Welcome to the Yoti .NET SDK. This repo contains the tools and step by step instructions you need to quickly integrate your .NET back-end with Yoti so that your users can share their identity details with your application in a secure and trusted way.
-
An Architectural view - High level overview of integration
-
Enabling the SDK - How to install our SDK
-
Client initialisation - Description on setting up your SDK
-
Profile retrieval - Description on setting up profile
-
Handling users - Description on handling user log on's
-
AML Integration - How to integrate with Yoti's AML (Anti Money Laundering) service
-
Running the examples How to run the example projects provided
-
API Coverage - Attributes defined
-
Support - Please feel free to reach out
To integrate your application with Yoti, your back-end must expose a GET endpoint that Yoti will use to forward tokens. The endpoint can be configured in Yoti Dashboard when you create/update your application.
The image below shows how your application back-end and Yoti integrate in the context of a Login flow. Yoti SDK carries out for you steps 6, 7 ,8 and the profile decryption in step 9.
Yoti also allows you to enable user details verification from your mobile app by means of the Android (TBA) and iOS (TBA) SDKs. In that scenario, your Yoti-enabled mobile app is playing both the role of the browser and the Yoti app. By the way, your back-end doesn't need to handle these cases in a significantly different way. You might just decide to handle the User-Agent header in order to provide different responses for web and mobile clients.
To install the Yoti NuGet package you will need to install NuGet. You can find instructions to do that here
To import the latest Yoti SDK into your project, enter the following command from NuGet Package Manager Console in Visual Studio:
Install-Package Yoti
For other installation methods, see nuget.org/packages/Yoti
The YotiClient is the SDK entry point. To initialise it you need include the following snippet inside your endpoint initialisation section:
const string sdkId = "your-sdk-id";
var privateKeyStream = System.IO.File.OpenText("path/to/your-application-pem-file.pem");
var yotiClient = new YotiClient(sdkId, privateKeyStream);Where:
sdkIdis the sdk identifier generated by Yoti Dashboard when you create (and then publish) your app. Note this is not your Application Identifier which is needed by your clientside codepath/to/your-application-pem-file.pem- When you create your app on Yoti Dashboard, your browser generates a .pem file. This is the path to that file.
You'll need to add the correct callback URL to one of the scenarios of your application from the Yoti Applications page. You also need to make sure that the value of the data-yoti-scenario-id attribute in the Yoti button matches the id in the selected scenario.
When your application receives a token via the exposed endpoint (it will be assigned to a query string parameter named token), you can easily retrieve the user profile by adding the following to your endpoint handler:
var activityDetails = yotiClient.GetActivityDetails(token);Or if you are in an asynchronous method:
var activityDetails = await yotiClient.GetActivityDetailsAsync(token);Before you inspect the user profile, you might want to check whether the user validation was successful. This is done as follows:
var activityDetails = yotiClient.GetActivityDetails(token);
if (activityDetails.Outcome == ActivityOutcome.Success)
{
var profile = activityDetails.UserProfile;
}
else
{
// handle unhappy path
}When you retrieve the user profile, you receive a user ID generated by Yoti exclusively for your application. This means that if the same individual logs into another app, Yoti will assign her/him a different ID. You can use this ID to verify whether (for your application) the retrieved profile identifies a new or an existing user. Here is an example of how this works:
var activityDetails = yotiClient.GetActivityDetails(token);
if (activityDetails.Outcome == ActivityOutcome.Success)
{
var profile = activityDetails.Profile;
var user = YourUserSearchFunction(profile.Id);
if (user != null)
{
string userId = profile.Id;
Image selfie = profile.Selfie.GetImage();
string selfieURI = profile.Selfie.GetBase64URI();
string fullName = profile.FullName.GetValue();
string givenNames = profile.GivenNames.GetValue();
string familyName = profile.FamilyName.GetValue();
string mobileNumber = profile.MobileNumber.GetValue();
string emailAddress = profile.EmailAddress.GetValue();
DateTime? dateOfBirth = profile.DateOfBirth.GetValue();
bool? ageVerified = profile.AgeVerified.GetValue();
string address = profile.Address.GetValue();
string gender = profile.Gender.GetValue();
string nationality = profile.Nationality.GetValue();
}
else
{
// handle registration
}
}
else
{
// handle unhappy path
}Where yourUserSearchFunction is a piece of logic in your app that is supposed to find a user, given a userId.
No matter if the user is a new or an existing one, Yoti will always provide her/his profile, so you don't necessarily need to store it.
The profile object provides a set of attributes corresponding to user attributes. Whether the attributes are present or not depends on the settings you have applied to your app on Yoti Dashboard.
