Mastercard

Mastercard ID Verification

In this digital world, user identity fraud is on the rise due to inadequate digital identity verification methods. The ID Networkopens in a new tab model provides users with greater control of their digital identityopens in a new tab and enables organizations to provide seamless digital interactions with reduced risk. The ID network protects personal data and privacy by allowing individuals to control when and with whom their identity data is shared.

GitHub

Documentation

📖
Authentication
https://developer.mastercard.com/mastercard-id-assist/documentation/api-basics/#authentication
📖
Documentation
https://developer.mastercard.com/mastercard-id-assist/documentation/api-reference/

Code Examples

💻
CodeExamples
https://developer.mastercard.com/mastercard-id-assist/documentation/reference-app/
💻
CodeExamples
https://developer.mastercard.com/mastercard-id-assist/documentation/postman-collection/

Other Resources

🔗
Sandbox
https://developer.mastercard.com/mastercard-id-assist/documentation/api-basics/#environment-descriptions
🔗
UseCases
https://developer.mastercard.com/mastercard-id-assist/documentation/use-cases/
🔗
Tutorials
https://developer.mastercard.com/mastercard-id-assist/documentation/tutorials-and-guides/
🔗
Errors
https://developer.mastercard.com/mastercard-id-assist/documentation/code-and-formats/
🔗
ChangeLog
https://developer.mastercard.com/mastercard-id-assist/documentation/release-history/
🔗
FAQ
https://developer.mastercard.com/mastercard-id-assist/documentation/support/#faqs
🔗
Support
https://developer.mastercard.com/mastercard-id-assist/documentation/support/#help

OpenAPI Specification

mastercard-id-verification-openapi.yml Raw ↑ 
openapi: 3.0.3
info:
  title: Mastercard ID Verification
  description: >-
    In this digital world, user identity fraud is on the rise due to inadequate
    digital identity verification methods. The ID Networkopens in a new tab
    model provides users with greater control of their digital identityopens in
    a new tab and enables organizations to provide seamless digital interactions
    with reduced risk. The ID network protects personal data and privacy by
    allowing individuals to control when and with whom their identity data is
    shared.
  contact:
    name: API Support
    email: [email protected]
    url: https://developer.mastercard.com/support
  version: 1.0.2
servers:
  - url: https://api.mastercard.com.au/idverify
    description: Production server (uses live data)
  - url: https://sandbox.api.mastercard.com.au/idverify
    description: Sandbox server (testing environment)
tags:
  - name: SMS OTP
    description: SMS One Time Password generation and validation related operations.
  - name: Email OTP
    description: Email One Time Password generation and validation related operations.
  - name: ID Document Data Extraction
    description: ID document proofing, binding and data retrieval related operations.
  - name: ID Document Data Source Verification
    description: ID document data source verfication operations.
paths:
  /data-extractions/access-tokens:
    post:
      x-mastercard-api-encrypted: true
      tags:
        - Data
        - Extractions
        - Access
        - Tokens
      responses:
        '200':
          $ref: '#/components/responses/AccessTokenSuccessResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
      description: Return a provider token to be passed to the MIDS Liveness SDK module.
      summary: The provider token is retrieved by country code and SDK version
      operationId: retrieveDataExtractionAccessToken
      requestBody:
        $ref: '#/components/requestBodies/AccessTokenRequest'
      parameters:
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
  /data-extractions/facematch:
    post:
      summary: Verifies the details of a selfie with an identity verification provider
      tags:
        - Data
        - Extractions
        - I D  Document  Data  Extraction
      responses:
        '200':
          $ref: '#/components/responses/FacematchResult'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >-
        Returns the Status of the Source Verification that has been processed by
        a trusted IVP.
