NAV
code

Introduction

Anonybit enables organizations to safely store sensitive information in a decentralized unique data vault that decentralizes the data to prevent any option of stealing it. The Anonybit vault supports various use cases like biometric authentication, storing and retrieval of secrets and sensitive information, and more.

Anonybit allows you to implement its service at three service levels:

The Anonybit data vault decentralizes the data and allows its retrieval on demand. To secure access to the vault, it can be coupled with the Anonybit authenticator.

To support these services, Anonybit provides integration interfaces ranging from simple APIs to web, Android, and iOS SDKs.

Anonybit decentralized data cloud serves as the infrastructure to secure all data managed by Anonybit. It is based on a network of nodes that can be fully hosted by Anonybit and you to ensure the decentralization of sensitive data both at rest and while in use.

To become a member of Anonybit services your organization will need to deploy the following:

  1. Anonybit API and/or SDKs.
  2. For biometric authentication services - Anonybit Computation Nodes (VCNs) to support the network computation activities.

Anonybit Biometric Cloud

With Anonybit you can securely enroll users’ biometrics and authenticate them through biometric-templates API. Your solution architecture will remain intact, with all biometric collection and preprocessing activities, such as liveness detection and biometric conversion to templates, happening as they were originally implemented.

Anonybit is added as a biometrics secure storage layer, replacing the standard database you are currently using for biometric template storage. Anonybit already supports multiple biometric algorithms. If you would like your algorithm to be supported by Anonybit as well - contact the Anonybit team

Anonybit exposes a set of straightforward APIs to integrate your solution with Anonybit biometrics cloud. The API allows users to enroll, authenticate (1:1), and identify (1:N) users.

Getting access to Anonybit APIs

Anonybit uses API keys to allow access to the API, please contact us for your API key.

Biometric Authentication API

This API allows you to send Anonybit a biometrics template/vector for enrollment and for authentication (1:1) Refer to Anonybit Vector API documentation here

Biometric Lookup API

This API allows you to send Anonybit a biometric template/vector that will be searched against the existing templates/vectors The search may be done during various operations:

By default, all lookups are performed across all of your enrolled users. To add users into a watchlist (list) please contact Anonybit support.

Anonybit Authenticator

Anonybit Authenticator provides a turnkey biometric authentication solution with a high level of authentication assurance. The Anonybit authenticator can be used to:

The Anonybit authenticator provides cross-device biometric authentication and also provides access also to device biometric authentication (FaceID, Fingerprint).
For a high level of assurance Anonybit recommends tying the authenticator enrollment to validation of the user’s physical identity using a government ID, and always using the Anonybit cross-device biometric authentication option.

To implement Anonybit Authenticator, you will need to deploy a simple SDK into your application (available for web, Android and iOS), and the aforementioned docker in your application environment.

Anonybit Biometric Authenticator

Anonybit allows you to enroll and biometrically authenticate users against its cloud-based decentralized directory. Follow these steps to perform cross-device biometric authentication:

  1. Get session token here
  2. Capture an image of the user’s face - you can use this script to manage camera UI and ensure the best biometric authentication results are achieved.
  3. Enroll user using one of the options below:
    enroll(userID, images, null, token).then(res => { ... })
    enroll(userID, images, callback, token)
  4. Authenticate a user using one of the options below
    authenticate(userID, images, null, null, token).then(res => {...})
    authenticate(userID, images, callback, null, token)
  5. You can do an authentication validation to ensure there was no tempering with the authentication response here

Anonybit Dockers Deployment

Anonybit team will work with your IT/DevOps team to deploy the Virtual Computation Nodes dockers within an environment your team will specify. Anonybit recommends setting up a dedicated environment controlled by your organization, allowing both teams to collaborate as needed.

Decentralized Data Vault

Anonybit allows storing senstive data onto its decentralized data vault and retrieving it. To authorize access to Anonybit’s digital assets vault, it can be coupled with either Anonybit biometric cloud or with Anonybit Authenticator, for authenticating the user before allowing them access to the sensitive assets.

