Introduction
Anonybit enables organizations to safely store sensitive information in a decentralized unique data vault that
decentralizes the data to prevent any option of stealing it. The Anonybit vault supports various use cases like
biometric authentication, storing and retrieval of secrets and sensitive information, and more.
Anonybit allows you to implement its service at three service levels:
- Anonybit Biometrics cloud infrastructure - a secure biometric decentralized storage.
- Anonybit turnkey biometric authenticator - secure biometric authenticator for your applications.
- Anonybit data vault - decentralized digital storage for securing sensitive information like passphrases, personal
information, sensitive documents or images, and encryption keys.
The Anonybit data vault decentralizes the data and allows its retrieval on demand. To secure access to the vault, it can
be coupled with the Anonybit authenticator.
To support these services, Anonybit provides integration interfaces ranging from simple APIs to web, Android, and iOS
SDKs.
Anonybit decentralized data cloud serves as the infrastructure to secure all data managed by Anonybit. It is based on a
network of nodes that can be fully hosted by Anonybit and you to ensure the decentralization of sensitive data both at
rest and while in use.
To become a member of Anonybit services your organization will need to deploy the following:
- Anonybit API and/or SDKs.
- For biometric authentication services - Anonybit Computation Nodes (VCNs) to support the network computation
activities.
Anonybit Biometric Cloud
With Anonybit you can securely enroll users’ biometrics and authenticate them through biometric-templates API. Your
solution architecture will remain intact, with all biometric collection and preprocessing activities, such as liveness
detection and biometric conversion to templates, happening as they were originally implemented.
Anonybit is added as a biometrics secure storage layer, replacing the standard database you are currently using for
biometric template storage. Anonybit already supports multiple biometric algorithms. If you would like your algorithm to
be supported by Anonybit as well - contact the Anonybit team
Anonybit exposes a set of straightforward APIs to integrate your solution with Anonybit biometrics cloud. The API allows
users to enroll, authenticate (1:1), and identify (1:N) users.
Getting access to Anonybit APIs
Anonybit uses API keys to allow access to the API, please contact us for your
API key.
Biometric Authentication API
This API allows you to send Anonybit a biometrics template/vector for enrollment and for authentication (1:1)
Refer to Anonybit Vector API documentation here
Biometric Lookup API
This API allows you to send Anonybit a biometric template/vector that will be searched against the existing
templates/vectors
The search may be done during various operations:
- During enrollment to ensure deduplication of biometrics (i.e. biometrics are unique to one user)
- For user identification out of all enrolled users
- For user detection out of a predefined watchlist
By default, all lookups are performed across all of your enrolled users. To add users into a watchlist (list) please
contact Anonybit support.
Anonybit Authenticator
Anonybit Authenticator provides a turnkey biometric authentication solution with a high level of authentication
assurance.
The Anonybit authenticator can be used to:
- Add biometrics-based step-up authentication to your existing authentication options
- Fully replace your existing authentication with passwordless, biometric-driven multi factor authentication
- Create strong identity authentication for your application by tying Anonybit authenticator to Identity Verification (
IdV) / KYC. Anonybit can provide IdV enrollment or receive the validated biometric from your existing IdV solution.
The Anonybit authenticator provides cross-device biometric authentication and also provides access also to device
biometric authentication (FaceID, Fingerprint).
For a high level of assurance Anonybit recommends tying the authenticator enrollment to validation of the user’s
physical identity using a government ID, and always using the Anonybit cross-device biometric authentication option.
To implement Anonybit Authenticator, you will need to deploy a simple SDK into your application (available for web,
Android and iOS), and the aforementioned docker in your application environment.
Anonybit Biometric Authenticator
Anonybit allows you to enroll and biometrically authenticate users against its cloud-based decentralized directory.
Follow these steps to perform cross-device biometric authentication:
- Get session token here
- Capture an image of the user’s face - you can
use this script to manage camera UI and
ensure the best biometric authentication results are achieved.