      operationId: facematchVerification
      parameters:
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
      requestBody:
        $ref: '#/components/requestBodies/SelfieVerificationRequest'
  /sms-otps:
    post:
      x-mastercard-api-encrypted: true
      summary: Creates and Send a One-Time Passcode (OTP) via SMS
      tags:
        - Otps
      responses:
        '200':
          $ref: '#/components/responses/SmsOtpGenerationSuccessResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >-
        Create and Send a One-Time Passcode (OTP) via SMS to the address
        provided.
      operationId: sendSmsOtp
      requestBody:
        $ref: '#/components/requestBodies/SmsOtpGenerationRequest'
      parameters:
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
  /email-otps:
    post:
      x-mastercard-api-encrypted: true
      summary: Creates and Send a One-Time Passcode (OTP) via Email
      tags:
        - Email
        - Email  O T P
      responses:
        '200':
          $ref: '#/components/responses/EmailOtpGenerationSuccessReponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >-
        Create and Send a One-Time Passcode (OTP) via Email to the address
        provided.
      operationId: sendEmailOtp
      requestBody:
        $ref: '#/components/requestBodies/EmailOtpGenerationRequest'
      parameters:
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
  /sms-otp-verifications:
    post:
      x-mastercard-api-encrypted: true
      summary: Verifies the provided code matches the SMS OTP
      tags:
        - Verifications
      responses:
        '200':
          $ref: '#/components/responses/SmsOtpVerificationSuccessResponses'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: Verify provided code matches the SMS OTP.
      operationId: verifySmsOtp
      requestBody:
        $ref: '#/components/requestBodies/SmsOtpVerificationRequest'
      parameters:
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
  /email-otp-verifications:
    post:
      x-mastercard-api-encrypted: true
      summary: Verifies the provided code matches the Email OTP
      tags:
        - Email
        - Verifications
      responses:
        '200':
          $ref: '#/components/responses/EmailOtpVerificationResponses'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >-
        Verify that the provided code matches One-Time Passcode (OTP) sent via
        Email during `/email-otps`.
      operationId: verifyEmailOtp
      requestBody:
        $ref: '#/components/requestBodies/EmailOtpVerficationRequest'
      parameters:
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
  /data-extractions/scans/{scan_id}:
    get:
      x-mastercard-api-encrypted: true
      summary: Returns the status of the document verification.
      tags:
        - Data
        - Extractions
        - Scans
      responses:
        '200':
          $ref: '#/components/responses/DataExtractionSuccessResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >-
        Returns the status of the document verification as it's being processed
        by the vendor.
      operationId: extractScannedDocumentData
      parameters:
        - $ref: '#/components/parameters/ScanIdParameter'
        - $ref: '#/components/parameters/UserConsentParameter'
        - $ref: '#/components/parameters/RetrieveSelfieParameter'
        - $ref: '#/components/parameters/RetrieveDocumentImagesParameter'
        - $ref: '#/components/parameters/RetrieveFacemapParameter'
        - $ref: '#/components/parameters/DocumentTypeParameter'
        - $ref: '#/components/parameters/CountryParameter'
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
  /source-verifications/{issuing_country}/medicare-cards:
    post:
      x-mastercard-api-encrypted: true
      summary: >-
        Verifies the details of a medicare card document with an identity
        verification provider
      tags:
        - Sources
        - Verifications
        - Issuing
        - Countries
        - Cards
      responses:
        '200':
          $ref: '#/components/responses/MedicareCardSourceVerificationResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >-
        Returns the status of the Medicare Card source verification as it's
        being processed by the vendor. Biometrics are not used with this API,
        which means document scanning is not required for the users to verify
        their identity. This will be a one-time verification with no data being
        stored.
      operationId: verifyMedicareCard
      parameters:
        - $ref: '#/components/parameters/IssuingCountryParameter'
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
      requestBody:
        $ref: '#/components/requestBodies/MedicareCardSourceVerificationRequest'
  /source-verifications/{issuing_country}/passports:
    post:
      x-mastercard-api-encrypted: true
      summary: >-
        Verifies the details of a passport document with an identity
        verification provider
      tags:
        - Sources
        - Verifications
        - Issuing
        - Countries
        - I D  Document  Data  Source  Verification
      responses:
        '200':
          $ref: '#/components/responses/PassportSourceVerificationResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >-
        Returns the Status of the Source Verification that has been processed by
        a trusted IVP.
