", "nationality": "<ISO 3166-1 alpha-3 nationality code>" }, "gestures": ["blink"], "consent": false }'
Using GCC Details: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "REKYC", "gccDetails": { "idNumber": "<gcc-id-number>", "nationality": "<ISO 3166-1 alpha-3 nationality code>" }, "gestures": ["blink"], "consent": false }'
Using UAE KYC ID: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "REKYC", "uaeKycId": "<unique UAEKYC identifier>", "gestures": ["smile"], "consent": false }'
Using UID Number: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "REKYC", "uidNumber": "<UDB person number>", "gestures": ["smile"], "consent": false }'
curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "AUTHORISE", "emiratesIdNumber": "<emirates-id-number>", "gestures": ["blink"], "skipSuccessPage": false, "skipResultPage": false }'
Alternative identifiers for AUTHORISE
Using GCC Details: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "AUTHORISE", "gccDetails": { "idNumber": "<gcc-id-number>", "nationality": "<ISO 3166-1 alpha-3 nationality code>" }, "skipSuccessPage": false, "skipResultPage": false }'
Using Passport Details: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "AUTHORISE", "passportDetails": { "passportNumber": "<passport-number>", "passportType": "<passport-type>", "nationality": "<ISO 3166-1 alpha-3 nationality code>" }, "skipSuccessPage": false, "skipResultPage": false }'
Using UAE KYC ID: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "AUTHORISE", "uaeKycId": "<unique UAEKYC identifier>", "skipSuccessPage": false, "skipResultPage": false }'
Using UID Number: curl -X POST "{base_url}/otk-service/create-journey-url" \ -H "Content-Type: application/json" \ -H "x-transaction-key: your-api-key" \ -d '{ "journeyType": "AUTHORISE", "uidNumber": "<UDB person number>", "skipSuccessPage": false, "skipResultPage": false }'
Response Fields Success Response Field Type Description Presence result.journeyTokenstring Unique token to initialize the SDK (UUID v4, 36 characters). Always present result.expiresInstring Token validity in seconds. Default: 600 (10 minutes). Always present result.expiresAtinteger Absolute expiry timestamp (epoch milliseconds). Always present signaturestring Cryptographic signature for response verification . Always present successboolean Optional
Error Response Field Type Description Presence codestring Machine-readable error code. Always present typestring Error category. Optional messagestring Human-readable error message. Always present signaturestring Cryptographic signature for response verification . Optional
Next Steps
Save the journeyToken in your backend
The token expires in 10 minutes . Pass it to the Web, Android, or iOS SDK to start the verification flow. Generate a new token for each session.
Do not reuse journey tokens
Each journeyToken is single-use . Once a journey is started, completed, or expired, the token cannot be reused.
Verify the response signature
200 Success
400 Validation Error
403 Authentication Error
{ "result" : { "journeyToken" : "550e8400-e29b-41d4-a716-446655440000" , "expiresIn" : "600" , "expiresAt" : 1713300000000 }, "success" : true , "signature" : "" }
journeyType
enum<string>
default: ONBOARDING
required
Set automatically to ONBOARDING for this journey type.
Available options:
ONBOARDING
Document types the user can present. When omitted, all types permitted for your org are used.
Available options:
passport,
emirates_id,
gcc_id
Active liveness gestures. Maximum 1 per journey. Omitting this skips active liveness entirely.
Maximum array length: 1
Available options:
blink,
smile
Show a consent page before the journey begins.
Skip the success page when verification completes.
Skip the result page at the end of the verification flow.
Enables NFC-based verification for the journey. Currently supported for passport documents only.
Special onboarding flag. Only applies to clients with this feature enabled.
Journey created successfully
Cryptographic signature for response verification.