- Enroll user using one of the options below:
enroll(userID, images, null, token).then(res => { ... })
enroll(userID, images, callback, token)
- Authenticate a user using one of the options below
authenticate(userID, images, null, null, token).then(res => {...})
authenticate(userID, images, callback, null, token)
- You can do an authentication validation to ensure there was no tempering with the authentication
response here
Anonybit Dockers Deployment
Anonybit team will work with your IT/DevOps team to deploy the Virtual Computation Nodes dockers within an environment
your team will specify.
Anonybit recommends setting up a dedicated environment controlled by your organization, allowing both teams to
collaborate as needed.
Decentralized Data Vault
Anonybit allows storing senstive data onto its decentralized data vault and retrieving it. To authorize access to
Anonybit’s digital assets vault, it can be coupled with either Anonybit biometric cloud or with Anonybit Authenticator,
for authenticating the user before allowing them access to the sensitive assets.
Personal Data Vault
Anonybit's personal data vault stores sensitive user's assets and protects them using the user biometrics. Only once a
user has biometrically authenticated - access to the assets in the vault is authorized. Personal Digital assets are
turned into anonybits (sharded and anonymized data) before leaving the end-user’s device to ensure they cannot be
compromised in transit or in storage. The process of turning secrets into anonybits is executed using Anonybit
JS/iOS/Android SDKs running as part of your application.
For more information on storing and retrieving personal assets,
consult SDK documentation .
Enterprise Data Vault
Anonybit enterprise Data Vault protects sensitive data at rest. You can store sensitive information and files in
Anonybit vault where they are decentralized, eliminating risks of unauthorized access to the data.
The organizational data vault integrates with your application via a simple API to store and retrieve data, where the
response provides an alternate data token.
For more information on storing and retrieving organizational assets,
consult documentation.
Authenticator SDK
Android
val anonytbit = applicationContext.applicationContext as Anonybit
// Anonybit class extents the application class, please extend it in your application
// A Session Token needs to be acquired by the Anonybit API to establish a trusted session.
// Please refer to the session flow in the introduction for a full session overview.
// To request a session token use api/v1/sessionToken API.
private fun handleEnroll(userID: String, bitmap: Bitmap) {
anonybit.enroll(userID, arrayOf(bitmap), fun (enrollmentResponse: EnrollmentResponse) {
if(enrollmentResponse.status == "Success") {
showAlertMessage(getString(R.string.enrollment_success))
} else {
showAlertMessage("${getString(R.string.enrollment_error)}, ${enrollmentResponse.errorMessage}")
}
}, token)
}
private fun handleAuthenticate(userID: String, bitmap: Bitmap) {
anonybit.authenticate(userID, arrayOf(bitmap), fun (authenticationResponse: AuthenticationResponse) {
if (authenticationResponse.status == "failure"){
showAlertMessage("${getString(R.string.authentication_error)}, ${authenticationResponse.errorMessage}")
} else if ( authenticationResponse.status == "Success" && authenticationResponse.isVerified){
showAnswerDialog(userID,true)
} else {
showAnswerDialog(userID,false)
}
runOnUiThread {
btnSubmit.isEnabled = true
}
// in order to verify that the user should be able to access the server use the signature from the AuthenticationResponse class
}, token)
}
// store secret
private fun storeSecret(userID: String, token: String, secretKey: String, secretValue: String) {
anonybit.storeSecret(userID, token, secretKey, secretValue, fun (secretStoreResponse: SecretStoreResponse) {
// use the SecretStoreResponse class for feedback
})
}
// secret retrieval
private fun retrieveSecret(userID: String, token: String, secretKey: String) {
anonybit.retrieveSecret(userID, token, secretKey, secretValue, fun (secretRetrievalResponse: SecretRetrievalResponse) {
// use the SecretRetrievalResponse class for feedback
})
}
the SDK contains several public classes
Name |
