Data blocks
Unit of information produced and consumed by flow steps
As described Core Concept, a data block is a unit of information that is produced and consumed by flow steps. Each data block has a specific type, and each type defines a unique set of attributes.
The system ensures consistent data flow by:
- Identifying which data blocks are available at each step
- Verifying that all required input data blocks are present
- Confirming that all data dependencies are satisfied before executing a step
The following section provides a comprehensive summary of all available data blocks, including the attributes associated with each type.
AuthenticationResult
The AuthenticationResult data block contains the result of a biometric authentication process and uses a discriminated union based on the result field to represent either a successful or failed authentication.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
result | Discriminator that determines the result type ("success" or "failure"). | Yes |
provider | Authentication service provider. | Yes |
credentialId | Unique identifier of the credential used (or attempted). | Yes |
credentialType | Type of credential (e.g., "FACE", "FINGERPRINT", "FIDO_KEY"). | Yes |
subjectId | Identifier of the authenticated (or attempted) subject. | Yes |
requestId | Unique identifier of the authentication request. | Yes |
authenticatedAt | ISO 8601 timestamp of successful authentication (success variant). | Yes (success) |
attemptedAt | ISO 8601 timestamp of the authentication attempt (failure variant). | Yes (failure) |
reasons.code | Defined by the third‑party Web SDK for the "error" event. Full list: Error Explanations. | Yes |
reasons.details | IDnow concatenates the error code with the reason before returning it. The result contains the code and a reason prefixed with the same code (e.g., SERVER_USER_NOT_FOUND - <detailed message>). | Yes |
AuthenticatorCredential
The AuthenticatorCredential data block represents a concrete authentication credential that has been issued, enrolled or created and is associated with a subject.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
credentialId | Unique identifier returned by the provider. | Yes |
credentialType | Technology / modality (e.g. FACE, FINGERPRINT, FIDO_KEY, PASSWORD). | Yes |
subjectId | Internal immutable identifier of the entity (links the credential to a subject). | Yes |
provider | System that manages the credential (e.g. KEYLESS, PLATFORM, CUSTOM, INTERNAL_CA). | Yes |
status | Lifecycle status of the credential (e.g. ACTIVE, REVOKED, SUSPENDED, EXPIRED). | Yes |
createdAt | ISO 8601 timestamp of initial creation. | Yes |
updatedAt | ISO 8601 timestamp of last modification (equals createdAt if never updated). | Yes |
BasicIdentity
The BasicIdentity data block contains fundamental identity information extracted from documents.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
familyName | Family name. | Yes |
name | Name. | No |
givenName | Given name. | Yes |
birthDate | Birth date. | No |
birthPlace | Birth place. | No |
BiometricSamples
The BiometricSamples data block contains references to biometric data captured from the end-user and is used as input or output of biometric processes. Biometric artifacts (e.g., face image/selfie) are referenced via the Vault.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
createdByStep | The step that created this data block (e.g., DOC_ID). | Optional |
createdAt | Timestamp indicating when the data block was created (ISO 8601). Example: 2026-02-10T14:00:01.899Z. | Optional |
face | Vault reference to the captured face image (selfie). | Yes |
face.$ref | Reference namespace. Currently: vault. | Mandatory (if face is present) |
face.$id | Vault object identifier (UUID) for the face image. | Mandatory (if face is present) |
Example
{
"datablockId": "b5e60a3b-b553-4160-ae8d-baa42a595eaa",
"type": "biometricSamples",
"createdByStep": "DOC_ID",
"createdAt": "2026-02-10T14:00:01.899Z",
"face": {
"$ref": "vault",
"$id": "5e8de376-caa3-40a8-a998-8627a7d4d009"
}
}
Check
The Check JSON object represents an individual verification check performed on a document or identity.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
id | Identifier of the check. | Yes |
status | Status of the check (valid / invalid). | Yes |
ComparisonResults
The ComparisonResults data block contains the output of a comparison between two sets of data, including verdict and attribute-level details.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