Personal Data Vault

Anonybit's personal data vault stores sensitive user's assets and protects them using the user biometrics. Only once a user has biometrically authenticated - access to the assets in the vault is authorized. Personal Digital assets are turned into anonybits (sharded and anonymized data) before leaving the end-user’s device to ensure they cannot be compromised in transit or in storage. The process of turning secrets into anonybits is executed using Anonybit JS/iOS/Android SDKs running as part of your application.

For more information on storing and retrieving personal assets, consult SDK documentation .

Enterprise Data Vault

Anonybit enterprise Data Vault protects sensitive data at rest. You can store sensitive information and files in Anonybit vault where they are decentralized, eliminating risks of unauthorized access to the data. The organizational data vault integrates with your application via a simple API to store and retrieve data, where the response provides an alternate data token. For more information on storing and retrieving organizational assets, consult documentation.

Authenticator SDK

Android

val anonytbit = applicationContext.applicationContext as Anonybit
// Anonybit class extents the application class, please extend it in your application
// A Session Token needs to be acquired by the Anonybit API to establish a trusted session. 
// Please refer to the session flow in the introduction for a full session overview. 
// To request a session token use api/v1/sessionToken API.

private fun handleEnroll(userID: String, bitmap: Bitmap) {
    anonybit.enroll(userID, arrayOf(bitmap), fun (enrollmentResponse: EnrollmentResponse) {
        if(enrollmentResponse.status == "Success") {
            showAlertMessage(getString(R.string.enrollment_success))
        } else {
            showAlertMessage("${getString(R.string.enrollment_error)}, ${enrollmentResponse.errorMessage}")
        }
    }, token)

}

private fun handleAuthenticate(userID: String, bitmap: Bitmap) {
    anonybit.authenticate(userID, arrayOf(bitmap), fun (authenticationResponse: AuthenticationResponse) {
        if (authenticationResponse.status == "failure"){
            showAlertMessage("${getString(R.string.authentication_error)}, ${authenticationResponse.errorMessage}")
        } else if ( authenticationResponse.status == "Success" && authenticationResponse.isVerified){
            showAnswerDialog(userID,true)
        } else {
            showAnswerDialog(userID,false)
        }
        runOnUiThread {
            btnSubmit.isEnabled = true
        }
        // in order to verify that the user should be able to access the server use the signature from the AuthenticationResponse class
    }, token)
}

// store secret
private fun storeSecret(userID: String, token: String, secretKey: String, secretValue: String) {
    anonybit.storeSecret(userID, token, secretKey, secretValue, fun (secretStoreResponse: SecretStoreResponse) {
        // use the SecretStoreResponse class for feedback
    })
}


// secret retrieval
private fun retrieveSecret(userID: String, token: String, secretKey: String) {
    anonybit.retrieveSecret(userID, token, secretKey, secretValue, fun (secretRetrievalResponse: SecretRetrievalResponse) {
        // use the SecretRetrievalResponse class for feedback
    })
}

the SDK contains several public classes

Name Description
Anonybit Class which expose two methods authenticate and enroll
EnrollmentResponse A data class that represent the enrollment response
AuthenticationResponse A data class that represent the authentication response
SecretStoreResponse A data class that represent the secret store response
SecretRetrievalResponse A data class that represent the secret retrieval response

Anonybit enroll request parameters:

Name Description
userID the user id
bitmaps Bitmap array object (currently we work with only 1 picture)- represent the input picture
anonymous function anonymous function which receives an EnrollmentResponse class parameter
token the session token

Anonybit enroll response parameters:

Parameter Description
status string "Failure" / "Success" / "Duplicate"
errorMessages optional array of strings
publicKey string public key for verifying the signature returned in AuthenticationResponse
token string session token - for the uploaded image

Anonybit authenticate request parameters:

