Retrieving a profile involves receiving a one-time-use token, and decrypting it to get a user profile.
When a user scans a QR code, Yoti makes a GET request to your callback URL, passing a token as a query string parameter. The token is URL encoded and should be decoded before being used with the Yoti SDK.
For a URL set as https://your-callback-url in Yoti Hub, the returned callback URL would look like the following: https://your-callback-url?token=
You can set and edit the callback URL within your Yoti application under the Integration tab. Yoti will automatically prefix the URL with your domain.
When your web application receives a token via the exposed endpoint as a query string parameter, you can easily retrieve the user profile. The user profile object provides a set of attributes corresponding to the user attributes you specified during the creation of your Yoti application on Hub.
SDK process
When you pass the token to the Yoti Client object, the SDK does the following:
Decrypts the wrapped receipt key attribute, using the application private key.
Uses the decrypted key to decrypt the other party profile content attribute.
Decodes the decrypted profile and returns it to your application.
The profile attributes are central to the SDK and allow you to see and work with the information that your users share with you.
yotiClient.getActivityDetails(oneTimeUseToken)
.then((activityDetails) => {
const rememberMeId = activityDetails.getRememberMeId();
const parentRememberMeId = activityDetails.getParentRememberMeId();
const receiptId = activityDetails.getReceiptId();
const timestamp = activityDetails.getTimestamp();
const profile = activityDetails.getProfile();
const applicationProfile = activityDetails.getApplicationProfile();
const selfieImageData = profile.getSelfie().getValue();
const base64SelfieUri = profile.getSelfie().getValue().getBase64Content();
const fullName = profile.getFullName().getValue();
const familyName = profile.getFamilyName().getValue();
const givenNames = profile.getGivenNames().getValue();
const phoneNumber = profile.getPhoneNumber().getValue();
const emailAddress = profile.getEmailAddress().getValue();
const dateOfBirth = profile.getDateOfBirth().getValue();
const postalAddress = profile.getPostalAddress().getValue();
const structuredPostalAddress = profile.getStructuredPostalAddress().getValue();
const gender = profile.getGender().getValue();
const nationality = profile.getNationality().getValue();
const ageVerifications = profile.getAgeVerifications();
const ageVerified = profile.findAgeVerification('age_over:', 18).getValue(); // or 'age_under:'
const documentDetails = profile.getDocumentDetails().getValue();
const applicationName = applicationProfile.getName().getValue();
const applicationUrl = applicationProfile.getUrl().getValue();
const applicationLogo = applicationProfile.getLogo().getValue();
const applicationReceiptBgColor = applicationProfile.getReceiptBgColor().getValue();
// You can retrieve the sources and verifiers for each attribute as follows
const givenNamesObj = profile.getGivenNames()
const givenNamesSources = givenNamesObj.getSources(); // list/array of anchors
const givenNamesVerifiers = givenNamesObj.getVerifiers(); // list/array of anchor
// You can also retrieve further properties from these respective anchors in the following way:
// Retrieving properties of the first anchor
const value = givenNamesSources[0].getValue(); // string
const subtype = givenNamesSources[0].getSubType(); // string
const timestamp = givenNamesSources[0].getSignedTimeStamp().getTimestamp(); // Date object
const originServerCerts = givenNamesSources[0].getOriginServerCerts(); // list of X509 certificates
})
ActivityDetails activityDetails = client.getActivityDetails(oneTimeUseToken);
HumanProfile profile = activityDetails.getUserProfile();
ApplicationProfile applicationProfile = activityDetails.getApplicationProfile();
String rememberMeId = activityDetails.getRememberMeId();
String parentRememberMeId = activityDetails.getParentRememberMeId();
Date timestamp = activityDetails.getTimestamp();
String receiptId = activityDetails.getReceiptId();
Image selfie = profile.getSelfie().getValue();
String selfieBase64Content = selfie.getBase64Content();
String fullName = profile.getFullName().getValue();
String givenNames = profile.getGivenNames().getValue();
String familyName = profile.getFamilyName().getValue();
