- Overview
- Getting started
- Handling callbacks
- Customizing the SDK
- Creating checks
- User Analytics
- Going live
- Cross platform frameworks
- Migrating
- Security
- Accessibility
- Licensing
- More information
The Onfido Android SDK provides a drop-in set of screens and tools for Android applications to capture identity documents and selfie photos and videos for the purpose of identity verification.
It offers a number of benefits to help you create the best identity verification experience for your customers:
- Carefully designed UI to guide your customers through the entire photo and video capture process
- Modular design to help you seamlessly integrate the photo and video capture process into your application flow
- Advanced image quality detection technology to ensure the quality of the captured images meets the requirement of the Onfido identity verification process, guaranteeing the best success rate
- Direct image upload to the Onfido service, to simplify integration
The SDK supports API level 21 and above (distribution stats).
Version 7.4.0 was the last version that supported API level 16 and above.
Our configuration is currently set to the following:
minSdkVersion = 21
targetSdkVersion = 31
android.useAndroidX=true
Kotlin = 1.3+
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
In order to start integrating, you will need an API token.
You can use our sandbox environment to test your integration. To use the sandbox, you'll need to generate a sandbox API token in your Onfido Dashboard.
Onfidoย offersย region-specificย environments.ย Referย toย theย Regions sectionย inย ourย APIย documentationย forย tokenย formatย andย APIย baseย URLย information.
Starting from version 4.2.0
, Onfido offers a modularized SDK. You can integrate it in 2 different ways:
onfido-capture-sdk
onfido-capture-sdk-core
This is the recommended integrated option.
This is a complete solution, focusing on input quality. It features advanced on-device, real-time glare and blur detection as well as auto-capture (passport only) on top of a set of basic image validations.
repositories {
mavenCentral()
}
dependencies {
implementation 'com.onfido.sdk.capture:onfido-capture-sdk:x.y.z'
}
Due to the advanced validation support (in C++ code) we recommend that the integrator app performs multi-APK split to optimize the app size for individual architectures.
C++ code needs to be compiled for each of the CPU architectures (known as "ABIs") present on the Android environment. Currently, the SDK supports the following ABIs:
armeabi-v7a
: Version 7 or higher of the ARM processor. Most recent Android phones use thisarm64-v8a
: 64-bit ARM processors. Found on new generation devicesx86
: Most tablets and emulatorsx86_64
: Used by 64-bit tablets
The SDK binary contains a copy of the native .so
file for each of these four platforms.
You can considerably reduce the size of your .apk
by applying APK split by ABI, editing your build.gradle
to the following:
android {
splits {
abi {
enable true
reset()
include 'x86', 'x86_64', 'arm64-v8a', 'armeabi-v7a'
universalApk false
}
}
}
Read the Android documentation for more information.
Average size (with Proguard enabled):
ABI | Size |
---|---|
armeabi-v7a | 6.54 Mb |
arm64-v8a | 7.43 Mb |
This is a lighter version. It provides a set of basic image validations, mostly completed on the backend. There are no real-time validations on-device so ABI split is not needed.
repositories {
mavenCentral()
}
dependencies {
implementation 'com.onfido.sdk.capture:onfido-capture-sdk-core:x.y.z'
}
Average size (with Proguard enabled):
ABI | Size |
---|---|
universal | 4.00 Mb |
Note: The average sizes were measured by building the minimum possible wrappers around our SDK, using the following stack. Different versions of the dependencies, such as Gradle or NDK, may result in slightly different values.
compile ('com.google.android.gms:play-services-base:x.y.z') {
exclude group: 'com.android.support' // to avoid conflicts with your current support library
}
To create an applicant from your backend server, make a request to the 'create applicant' endpoint, using a valid API token.
Note: Different report types have different minimum requirements for applicant data. For a Document or Facial Similarity report the minimum applicant details required are first_name
and last_name
.