verdict | Overall result of the comparison (match / noMatch / inconclusive). | Yes |
leftOperand | Id of the step whose data was used as left operand. | Yes |
rightOperand | Id of the step whose data was used as right operand. | Yes |
attributesCompared | List of attributes that were checked. | Yes |
mismatchedAttributes | List of attributes that failed to match (empty if verdict is match or inconclusive). | Yes |
missingAttributes | List of attributes that could not be compared because data was missing. | Yes |
DeviceSignals
The DeviceSignals data block encapsulates information about the end-user's device, browser, and network environment for risk assessment and fraud detection.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
userReference | Identifier to link the assessment to a specific user or session. | Optional |
provider | Service that performed the assessment. | Yes |
timestamp | ISO 8601 timestamp of when the assessment was completed. | Yes |
services | Array listing specific services/signals analyzed (e.g., ["ip", "emails", "phone"]). | Yes |
inputSources.basicIdentity | Step ID that provided basic identity data. | Optional |
inputSources.extendedIdentity | Step ID that provided extended identity data. | Optional |
inputSources.deviceSignals | Step ID that provided device signal data. | Optional |
signals | Mandatory JSON object containing the complete, raw, unaltered response from the external provider. More info: API reference. | Yes |
DigitalSignals
The DigitalSignals data block is the structured output generated by the DIGITAL_SIGNALS:v1 step and acts as a detailed receipt of the trust assessment based on email, phone and IP.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
provider | Service that performed the assessment. | Yes |
timestamp | ISO 8601 timestamp of when the assessment was completed. | Yes |
services | List of services/signals analyzed (e.g. ["ip", "emails", "phone", "name"]). | Yes |
inputSources.basicIdentity | Step ID that provided core identity data (e.g. name). | Optional |
inputSources.extendedIdentity | Step ID that provided additional identity data (e.g. phone, email). | Optional |
inputSources.deviceSignals | Step ID that provided device signal data (e.g. IP address). | Optional |
score | Numerical trust score (0–100) computed by IDnow. Based on third‑party provider score divided by 10.See also: Trustfull Digital Score. | Yes |
reasons.code | Machine‑readable reason code defined by the third‑party provider. Full list: Reason Codes. | Yes |
reasons.details | Human‑readable explanation for the reason code, defined by the third‑party provider. Full list: Reason Codes. | Yes |
signals | Mandatory JSON object containing the complete, raw, unaltered response from the Trustfull Onboarding API. | Yes |
DocumentData
The DocumentData data block contains information about processed documents.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
documentType | Document type. | Yes |
documentNumber | Document number. | Optional |
expiryDate | Expiry date of the document. | Optional |
issuanceDate | Issuance date of the document. | Optional |
issuingAuthority | Issuing authority. | Optional |
issuingCountry | Issuing country. | Optional |
DocumentImages
The DocumentImages data block contains references to document image files stored in the Vault. Each side (front/back) is represented as a Vault reference object.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
createdAt | Timestamp indicating when the DocumentImages record was created (ISO 8601). Example: 2026-02-10T14:00:01.899Z. | Optional |
documentType | Document category for the images (e.g., ID). | Optional |
frontSide | Vault reference to the front side image. | Optional |
frontSide.$ref | Reference namespace. Currently: vault. | Mandatory (if frontSide is present) |
frontSide.$id | Vault object identifier (UUID) for the front side image. | Mandatory (if frontSide is present) |
backSide | Vault reference to the back side image. | Optional |
backSide.$ref | Reference namespace. Currently: vault. | Mandatory (if backSide is present) |
backSide.$id | Vault object identifier (UUID) for the back side image. | Mandatory (if backSide is present) |
Example
{
"createdAt": "2026-02-10T14:00:01.899Z",
"documentType": "ID",
"frontSide": {
"$ref": "vault",
"$id": "4d293362-9738-4a37-8d74-eb3acbc35749"
},
"backSide": {
"$ref": "vault",
"$id": "fd9bbe6e-61f8-41d3-9a18-efa4bd997bb4"
}
}
DocumentsToSign
The DocumentsToSign data block references the documents uploaded by the customer that the end-user needs to sign, and the corresponding template ID.