Name Description
userID the user id
bitmaps Bitmap array object (currently we work with only 1 picture)- represent the input picture
callback function callback function which receives an AuthenticationResponse class parameter
challenge an optional string (used for creating a signature that can be verified using the user's public key)

Anonybit authenticate response parameters:

Parameter Description
status string "Failure" / "Success"
isVerified boolean true/false
errorMessages optional array of strings
signature challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit)
token string session token - for the uploaded image

Anonybit Secret Store Response

Name Description
status a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success"

Anonybit Secret Retrieval Response

Name Description
status a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success"
value the value of the secret

Instructions:

Instructions for importing Anonybit ARR file into your application:

  1. Upload the Anonybit SDK (arr file) to the libs folder in your application (named "sdk-release.aar").
  2. In your build.gradle (Module) file, add the following lines (if you don't already have them) to the top of the file :
    apply plugin: 'com.android.application'
    apply plugin: 'kotlin-android'
    apply plugin: 'kotlin-android-extensions'
    and add the following lines under the dependencies section:
    implementation 'com.google.firebase:firebase-messaging:21.0.1'
    implementation 'com.github.kittinunf.fuel:fuel:2.2.0'
    implementation 'com.google.code.gson:gson:2.8.6'
    implementation "com.pvryan.easycrypt:easycrypt:1.3.3"
    implementation(files("libs/sdk-release.aar"))

iOS


let uuid = "<user unique identifier>"
let cid = "<customer id given by anonybit>"
let anonybit = AnonybitSDK(cid: cid)
let token = "token"

anonybit.authenticate(userID: uuid, images: [image], token: token) { (result) in
    DispatchQueue.main.async {
        let authenticationResult = result as AuthenticationResponse
        var message = "Anonybit Server identified you as '\(uuid)', was it you?"
        if (authenticationResult.isVerified == false){
            message = "Anonybit Server did NOT identify as '\(uuid)', was it you?"
            if (authenticationResult.errorMessage?.isEmpty != nil){
                message += "\n" + authenticationResult.errorMessage!
            }
        }

        let alertController = UIAlertController(title: "Authentication", message: message, preferredStyle: .alert)
        alertController.addAction(UIAlertAction(title: "Yes", style: .default, handler: { (action: UIAlertAction!) in
            self.sendAnswerRequestToServer(userID: self.usernameTbx.text!, result: authenticationResult.isVerified, value: true)
        }))
        alertController.addAction(UIAlertAction(title: "No", style: .default, handler: { (action: UIAlertAction!) in
            self.sendAnswerRequestToServer(userID: self.usernameTbx.text!, result: authenticationResult.isVerified, value: false)
        }))
        self.present(alertController, animated: true, completion: nil)
    }
}


anonybit.enroll(userID: uuid, images: [image], token: token){ (result) in
    DispatchQueue.main.async {
        let enrollmentResult = result as EnrollmentResponse
        var message = enrollmentResult.status
        if (enrollmentResult.errorMessage?.isEmpty != nil){
            message += "\n" + enrollmentResult.errorMessage!
        }
        let alertController = UIAlertController(title: "Enrollment Status", message: message, preferredStyle: .alert)
        alertController.addAction(UIAlertAction(title: "Dismiss", style: .default))
        self.present(alertController, animated: true, completion: nil)
    }
}

// store secret
anonybit.store(userID: uid, token: token, secretKey: "secret", secretValue: "1234567") { (result) in
    // result contains the status of the store request
}

// secret retrieval
anonybit.retrieve(userID: uid, token: token, secretKey: "secret") { (res) in
   // res.value = "1234567"
}
Name Description
Anonybit Class which expose two methods authenticate and enroll
EnrollmentResponse A data class that represent the enrollment response
AuthenticationResponse A data class that represent the authentication response
StoreSecretResponse A data class that represent the store secret response
RetrieveSecretResponse A data class that represent the secret retrieval response

Anonybit enroll request parameters:

Name Description
userID the user id
images image array (currently we support only one picture) - represent the input picture
callback function callback function which receives an EnrollmentResponse class parameter
token the session token

Anonybit enroll response parameters:

Parameter Description
status string "Failure" / "Success" / "Duplicate"
errorMessages optional array of strings
publicKey optional string - public key for verifying the signature returned in AuthenticationResponse
token string session token - for the uploaded image

Anonybit authenticate request parameters:

Name Description
userID the user id
images image array (currently we support only one picture) - represent the input picture
callback function callback function which receives an AuthenticationResponse class parameter
token the session token
challenge an optional string (used for creating a signature which can be verified using the user's public key)

Anonybit authenticate response parameters:

Parameter Description
status string "Failure" / "Success"
isVerified boolean true/false
errorMessages optional array of strings
signature challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit)
token string session token - for the uploaded image

Anonybit Store Secret Response

Name Description
status a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success"

Anonybit Retrieve Secret Response

Name Description
status a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success"
value the value of the secret

Instructions:

  1. Copy the framework file provided by the Anonybit team into your framework library inside your application
  2. Add pod 'SwiftyRSA' into you Podfile
  3. Run pod install
  4. Go to the project section in xCode and for AnonybitSDK.framework change the Embed property to "Embed & Signing''
  5. Use the swift code to enroll / authenticate

JavaScript

// initializing Anonybit object 
let anonybit = undefined

    // initialize the anonybit object after the anonybit script finished to be loaded (vanilla js)
    (
        function initAnonybit() {
            const cid = "dev";
            const baseURL = "https://api.anonybit.io";
            const proxyURL = "https://proxy.us.anonybit.io"
            const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
            let anonybit = new AnonyBit.default(options)
        })();
// in case you are using npm/yarn install the anonybitjs package: "yarn add anonybitjs" / "npm i anonybitjs" 
// and initial anonybit object:
import Anonybit from "anonybitjs/build/anonybit";

const cid = "dev";
const baseURL = "https://api.anonybit.io";
const proxyURL = "https://proxy.us.anonybit.io";
const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
let anonybit = new AnonyBit(options)

// enrollment
anonybit.enroll(userID, [image], res => {
    //TODO: write your code here
    if (res.status === "Success") {
        // enrollment succeeded
        // res.warningMessages might contain data
    } else {
        // enrollment failed
        // res.errorMessages / res.warningMessages contain data
    }
}, token);

// authentication
let challenge = null
let token = null
anonybit.authenticate(userID, [image], res => {
    if (res.status === "Success") {
        // authentication managed to run
        // res.warningMessages might contain data
        if (res.isVerified === true) {
            //user is verified
        } else {
            //user is not verified
        }

    } else {
        //failure to authenticate 
        // res.errorMessages / res.warningMessages contain data
    }
}, challenge, token);

//store secret
anonybit.store(userID, token, secretKey, secretValue, res => {
    if (res.status === "Success") {
        // stored secret successfully
    }
})

//secret retrieval
anonybit.retrieve(userID, token, secretKey, res => {
    if (res.status === "Success") {
        // the value can be used 'res.value'
    }
})

Instructions:

  1. Get the generated SDK js code given by Anonybit and attach it to your project inside a script (src with its location)
  2. In your JavaScript code using the given code which is displayed on the right side.

Anonybit enroll request parameters:

Name Description
userID the user id
images represent the input pictures of the user (currently we support only 1 picture)
callback function callback function which receives an EnrollmentResponse class parameter

Anonybit enroll response parameters:

parameter Description
status "Success" / "Failure" / "Duplicate"
warningMessages optional array or strings
errorMessages optional array or strings
publicKey public key for verifying the signature returned in AuthenticationResponse
token string session token - for the uploaded image

Anonybit authenticate request parameters:

Name Description
userID the user id
images represent the input pictures of the user (currently we support only 1 picture)
anonymous function anonymous function which receives an AuthenticationResponse class parameter
challenge an optional string (used for creating a signature which can be verified using the user's public key)