$ curl https://api.onfido.com/v3/applicants \
-H 'Authorization: Token token=<YOUR_API_TOKEN>' \
-d 'first_name=John' \
-d 'last_name=Smith'
The JSON response will return an id
field containing a UUID that identifies the applicant. Once you pass the applicant ID to the SDK, documents and live photos and videos uploaded by that instance of the SDK will be associated with that applicant.
You'll need to generate and include an SDK token every time you initialize the SDK. To generate an SDK token, make a request to the 'generate SDK token' endpoint.
$ curl https://api.onfido.com/v3/sdk_token \
-H 'Authorization: Token token=<YOUR_API_TOKEN>' \
-F 'applicant_id=<YOUR_APPLICANT_ID>' \
-F 'application_id=<YOUR_APPLICATION_ID>'
Parameter | Notes |
---|---|
applicant_id |
required Specifies the applicant for the SDK instance. |
application_id |
required The application ID that was set up during development. For Android, this is usually in the form com.example.yourapp . Make sure to use a valid application_id or you'll receive a 401 error. |
You can use the optional tokenExpirationHandler
parameter in the SDK token configurator function to generate and pass a new SDK token when it expires. This ensures the SDK continues its flow even after an SDK token has expired.
For example:
class ExpirationHandler : TokenExpirationHandler {
override fun refreshToken(injectNewToken: (String?) -> Unit) {
TODO("<Your network request logic to retrieve SDK token goes here>")
injectNewToken("<NEW_SDK_TOKEN>") // if you pass `null` the sdk will exit with token expired error
}
}
val config = OnfidoConfig.builder(context)
.withSDKToken("<YOUR_SDK_TOKEN_HERE>", tokenExpirationHandler = ExpirationHandler()) // ExpirationHandler is optional
class ExpirationHandler implements TokenExpirationHandler {
@Override
public void refreshToken(@NotNull Function1<? super String, Unit> injectNewToken) {
//Your network request logic to retrieve SDK token goes here
injectNewToken.invoke("<NEW_SDK_TOKEN>"); // if you pass `null` the sdk will exit with token expired error
}
}
OnfidoConfig.Builder config = new OnfidoConfig.Builder(context)
.withSDKToken("<YOUR_SDK_TOKEN>", new ExpirationHandler()); // ExpirationHandler is optional
Note: If you want to use tokenExpirationHandler
you should pass a concrete class instance, you should not pass an anonymous or activity class instance.
To use the SDK, you need to obtain an instance of the client object.
final Context context = ...;
Onfido onfido = OnfidoFactory.create(context).getClient();
// start the flow. 1 should be your request code (customize as needed)
onfido.startActivityForResult(this, /*must be an Activity or Fragment (support library)*/
1, /*this request code will be important for you on onActivityResult() to identify the onfido callback*/
config);
To receive the result from the flow, you should override the method onActivityResult
on your Activity or Fragment. Typically, on success, you would create a check on your backend server.
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
...
onfido.handleActivityResult(resultCode, data, new Onfido.OnfidoResultListener() {
@Override
public void userCompleted(Captures captures) {
}
@Override
public void userExited(ExitCode exitCode) {
}
@Override
public void onError(OnfidoException exception) {
}
});
}
Attribute | Notes |
---|---|
userCompleted |
User completed the flow. You can now create a check on your backend server. The captures object contains information about the document and face captures made during the flow. |
userExited |
User left the SDK flow without completing it. Some images may have already been uploaded. The exitCode object contains information about the reason for exit. |
onError |
Some error happened. |
captures
Sample of a captures
instance returned by a flow with FlowStep.CAPTURE_DOCUMENT
and FlowStep.CAPTURE_FACE
:
Document:
Front: DocumentSide(id=document_id, side=FRONT, type=DRIVING_LICENCE)
Back: DocumentSide(id=document_id, side=BACK, type=DRIVING_LICENCE)
Type: DRIVING_LICENCE
Face:
Face(id=face_id, variant=PHOTO)
Note: type
property refers to DocumentType
, variant refers to FaceCaptureVariant
Note: As part of userCompleted
method, the DocumentType
property can only contain the values which are supported by Onfido API. Please check out our API documentation
exitCode
Potential exitCode
reasons:
exitCode |
---|
USER_LEFT_ACTIVITY |
USER_CONSENT_DENIED |
CAMERA_PERMISSION_DENIED (Deprecated) |
You can also read our SDK customization guide.