Description |
Anonybit |
Class which expose two methods authenticate and enroll |
EnrollmentResponse |
A data class that represent the enrollment response |
AuthenticationResponse |
A data class that represent the authentication response |
SecretStoreResponse |
A data class that represent the secret store response |
SecretRetrievalResponse |
A data class that represent the secret retrieval response |
Anonybit enroll request parameters:
Name |
Description |
userID |
the user id |
bitmaps |
Bitmap array object (currently we work with only 1 picture)- represent the input picture |
anonymous function |
anonymous function which receives an EnrollmentResponse class parameter |
token |
the session token |
Anonybit enroll response parameters:
Parameter |
Description |
status |
string "Failure" / "Success" / "Duplicate" |
errorMessages |
optional array of strings |
publicKey |
string public key for verifying the signature returned in AuthenticationResponse |
token |
string session token - for the uploaded image |
Anonybit authenticate request parameters:
Name |
Description |
userID |
the user id |
bitmaps |
Bitmap array object (currently we work with only 1 picture)- represent the input picture |
callback function |
callback function which receives an AuthenticationResponse class parameter |
challenge |
an optional string (used for creating a signature that can be verified using the user's public key) |
Anonybit authenticate response parameters:
Parameter |
Description |
status |
string "Failure" / "Success" |
isVerified |
boolean true/false |
errorMessages |
optional array of strings |
signature |
challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit) |
token |
string session token - for the uploaded image |
Anonybit Secret Store Response
Name |
Description |
status |
a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success" |
Anonybit Secret Retrieval Response
Name |
Description |
status |
a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success" |
value |
the value of the secret |
Instructions:
Instructions for importing Anonybit ARR file into your application:
- Upload the Anonybit SDK (arr file) to the libs folder in your application (named "sdk-release.aar").
- In your build.gradle (Module) file, add the following lines (if you don't already have them) to the top of the
file :
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
and add the following lines under the dependencies
section:
implementation 'com.google.firebase:firebase-messaging:21.0.1'
implementation 'com.github.kittinunf.fuel:fuel:2.2.0'
implementation 'com.google.code.gson:gson:2.8.6'
implementation "com.pvryan.easycrypt:easycrypt:1.3.3"
implementation(files("libs/sdk-release.aar"))
iOS
let uuid = "<user unique identifier>"
let cid = "<customer id given by anonybit>"
let anonybit = AnonybitSDK(cid: cid)
let token = "token"
anonybit.authenticate(userID: uuid, images: [image], token: token) { (result) in
DispatchQueue.main.async {
let authenticationResult = result as AuthenticationResponse
var message = "Anonybit Server identified you as '\(uuid)', was it you?"
if (authenticationResult.isVerified == false){
message = "Anonybit Server did NOT identify as '\(uuid)', was it you?"
if (authenticationResult.errorMessage?.isEmpty != nil){
message += "\n" + authenticationResult.errorMessage!
}
}
let alertController = UIAlertController(title: "Authentication", message: message, preferredStyle: .alert)
alertController.addAction(UIAlertAction(title: "Yes", style: .default, handler: { (action: UIAlertAction!) in
self.sendAnswerRequestToServer(userID: self.usernameTbx.text!, result: authenticationResult.isVerified, value: true)
}))
alertController.addAction(UIAlertAction(title: "No", style: .default, handler: { (action: UIAlertAction!) in
self.sendAnswerRequestToServer(userID: self.usernameTbx.text!, result: authenticationResult.isVerified, value: false)
}))
self.present(alertController, animated: true, completion: nil)
}
}
anonybit.enroll(userID: uuid, images: [image], token: token){ (result) in
DispatchQueue.main.async {
let enrollmentResult = result as EnrollmentResponse
var message = enrollmentResult.status
if (enrollmentResult.errorMessage?.isEmpty != nil){
message += "\n" + enrollmentResult.errorMessage!