Anonybit authenticate response parameters:

parameter Description
warningMessages optional array
errorMessages optional array
isVerified boolean field - notifying if the user managed to authenticate
token string session token - for the uploaded image
signature challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit)

Anonybit store secret response

Name Description
status a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success"

Anonybit secret retrieval response

Name Description
status a string which represents the status "UnknownToken"/ "UnknownUser" / "UnknownSecret" / "NotVerified" / "Forbidden" / "Error" / "Success"
value the value of the secret

JavaScript - FIDO

// initializing Anonybit object 
let anonybit = undefined

    // initialize the anonybit object after the anonybit script finished to be loaded (vanilla js)
    (
        function initAnonybit() {
            const cid = "dev";
            const baseURL = "https://api.anonybit.io";
            const proxyURL = "https://proxy.us.anonybit.io"
            const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
            let anonybit = new AnonyBit.default(options)
        })();

// in case you are using npm/yarn install the anonybitjs package: "yarn add anonybitjs" / "npm i anonybitjs" 
// and initial anonybit object:
import Anonybit from "anonybitjs/build/anonybit";

const cid = "dev";
const baseURL = "https://api.anonybit.io";
const proxyURL = "https://proxy.us.anonybit.io";
const options = {cid: cid, baseURL: baseURL, proxyURL: proxyURL};
let anonybit = new AnonyBit(options)


// FIDO Registration - Platform
anonybit.fidoService.registerDevice(userID, name, displayName).then(res => {
    console.log(res)
})

// the res variable contains {success: true} in case of a successful fido registration
// for failure it may contain {success: false, errorMessage: “…”) 


// FIDO Authentication - Platform
let challenge = null
let token = null
anonybit.fidoService.authenticateDevice(userID).then(console.log)

// the res variable contains {success: true} in case of a successful fido authentication
// in case the user didn’t manage to authenticate - i’ll receive {success: false}, if there’s also an error he’ll receive an errorMessage in the returned dictionary { success: false, errorMessage: “...”}

Instructions:

  1. Get the generated SDK js code given by Anonybit and attach it into your project inside a script (src with it's location)
  2. In your JavaScript code use the given code which is displayed on the right side.

FIDO Platform performs registration/authentication against on-device authenticators (fingerprint reader / faceID / Windows Hello)

FIDO Platform Register request parameters:

Name Description
userID the user id
name name of the user
displayName display name for the user

Anonybit FIDO Platform Register response parameters:

parameter Description
success true / false (boolean)
errorMessage error description string

Anonybit FIDO Platform Authenticate request parameters:

Name Description
userID the user id

Anonybit FIDO Platform Authenticate response parameters:

parameter Description
success true / false (boolean)
errorMessage error description string

Authenticator Server API

Image enrollment

HTTP Request

POST /api/v1/image/enroll

Headers

Parameters

Parameter Description
cid The customer id
image Base64-encoded selfie image
uid The user id

HTTP Response

Parameter Type Optional Description
success bool Required Define if request was correct and success
is_image_valid bool Required Descibe status of image
error str Optional Error description string 
import requests
import base64

# Define the API endpoint URL
url = "https://{api_endpoint}/api/v1/image/enroll"  # Replace with the actual API URL

# Define your API key
api_key = "your_api_key_here"  # Replace with your actual API key

# Define the payload data
payload = {
    "cid": "your_customer_id_here",  # Replace with the actual customer ID
    "image": "base64_encoded_image_here",  # Replace with the base64-encoded selfie image
    "uid": "your_user_id_here"  # Replace with the actual user ID
}

# Encode the API key in the headers
headers = {
    "x-anonybit-api-key": api_key
}

# Make the POST request
response = requests.post(url, json=payload, headers=headers)

Image authentication

Authenticator Server API

Image Authentication

HTTP Request

POST /api/v1/image/authenticate

Headers

Parameters

Parameter Description
cid The customer id
image Base64-encoded selfie image
uid The user id