You can customize the flow of the SDK via the withCustomFlow(FlowStep[])
method. You can remove, add and shift around steps of the SDK flow.
final FlowStep[] defaultStepsWithWelcomeScreen = new FlowStep[]{
FlowStep.WELCOME, //Welcome step with a step summary, optional
FlowStep.USER_CONSENT, //User consent page, optional
FlowStep.CAPTURE_DOCUMENT, //Document capture step
FlowStep.CAPTURE_FACE, //Face capture step
FlowStep.FINAL //Final screen step, optional
};
final OnfidoConfig config = OnfidoConfig.builder()
.withCustomFlow(defaultStepsWithWelcomeScreen)
.withSDKToken("<YOUR_SDK_TOKEN>")
.build();
You can call the exitWhenSentToBackground()
method of the OnfidoConfig.Builder
, to automatically exit the flow if the user sends the app to background.
This exit action will invoke the userExited(ExitCode exitCode)
callback.
The welcome screen displays a summary of the capture steps the user will pass through. These steps can be specified to match the flow required. This is an optional screen.
This step contains a screen to collect US end users' privacy consent for Onfido. It contains the consent language required when you offer your service to US users as well as links to Onfido's policies and terms of use. This is an optional screen.
The user must click "Accept" to move past this step and continue with the flow. The content is available in English only, and is not translatable.
privacy_notices_read_consent_given
outside of the SDK flow when creating a check.
If you choose to disable this step, you must incorporate the required consent language and links to Onfido's policies and terms of use into your own application's flow before your end user starts interacting with the Onfido SDK.
For more information about this step, and how to collect user consent, please visit Onfido Privacy Notices and Consent.
In this step, a user can pick the type of document and its issuing country before capturing it with their phone camera.
Document type selection and country selection are both optional screens. These screens will only show to the end user if specific options are not configured to the SDK.
You can configure the document step to capture single document types with specific properties using the DocumentCaptureStepBuilder
class's functions for the corresponding document types.
Document Type | Configuration function | Configurable Properties |
---|---|---|
Passport | forPassport() | |
National Identity Card | forNationalIdentity() | - country - documentFormat |
Driving Licence | forDrivingLicence() | - country - documentFormat |
Residence Permit | forResidencePermit() | - country |
Visa | forVisa() | - country |
Work Permit | forWorkPermit() | - country |
Generic | forGenericDocument() | - country |
Note GENERIC
document type doesn't offer an optimised capture experience for a desired document type.
- Document type
The list of document types visible for the user to select can be shown or hidden using this option. If only one document type is specified, users will not see the document selection screen or country selection screen and will be taken directly to the capture screen.
Each document type has its own configuration class.
Note: The specific document types included in the list cannot be customised
- Document country
The configuration function allows you to specify the document's country of origin. If a document country is specified for a document type, the country selection screen is not displayed.
Note: You can specify country for all document types except Passport
. This is because passports have the same format worldwide so the SDK does not require this additional information.
For example to only capture UK driving licences:
FlowStep drivingLicenceCaptureStep = DocumentCaptureStepBuilder.forDrivingLicence()
.withCountry(CountryCode.GB)
.build();
val drivingLicenceCaptureStep = DocumentCaptureStepBuilder.forDrivingLicence()
.withCountry(CountryCode.GB)
.build()
- Document format
You can specify the format of a document as Card
or Folded
. Card
is the default document format value for all document types.
If Folded
is configured a specific template overlay is shown to the user during document capture.
Note: You can specify Folded
document format for French driving licence, South African national identity and Italian national identity only. If you configure the SDK with an unsupported
country configuration the SDK will throw a InvalidDocumentFormatAndCountryCombinationException
.