      operationId: verifyPassport
      parameters:
        - $ref: '#/components/parameters/IssuingCountryParameter'
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
      requestBody:
        $ref: '#/components/requestBodies/PassportSourceVerificationRequest'
  /source-verifications/{issuing_country}/driving-licenses:
    post:
      x-mastercard-api-encrypted: true
      summary: >-
        Verifies the details of a driving license document with an identity
        verification provider
      tags:
        - Sources
        - Verifications
        - Issuing
        - Countries
        - Driving
        - Licenses
      responses:
        '200':
          $ref: '#/components/responses/DriversLicenseSourceVerificationResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >-
        Returns the Status of the Source Verification that has been processed by
        a trusted IVP.
      operationId: verifyDriversLicense
      parameters:
        - $ref: '#/components/parameters/IssuingCountryParameter'
        - $ref: '#/components/parameters/EncryptedPayloadParameter'
      requestBody:
        $ref: '#/components/requestBodies/DriversLicenseSourceVerificationRequest'
components:
  schemas:
    DocumentVerificationExtractedDataDocumentData:
      description: Document Data.
      required:
        - dateOfBirth
        - documentNumber
        - documentStatus
        - documentType
        - expiryDate
        - firstName
        - gender
        - issuingCountry
        - issuingDate
        - lastName
      type: object
      properties:
        documentNumber:
          description: Document Number.
          example: N1234567
          type: string
          minLength: 1
          maxLength: 255
        documentStatus:
          description: Document Status. SUCCESS OR PENDING.
          example: SUCCESS
          type: string
          minLength: 1
          maxLength: 7
        documentType:
          description: Document Type. PASSPORT OR DRIVER_LICENSE OR ID_CARD.
          example: PASSPORT
          type: string
          minLength: 1
          maxLength: 50
          pattern: ^(DRIVING_LICENSE|PASSPORT|ID_CARD)$
        dateOfBirth:
          description: YYYY-MM-DD format.
          example: '2020-09-09'
          type: string
          minLength: 10
          maxLength: 10
        firstName:
          description: Users First Name.
          example: John
          type: string
          minLength: 1
          maxLength: 255
        lastName:
          description: Users Last Name.
          example: Smith
          type: string
          minLength: 1
          maxLength: 255
        expiryDate:
          description: Document expiration date in YYYY-MM-DD format.
          example: '2020-10-10'
          type: string
          format: date
          minLength: 10
          maxLength: 10
        gender:
          description: M/F.
          example: M
          type: string
          minLength: 1
          maxLength: 1
        issuingCountry:
          description: Document issuing country.
          example: AUS
          type: string
          minLength: 3
          maxLength: 3
        issuingDate:
          description: Document issuing date.
          example: '2020-09-09'
          type: string
          format: date
          minLength: 10
          maxLength: 10
        issuingPlace:
          description: Document issuing place.
          example: New York
          type: string
          minLength: 1
          maxLength: 50
        issuingAuthority:
          description: Document issuing authority.
          example: United States
          type: string
          minLength: 1
          maxLength: 50
        placeOfBirth:
          description: Users place of birth.
          example: Boston
          type: string
          minLength: 1
          maxLength: 255
        addressLine1:
          description: Users Address Line 1.
          example: 123 Main St.
          type: string
          minLength: 1
          maxLength: 255
        addressLine2:
          description: Users Address Line 2.
          example: New York
          type: string
          minLength: 1
          maxLength: 255
        addressZipCode:
          description: Users zip code.
          example: '10021'
          type: string
          minLength: 1
          maxLength: 50
        addressCity:
          description: Users City.
          example: New York
          type: string
          minLength: 1
          maxLength: 100
        addressCountry:
          description: Users Country.
