LogoLogo
  • Welcome!
  • GETTING STARTED
    • Signing Up
    • Choose a Product
    • Choose an Integration Option
    • Run Your First Test Job
    • Complete Your KYC
    • Fund Your Wallet
    • Go Live!
    • Pricing
  • SUPPORTED ID TYPES & DOCUMENTS
    • For Individuals (KYC)
      • Using ID Number
        • Supported Countries
          • Côte d'Ivoire
            • National ID (without Photo)
            • Resident ID (without Photo)
          • Ghana
            • Ghana Card
            • Passport
            • Voter's ID
          • Kenya
            • Alien Card
            • KRA Pin
            • National ID
            • National ID (without Photo)
            • Passport
            • Tax Information
          • Nigeria
            • Bank Account
            • BVN
            • NIN V2
            • NIN Slip Verification
            • V_NIN (Virtual NIN)
            • Phone Number
            • Voter's ID
          • South Africa
            • National ID
            • National ID (without Photo)
            • Phone Number
          • Uganda
            • National ID (without Photo)
            • Basic KYC in Uganda
          • Zambia
            • Bank Account
            • TPIN
          • Zimbabwe
            • National ID (without Photo)
        • Test Data
          • Customising Sandbox Test Data
        • ID Number Regex
        • Visual Samples of Supported ID Types
      • Using Document Image
        • Continents
          • Africa
          • Asia and the Middle East
          • Europe
          • North America
          • Oceania
          • South America
    • For Businesses (KYB)
      • Supported Countries
        • Nigeria
          • Business Registration
          • Tax Information
        • Kenya
          • Business Registration
        • South Africa
          • Business Registration
      • ID Number Regex
  • PRODUCTS
    • For Individuals (KYC)
      • AML Check
        • AML News Media
      • Basic KYC
      • Biometric KYC
      • Digital Address Verification
      • Document Verification
        • Document Verification
        • Enhanced Document Verification
      • Electronic Signature
      • Enhanced KYC
      • Phone Number Verification
      • SmartSelfie™ Authentication
      • SmartSelfie™ Compare
      • Smile Secure
    • For Businesses (KYB)
      • Business Verification
  • Integration Options
    • Mobile
      • Getting Started
      • Products
        • Biometric KYC
        • BVN Consent
        • Document Verification
        • Enhanced Document Verification
        • Enhanced KYC
        • SmartSelfie™ Enrollment and Authentication
        • Enhanced SmartSelfie™ Enrollment And Authentication
      • Customization
        • UI Components
      • Offline Mode
      • Release Notes
        • Android Release Notes
        • iOS Release Notes
        • Flutter Release Notes
        • React Native Release Notes
    • No-Code
      • Smile Links
        • Link FAQs
        • Rest API
    • Server to Server
      • Ruby
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
          • KYB - Business Verification
          • AML Check
        • Generate Token for Web Integration
        • Utilities
      • Python
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
          • Business Verification
        • Generate Token for Web Integration
        • Utilities
      • Java
        • Release Notes
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
        • Generate Token for Web Integration
        • Utilities
      • Node.js
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • Enhanced Document Verification
          • SmartSelfie™ Authentication
          • Business Verification
        • Generate Token for Web Integration
        • Utilities
      • PHP
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
        • Generate Token for Web Integration
        • Utilities
    • Rest API
      • Signing your API Request
        • Using Signature
      • Products
      • Postman Collection
      • Utilities
    • Web / Mobile Web
      • Web Integration
        • Installation
        • Usage
        • End User Consent
        • Support
      • Javascript SDK
        • Installation
        • Usage
        • Migration
        • Deprecated Version
          • Installation
          • Usage
          • Notes
          • Support
  • FURTHER READING
    • FAQs
      • What are your support hours?
      • How do I set up a callback?
      • How to re-enroll, deactivate or delete a user?
      • Add or remove team members
      • What are top-level keys?
      • What are partner_params?
      • How do job types map to the new product names?
      • Is there an API I can use to monitor my wallet balance?
      • Is there an API I can query to check the availability status of an ID type?
      • How do I integrate Smile ID in other countries or query other ID types?
      • What are the image types I can upload to Smile ID?
      • Why aren't Kenyan IDs returning images for some IDs queried?
      • Why are some of my bank verification requests returning 'ID authority unavailable'?
      • How can I look up a specific user's data?
      • Selfie best-practices
      • Document capture best-practices
      • What happens under the hood?
      • Guide to the user consent screen
      • What is code 2302?
      • Using the Demo App and Scanning QR codes
    • Job status
    • KYC receipts
    • Result codes
      • Error codes
    • Securing your account with two-factor authentication (2FA)
    • Security Overview
    • Troubleshooting
      • Troubleshooting error 2204 & 2205 - "You're not authorized to do that"
      • Why is my Web API job taking so long?
      • Image capture issues on web client
Powered by GitBook
On this page
  • Certifications
  • API Keys
  • Smile Callbacks
  • IP Allowlisting
  • Callback Signing
  • Callback Authentication

Was this helpful?

  1. FURTHER READING

Security Overview

The many different ways you can ensure a secure relationship with SmileID

PreviousSecuring your account with two-factor authentication (2FA)NextTroubleshooting

Last updated 2 months ago

Was this helpful?

SmileID is committed to keeping your data and your users' data safe and secure.

We have implemented and continue to implement many different approaches and options to ensure security.

If you do have any immediate security concerns then please contact us immediately.

Certifications

Smile ID sets the standard in data protection and biometric security in Africa.

We prioritise delivering exceptional quality and robust security for our customers. We safeguard your data and protect your business from fraud by adhering to the highest industry standards. Our commitment is demonstrated through multiple compliance certifications across African countries and the attainment of ISO 30107-1:2016, ISO 30107-3:2023 Level 2, ISO 27001, and SOC 2 Type II certifications.

API Keys

Smile allows customers to create and manage multiple API keys to cover their needs.

API keys are environment specific (an API key for the Sandbox environment will not work in the Live environment, and vice versa).

We encourage customers to rotate their API keys on a regular basis, every 90 days or more frequently is best practice.

We also encourage customers to use different API keys for different integration methods with SmileID. i.e. to maintain one or more keys for their mobile integration, and using separate keys for any server-to-server integration.

This allows customers to rotate keys independently, based on their need, without disruption to other integrations.

Smile Callbacks

For asynchronous job requests, Smile will send a Callback response to the specified customer URL

IP Allowlisting

Callback requests will come from one of the following IP addresses for Production callbacks:

  • 34.240.137.52

  • 44.230.128.108

  • 52.36.32.43

  • 52.213.46.74

Callback requests will come from one of the following IP addresses for Sandbox callbacks:

  • 35.166.227.53

  • 44.246.19.66

  • 54.246.37.255

  • 99.81.237.141

We would urge customers to only allow requests to their callback URL from these IPs to help ensure the request originates from SmileID. If your receiving service will process Callbacks from both Production and Sandbox, you should allowlist all of the specified IPs.

Callback Signing

The callback request body will contain a signature and timestamp, generated using the API key used in the originating job, that customers can verify to ensure the callback request is valid.

Callback Authentication

If your callback URL requires authentication, please contact us to discuss adding this to your account.

ISO30107:2023 Certified
ISO30107:2016 Certified
ISO27001 Certified
SOC2 Type II Certified