}
let alertController = UIAlertController(title: "Enrollment Status", message: message, preferredStyle: .alert)
alertController.addAction(UIAlertAction(title: "Dismiss", style: .default))
self.present(alertController, animated: true, completion: nil)
}
}
// store secret
anonybit.store(userID: uid, token: token, secretKey: "secret", secretValue: "1234567") { (result) in
// result contains the status of the store request
}
// secret retrieval
anonybit.retrieve(userID: uid, token: token, secretKey: "secret") { (res) in
// res.value = "1234567"
}
Name |
Description |
Anonybit |
Class which expose two methods authenticate and enroll |
EnrollmentResponse |
A data class that represent the enrollment response |
AuthenticationResponse |
A data class that represent the authentication response |
StoreSecretResponse |
A data class that represent the store secret response |
RetrieveSecretResponse |
A data class that represent the secret retrieval response |
Anonybit enroll request parameters:
Name |
Description |
userID |
the user id |
images |
image array (currently we support only one picture) - represent the input picture |
callback function |
callback function which receives an EnrollmentResponse class parameter |
token |
the session token |
Anonybit enroll response parameters:
Parameter |
Description |
status |
string "Failure" / "Success" / "Duplicate" |
errorMessages |
optional array of strings |
publicKey |
optional string - public key for verifying the signature returned in AuthenticationResponse |
token |
string session token - for the uploaded image |
Anonybit authenticate request parameters:
Name |
Description |
userID |
the user id |
images |
image array (currently we support only one picture) - represent the input picture |
callback function |
callback function which receives an AuthenticationResponse class parameter |
token |
the session token |
challenge |
an optional string (used for creating a signature which can be verified using the user's public key) |
Anonybit authenticate response parameters:
Parameter |
Description |
status |
string "Failure" / "Success" |
isVerified |
boolean true/false |
errorMessages |
optional array of strings |
signature |
challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit) |
token |
string session token - for the uploaded image |
Anonybit Store Secret Response
Name |
Description |
status |
a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success" |
Anonybit Retrieve Secret Response
Name |
Description |
status |
a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success" |
value |
the value of the secret |
Instructions:
- Copy the framework file provided by the Anonybit team into your framework library inside your application
- Add
pod 'SwiftyRSA'
into you Podfile
- Run
pod install
- Go to the project section in xCode and for AnonybitSDK.framework change the Embed property to "Embed & Signing''
- Use the swift code to enroll / authenticate
JavaScript
// initializing Anonybit object
let anonybit = undefined
// initialize the anonybit object after the anonybit script finished to be loaded (vanilla js)
(
function initAnonybit() {
const cid = "dev";
const baseURL = "https://api.anonybit.io";
const proxyURL = "https://proxy.us.anonybit.io"
const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
let anonybit = new AnonyBit.default(options)
})();
// in case you are using npm/yarn install the anonybitjs package: "yarn add anonybitjs" / "npm i anonybitjs"
// and initial anonybit object:
import Anonybit from "anonybitjs/build/anonybit";
const cid = "dev";
const baseURL = "https://api.anonybit.io";
const proxyURL = "https://proxy.us.anonybit.io";
const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
let anonybit = new AnonyBit(options)
// enrollment
anonybit.enroll(userID, [image], res => {
//TODO: write your code here
if (res.status === "Success") {
// enrollment succeeded
// res.warningMessages might contain data
} else {
// enrollment failed
// res.errorMessages / res.warningMessages contain data
}
}, token);
// authentication
let challenge = null
let token = null
anonybit.authenticate(userID, [image], res => {
if (res.status === "Success") {
// authentication managed to run
// res.warningMessages might contain data
if (res.isVerified === true) {
//user is verified
} else {
//user is not verified
}
} else {
//failure to authenticate
// res.errorMessages / res.warningMessages contain data
}
}, challenge, token);
//store secret
anonybit.store(userID, token, secretKey, secretValue, res => {
if (res.status === "Success") {
// stored secret successfully
}
})
//secret retrieval
anonybit.retrieve(userID, token, secretKey, res => {
if (res.status === "Success") {
// the value can be used 'res.value'
}
})
Instructions:
- Get the generated SDK js code given by Anonybit and attach it to your project inside a script (src with its location)
- In your JavaScript code using the given code which is displayed on the right side.