          example: USA
          type: string
          minLength: 2
          maxLength: 3
        addressSubdivision:
          description: Users Subdivision.
          example: MO
          type: string
          minLength: 2
          maxLength: 100
        issuingState:
          description: Users State.
          example: MO
          type: string
          minLength: 2
          maxLength: 100
        formattedAddress:
          description: Users formatted Address.
          example: 220 BLVD O FALLON MO
          type: string
          minLength: 1
          maxLength: 200
        selfie:
          description: Users Selfie Binary data, Base64 encoded.
          example: >-
            /mJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanq.........................
          type: string
          minLength: 1
        documentImageFront:
          description: Users document front binary data, Base64 encoded.
          example: >-
            /mJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanq.........................
          type: string
          minLength: 1
        documentImageBack:
          description: Users document back binary data, Base64 encoded.
          example: >-
            /mJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanq.........................
          type: string
          minLength: 1
        facemap:
          description: Users document facemap binary data, Base64 encoded.
          example: >-
            /mJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanq.........................
          type: string
          minLength: 1
        rgNumber:
          type: string
          minLength: 1
          maxLength: 255
          description: RG Number.
          example: 12345
        cpf:
          type: string
          minLength: 1
          maxLength: 255
          description: CPF Number.
          example: 12345
        fathersName:
          type: string
          minLength: 1
          maxLength: 255
          description: Father's Name.
          example: John Smith
        mothersName:
          type: string
          minLength: 1
          maxLength: 255
          description: Mother's Name.
          example: Paula Smith
    DocumentVerificationExtractedData:
      required:
        - status
        - transactionId
      type: object
      properties:
        documentData:
          $ref: '#/components/schemas/DocumentVerificationExtractedDataDocumentData'
        status:
          description: The status of the Status API, possible values are SUCCESS / PENDING.
          example: SUCCESS
          type: string
          minLength: 1
          maxLength: 7
        transactionId:
          description: >-
            The transaction ID provided in the API response must be logged by
            the Relying Party. The Relying Party is required to provide the
            transaction ID when contacting the Mastercard customer support team.
          example: 1ec14310-e85c-11ea-adc1-0242ac120002
          type: string
          minLength: 36
          maxLength: 36
    AccessToken:
      required:
        - apiDataCenter
        - sdkToken
        - transactionId
      type: object
      properties:
        transactionId:
          description: >-
            The transaction ID provided in the API response must be logged by
            the Relying Party. The Relying Party is required to provide the
            transaction ID when contacting the Mastercard customer support team.
          type: string
          example: 1ec14310-e85c-11ea-adc1-0242ac120002
          minLength: 36
          maxLength: 36
        accountId:
          description: >-
            The accountId is an identifier for the client's account on the
            identity verification provider used by ID Verification.
          type: string
          example: 14c01794-926a-426f-ad72-c45f8fbf78a4
          minLength: 36
          maxLength: 36
        workflowId:
          description: >-
            The workflowId is the identifier for the scan on the identity
            verification provider used by ID Verification.
          type: string
          example: 5226539e-78e7-45ac-a924-072d1301c24c
          minLength: 36
          maxLength: 36
        sdkToken:
          description: Token to initialize the SDK.
          type: string
          example: >-
            eyJhbGciOiJIUzUxMiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAB3NQQpCMQwE0Lt0baBJ0yZ159KtN0jTBgTBjYgg3t3__3KGN8w3rc_llc4JG6KUhrmoYjolc7_OvWfPKJ2hUzNgagE2hcC5hsYIUeOdH7gStVr6AtElwNUcrBNDFppYMjqxb9hvKzb9fNzfa4_HVkORomdoggsYp8HgPqAWF43VtsOcfn_stx4UsAAAAA.tDRVowYYcpQ03Vlt7D3MiovleiyRFQMv4qzXb7Lf_6CarphRrlWXan8-jE-YesNiAiT8tk0b-i8TKHGrcgT1VQ
          minLength: 1
          maxLength: 328
        apiDataCenter:
          description: API Data Center. The accepted values are US, EU or SG.
