Documentation
Community Verification - OAuth

Welcome to ID.me for developers! If you are interested in integrating ID.me, you are in the right place. Here we will cover how to get started implementing ID.me.


Best Practices

Every ID.me integration presents an opportunity for partners to uniquely optimize their ID.me flow. While this is a not an exhaustive list, please refer to the below suggestions. Work with your dedicated ID.me team to understand what might, or might not be right for you.

Data Usage

A key advantage of a full OAuth integration is that ID.me passes partners a JSON payload of user attributes post-verification. This payload can be used in various ways to power your applications and users' experience. Here are some suggestions for how you can leverage ID.me's verified data.



Pre-populating Subsequent Forms

Post-verification, partners will receive verified information about their users. This information can be used to automatically populate any forms that users may encounter after verifying with ID.me. Not only does this practice reduce redundant workflows, it reduces the risk of users accidentally entering inaccurate information.


Collecting Users' Affiliations and Using That Information To Re-Target Past Customer Communities

ID.me’s partners collect valuable, verified information about their users, including demographics and, most importantly, their affiliation with certain communities. As users consent to the release of this information, partners have an opportunity to collect this valuable data and use it to send targeted marketing communications.


Using Attributes To Customize Your User Experience

Many ID.me partners use ID.me’s verified data to tailor their users’ experience and ensure a positive interaction. For instance, e-commerce partners can use the verified first and last name of their customers to greet their customers by name when in-cart. Work with your ID.me team to understand how you can use ID.me to tailor your users’ experience.


Tracking and Associating Users With Their Unique Identifier

Post-verification, ID.me is sending partners a payload of valuable user data. Among other attributes, ID.me includes a unique identifier or UUID, which can be used as a means of tracking an ID.me user’s interactions within your own system. This unique identifier ensures that the data a user consents to releasing can’t be associated with another account and when ingested by the partner, allows for one to one association between one ID.me account and one account on the partner’s end. This ID is created upon account creation and remains the same regardless of any other attributes that change throughout the life of an account. If your use case invokes ID.me within a user’s account, talk to your dedicated ID.me team about how you can best leverage the UUID.


Example Responses

{
  "attributes": [
    {
      "handle": "fname",
      "name": "First Name",
      "value": "Fran"
    },
    {
      "handle": "lname",
      "name": "Last Name",
      "value": "Stracke"
    },
    {
      "handle": "email",
      "name": "Email",
      "value": "fran.stracke@id.me"
    },
    {
      "handle": "uuid",
      "name": "Unique Identifier",
      "value": "d733a89e2e634f04ac2fe66c97f71612"
    },
    {
      "handle": "zip",
      "name": "Zip Code",
      "value": "22022-8904"
    }
  ],
  "status": [
    {
      "group": "alumni",
      "subgroups": [
        null
      ],
      "verified": true
    }
  ]
}

Alumni

Doctor - Canada

Medical

Government

Military

Military - Canada

Nurse

Nurse - Canada

Responder

First Responder - Canada

Student

Student - Canada

Teacher

Teacher - Canada

Employee

Security

At ID.me, data security is our #1 priority. We as a company go to great measures to protect our users’ data and ensure data are only released when explicit consent is granted. Here's how you can further fortify our commitment to security.



Encrypting The Data

Post-verification, ID.me is sending our partners a payload of user data in JSON format. At times, this data can include sensitive PII about our users and their associations. In order to ensure that this information is protected, we suggest that our partners elect to receive encrypted JSON responses from ID.me. This way we’re able to ensure the security of any data in transit and thus elevate your own security posture. Work with your dedicated ID.me team to learn more about encrypting and if it’s right for you.


Data Minimization

ID.me has a philosophy of data minimization. Meaning, partners should be working in collaboration with their dedicated ID.me team to ensure that we’re only sending a payload of relevant data points and nothing more. Relevant data can vary from partner to partner and is largely dependent on each respective partner’s use case. By being deliberate about the kind of data we’re including, we can minimize the risk around sending and storing data that may be useless for your purposes.


Testing

Testing your ID.me flow is an important step in a successful go-live. Partners should test to not only validate that they’re able to access the requested resource, but to ensure that the greater application is functioning properly. Depending on your use case, be sure to test and ensure that you’re:


  • Able to successfully connect to the necessary ID.me resource
  • Complete verification
  • Receiving the data payload you’re expecting
  • Able to decrypt any encrypted information
  • Appropriately storing and/or utilizing that data to achieve a greater business outcome (e.g. triggering a discount based on a customer affiliation)

    • Talk to your dedicated ID.me team to receive test credentials and learn more about what testing should mean for you.