String phoneNumber = profile.getPhoneNumber().getValue();
String emailAddress = profile.getEmailAddress().getValue();
Date dateOfBirth = profile.getDateOfBirth().getValue();
String gender = profile.getGender().getValue();
String address = profile.getPostalAddress().getValue();
String nationality = profile.getNationality().getValue();
AgeVerification over18Verification = profile.findAgeOverVerification(18);
if (over18Verification != null) {
boolean isAgedOver18 = over18Verification.getResult();
}
AgeVerification under55Verification = profile.findAgeUnderVerification(55);
if (under55Verification != null) {
boolean isAgedUnder55 = under55Verification.getResult();
}
Map<?, ?> structuredPostalAddress = profile.getStructuredPostalAddress().getValue();
DocumentDetails documentDetails = profile.getDocumentDetails().getValue();
String applicationName = applicationProfile.getApplicationName().getValue();
String applicationUrl = applicationProfile.getApplicationUrl().getValue();
Image applicationLogo = applicationProfile.getApplicationLogo().getValue();
String applicationReceiptBgColor = applicationProfile.getApplicationReceiptBgColor().getValue();
// You can retrieve the sources and verifiers for each attribute as follows:
Attribute<String> givenNamesAttr = profile.getGivenNames();
List<Anchor> givenNamesSources = givenNamesAttr.getSources();
List<Anchor> givenNamesVerifiers = givenNamesAttr.getVerifiers();
List<Anchor> givenNamesAnchors = givenNamesAttr.getAnchors();
// You can also retrieve further properties from these respective anchors in the following way:
// Retrieving properties of the first anchor
Anchor firstSourceAnchor = givenNamesSources.get(0);
String type = firstSourceAnchor.getType();
String value = firstSourceAnchor.getValue();
String subType = firstSourceAnchor.getSubType();
SignedTimestamp signedTimestamp = firstSourceAnchor.getSignedTimestamp();
List<X509Certificate> originCertificates = firstSourceAnchor.getOriginCertificates(); // list of X509 certificates
<?php
$activityDetails = $client->getActivityDetails($oneTimeUseToken);
rememberMeId = $activityDetails->getRememberMeId();
parentRememberMeId = $activityDetails->getParentRememberMeId();
$profile = $activityDetails->getProfile();
$applicationProfile = $activityDetails->getApplicationProfile();
$selfieImageObj = $profile->getSelfie()->getValue();
$selfieImageBase64Content = $selfieImageObj->getBase64Content();
$fullName = $profile->getFullName()->getValue();
$givenNames = $profile->getGivenNames()->getValue();
$familyName = $profile->getFamilyName()->getValue();
$phoneNumber = $profile->getPhoneNumber()->getValue();
$emailAddress = $profile->getEmailAddress()->getValue();
$dateOfBirth = $profile->getDateOfBirth()->getValue();
$postalAddress = $profile->getPostalAddress()->getValue();
$structuredPostalAddress = $profile->getStructuredPostalAddress()->getValue();
$gender = $profile->getGender()->getValue();
$nationality = $profile->getNationality()->getValue();
$ageVerifications = $profile->getAgeVerifications();
$ageUnderVerification = $profile->findAgeUnderVerification($age);
$ageOverVerification = $profile->findAgeOverVerification($age);
$documentDetails = $profile->getDocumentDetails()->getValue();
$applicationName = $applicationProfile->getApplicationName()->getValue();
$applicationUrl = $applicationProfile->getApplicationUrl()->getValue();
$applicationLogo = $applicationProfile->getApplicationLogo()->getValue();
$applicationReceiptBgColor = $applicationProfile->getApplicationReceiptBgColor()->getValue();
// You can retrieve the sources and verifiers for each attribute as follows:
$givenNamesObj = $profile->getGivenNames();
$givenNamesSources = $givenNamesObj->getSources(); // list of anchors
$givenNamesVerifiers = $givenNamesObj->getVerifiers(); // list of anchors
// You can also retrieve further properties from these respective anchors in the following way:
// Retrieving properties of the first anchor
$value = $givenNamesSources[0]->getValue(); // string
$subType = $givenNamesSources[0]->getSubType(); // string
$timeStamp = $givenNamesSources[0]->getSignedTimeStamp()->getTimestamp(); // DateTime object
$originServerCerts = $givenNamesSources[0]->getOriginServerCerts(); // list of X509 certificates
activity_details = client.get_activity_details(oneTimeUseToken)
profile = activity_details.profile
selfie = profile.selfie.value
given_names = profile.given_names.value