          type: string
          example: US
          minLength: 1
          maxLength: 2
        documentVerificationUrl:
          description: Web url to display in iframe.
          type: string
          example: >-
            https://mastercard.web.apac-1.jumio.link/web/v4/app?authorizationToken=eyJhbGciOiJIUzUxMiIsInppcCI6IkdaSVAifQ.H4sIAAAAAAAAAJXOQQ5CIQxF0b0wtkmBFqgzh07_Dkp_iWM10cS4d0FX4PTm5OW9gj9P93AMsaRaS845CVM4BDU776sLi5JGiM06UGGDLiUCRaLa0rDR6uJf7FH6mBwYtUyCBcSywBznbmMfGdPEj-H_cNt8TL35zfVql1V-12o0SZ3AGysQ1wKNFCGbsjlyUsTw_gANOZ5b4gAAAA.2bo6KfOvGIswNRNTXv6QtoGvHyNYp_j3LwHia9DtuWna3y_LLI1VgPZle46Q5cFHuuMJB7g7y4wHbtogBX2HfQ&locale=en-US
    RetrieveAccessToken:
      required:
        - countryCode
        - channelType
      type: object
      properties:
        countryCode:
          type: string
          example: US
          pattern: ^[a-zA-Z]{2}$
          description: >-
            The ISO 3166-1 alpha2 code which corresponds to the country from
            where the request to ID is originating from.
        channelType:
          type: string
          example: WEB
          description: The platform where the request is generated from.
          enum:
            - WEB
            - SDK
          minLength: 3
          maxLength: 3
        sdkVersion:
          type: string
          example: 1.0.0
          pattern: ^[0-9]{1,5}\.[0-9]{1,5}\.[0-9]{1,5}$
          description: >-
            The SDK's version that the application is using. Required if the
            channelType is `SDK`.
        livenessType:
          type: string
          example: GPA
          description: >-
            The preferred liveness type to be applied; Liveness Assurance (LA)
            or Genuine Presence Assurance (GPA), where GPA provides LA
            capability and also additional checks that ensure the user is
            genuinely present.
          enum:
            - GPA
            - LA
          minLength: 2
          maxLength: 3
        successUrl:
          type: string
          example: https://www.rp.com/success
          description: >-
            The URL to be redirected to if the token request is successful. Must
            be present if the channelType is WEB.
          pattern: >-
            ^((https):\/\/)([-\w.])+(:[0-9]+)?\/?(\/[-.\w]*)*((\?|\&)([^=]+)\=([^&]*))*$
        errorUrl:
          type: string
          example: https://www.rp.com/error
          description: >-
            The URL to be redirected to if the token request is not successful.
            Must be present if the channelType is WEB.
          pattern: >-
            ^((https):\/\/)([-\w.])+(:[0-9]+)?\/?(\/[-.\w]*)*((\?|\&)([^=]+)\=([^&]*))*$
        locale:
          description: >-
            The IETF BCP 47 value which determines the language variant to be
            applied in the subsequent scanning dialogs accessed via the token.
          type: string
          default: en-US
          example: en-GB
          pattern: ^[a-z]{2}-[a-zA-Z]{2}$
        document:
          type: object
          description: >-
            An optional object which allows the Relying Party to limit the
            country and type of document which can be submitted, by not
            displaying a document selection screen within the user journey. If
            only one of the document type or issuing country fields is
            populated, then the associated dialog option on the document
            selection screen will continue be displayed.
          properties:
            issuingCountry:
              type: string
              example: USA
              pattern: ^[A-Z]{3}$
              description: >-
                Element used to restrict the issuing country of the document
                that can be uploaded by the user. Inclusion of a value for this
                element will result in the issuing country option being removed
                from the Document Selection screen. If a value is also included
                for the documentType element, then the Document Selection screen
                will not be displayed at all. The value submitted needs to
                comply to the ISO 3166-1 Alpha 3 standard.
