FAQ

Credentials and installation

What credentials are required to use Fortface?

To use Fortface, you need a GalleryID and an API Key, both provided by our team with no expiration date. You also need an mTLS Certificate, which must be generated by you and sent to us for authorization in our APIs, with a validity of 10 years. For instructions on how to generate the certificate, please refer to the documentation.

How can I use the Fortface demo application?

Please contact our team to gain access to the Fortface demo application.

How does the integration with Fortface work?

Integration is performed via SDK (available for Android, iOS, and Web) and REST API. The SDK is exclusively responsible for capture and generation of the encrypted payload on the user's device. The transmission of this payload for processing and biometric verification is performed exclusively through the application's backend to the Fortface API, using secure channels.

Is it possible to install Fortface On-Premise in my own infrastructure?

No. Currently, Fortface is available only in the cloud SaaS model and does not support On-Premise implementations.

How can I scale Fortface?

Fortface has an automatic scaling system for its virtual machines. As demand increases, application resources are automatically adjusted to meet requirements.

Usage

How is biometric verification (Face Match) performed?

Facial comparison (Face Match), in its 1:1 modality, is performed by comparing the reference photo (previously registered in the gallery) with the photo captured live by the SDK.

Which match level should I consider for biometric identification approval?

Fortface's facial biometrics services do not automatically approve or reject an identification. The API returns a match level value, and the final decision must be defined by the integrating application's business logic.

As a reference, we recommend considering match level values greater than or equal to 13 for biometric identification approval. According to the FAR (False Acceptance Rate) table provided in the best practices documentation, these levels feature a low False Acceptance Rate (FAR) while also maintaining a low False Rejection Rate (FRR).

We recommend that this configuration be evaluated according to the risk level, acceptable friction, and approval policy of each specific operation.

Does Fortface store all captures performed?

Yes. All captures are logged for auditing purposes. Through the sessionID, it is possible to access both the photo taken by the user for verification and the registration photo, enabling Face Match auditing.

Is it possible to use my existing (legacy) photo database in Fortface?

Yes. Fortface allows importing pre-existing photos to create the user's reference image. It is recommended that only images that have undergone a validation process be imported to ensure database consistency. For the image used in 1:1 verification, it is possible to use photos that were not captured by the Fortface SDK. However, this option is allowed exclusively via backoffice, with the understanding that unverified images may present a lower level of security.

How is the facial comparison strictness level defined?

Fortface uses a similarity scoring system. We recommend using a threshold that balances security and usability. However, the system allows fine adjustments to balance security and user experience fluidity, if your business model requires greater permissiveness. For detailed information about the relationship between each score and the level of permissiveness, please refer to the table in the Security best practices section.

What security features does Fortface provide?

Fortface employs several security measures to protect user data. This includes robust encryption and authentication to ensure that only authorized clients can perform transactions. Additionally, the SDK is protected with industry best practices to prevent fraud. We also use liveness technology fully compliant with the international standard ISO 30107-3 at Levels 1 and 2, certified by iBeta, along with multiple additional security rules to prevent attacks such as Code Inspection, Reverse Engineering, Request Inspection, DDoS, Brute Force, User Enumeration, among others.

Privacy

Is Fortface compliant with applicable privacy laws?

Yes. Fortface acts as the data processor of biometric data, while you, the client, remain the data controller. We strictly comply with applicable privacy laws and follow rigorous data security practices to protect client privacy. We ensure that data is handled responsibly and securely.

What user information is stored?

Fortface stores the UserID provided by the client, the registration photo, and the performed identifications. For security analysis purposes, we also store device information such as device model and operating system version, as well as geolocation when requested by the integrating application.

Is it possible to remove a user from Fortface?

Yes. It is possible to remove a user using the User Removal API. Through this API, you can send a request to remove a specific user from the Fortface system. This may be useful in situations such as account deactivation or deletion of client records that are no longer necessary. The User Removal API provides an efficient way to manage user access and data according to your needs. Please refer to our API resources section for more information.

Customization

How can I customize the Fortface user interface?

On the SDK customization pages for mobile or web, you will find all customizable interface parameters and instructions on how to apply them.

How can I customize Fortface error messages?

To customize error messages, you can create your own messages using the API responses provided by Fortface. This gives you full control over the content and format of the error messages presented to users.