family_name = profile.family_name.value
full_name = profile.full_name.value
phone_number = profile.phone_number.value
date_of_birth = profile.date_of_birth.value
postal_address = profile.postal_address.value
structured_postal_address = profile.structured_postal_address.value
gender = profile.gender.value
nationality = profile.nationality.value
remember_me_id = activity_details.user_id
base64_selfie_uri = activity_details.base64_selfie_uri
# You can retrieve the anchors, sources and verifiers for each attribute as follows:
given_names_attribute = profile.given_names
given_names_anchors = given_names_attribute.anchors
given_names_sources = given_names_attribute.sources
given_names_verifiers = given_names_attribute.verifiers
# You can also retrieve further properties from these respective anchors in the following way:
source_anchor = given_names_sources[0]
value = source_anchor.value
sub_type = source_anchor.sub_type
timestamp = source_anchor.signed_timestamp
origin_server_certs = source_anchor.origin_server_certs
ActivityDetails activityDetails = yotiClient.GetActivityDetails(oneTimeUseToken);
YotiProfile profile = activityDetails.Profile;
Image selfie = profile.Selfie?.GetValue();
string selfieURI = profile.Selfie?.GetValue().GetBase64URI();
string fullName = profile.FullName?.GetValue();
string givenNames = profile.GivenNames?.GetValue();
string familyName = profile.FamilyName?.GetValue();
string mobileNumber = profile.MobileNumber?.GetValue();
string emailAddress = profile.EmailAddress?.GetValue();
DateTime? dateOfBirth = profile.DateOfBirth?.GetValue();
string address = profile.Address?.GetValue();
Dictionary<string, Newtonsoft.Json.Linq.JToken> structuredPostalAddress = profile.StructuredPostalAddress?.GetValue();
string gender = profile.Gender?.GetValue();
string nationality = profile.Nationality?.GetValue();
Yoti.Auth.Document.DocumentDetails documentDetails = profile.DocumentDetails?.GetValue();
bool? isAgedOver18 = profile.FindAgeOverVerification(18)?.Result();
bool? isAgedUnder55 = profile.FindAgeUnderVerification(55)?.Result();
// You can retrieve the anchors, sources and verifiers for each attribute as follows:
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using Yoti.Auth.Anchors;
List<Anchor> givenNamesAnchors = profile.GivenNames.GetAnchors();
List<Anchor> givenNamesSources = profile.GivenNames.GetSources();
List<Anchor> givenNamesVerifiers = profile.GivenNames.GetVerifiers();
// You can also retrieve further properties from these respective anchors in the following way:
Anchor givenNamesFirstSource = profile.GivenNames.GetSources().First();
AnchorType anchorType = givenNamesFirstSource.GetAnchorType();
List<X509Certificate2> originServerCerts = givenNamesFirstSource.GetOriginServerCerts();
byte[] signature = givenNamesFirstSource.GetSignature();
DateTime signedTimeStamp = givenNamesFirstSource.GetSignedTimeStamp().GetTimestamp();
string subType = givenNamesFirstSource.GetSubType();
string value = givenNamesFirstSource.GetValue();
activityDetails, err := client.GetActivityDetails(yotiOneTimeUseToken)
rememberMeID := activityDetails.RememberMeID()
parentRememberMeID := activityDetails.ParentRememberMeID()
userProfile := activityDetails.UserProfile
selfie := userProfile.Selfie().Value().Data()
givenNames := userProfile.GivenNames().Value()
familyName := userProfile.FamilyName().Value()
fullName := userProfile.FullName().Value()
mobileNumber := userProfile.MobileNumber().Value()
emailAddress := userProfile.EmailAddress().Value()
address := userProfile.Address().Value()
gender := userProfile.Gender().Value()
nationality := userProfile.Nationality().Value()
var dateOfBirth *time.Time
dobAttr, err := userProfile.DateOfBirth()
if err != nil {
// handle error
} else {
dateOfBirth = dobAttr.Value()
}
var structuredPostalAddress map[string]interface{}
structuredPostalAddressAttribute, err := userProfile.StructuredPostalAddress()
if err != nil {
// handle error
} else {
structuredPostalAddress = structuredPostalAddressAttribute.Value()
}
// If you have chosen Verify Condition on the Yoti Dashboard with the age condition of "Over 18",
// you can retrieve the user information with the generic .GetAttribute method, which requires the
// result to be cast to the original type:
age_over := userProfile.GetAttribute("age_over:18").Value().(string)
// GetAttribute returns an interface, the value can be acquired through a type assertion.