Anonybit enroll request parameters:
Name |
Description |
userID |
the user id |
images |
represent the input pictures of the user (currently we support only 1 picture) |
callback function |
callback function which receives an EnrollmentResponse class parameter |
Anonybit enroll response parameters:
parameter |
Description |
status |
"Success" / "Failure" / "Duplicate" |
warningMessages |
optional array or strings |
errorMessages |
optional array or strings |
publicKey |
public key for verifying the signature returned in AuthenticationResponse |
token |
string session token - for the uploaded image |
Anonybit authenticate request parameters:
Name |
Description |
userID |
the user id |
images |
represent the input pictures of the user (currently we support only 1 picture) |
anonymous function |
anonymous function which receives an AuthenticationResponse class parameter |
challenge |
an optional string (used for creating a signature which can be verified using the user's public key) |
Anonybit authenticate response parameters:
parameter |
Description |
warningMessages |
optional array |
errorMessages |
optional array |
isVerified |
boolean field - notifying if the user managed to authenticate |
token |
string session token - for the uploaded image |
signature |
challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit) |
Anonybit store secret response
Name |
Description |
status |
a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success" |
Anonybit secret retrieval response
Name |
Description |
status |
a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success" |
value |
the value of the secret |
JavaScript - FIDO
// initializing Anonybit object
let anonybit = undefined
// initialize the anonybit object after the anonybit script finished to be loaded (vanilla js)
(
function initAnonybit() {
const cid = "dev";
const baseURL = "https://api.anonybit.io";
const proxyURL = "https://proxy.us.anonybit.io"
const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
let anonybit = new AnonyBit.default(options)
})();
// in case you are using npm/yarn install the anonybitjs package: "yarn add anonybitjs" / "npm i anonybitjs"
// and initial anonybit object:
import Anonybit from "anonybitjs/build/anonybit";
const cid = "dev";
const baseURL = "https://api.anonybit.io";
const proxyURL = "https://proxy.us.anonybit.io";
const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
let anonybit = new AnonyBit(options)
// FIDO Registration - Platform
anonybit.fidoService.registerDevice(userID, name, displayName).then(res => {
console.log(res)
})
// the res variable contains {success: true} in case of a successful fido registration
// for failure it may contain {success: false, errorMessage: “…”)
// FIDO Authentication - Platform
let challenge = null
let token = null
anonybit.fidoService.authenticateDevice(userID).then(console.log)
// the res variable contains {success: true} in case of a successful fido authentication
// in case the user didn’t manage to authenticate - i’ll receive {success: false}, if there’s also an error he’ll receive an errorMessage in the returned dictionary { success: false, errorMessage: “...”}
Instructions:
- Get the generated SDK js code given by Anonybit and attach it into your project inside a script (src with it's
location)
- In your JavaScript code use the given code which is displayed on the right side.
FIDO Platform performs registration/authentication against on-device authenticators (fingerprint reader / faceID /
Windows Hello)
Name |
Description |
userID |
the user id |
name |
name of the user |
displayName |
display name for the user |
parameter |
Description |
success |
true / false (boolean) |
errorMessage |
error description string |
Name |
Description |
userID |
the user id |
parameter |
Description |
success |
true / false (boolean) |
errorMessage |
error description string |
Authenticator Server API
Image enrollment
HTTP Request
POST /api/v1/image/enroll
x-anonybit-api-key
: Authorization API key for accessing Anonybit server
Parameters
Parameter |
Description |
cid |
The customer id |
image |
Base64-encoded selfie image |
uid |
The user id |
HTTP Response
Parameter |
Type |
Optional |
Description |
success |
bool |
Required |
Define if request was correct and success |
is_image_valid |
bool |
Required |
Descibe status of image |
error |
str |
Optional |
Error description string |
import requests
import base64
# Define the API endpoint URL
url = "https://{api_endpoint}/api/v1/image/enroll" # Replace with the actual API URL
# Define your API key
api_key = "your_api_key_here" # Replace with your actual API key
# Define the payload data
payload = {
"cid": "your_customer_id_here", # Replace with the actual customer ID
"image": "base64_encoded_image_here", # Replace with the base64-encoded selfie image
"uid": "your_user_id_here" # Replace with the actual user ID
}
# Encode the API key in the headers
headers = {
"x-anonybit-api-key": api_key
}