What are the main instructions that must be given to users before capture?

Before capturing an image for facial recognition, it is important to provide guidance to ensure high-quality images suitable for accurate and secure verification. Some recommendations include: use a well-lit environment, maintain a neutral facial expression and remove accessories such as glasses and hats. For additional instructions, please refer to the Usability guide.

APIs

How do I start using the Fortface API?

You can find detailed information in the "Getting Started with the Fortface API" section of the documentation. It provides step-by-step guidance on prerequisites, account creation, API key generation, and development environment setup.

Is it possible to query a verification performed via API?

Yes. You can query verifications using the Audit API. Through this API, you can access detailed information about previous verifications, including verification result, timestamp, and other relevant details. Additionally, audit records provide a link to the registration and verification photos associated with the specific verification. This allows for complete review and audit trail validation.

Is it possible to query a transaction through the Client Portal?

Yes. Transactions can be queried through the Client Portal, where you can search using ExternalUserID, SessionID, and filter by a specific date. To access the Client Portal, please contact our team.

What are the main methods available in the Fortface API?

The documentation includes a dedicated section for API methods called "Resources" and "Resources – Documents." There you will find detailed descriptions of each method, along with request examples.

What status codes can be returned by the API?

The "API Reference" section lists the possible standard HTTP status codes that may be returned by the Fortface API. It describes their meanings and provides guidance on how to interpret API responses.

How can I ensure secure communication with the Fortface API?

To further reinforce communication security between the client and Fortface, we use mTLS authentication. You can read about the process in the mTLS Certificates section.

Where can I find examples of Fortface API usage?

The documentation includes usage examples for each API method. We recommend consulting the section corresponding to the method you intend to use to obtain practical examples of requests and response interpretation.

Capture

What type of Liveness does Fortface use (Active or Passive)?

Fortface uses Passive Liveness, meaning facial liveness authentication occurs without direct user interaction. The system detects liveness based on facial characteristics captured in the image, without requiring specific user actions such as blinking or moving in a particular way.

Is Fortface Liveness secure?

The Fortface Liveness solution is designed under rigorous security standards and holds certification issued by iBeta, a globally recognized laboratory, fully compliant with ISO 30107-3 Levels 1 and 2. This technical recognition certifies that our technology is resilient against multiple types of presentation attacks, blocking everything from simple photo and video attempts to highly sophisticated Level 2 fraud involving silicone masks, 3D prosthetics, realistic mannequins, and handcrafted molds. Fortface therefore ensures robust biometric authentication, accurately confirming that the present user is a live and legitimate person.

Is the Fortface SDK native?

Yes. Both the iOS and Android SDKs are native, ensuring optimal performance on each platform.

Which Android and iOS versions are supported?

The Fortface SDK supports Android versions above 8.0 and iOS versions above 13.0.

Is it possible to use Fortface in a web environment?

Yes. Please refer to the Web SDK documentation for biometric capture and document capture for more information, including supported browser and operating system versions.

Is Fortface compatible with devices using the rear camera?

By default, Fortface uses the front camera of mobile devices for facial capture, as the facial recognition flow is optimized for this configuration. However, starting from Web version 2.3.0, it is possible to use the rear camera for facial capture when configured through the useBackCamera parameter. It is the responsibility of the implementation to ensure that the selected device and usage flow are compatible with the chosen camera, providing proper framing and lighting conditions for facial capture.

Others

Can the size of the Fortface SDK be reduced?

The size of the Fortface SDK cannot be reduced upon client request, as it is an intrinsic characteristic of the software and may be determined by multiple technical and functional factors. However, the Fortface team continuously works to optimize and maintain the SDK size at an acceptable level, considering efficiency and performance requirements.

Is Fortface accessible for visually impaired users?

Yes. Fortface has been tested and approved by visually impaired users. The capture experience is designed to support this profile and is compatible with screen readers (TalkBack and VoiceOver), respecting the device's operating system accessibility settings such as increased contrast and visual element scaling, and complying with WCAG digital accessibility guidelines. For more information about usability, please refer to the Usability guide.

No. FortLink only generates the link. The partner defines and performs the delivery through the desired channel, such as WhatsApp, email, SMS, or any other medium.

Last updated on by Dionatan Medeiros