For example to only capture folded French driving licences:
FlowStep drivingLicenceCaptureStep = DocumentCaptureStepBuilder.forDrivingLicence()
.withCountry(CountryCode.FR)
.withDocumentFormat(DocumentFormat.FOLDED)
.build();
val drivingLicenceCaptureStep = DocumentCaptureStepBuilder.forDrivingLicence()
.withCountry(CountryCode.FR)
.withDocumentFormat(DocumentFormat.FOLDED)
.build()
FlowStep.CAPTURE_DOCUMENT
with a CaptureScreenStep
, please make sure that you are specifying a supported document.
We provide an up-to-date list of our supported documents.
In this step a user can use the front camera to capture either a live photo of their face, or a live video.
The Face step has 2 variants:
- To configure for a live photo use
FlowStep.CAPTURE_FACE
orFaceCaptureStepBuilder.forPhoto()
. - To configure for a live video use
FaceCaptureStepBuilder.forVideo()
.
Introduction screen
By default both face and video variants show an introduction screen. This is an optional screen. You can disable it using the withIntro(false)
function.
FlowStep faceCaptureStep = FaceCaptureStepBuilder.forVideo()
.withIntro(false)
.build();
Confirmation screen
By default both face and video variants show a confirmation screen. To not display the recorded video on the confirmation screen, you can hide it using the withConfirmationVideoPreview
function.
FlowStep faceCaptureStep = FaceCaptureStepBuilder.forVideo()
.withConfirmationVideoPreview(false)
.build();
Errors
The Face step can be configured to allow for either a photo or video flow. A custom flow cannot contain both the photo and video variants of the face capture. If both types of FaceCaptureStep
are added to the same custom flow, a custom IllegalArgumentException
will be thrown at the beginning of the flow,
with the message "Custom flow cannot contain both video and photo variants of face capture"
.
The final screen displays a completion message to the user and signals the end of the flow. This is an optional screen.
Some passports and ID cards contain a chip which can be accessed using NFC. The SDK provides a set of screens to extract the information contained in the chip to verify the original document is present.
NFC dependencies are not included in the SDK to avoid increasing the SDK size when the NFC feature is disabled. To use the NFC feature, you need to include the following dependencies (with the specified versions) in your build script:
implementation "net.sf.scuba:scuba-sc-android:0.0.23"
implementation "org.jmrtd:jmrtd:0.7.18"
val config = OnfidoConfig.builder(context)
.withNFCReadBetaFeature()
.build()
OnfidoConfig config = OnfidoConfig.builder(context)
.withNFCReadBetaFeature()
.build()
You also need to add the following Proguard rules to your proguard-rules.pro
file:
-keep class org.jmrtd.** { *; }
-keep class net.sf.scuba.** {*;}
-keep class org.bouncycastle.** {*;}
-keep class org.ejbca.** {*;}
-dontwarn kotlin.time.jdk8.DurationConversionsJDK8Kt
-dontwarn org.ejbca.**
-dontwarn org.bouncycastle.**
-dontwarn module-info
-dontwarn org.jmrtd.**
-dontwarn net.sf.scuba.**
You can find further details in our NFC for Document Report guide.
For visualizations of the available options please see our SDK customization guide.