// From each attribute you can retrieve the Anchors, and subsets Sources and Verifiers
// (all as []*anchor.Anchor) as follows:
givenNamesAnchors := userProfile.GivenNames().Anchors()
givenNamesSources := userProfile.GivenNames().Sources()
givenNamesVerifiers := userProfile.GivenNames().Verifiers()
// You can also retrieve further properties from these respective anchors in the following way:
var givenNamesFirstAnchor *anchor.Anchor = givenNamesAnchors[0]
var anchorType anchor.Type = givenNamesFirstAnchor.Type()
var signedTimestamp *time.Time = givenNamesFirstAnchor.SignedTimestamp().Timestamp()
var subType string = givenNamesFirstAnchor.SubType()
var value string = givenNamesFirstAnchor.Value()
yoti_activity_details = Yoti::Client.get_activity_details(oneTimeUseToken)
remember_me_id = yoti_activity_details.remember_me_id
parent_remember_me_id = yoti_activity_details.parent_remember_me_id
receipt_id = yoti_activity_details.receipt_id
timestamp = yoti_activity_details.timestamp
base64_selfie_uri = yoti_activity_details.base64_selfie_uri
age_verified = yoti_activity_details.age_verified
profile = yoti_activity_details.profile
application_profile = yoti_activity_details.application_profile
selfie_image_data = profile.selfie.value
full_name = profile.full_name.value
given_names = profile.given_names.value
family_name = profile.family_name.value
phone_number = profile.phone_number.value
email_address = profile.email_address.value
date_of_birth = profile.date_of_birth.value
postal_address = profile.postal_address.value
structured_postal_address = profile.structured_postal_address.value
gender = profile.gender.value
nationality = profile.nationality.value
application_name = application_profile.name.value
application_url = application_profile.url.value
application_logo = application_profile.logo.value
application_receipt_bgcolor = application_profile.receipt_bgcolor.value
# You can retrieve the sources and verifiers for each attribute as follows:
given_names_obj = profile.given_names
given_names_sources = given_names_obj.sources # list of anchors
given_names_verifiers = given_names_obj.verifiers # list of anchors
given_names_anchors = given_names_attribute.anchors
# You can also retrieve further properties from these respective anchors in the following way:
# Retrieving properties of the first anchor
type = given_names_sources[0].type # string
value = given_names_sources[0].value # string
sub_type = given_names_sources[0].sub_type # string
time_stamp = given_names_sources[0].signed_time_stamp.time_stamp # DateTime object
origin_server_certs = given_names_sources[0].origin_server_certs # list of X509 certificates
Sandbox
To see how to do this using our sandbox, please head over to the link below.
Well done! This is the end of the integration!
Sources and Verifiers
As discussed earlier, you have a choice to allow unverified attributes like full name and address. Before completing the share, the end-user can get the attribute verified. However, if they decide to share the attribute without verification, the share will still go through but the attribute will be unverified. In order to check the verification status for a profile attribute, you can retrieve its source and verifier as describe above.
As an example, if the user has manually entered their address without verification, the postal_address attribute will have a source of USER_PROVIDED and verifier will be blank. If however, they chose to verify their address before sharing, the attribute verifier will be YOTI_IDENTITY and the sub type will contain the processing method of its verification.