# Make the POST request
response = requests.post(url, json=payload, headers=headers)
Image authentication
Authenticator Server API
Image Authentication
HTTP Request
POST /api/v1/image/authenticate
x-anonybit-api-key
: Authorization API key for accessing Anonybit server
Parameters
Parameter |
Description |
cid |
The customer id |
image |
Base64-encoded selfie image |
uid |
The user id |
HTTP Response
Parameter |
Type |
Optional |
Description |
success |
bool |
Required |
Define if request was correct and success |
is_image_valid |
bool |
Required |
Descibe status of image |
verified |
bool |
Optional |
Define if user was authenticated |
error |
str |
Optional |
Error description string |
import requests
import base64
# Define the API endpoint URL
url = "https://{api_endpoint}/api/v1/image/authenticate" # Replace with the actual API URL
# Define your API key
api_key = "your_api_key_here" # Replace with your actual API key
# Define the payload data
payload = {
"cid": "your_customer_id_here", # Replace with the actual customer ID
"image": "base64_encoded_image_here", # Replace with the base64-encoded selfie image
"uid": "your_user_id_here" # Replace with the actual user ID
}
# Encode the API key in the headers
headers = {
"x-anonybit-api-key": api_key
}
# Make the POST request
response = requests.post(url, json=payload, headers=headers)
Vector authentication
# python code sample for vector handling
import requests
cid = 'customer id, provided by Anonybit'
uid = 'the user id'
api_key = 'api key, provided by Anonybit'
server_address = "https://<anonybit-server-url>" # this address should be provided by Anonybit
response = requests.post(f"{server_address}/api/v1/sessionToken", json={"cid": cid},
headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
token = response_json["token"]
enroll_url = f"{server_address}/api/v1/vector/enroll"
enrollment_vector = [i * 1.0 for i in range(20)]
response = requests.post(enroll_url, json={"uid": uid, "cid": cid, "vector": enrollment_vector, "token": token},
headers={"apiKey": api_key, 'Content-type': "application/json"})
auth_url = f"{server_address}/api/v1/vector/authenticate"
auth_vector = [i * 2.0 for i in range(20)]
response = requests.post(auth_url, json={"uid": uid, "cid": cid, "vector": auth_vector, "token": token},
headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
assert response_json["isVerified"] is False
auth_vector = [i * 1.0 for i in range(20)]
response = requests.post(auth_url, json={"uid": uid, "cid": cid, "vector": auth_vector, "token": token},
headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
assert response_json["isVerified"] is True
HTTP Request
POST /api/v1/vector/enroll
Parameter |
Description |
cid |
the customer id |
vector |
array of floating numbers - a vector that represents a model of a user |
token |
the session token - click here for more info |
userID |
the user id |
apiKey |
authorization api key for accessing Anonybit server |
HTTP Response
Parameter |
Description |
status |
Status string such as “Success” / “UnknownCustomer” / “Forbidden”/ “Error” / "BadRequest" / "Duplicate" |
publicKey |
public key for verifying the signature returned in the authentication response (in case a challenge has been sent and the user is verified) |
errorMessage |
error description string |
Vector authentication
HTTP Request
POST /api/v1/vector/authenticate
Parameter |
Description |
cid |
the customer id |
vector |
array of floating numbers - vector that represent a model of a user |
token |
the session token - click here for more info |
userID |
the user id |
apiKey |
authorization api key for accessing Anonybit server |
challenge |
an optional string (used for creating a signature which can be verified using the user's public key) |
threshold |
Threshold for authentication, if the score is lesser than the threshold the response isVerified will be set to True, False otherwise |
HTTP Response
Parameter |
Description |
status |
Status string such as “Success” / “UnknownCustomer” / “Forbidden”/ “Error” / "Tested" / "BadRequest" |
errorMessage |
error description string |
isVerified |
Will be set to true if the calculated score will be lesser than the given threshold, false otherwise (uploaded template against the enrolled template) |
signature |
challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit) |
Generate Session Token
import requests
cid = 'customer id, provided by Anonybit'
api_key = 'api key, provided by Anonybit'
server_address = 'https://<anonybit-server-url>' # server url provided by anonybit
response = requests.post(f"{server_address}/api/v1/sessionToken", json={"cid": cid},
headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
token = response_json["token"]
HTTP Request
this method allows to generate a session token
POST /api/v1/sessionToken
Parameter |
Description |
cid |
the customer id |
apiKey |
authorization api key for accessing Anonybit server |
HTTP Response
Parameter |
Description |
cid |
the customer id |
token |
the session token |
status |
