LogoLogo
  • Welcome!
  • GETTING STARTED
    • Signing Up
    • Choose a Product
    • Choose an Integration Option
    • Run Your First Test Job
    • Complete Your KYC
    • Fund Your Wallet
    • Go Live!
    • Pricing
  • SUPPORTED ID TYPES & DOCUMENTS
    • For Individuals (KYC)
      • Using ID Number
        • Supported Countries
          • Côte d'Ivoire
            • National ID (without Photo)
            • Resident ID (without Photo)
          • Ghana
            • Ghana Card
            • Passport
            • Voter's ID
          • Kenya
            • Alien Card
            • KRA Pin
            • National ID
            • National ID (without Photo)
            • Passport
            • Tax Information
          • Nigeria
            • Bank Account
            • BVN
            • NIN V2
            • NIN Slip Verification
            • V_NIN (Virtual NIN)
            • Phone Number
            • Voter's ID
          • South Africa
            • National ID
            • National ID (without Photo)
            • Phone Number
          • Uganda
            • National ID (without Photo)
            • Basic KYC in Uganda
          • Zambia
            • Bank Account
            • TPIN
          • Zimbabwe
            • National ID (without Photo)
        • Test Data
          • Customising Sandbox Test Data
        • ID Number Regex
        • Visual Samples of Supported ID Types
      • Using Document Image
        • Continents
          • Africa
          • Asia and the Middle East
          • Europe
          • North America
          • Oceania
          • South America
    • For Businesses (KYB)
      • Supported Countries
        • Nigeria
          • Business Registration
          • Tax Information
        • Kenya
          • Business Registration
        • South Africa
          • Business Registration
      • ID Number Regex
  • PRODUCTS
    • For Individuals (KYC)
      • AML Check
        • AML News Media
      • Basic KYC
      • Biometric KYC
      • Digital Address Verification
      • Document Verification
        • Document Verification
        • Enhanced Document Verification
      • Electronic Signature
      • Enhanced KYC
      • Phone Number Verification
      • SmartSelfie™ Authentication
      • SmartSelfie™ Compare
      • Smile Secure
    • For Businesses (KYB)
      • Business Verification
  • Integration Options
    • Mobile
      • Getting Started
      • Products
        • Biometric KYC
        • BVN Consent
        • Document Verification
        • Enhanced Document Verification
        • Enhanced KYC
        • SmartSelfie™ Enrollment and Authentication
        • Enhanced SmartSelfie™ Enrollment And Authentication
      • Customization
        • UI Components
      • Offline Mode
      • Release Notes
        • Android Release Notes
        • iOS Release Notes
        • Flutter Release Notes
        • React Native Release Notes
    • No-Code
      • Smile Links
        • Link FAQs
        • Rest API
    • Server to Server
      • Ruby
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
          • KYB - Business Verification
          • AML Check
        • Generate Token for Web Integration
        • Utilities
      • Python
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
          • Business Verification
        • Generate Token for Web Integration
        • Utilities
      • Java
        • Release Notes
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
        • Generate Token for Web Integration
        • Utilities
      • Node.js
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • Enhanced Document Verification
          • SmartSelfie™ Authentication
          • Business Verification
        • Generate Token for Web Integration
        • Utilities
      • PHP
        • Installation
        • Signature
        • Products
          • Basic KYC
          • Enhanced KYC
          • Biometric KYC
          • Document Verification
          • SmartSelfie™ Authentication
        • Generate Token for Web Integration
        • Utilities
    • Rest API
      • Signing your API Request
        • Using Signature
      • Products
      • Postman Collection
      • Utilities
    • Web / Mobile Web
      • Web Integration
        • Installation
        • Usage
        • End User Consent
        • Support
      • Javascript SDK
        • Installation
        • Usage
        • Migration
        • Deprecated Version
          • Installation
          • Usage
          • Notes
          • Support
  • FURTHER READING
    • FAQs
      • What are your support hours?
      • How do I set up a callback?
      • How to re-enroll, deactivate or delete a user?
      • Add or remove team members
      • What are top-level keys?
      • What are partner_params?
      • How do job types map to the new product names?
      • Is there an API I can use to monitor my wallet balance?
      • Is there an API I can query to check the availability status of an ID type?
      • How do I integrate Smile ID in other countries or query other ID types?
      • What are the image types I can upload to Smile ID?
      • Why aren't Kenyan IDs returning images for some IDs queried?
      • Why are some of my bank verification requests returning 'ID authority unavailable'?
      • How can I look up a specific user's data?
      • Selfie best-practices
      • Document capture best-practices
      • What happens under the hood?
      • Guide to the user consent screen
      • What is code 2302?
      • Using the Demo App and Scanning QR codes
    • Job status
    • KYC receipts
    • Result codes
      • Error codes
    • Securing your account with two-factor authentication (2FA)
    • Security Overview
    • Troubleshooting
      • Troubleshooting error 2204 & 2205 - "You're not authorized to do that"
      • Why is my Web API job taking so long?
      • Image capture issues on web client
Powered by GitBook
On this page
  • The Consent Approaches
  • UI / Visual Consent
  • UI / Visual Consent + Time-based One-Time Password
  • Usage