HTTP Response

Parameter Type Optional Description
success bool Required Define if request was correct and success
is_image_valid bool Required Descibe status of image
verified bool Optional Define if user was authenticated
error str Optional Error description string 
import requests
import base64

# Define the API endpoint URL
url = "https://{api_endpoint}/api/v1/image/authenticate"  # Replace with the actual API URL

# Define your API key
api_key = "your_api_key_here"  # Replace with your actual API key

# Define the payload data
payload = {
    "cid": "your_customer_id_here",  # Replace with the actual customer ID
    "image": "base64_encoded_image_here",  # Replace with the base64-encoded selfie image
    "uid": "your_user_id_here"  # Replace with the actual user ID
}

# Encode the API key in the headers
headers = {
    "x-anonybit-api-key": api_key
}

# Make the POST request
response = requests.post(url, json=payload, headers=headers)

Vector authentication

# python code sample for vector handling
import requests

cid = 'customer id, provided by Anonybit'
uid = 'the user id'
api_key = 'api key, provided by Anonybit'
server_address = "https://<anonybit-server-url>"  # this address should be provided by Anonybit

response = requests.post(f"{server_address}/api/v1/sessionToken", json={"cid": cid},
                         headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
token = response_json["token"]

enroll_url = f"{server_address}/api/v1/vector/enroll"
enrollment_vector = [i * 1.0 for i in range(20)]
response = requests.post(enroll_url, json={"uid": uid, "cid": cid, "vector": enrollment_vector, "token": token},
                         headers={"apiKey": api_key, 'Content-type': "application/json"})

auth_url = f"{server_address}/api/v1/vector/authenticate"
auth_vector = [i * 2.0 for i in range(20)]
response = requests.post(auth_url, json={"uid": uid, "cid": cid, "vector": auth_vector, "token": token},
                         headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
assert response_json["isVerified"] is False

auth_vector = [i * 1.0 for i in range(20)]
response = requests.post(auth_url, json={"uid": uid, "cid": cid, "vector": auth_vector, "token": token},
                         headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
assert response_json["isVerified"] is True

HTTP Request

POST /api/v1/vector/enroll

Parameter Description
cid the customer id
vector array of floating numbers - a vector that represents a model of a user
token the session token - click here for more info
userID the user id
apiKey authorization api key for accessing Anonybit server

HTTP Response

Parameter Description
status Status string such as “Success” / “UnknownCustomer” / “Forbidden”/ “Error” / "BadRequest" / "Duplicate"
publicKey public key for verifying the signature returned in the authentication response (in case a challenge has been sent and the user is verified)
errorMessage error description string

Vector authentication

HTTP Request

POST /api/v1/vector/authenticate

Parameter Description
cid the customer id
vector array of floating numbers - vector that represent a model of a user
token the session token - click here for more info
userID the user id
apiKey authorization api key for accessing Anonybit server
challenge an optional string (used for creating a signature which can be verified using the user's public key)
threshold Threshold for authentication, if the score is lesser than the threshold the response isVerified will be set to True, False otherwise

HTTP Response

Parameter Description
status Status string such as “Success” / “UnknownCustomer” / “Forbidden”/ “Error” / "Tested" / "BadRequest"
errorMessage error description string
isVerified Will be set to true if the calculated score will be lesser than the given threshold, false otherwise (uploaded template against the enrolled template)
signature challenge signed with Anonybit private key (in case a challenge has been sent and the user is verified by Anonybit)

Generate Session Token

import requests

cid = 'customer id, provided by Anonybit'
api_key = 'api key, provided by Anonybit'
server_address = 'https://<anonybit-server-url>'  # server url provided by anonybit

response = requests.post(f"{server_address}/api/v1/sessionToken", json={"cid": cid},
                         headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
token = response_json["token"]