'Success' / "BadRequest" / "Forbidden" / "Error" / "UnknownCustomer" |
Vector Lookup
HTTP Request
POST /api/v1/lookup
Parameter |
Description |
cid |
the customer id |
vector |
array of floating numbers - vector that represent a model of a user |
apiKey |
the API key. May be invluded in header or as parameter |
list |
optional name of the users list to limit the scope of the lookup. To manage user lists contact Anonybit support |
top |
number of users to return |
includeUserID |
determines whether user ID will be included in response (default: false) |
threshold |
threshold for including user as matched. User below threshold are included (default: 0.6) |
HTTP Response
The response may include a list user results
Parameter |
Description |
status |
Status string such as “Success” / “UnknownCustomer” / “Forbidden”/ “Error” / "Tested" / "BadRequest" |
User list parameters:
userID | the user ID that was matched
confidence | the match confidence level range (0-1)
distance | the matched vector actual distance from the sample vector
Verify token
import requests
cid = 'customer id, provided by Anonybit'
api_key = 'api key, provided by Anonybit'
user_id = 'the user id'
token = 'generated token'
server_address = 'https://<anonybit-server-url>' # server url provided by anonybit
response = requests.post(f"{server_address}/api/v1/token", json={"cid": cid, "userID": user_id, "token": token},
headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
is_verified = response_json["isVerified"]
HTTP Request
POST /api/v1/token
Parameter |
Description |
apiKey |
authorization api key for accessing Anonybit server |
token |
the name (or key) of the kba secret |
cid |
the customer id |
userID |
the user id |
HTTP Response
Parameter |
Description |
isVerified |
boolean true/false |
token |
the handled token (string) |
status |
'Tested' / "Forbidden" / "Error" |
UnRegister user
import requests
cid = 'customer id, provided by Anonybit'
api_key = 'api key, provided by Anonybit'
user_id = 'the user id'
server_address = 'https://<anonybit-server-url>' # server url provided by anonybit
response = requests.post(f"{server_address}/api/v1/user/unRegister", json={"cid": cid, "userID": user_id},
headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
status = response_json["status"]
assert status == 'Success'
HTTP Request
POST api/v1/user/unRegister
Parameter |
Description |
cid |
the customer id |
apiKey |
authorization api key for accessing Anonybit server |
userID |
the user id |
HTTP Response
Parameter |
Description |
status |
"Success" / "UnknownUser" / "UnknownCustomer" / "BadRequest" / "Forbidden" |
errorMessage |
error description string |
Enterprise Data Vault
Store Strings API
The Store String API allows storing sensitive information strings in the data vault that are up to 350Kb in size.
The data can be tagged by type (SSN, name, address, phone number), sensitivity level, or arbitrary labels that, in the
future, will be used for data access governance.
HTTP Request
POST api/v1/enterpriseSecret/store
Parameter |
Description |
cid |
the customer id |
apiKey |
authorization API key for accessing the Anonybit server |
key |
customer-defined unique sensitive-data ID |
value |
sensitive data to be stored |
overwrite |
overwrite an existing key value. default - false |
csid |
Optional Customer application Session ID to associate activity in logs |
dataType |
a string that describes the data type like SSN, Name, Address, etc. . Allows future access authorization to sensitive data by its type. |
labels |
list of tags describing the data. Allows future access authorization to sensitive data by labels. |
sensitivityLevel |
Data sensitivity level. Allows future access authorization to sensitive data by its sensitivity level. A higher number means more sensitive data. |
HTTP Response
Parameter |
Description |
token |
sensitive-data token to be used for retrieving the data |
status |
"Success" / "Error" / "BadRequest" |
errorMessage |
error description string |
Retrieve String API
HTTP Request
POST /api/v1/enterpriseSecret/retrieve
Parameter |
Description |
cid |
the customer id |
apiKey |
authorization API key for accessing Anonybit server |
csid |
Optional Customer application Session ID to associate the activity in logs |
token |
token of the sensitive data to be retrieved. The token already includes the data key. |
HTTP Response
Parameter |
Description |
key |
the retrieved sensitive data key |
value |
the retrieved sensitive data value |
status |
"Success" / "Error" / "BadRequest" |
errorMessage |
error description string |
Store File API
The Store Files API allows protecting large files (over 350Kb) by encrypting them with a protected key. The Files
protection process is based on:
- Getting a protection key from Anonybit - Anonybit provides an encryption key for every asset, along with a token
representing the key
- The application encrypts the sensitive assets with the key and disposes of the key
- The application stores the key token.