            documentType:
              type: string
              example: DRIVING_LICENSE
              description: >-
                Element used to restrict the type of document that can be
                uploaded by the user. Inclusion of a value for this element will
                result in the document type option being removed from the
                Document Selection screen. If a value is also included for the
                issuingCountry element, then the Document Selection screen will
                not be displayed at all. The value submitted must be one of the
                following enum values.
              enum:
                - DRIVING_LICENSE
                - ID_CARD
                - PASSPORT
        workflowDefinition:
          type: String
          example: DOCUMENT_EXTRACTION_FACEMATCH_LIVENESS
          description: >-
            Value which indicates the capabilities which are to be executed
            within the flow: <br/> <ul> <li> Document Extraction  Verifies a
            document is genuine and provides an extract of the details contained
            in that document.</li> <li> Document Extraction, Facematch and
            Liveness  Verifies a document is genuine, provides an extract of
            the details contained in that document, and verifies the user is
            live and is the subject of that document.</li> <li> Facematch 
            Matches a user to a previously verified document.</li> </ul> If no
            value is supplied then the full document extraction, liveness and
            face matching capability will be enacted by default.
          enum:
            - DOCUMENT_EXTRACTION
            - DOCUMENT_EXTRACTION_FACEMATCH_LIVENESS
            - FACEMATCH
        accountId:
          type: string
          example: 14c01794-926a-426f-ad72-c45f8fbf78a4
          pattern: ^[a-zA-Z][0-9][-]{*}$
          description: >-
            Required only when the FACEMATCH enum is specified in the
            workflowDefinition field.<br/> The accountId value returned to the
            client in a previous access token call for the document which is to
            form the basis for the face-match.
        workflowId:
          type: string
          example: 5226539e-78e7-45ac-a924-072d1301c24c
          pattern: ^[a-zA-Z][0-9][-]{*}$
          description: >-
            Required only when the FACEMATCH enum is specified in the
            workflowDefinition field.<br/> The workflowId value returned to the
            client in a previous access token call for the document which is to
            form the basis for the face-match.
    OtpVerificationResult:
      required:
        - responseCode
        - responseMessage
        - transactionId
      type: object
      properties:
        responseCode:
          description: '`SUCCESS`, `FAILURE` or `ATTEMPTS_EXCEEDED`.'
          type: string
          example: SUCCESS
          minLength: 1
          maxLength: 17
        responseMessage:
          description: A short message describing the response code.
          type: string
          example: OTP verified
          minLength: 1
          maxLength: 255
        transactionId:
          description: >-
            The transaction ID provided in the API response must be logged by
            the Relying Party. The Relying Party is required to provide the
            transaction ID when contacting the Mastercard customer support team.
          type: string
          example: 28eae1aa-6744-433e-879d-7da48d63e89a
          minLength: 36
          maxLength: 36
        attemptsRemaining:
          description: >-
            The number of attempts remaining. This field is only populated for
            the `FAILURE` response code.
          type: integer
          format: int32
          example: 2
    Otp:
      required:
        - otpId
        - transactionId
      type: object
      properties:
        otpId:
          description: A random 128-bit UUID representing otp request.
          type: string
          example: 471dddb6-7204-4ac6-a94a-fdeb7a094a85
          minLength: 36
          maxLength: 36
        transactionId:
          description: >-
            The transaction ID provided in the API response must be logged by
            the Relying Party. The Relying Party is required to provide the
            transaction ID when contacting the Mastercard customer support team.
          type: string
          example: bd400bde-8ae1-4d7b-a39e-ebebb94e6d08
          minLength: 36
          maxLength: 36
    OtpVerification:
      required:
        - code
        - countryCode
        - otpId
      type: object
      properties:
        code:
          description: The 6-digit code which was sent to the user.