HTTP Request

this method allows to generate a session token

POST /api/v1/sessionToken

Parameter Description
cid the customer id
apiKey authorization api key for accessing Anonybit server

HTTP Response

Parameter Description
cid the customer id
token the session token
status 'Success' / "BadRequest" / "Forbidden" / "Error" / "UnknownCustomer"

Vector Lookup

HTTP Request

POST /api/v1/lookup

Parameter Description
cid the customer id
vector array of floating numbers - vector that represent a model of a user
apiKey the API key. May be invluded in header or as parameter
list optional name of the users list to limit the scope of the lookup. To manage user lists contact Anonybit support
top number of users to return
includeUserID determines whether user ID will be included in response (default: false)
threshold threshold for including user as matched. User below threshold are included (default: 0.6)

HTTP Response

The response may include a list user results

Parameter Description
status Status string such as “Success” / “UnknownCustomer” / “Forbidden”/ “Error” / "Tested" / "BadRequest"

User list parameters: userID | the user ID that was matched confidence | the match confidence level range (0-1) distance | the matched vector actual distance from the sample vector

Verify token

import requests

cid = 'customer id, provided by Anonybit'
api_key = 'api key, provided by Anonybit'
user_id = 'the user id'
token = 'generated token'
server_address = 'https://<anonybit-server-url>'  # server url provided by anonybit

response = requests.post(f"{server_address}/api/v1/token", json={"cid": cid, "userID": user_id, "token": token},
                         headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
is_verified = response_json["isVerified"]

HTTP Request

POST /api/v1/token

Parameter Description
apiKey authorization api key for accessing Anonybit server
token the name (or key) of the kba secret
cid the customer id
userID the user id

HTTP Response

Parameter Description
isVerified boolean true/false
token the handled token (string)
status 'Tested' / "Forbidden" / "Error"

UnRegister user

import requests

cid = 'customer id, provided by Anonybit'
api_key = 'api key, provided by Anonybit'
user_id = 'the user id'
server_address = 'https://<anonybit-server-url>'  # server url provided by anonybit

response = requests.post(f"{server_address}/api/v1/user/unRegister", json={"cid": cid, "userID": user_id},
                         headers={"apiKey": api_key, 'Content-type': "application/json"})
response_json = response.json()
status = response_json["status"]
assert status == 'Success'

HTTP Request

POST api/v1/user/unRegister

Parameter Description
cid the customer id
apiKey authorization api key for accessing Anonybit server
userID the user id

HTTP Response

Parameter Description
status "Success" / "UnknownUser" / "UnknownCustomer" / "BadRequest" / "Forbidden"
errorMessage error description string

Enterprise Data Vault

Store Strings API

The Store String API allows storing sensitive information strings in the data vault that are up to 350Kb in size. The data can be tagged by type (SSN, name, address, phone number), sensitivity level, or arbitrary labels that, in the future, will be used for data access governance.

HTTP Request

POST api/v1/enterpriseSecret/store

Parameter Description
cid the customer id
apiKey authorization API key for accessing the Anonybit server
key customer-defined unique sensitive-data ID
value sensitive data to be stored
overwrite overwrite an existing key value. default - false
csid Optional Customer application Session ID to associate activity in logs
dataType a string that describes the data type like SSN, Name, Address, etc. . Allows future access authorization to sensitive data by its type.
labels list of tags describing the data. Allows future access authorization to sensitive data by labels.
sensitivityLevel Data sensitivity level. Allows future access authorization to sensitive data by its sensitivity level. A higher number means more sensitive data.

HTTP Response

Parameter Description
token sensitive-data token to be used for retrieving the data
status "Success" / "Error" / "BadRequest"
errorMessage error description string

Retrieve String API

HTTP Request

POST /api/v1/enterpriseSecret/retrieve

Parameter Description
cid the customer id
apiKey authorization API key for accessing Anonybit server
csid Optional Customer application Session ID to associate the activity in logs
token token of the sensitive data to be retrieved. The token already includes the data key.