For QES, PDF documents must be sent as byte arrays (Buffer), not as URLs. The create_session endpoint accepts the documentsToSign data block via multipart/form-data, where each document is uploaded as a binary file.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
documents | Array of document objects to be included in the signing process (must contain at least one). | Yes |
documents.templateId | Identifier linking the runtime document to a document template / definition. | Yes |
documents.source | The source PDF to be signed, provided as a byte array (Buffer) / binary file upload via multipart/form-data. | Yes |
DocumentVerification
The DocumentVerification data block contains the results of document verification processes. The overall result is provided in verdict, detailed findings may be listed in issues, and the full verification report can be referenced via the Vault.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
createdAt | Timestamp indicating when the data block was created (ISO 8601). Example: 2026-02-10T14:00:01.633Z. | Optional |
verdict | Overall verification verdict object (see verdict.status). | Yes |
verdict.status | Verdict status (e.g., VERIFIED). | Yes |
issues | Array of issues returned by the verification (can be empty). | Yes |
report | Vault reference to the verification report artifact. | Optional |
report.$ref | Reference namespace. Currently: vault. | Mandatory (if report is present) |
report.$id | Vault object identifier (UUID) for the report. | Mandatory (if report is present) |
Example
{
"datablockId": "6688a3d7-f1f7-42bf-bc11-4712395b41b6",
"type": "documentVerification",
"createdByStep": "DOC_ID",
"createdAt": "2026-02-10T14:00:01.633Z",
"verdict": {
"status": "VERIFIED"
},
"issues": [],
"report": {
"$ref": "vault",
"$id": "d16dc58a-a939-4e15-afea-28efb9f87f3f"
}
}
ExtendedIdentity
The ExtendedIdentity data block contains additional identity information beyond basic fields. Image artifacts (e.g., portrait) are referenced via the Vault.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
createdAt | Timestamp indicating when the data block was created (ISO 8601). Example: 2026-02-10T14:00:01.917Z. | Optional |
portrait | Vault reference to the portrait image for EUDI requirement. | Optional |
portrait.$ref | Reference namespace. Currently: vault. | Mandatory (if portrait is present) |
portrait.$id | Vault object identifier (UUID) for the portrait image. | Mandatory (if portrait is present) |
nationality | Nationality information. | Optional |
personalAdministrativeNumber | Personal administrative number. | Optional |
address | Address (general, free text). | Optional |
residentAddress | The full address of the place (string). | Optional |
residentStreet | Street of residence. | Optional |
residentHouseNumber | House number of residence. | Optional |
residentCountry | Alpha-2 country code as specified in ISO 3166-1. | Optional |
residentState | State or province of residence. | Optional |
residentCity | City of residence. | Optional |
residentPostalCode | Postal code of residence. | Optional |
familyNameBirth | Family name at birth. | Optional |
givenNameBirth | Given name at birth. | Optional |
sex | Sex (ISO 5218 sex codes: 0/1/2/9; renamed from gender). | Optional |
email | Email address. | Optional |
phoneNumber | Phone number. | Optional |
Example
{
"datablockId": "a93e5fb3-8053-49bc-9071-44a0d297fb6f",
"type": "extendedIdentity",
"createdByStep": "DOC_ID",
"createdAt": "2026-02-10T14:00:01.917Z",
"portrait": {
"$ref": "vault",
"$id": "020ff369-43d8-4b8a-94e7-6814c0bdc35a"
},
"nationality": "FRA",
"sex": 1,
"residentAddress": "24 RUE DANTON 35700 RENNES FRANCE"
}
PresentationResult
The PresentationResult data block encapsulates the complete outcome of an EUDI Wallet credential presentation session, including metadata, presented credentials and error information in case of failure.
