Before you request an advanced signature (level2
), an advanced signature with a qualified certificate (level3
) or a qualified signature (level4
), you may want your participant to possess the appropriate certificate.
Universign Certificates service allows you to initiate a registration session request to verify your future participant’s identity and issue, if successful, the appropriate certificate. The service is compliant with European eIDAS regulations and ETSI (European Telecommunications Standards Institute) standards.
In the process, the identity verification relies on Optical Character Recognition (OCR) technology combined with deep learning algorithms to combat fraud.
To consult the list of accepted identity documents, visit Accepted identity documents.
In addition to the OCR verification, and only for QCP and QCP-n-qscd certificates, a video selfie is requested and cross-analysis between video and photo data extracted from the applicant’s ID document is followed by analysis by fraud-trained operators. This process of recording a video is called “proof of life” and is meant to strengthen the fight against identity theft.
Our Certificates service is available in a stand-alone mode by API. Note that when you request an advanced or qualified signature, the creation of a certificate for your participant is required. This service is automatically called internally to provide a registration step before signing.
For more details about registration API integration, visit Request certificate creation.
Registration session lifecycle
From the moment you initiate a registration session, your applicant needs to go through one of the following registration processes, depending on the type of the certificate you requested.
Note that a registration session is valid only for 7 days. Beyond this delay, you need to initiate another registration session.
LCP certificate creation lifecycle
The LCP (Lightweigth Certificate Policy) certificate allows participants to perform an advanced signature (level2
).
QCP certificate creation lifecycle
The QCP (Qualified Certificate Policy) certificate allows participants to perform an advanced signature with a qualified certificate (level3
).
QCP-n-qscd certificate creation lifecycle
The QCP-n-qscd (Qualified Certificate Policy for Natural persons with keys generated in a Qualified Signature Creation Device) certificate allows participants to perform a qualified signature (level4
).
Monitoring registration session
Every time your applicant takes a step forward into the registration session, Universign creates an event. You may then need to be notified of the progress of the registration session.
For more details about events and webhook integration, visit Events and Webhooks.
Below is the list of all webhookable events you can subscribe to.
registration.identity.verified
Description
The event is triggered when the identity has been verified. The verification_status
possible values are success
or failure
. In case of failure
, the failure reason displays in verification_errors
.
For more details about identity verification failure reasons, visit Identity prevalidation.
Response examples
Success
{
"object": {
"registration_id": "reg_drqWaGaLkqlZ",
"verification_status": "success"
}
}
Failure
{
"object": {
"registration_id": "reg_drloPLPeq51Z",
"verification_status": "failure",
"verification_errors": [
"unidentified_side"
]
}
}
registration.identity.rejected
Description
This event is triggered when the applicant rejects the validated identity (once the analysis has been performed and returns a successful result). The applicant indicates that data extracted from his/her ID do not match the ID itself. This may be due to:
- an extraction error,
- an input error (fullname and/or phone number) in the registration request.
In this case, the registration session is interrupted and you need to request a new one.
Response example
{
"object": {
"registration_id": "reg_xLQ5OvMezdO9"
}
}
registration.lifecycle.rejected
Description
This event is triggered when the applicant interrupts the registration session at the very beginning of the process, because the fullname and/or phone number filled and locked (as a prerequisite
) by the registration creator are incorrect.
In this case, the registration session is interrupted and you need to request a new one.
Response example
{
"object": {
"registration_id": "reg_wX3wY1MQalQo",
"correct_fullname": "jane doe",
"correct_phone_number": "+33612345678"
}
}
registration.lifecycle.expired
Description
This event is triggered when the registration session has expired (after the 7 days validity time) and the applicant has not completed the registration process. Note that the delay to complete the registration begins once the applicant has joined the session.
Note that the applicant’s identity data are deleted in accordance with data protection policy.
Response example
{
"object": {
"registration_id": "reg_Ddv97DJY7yvm"
}
}
registration.lifecycle.completed
Description
This event is triggered when the registration is complete. The verified identity has been confirmed by the applicant, s/he has chosen the name that displays in the certificate and s/he has signed the Certificate creation agreement.
Note that the identity data and images are stored and encypted in accordance with data protection policy and eIDAS regulation.
Note that it may take a few moments until the certificate is issued.
Response example
{
"object": {
"registration_id": "reg_Ddv97DJY7yvm"
}
}
registration.certificate.activated
Description
This event is triggered when the certificate is issued and can be used for signature.
Note that the QCP-n-QSCD certificate is valid for 5 years.
Response example
{
"object": {
"registration_id": "reg_Ddv97DJY7yvm"
}
}