Colors
You can define custom colors inside your own colors.xml
file:
-
onfidoColorPrimary
: Defines the background color of theToolbar
which guides the user through the flow -
onfidoColorPrimaryDark
: Defines the color of the status bar above theToolbar
-
onfidoTextColorPrimary
: Defines the color of the title on theToolbar
-
onfidoTextColorSecondary
: Defines the color of the subtitle on theToolbar
-
onfidoColorAccent
: Defines the color of theFloatingActionButton
which allows the user to move between steps, as well as some details on the alert dialogs shown during the flow -
onfidoPrimaryButtonColor
: Defines the background color of the primary action buttons (e.g. proceed to the next flow step, confirm picture/video, etc), the color of the text on the secondary action buttons (e.g. retake picture/video) and the background color of some icons and markers during the flow -
onfidoPrimaryButtonColorPressed
: Defines the background color of the primary action buttons when pressed -
onfidoPrimaryButtonTextColor
: Defines the color of the text inside the primary action buttons
Widgets
You can customize the appearance of some widgets in your dimens.xml
file by overriding:
onfidoButtonCornerRadius
: Defines the radius dimension of all the corners of primary and secondary buttons
Typography
You can customize the fonts by providing font XML resources to the theme by setting OnfidoActivityTheme
to one of the following:
-
onfidoFontFamilyTitleAttr
: Defines thefontFamily
attribute that is used for text which has typography typeTitle
-
onfidoFontFamilyBodyAttr
: Defines thefontFamily
attribute that is used for text which has typography typeBody
-
onfidoFontFamilySubtitleAttr
: Defines thefontFamily
attribute that is used for text which has typography typeSubtitle
-
onfidoFontFamilyButtonAttr
: Defines thefontFamily
attribute that is applied to all primary and secondary buttons -
onfidoFontFamilyToolbarTitleAttr
: Defines thefontFamily
attribute that is applied to the title and subtitle displayed inside theToolbar
-
*onfidoFontFamilyDialogButtonAttr
: Defines thefontFamily
attribute that is applied to the buttons insideAlertDialog
andBottomSheetDialog
For example:
In your application's styles.xml
:
<style name="OnfidoActivityTheme" parent="OnfidoBaseActivityTheme">
<item name="onfidoFontFamilyTitleAttr">@font/montserrat_semibold</item>
<item name="onfidoFontFamilyBodyAttr">@font/font_montserrat</item>
<!-- You can also make the dialog buttons follow another fontFamily like a regular button -->
<item name="onfidoFontFamilyDialogButtonAttr">?onfidoFontFamilyButtonAttr</item>
<item name="onfidoFontFamilySubtitleAttr">@font/font_montserrat</item>
<item name="onfidoFontFamilyButtonAttr">@font/font_montserrat</item>
<item name="onfidoFontFamilyToolbarTitleAttr">@font/font_montserrat_semibold</item>
</style>
The Onfido Android SDK supports and maintains translations for the following locales:
- English (en) ๐ฌ๐ง
- Spanish (es) ๐ช๐ธ
- French (fr) ๐ซ๐ท
- German (de) ๐ฉ๐ช
- Italian (it) ๐ฎ๐น
- Portuguese (pt) :pt:
- Dutch (nl) :nl:
Custom language
The Android SDK also allows for the selection of a specific custom language for locales that Onfido does not currently support. You can have an additional XML strings file inside your resources folder for the desired locale (for example, res/values-it/onfido_strings.xml
for ๐ฎ๐น translation), with the content of our strings.xml file, translated for that locale.
When adding custom translations, please make sure you add the whole set of keys we have on strings.xml. In particular, onfido_locale
, which identifies the current locale being added, must be included.
The value for this string should be the ISO 639-1 2-letter language code corresponding to the translation being added.
Examples:
- When adding a translations file inside values-ru
(russian translation), the onfido_locale
key should have ru
as its value
- When adding a translations file inside values-en-rUS
(american english translation), the onfido_locale
key should have en
as its value
Without onfido_locale
correctly included, we won't be able to determine which language the user is likely to use when doing the video liveness challenge. It may result in our inability to correctly process the video, and the check may fail.
By default, we infer the language to use from the device settings. However, you can also use the withLocale(Locale)
method of the OnfidoConfig.Builder
to select a specific language.
Note: If the strings translations change it will result in a minor version change. If you have custom translations you're responsible for testing your translated layout.
If you want a locale translated you can get in touch with us at android-sdk@onfido.com.
The SDK is responsible for the capture of identity documents and selfie photos and videos. It doesn't perform any checks against the Onfido API. You need to access the Onfido API in order to manage applicants and perform checks.
For a walkthrough of how to create a check with a Document and Facial Similarity report using the Android SDK read our Mobile SDK Quick Start guide.
Read our API documentation for further details on how to create a check with the Onfido API.