HTTP Response

Parameter Description
key the retrieved sensitive data key
value the retrieved sensitive data value
status "Success" / "Error" / "BadRequest"
errorMessage error description string

Store File API

The Store Files API allows protecting large files (over 350Kb) by encrypting them with a protected key. The Files protection process is based on:

  1. Getting a protection key from Anonybit - Anonybit provides an encryption key for every asset, along with a token representing the key
  2. The application encrypts the sensitive assets with the key and disposes of the key
  3. The application stores the key token.
  4. Anonybit disposes of the key as well and only stores a representation that will allow to recreate it when needed, using the token held by the application.

The assets can be tagged by type (SSN, name, address, phone number), sensitivity level, or arbitrary labels that, in the future, will be used for data access governance.

HTTP Request

POST /api/v1/enterpriseFile/store

Parameter Description
cid the customer id
apiKey authorization API key for accessing the Anonybit server
key customer-defined unique sensitive-data ID
length encryption key length. Default - 256
csid Optional Customer application Session ID to associate activity in logs
dataType a string that describes the data type like SSN, Name, Address, etc. . Allows future access authorization to sensitive data by its type.
labels list of tags describing the data. Allows future access authorization to sensitive data by labels.
sensitivityLevel Data sensitivity level. Allows future access authorization to sensitive data by its sensitivity level. A higher number means more sensitive data.

HTTP Response

Parameter Description
token token to be used for retrieving the asset encryption key
Key encryption key to be used for encrypting the sensitive asset
status "Success" / "Error" / "BadRequest"
errorMessage error description string

Retrieve File API

HTTP Request

POST /api/v1/api/v1/enterpriseFile/retrieve

Parameter Description
cid the customer id
apiKey authorization API key for accessing Anonybit server
csid Optional Customer application Session ID to associate the activity in logs
token token of the sensitive asset key to be retrieved. The token already includes the data identification key.

HTTP Response

Parameter Description
key the retrieved sensitive asset key
value the retrieved sensitive asset encryption key
status "Success" / "Error" / "BadRequest"
errorMessage error description string

Errors

The Anonybit API uses the following error codes for face acceptance, following this errors the authentication failed:

Error Message Meaning Recommended User messages
TooManyFaces there are too many faces in the frame. Too many faces in frame. Make sure you are alone in the frame.
LowProbabilityOfFaceDetection low probability of face detection in the given frame. Please improve lighting and center your face in the frame.
FaceTooFar the face in the frame is too far away. You are too far from the camera. Please get closer to the camera
FaceTooClose the detected face is too close. You are too close to the camera. Please move it further away from your face.
FaceCropped the face is cropped. Your face is cropped, Please center your face in the frame.
FaceUnderExposed the picture is too dark. Not enough light to identify your face. Please move to a better lit area.
FaceOverExposed the picture has too much light exposed. Too much light to identify face. Please move to a better lit area.
MissingData we couldn't see a face detected in the frame and create a model for it No face detected. Please ensure you are in front of the camera and your eyes are open.
MissingToken missing token for authentication / enroll
MissingUUID missing uuid
MissingCID missing customer id
MissingSecret missing secret
UserNotExist user does not exist Authentication failed
UserAlreadyExist during enrolment - the username already exists User already exists
UnknownToken bad token
FraudImage fraud image detected Authentication failed
GeneralError some general error occurred in our servers. Please try again later
Duplication When deduplicate validation on enrollment is active - the image was used to enroll another user User already exists

Warnings

The Anonybit API uses the following warning codes for face acceptance, following this warnings - the performance may be improved:

Warning Message Meaning
FaceTooFar the face in the frame is too far away.
FaceTooClose the detected face is too close.
FaceUnderExposed the picture is too dark.
FaceOverExposed the picture has too much light exposed.
Duplication When deduplicate validation on enrollment is active - the image was used to enroll another user
code