- Anonybit disposes of the key as well and only stores a representation that will allow to recreate it when needed,
using the token held by the application.
The assets can be tagged by type (SSN, name, address, phone number), sensitivity level, or arbitrary labels that, in the
future, will be used for data access governance.
HTTP Request
POST /api/v1/enterpriseFile/store
Parameter |
Description |
cid |
the customer id |
apiKey |
authorization API key for accessing the Anonybit server |
key |
customer-defined unique sensitive-data ID |
length |
encryption key length. Default - 256 |
csid |
Optional Customer application Session ID to associate activity in logs |
dataType |
a string that describes the data type like SSN, Name, Address, etc. . Allows future access authorization to sensitive data by its type. |
labels |
list of tags describing the data. Allows future access authorization to sensitive data by labels. |
sensitivityLevel |
Data sensitivity level. Allows future access authorization to sensitive data by its sensitivity level. A higher number means more sensitive data. |
HTTP Response
Parameter |
Description |
token |
token to be used for retrieving the asset encryption key |
Key |
encryption key to be used for encrypting the sensitive asset |
status |
"Success" / "Error" / "BadRequest" |
errorMessage |
error description string |
Retrieve File API
HTTP Request
POST /api/v1/api/v1/enterpriseFile/retrieve
Parameter |
Description |
cid |
the customer id |
apiKey |
authorization API key for accessing Anonybit server |
csid |
Optional Customer application Session ID to associate the activity in logs |
token |
token of the sensitive asset key to be retrieved. The token already includes the data identification key. |
HTTP Response
Parameter |
Description |
key |
the retrieved sensitive asset key |
value |
the retrieved sensitive asset encryption key |
status |
"Success" / "Error" / "BadRequest" |
errorMessage |
error description string |
Errors
The Anonybit API uses the following error codes for face acceptance, following this errors the authentication failed:
Error Message |
Meaning |
Recommended User messages |
TooManyFaces |
there are too many faces in the frame. |
Too many faces in frame. Make sure you are alone in the frame. |
LowProbabilityOfFaceDetection |
low probability of face detection in the given frame. |
Please improve lighting and center your face in the frame. |
FaceTooFar |
the face in the frame is too far away. |
You are too far from the camera. Please get closer to the camera |
FaceTooClose |
the detected face is too close. |
You are too close to the camera. Please move it further away from your face. |
FaceCropped |
the face is cropped. |
Your face is cropped, Please center your face in the frame. |
FaceUnderExposed |
the picture is too dark. |
Not enough light to identify your face. Please move to a better lit area. |
FaceOverExposed |
the picture has too much light exposed. |
Too much light to identify face. Please move to a better lit area. |
MissingData |
we couldn't see a face detected in the frame and create a model for it |
No face detected. Please ensure you are in front of the camera and your eyes are open. |
MissingToken |
missing token for authentication / enroll |
|
MissingUUID |
missing uuid |
|
MissingCID |
missing customer id |
|
MissingSecret |
missing secret |
|
UserNotExist |
user does not exist |
Authentication failed |
UserAlreadyExist |
during enrolment - the username already exists |
User already exists |
UnknownToken |
bad token |
|
FraudImage |
fraud image detected |
Authentication failed |
GeneralError |
some general error occurred in our servers. |
Please try again later |
Duplication |
When deduplicate validation on enrollment is active - the image was used to enroll another user |
User already exists |
Warnings
The Anonybit API uses the following warning codes for face acceptance, following this warnings - the performance may be improved:
Warning Message |
Meaning |
FaceTooFar |
the face in the frame is too far away. |
FaceTooClose |
the detected face is too close. |
FaceUnderExposed |
the picture is too dark. |
FaceOverExposed |
the picture has too much light exposed. |
Duplication |
When deduplicate validation on enrollment is active - the image was used to enroll another user |