Was this helpful?

  1. Integration Options
  2. Web / Mobile Web
  3. Web Integration

End User Consent

The Web Integration has prebuilt screens to request consent from a user before running a job which may return personal identifiable information. This gives the user control and also ensures compliance

PreviousUsageNextSupport

Last updated 11 months ago

Was this helpful?

Scope: , ,

End-User consent can be requested as part of your Web Integration configuration using the consent_required configuration documented in the Usage Page, or required by the ID Authority. Where required by the ID Authority, the Consent Screens will be added as part of the user KYC process. Where not required by the ID Authority, we only show the Consent Screens when provided as part of the Web Integrations configuration.

The Consent Approaches

Depending on the id type you are accessing, there are two different approaches users will be required to grant consent. They are:

  • UI / visual consent

  • UI / visual consent + Time-based One-Time Password (TOTP)

UI / Visual Consent

The first approach starts with a single consent screen

End-User Consent Request

On clicking the "Cancel" button, the user is then prompted to be sure they wish to cancel.

End-User Consent Denied

If they wish to cancel and click the "No, Cancel Verification" button, an event is published notifying that SmileIdentity::ConsentDenied. This event triggers the onError handler set up when configuring the Web Integration, if it exists.

End-User Consent Granted

If the end-user clicks the "Allow" button, they proceed to provide accompanying user information like the ID Number, and some PII information in the case of Basic and Biometric KYC. The final request to the Smile ID software system is enhanced with information that we store in our records stating that we got end-user consent.

UI / Visual Consent + Time-based One-Time Password

This approach starts with the visual consent flow, but requires the user to verify they have the right to grant consent by providing an OTP sent to the registered contact methods for the ID Type.

Currently, only Bank Verification Number (BVN), BVN_MFA id type, in Nigeria requires this consent approach.

In this flow, the user gets prompted for their ID number after clicking "Allow" in the Visual Consent phase.

ID Number Request

On submitting their ID number, the OTP Delivery Methods are queried.

Select Contact Method

Here, the user has the chance to select one of the contact methods to receive a TOTP.

Contact Methods Outdated

If the contact methods presented are outdated, and the user clicks the "I am no longer using any of these options" button, an event is published notifying that SmileIdentity::ConsentDenied::TOTP::ContactMethodsOutdated

This event is published along with some extra information in the shape:

{
  "id_number": "<id_number provided by the user>",
  "message": "SmileIdentity::ConsentDenied::TOTP::ContactMethodsOutdated"
}

This event object also triggers the onError handler set up when configuring the Web Integration, if it exists. We advise that our integrating partners use this to provide an off-ramp approach for their users.

OTP Verification Screen

When a user selects one of the contact methods and clicks "Continue", they are then directed to the OTP Verification screen

On provision of a valid OTP, the user is directed to the PII or Biometric Data collection screens for Basic KYC and Biometric KYC, or the request is submitted for Enhanced KYC.

Usage

To use the End User Consent screens in your configuration, we use the consent_required field when instantiating the Web Integration. See an example below.

window.SmileIdentity({
  token,
  product,
  callback_url,
  environment,
  consent_required: {
    KE: ["ALIEN_CARD", "NATIONAL_ID", "PASSPORT"],
    NG: ["BVN", "BVN_MFA", "DRIVERS_LICENSE", "V_NIN", "VOTER_ID"],
  },
  partner_details: {
    partner_id,
    signature,
    timestamp,
    name: "Demo Account",
    logo_url: "https://via.placeholder.com/50/000000/FFFFFF?text=DA",
    policy_url: "https://usesmileid.com/privacy-privacy",
    theme_color: "#000",
  },
});

N.B.: This configuration is subject to the ID Authority's requirements. If the ID Authority requires End User Consent, the Web Integration displays the screen regardless of the configuration options.

Basic KYC
Biometric KYC
Enhanced KYC