You can retrieve the anchors, sources and verifiers for each attribute as follows:
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using Yoti.Auth.Anchors;
List<Anchor> givenNamesAnchors = profile.GivenNames.GetAnchors();
List<Anchor> givenNamesSources = profile.GivenNames.GetSources();
List<Anchor> givenNamesVerifiers = profile.GivenNames.GetVerifiers();You can also retrieve further properties from these respective anchors in the following way:
Anchor givenNamesFirstAnchor = profile.GivenNames.GetSources().First();
AnchorType anchorType = givenNamesFirstAnchor.GetAnchorType();
byte[] artifactSignature = givenNamesFirstAnchor.GetArtifactSignature();
List<X509Certificate2> originServerCerts = givenNamesFirstAnchor.GetOriginServerCerts();
byte[] signature = givenNamesFirstAnchor.GetSignature();
DateTime signedTimeStamp = givenNamesFirstAnchor.GetSignedTimeStamp().GetTimestamp();
string subType = givenNamesFirstAnchor.GetSubType();
List<string> value = givenNamesFirstAnchor.GetValue();Yoti provides an AML (Anti Money Laundering) check service to allow a deeper KYC process to prevent fraud. This is a chargeable service, so please contact sdksupport@yoti.com for more information.
Yoti will provide a boolean result on the following checks:
- PEP list - Verify against Politically Exposed Persons list
- Fraud list - Verify against US Social Security Administration Fraud (SSN Fraud) list
- Watch list - Verify against watch lists from the Office of Foreign Assets Control
To use this functionality you must ensure your application is assigned to your Organisation in the Yoti Dashboard - please see here for further information.
For the AML check you will need to provide the following:
- Data provided by Yoti (please ensure you have selected the Given name(s) and Family name attributes from the Data tab in the Yoti Dashboard)
- Given name(s)
- Family name
- Data that must be collected from the user:
- Country of residence (must be an ISO 3166 3-letter code)
- Social Security Number (US citizens only)
- Postcode/Zip code (US citizens only)
Performing an AML check on a person requires their consent. You must ensure you have user consent before using this service.
Given a YotiClient initialised with your SDK ID and KeyPair (see Client Initialisation) performing an AML check is a straightforward case of providing basic profile data.
AmlAddress amlAddress = new AmlAddress(
country: "GBR");
AmlProfile amlProfile = new AmlProfile(
givenNames: "Edward Richard George",
familyName: "Heath",
amlAddress: amlAddress);
AmlResult amlResult = yotiClient.PerformAmlCheck(amlProfile);
bool onPepList = amlResult.IsOnPepList();
bool onFraudList = amlResult.IsOnFraudList();
bool onWatchList = amlResult.IsOnWatchList();- Open the Example.sln solution in Visual Studio, found in the /src/Examples folder
- Rename the secrets.config.example file to
secrets.config - Fill in the environment variables in this file with the ones specific to your application (mentioned in the Client initialisation section)
- From the Yoti Dashboard, set the application domain to
localhost:44321and the scenario callback URL to/account/connect - Run the 45Example.csproj with your browser of choice
- The page should open automatically with URL
https://localhost:44321/Account/Login
- Install Bower with
npm install -g bower - The .NET SDK for your operating system from step no.1 (Windows | Linux | MacOS)
- Navigate to the src/Examples/CoreExample folder
- Rename the .env.example file to
.env - Fill in the environment variables in this file with the ones specific to your application (mentioned in the Client initialisation section)
- From the Yoti Dashboard, set the application domain to
localhost:44321and the scenario callback URL to/account/connect - Restore the static files needed with
bower install - Enter
dotnet runinto the terminal - Navigate to the page specified in the terminal window, which should be
https://localhost:44321
- Activity Details
- Profile
- User ID
Id - Selfie
Selfie - Selfie URI
Selfie.GetBase64URI() - Given Names
GivenNames - Family Name
FamilyName - Full Name
FullName - Mobile Number
MobileNumber - Email Address
EmailAddress - Age / Date of Birth
DateOfBirth - Age / Age Verified
AgeVerified - Postal Address
Address - Gender
Gender - Nationality
Nationality
- User ID
- Profile
For any questions or support please email sdksupport@yoti.com. Please provide the following to get you up and working as quickly as possible:
- Computer type
- OS version
- Version of .NET being used
- Screenshot
Once we have answered your question we may contact you again to discuss Yoti products and services. If you’d prefer us not to do this, please let us know when you e-mail.
For further documentation, see https://www.yoti.com/developers/documentation/?csharp