Attributes (common)
| Attribute | Description | Mandatory |
|---|---|---|
sessionId | Unique identifier for the presentation session. | Yes |
result | Discriminator ("success" or "failure"). | Yes |
createdAt | ISO 8601 timestamp of the presentation request creation. | Yes |
Attributes (success variant)
| Attribute | Description | Mandatory |
|---|---|---|
presentedAt | ISO 8601 timestamp of the presentation by the user. | Yes |
presentedCredentials | List of credentials presented by the user. | Optional |
presentedCredentials.type | Type of the presented credential. | Yes |
presentedCredentials.issuer | Identifier of the credential issuer. | Yes |
presentedCredentials.presentedClaims.claimName | Name of the claim shared by the user. | Yes |
presentedCredentials.presentedClaims.claimValue | Value of the claim shared by the user. | Yes |
presentedCredentials.issuerNames | Names associated with the issuer. | Optional |
presentedCredentials.queryId | Identifier of the query associated with this credential. | Optional |
Attributes (failure variant)
| Attribute | Description | Mandatory |
|---|---|---|
attemptedAt | ISO 8601 timestamp of the presentation attempt. | Yes |
reasons.code | Defined by the third‑party Web SDK. Contact your Account Manager for more information. | Yes |
reasons.details | IDnow concatenates the error code with the reason before returning it as part of the data block. Contact your Account Manager for more information. | Yes |
SessionContext
The SessionContext data block consolidates information about the end-user's technical environment, combining client-side and server-side data.
Attributes (client)
| Attribute | Description | Mandatory |
|---|---|---|
client.browser.userAgent | Full user-agent string reported by the browser. | Always Present |
client.browser.language | Preferred language of the user (e.g. "en-US"). | Always Present |
client.browser.cookiesEnabled | Indicates whether cookies are enabled. | Always Present |
client.browser.vendor | Vendor of the browser (e.g. "Google Inc."). | Always Present |
client.device.type | Device type (mobile, tablet, desktop). | Always Present |
client.device.screen.width | Screen width in pixels. | Always Present |
client.device.screen.height | Screen height in pixels. | Always Present |
client.device.screen.colorDepth | Screen color depth. | Always Present |
client.device.hardwareConcurrency | Number of logical processor cores (depends on browser API support). | Optional |
client.os.platform | OS/platform identifier (e.g. "Win32", "MacIntel"). | Always Present (attribute exists, may be empty) |
client.timezone.name | IANA timezone name (e.g. "Europe/Paris"). | Always Present |
client.timezone.offset | Timezone offset from UTC in minutes. | Always Present |
client.network.online | Online status of the browser. | Always Present |
client.network.effectiveType | Effective connection quality (e.g. slow-2g, 2g, 3g, 4g). | Optional |
client.network.type | Underlying connection technology (e.g. wifi, cellular, ethernet). | Optional |
client.network.downlink | Estimated download bandwidth in Mbps. | Optional |
client.network.rtt | Estimated round-trip time in ms. | Optional |
Attributes (server)
| Attribute | Description | Mandatory |
|---|---|---|
server.network.ipAddress | Client's public IP address. | Always Present |
server.network.geolocation.countryCode | ISO country code (e.g. "FR", "US"). | Optional (object optional) |
server.network.geolocation.region | Region / state / province. | Optional |
server.network.geolocation.city | City. | Optional |
server.network.asn.number | Autonomous System Number. | Optional |
server.network.asn.organization | Name of the organization owning the ASN. | Optional |
server.network.tlsFingerprint | TLS fingerprint (e.g. JA3) of the client's TLS handshake. | Optional |
SignedDocumentsPackage
The SignedDocumentsPackage data block is the successful output of the ELECTRONIC_SIGNATURE:v1 step and contains information about the signature process and signed documents.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
signatureProcessId | Identifier of the signature process (transaction number). | Yes |
signedDocuments.mode | Delivery mode: "archive", "items", or "both". | Yes |
signedDocuments.archiveUrl | Direct download URL for the ZIP archive containing signed documents (depending on mode). | Optional |
signedDocuments.documents | Array of signed document objects (depending on mode). | Optional |
signedDocuments.documents.templateId | Identifier for the template used for the electronic signature. | Yes (per document, when present) |
signedDocuments.documents.signedUrl | S3 URL to the final signed PDF file. | Yes (per document, when present) |
createdAt | ISO 8601 timestamp of initial creation. | Yes |
UserReference
The UserReference data block carries a reference to a user and contains the subject identifier provided by the customer.
Attributes
| Attribute | Description | Mandatory |
|---|---|---|
subjectId | Identifier of the subject provided by the customer (identifier generated by the Trust Platform is provided with the AuthenticatorCredential). | Optional |