          type: string
          example: '123456'
          pattern: ^[0-9]{6}$
          minLength: 6
          maxLength: 6
        otpId:
          minLength: 36
          maxLength: 36
          description: The otpId in the response body of create otp request.
          type: string
          example: 63d04933-02b6-4ea4-adf9-68696e675a01
          pattern: >-
            ^[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}$
        countryCode:
          minLength: 2
          maxLength: 2
          description: >-
            The ISO 3166-1 alpha2 code which corresponds to the country from
            where the request to ID is originating from.
          type: string
          pattern: ^[a-zA-Z]{2}$
          example: BR
        userConsent:
          description: >-
            The value which best reflects the input of the User with regard to
            consent to use their data.
          enum:
            - ACCEPT
            - DECLINE
            - REVOKE
            - EXPIRE
          type: string
          example: ACCEPT
    EmailOtp:
      required:
        - countryCode
        - emailAddress
      type: object
      properties:
        countryCode:
          description: >-
            The ISO 3166-1 alpha2 code which corresponds to the country from
            where the request to ID is originating from.
          type: string
          example: BR
          pattern: ^[a-zA-Z]{2}$
          minLength: 2
          maxLength: 2
        emailAddress:
          description: The email address in which to send the OTP to.
          type: string
          pattern: ^[\w-\.\'\\]+@([\w-]+\.)+[\w-]{2,4}$
          example: [email protected]
          minLength: 1
        locale:
          description: >-
            The IETF BCP 47 value which determines the language variant to be
            applied in the OTP messages.
          type: string
          default: en-US
          example: en-GB
          pattern: ^[a-z]{2}-[a-zA-Z]{2}$
        userConsent:
          description: >-
            The value which best reflects the input of the User with regard to
            consent to use their data.
          enum:
            - ACCEPT
            - DECLINE
            - REVOKE
            - EXPIRE
          type: string
          example: ACCEPT
    SMSOtp:
      required:
        - countryCode
        - phoneNumber
      type: object
      properties:
        countryCode:
          maxLength: 2
          description: >-
            The ISO 3166-1 alpha2 code which corresponds to the country from
            where the request to ID is originating from.
          type: string
          example: BR
          pattern: ^[a-zA-Z]{2}$
        phoneNumber:
          maxLength: 15
          description: >-
            The phone number in which to send the OTP to. It should be prefixed
            with the international dialing code, without the '+'.
          type: string
          pattern: ^[1-9]\d{2,14}$
          example: '553453554563'
        locale:
          description: >-
            The IETF BCP 47 value which determines the language variant to be
            applied in the OTP messages.
          type: string
          example: en-GB
          default: en-US
          pattern: ^[a-z]{2}-[a-zA-Z]{2}$
        userConsent:
          description: >-
            The value which best reflects the input of the User with regard to
            consent to use their data.
          enum:
            - ACCEPT
            - DECLINE
            - REVOKE
            - EXPIRE
          type: string
          example: ACCEPT
    MedicareCardSourceVerificationRequestAttributes:
      required:
        - userConsent
        - cardColor
        - nameLine1
        - medicareCardNo
        - individualReferenceNo
        - countryCode
        - expiryDate
      properties:
        userConsent:
          description: >-
            The value which best reflects the input of the User with regard to
            consent to use their data.
          enum:
            - ACCEPT
            - DECLINE
            - REVOKE
            - EXPIRE
          type: string
          example: ACCEPT
          minLength: 6
          maxLength: 7
        cardColor:
          description: Medicard Color can be GREEN, BLUE OR YELLOW.
          enum:
            - GREEN
            - BLUE
            - YELLOW
          type: string
          example: BLUE
          minLength: 4
          maxLength: 6
        nameLine1:
          description: Name Line 1.
          example: Smith
          type: string
          minLength: 1
          maxLength: 27
          pattern: ^[a-zA-Z\s ,.'-]{1,27}$
 

# --- truncated at 32 KB (86 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/mastercard/refs/heads/main/openapi/mastercard-id-verification-openapi.yml