Note: If you're testing with a sandbox token, please be aware that the results are pre-determined. You can learn more about sandbox responses.
Note: If you're using API v2, please refer to the API v2 to v3 migration guide for more information.
Reports may not return results straightaway. You can set up webhooks to be notified upon completion of a check or report, or both.
The SDK allows you to track a user's progress through the SDK via an overrideable hook. This gives insight into how your users make use of the SDK screens.
In order to expose a user's progress through the SDK an hook method must be overridden in the UserEventHandler.kt
object that's stored in the Onfido.kt
interface. You can do this anywhere within your application. For example:
Java:
Onfido.Companion.setUserEventHandler(new UserEventHandler() {
@Override
public void handleEvent(@NotNull String eventName, @NotNull Properties eventProperties) {
// Your code here
}
});
Kotlin:
Onfido.userEventHandler = object: UserEventHandler() {
override fun handleEvent(eventName: String, eventProperties: Properties) {
// Your code here
}
}
The code inside of the overridden method will now be called when a particular event is triggered, usually when the user reaches a new screen. For a full list of events see TRACKED_EVENTS.md.
eventName |
string < /br> Indicates the type of event. This will always be returned as "Screen" as each tracked event is a user visiting a screen. |
eventProperties |
map object < /br> Contains the specific details of an event. For example, the name of the screen visited. |
You can use the data to keep track of how many users reach each screen in your flow. You can do this by storing the number of users that reach each screen and comparing that to the number of users who reached the Welcome
screen.
Once you are happy with your integration and are ready to go live, please contact Client Support to obtain a live API token. You'll have to replace the sandbox tokens in your code with live tokens.
Check the following before you go live:
- you have set up webhooks to receive live events
- you have entered correct billing details inside your Onfido Dashboard
We provide integration guides and sample applications to help customers integrate the Onfido Android SDK with applications built using the following cross-platform frameworks:
We don't have out-of-the-box packages for such integrations yet, but these projects show complete examples of how our Android SDK can be successfully integrated in projects targeting these frameworks. Any issues or questions about the existing integrations should be raised on the corresponding repository and questions about further integrations should be sent to android-sdk@onfido.com.
You can find the migration guide in the MIGRATION.md file.
You can pin any communication between our SDK and server through the .withCertificatePinning()
method in
our OnfidoConfig.Builder
configuration builder. This method accepts as a parameter an Array<String>
with sha-1/sha-256 hashes of the certificate's public keys.
For more information about the hashes, please email android-sdk@onfido.com.
The Onfido Android SDK has been optimised to provide the following accessibility support by default:
- Screen reader support: accessible labels for textual and non-textual elements available to aid TalkBack navigation, including dynamic alerts
- Dynamic font size support: all elements scale automatically according to the device's font size setting
- Sufficient color contrast: default colors have been tested to meet the recommended level of contrast
- Sufficient touch target size: all interactive elements have been designed to meet the recommended touch target size
Refer to our accessibility statement for more details.
Due to API design constraints, and to avoid possible conflicts during the integration, we bundle some of our 3rd party dependencies as repackaged versions of the original libraries.
For those, we include the licensing information inside our .aar
, namely on the res/raw/onfido_licenses.json
.
This file contains a summary of our bundled dependencies and all the licensing information required, including links to the relevant license texts contained in the same folder.
Integrators of our library are then responsible for keeping this information along with their integrations.
We have included a sample app to show how to integrate the Onfido SDK.
Further information about the Onfido API is available in our API reference.
Please open an issue through GitHub. Please be as detailed as you can. Remember not to submit your token in the issue. Also check the closed issues to see whether it has been previously raised and answered.
If you have any issues that contain sensitive information please send us an email with the ISSUE:
at the start of the subject to android-sdk@onfido.com.
Previous version of the SDK will be supported for a month after a new major version release. Note that when the support period has expired for an SDK version, no bug fixes will be provided, but the SDK will keep functioning (until further notice).
Copyright 2018 Onfido, Ltd. All rights reserved.