Jumio
Community-contributed integration
This integration is community-maintained. Reference: ory/integrates/identity-verification/jumio.
Jumio is a high-assurance identity verification platform that combines document, selfie, and face-match checks. It is common in regulated industries such as financial services, healthcare, gambling, and crypto. This integration starts a Jumio workflow from Ory Actions during registration, consumes Jumio's HMAC-signed callback when the workflow finishes, and gates sign-in on the stored verification status.
Endpoints
| Path | Trigger | Auth | Purpose |
|---|---|---|---|
POST /jumio/initiate | sync registration.after | X-Webhook-Secret | Starts a Jumio workflow with customerInternalReference = <Kratos identity id>; writes the Jumio account/workflow IDs to metadata_public. |
POST /jumio/callback | async, FROM Jumio | HMAC-SHA256 over raw body | Resolves the Kratos identity via customerInternalReference; PATCHes verdict (PASSED / WARNING / FAILED) onto the identity. |
POST /jumio/validate | sync login.after, can_interrupt: true | X-Webhook-Secret | Blocks login when metadata_public.jumio.status == "rejected". |
Required env vars
ORY_WEBHOOK_SECRET Bearer / X-Webhook-Secret value Ory sends
KRATOS_ADMIN_URL Ory Network admin URL (or self-hosted Kratos admin)
ORY_API_KEY Ory admin API token (identities:write)
JUMIO_AUTH_URL Jumio OAuth token endpoint
JUMIO_API_BASE_URL Jumio API base URL (region-specific)
JUMIO_CLIENT_ID Jumio API client id
JUMIO_CLIENT_SECRET Jumio API client secret
JUMIO_CALLBACK_SECRET HMAC secret for /jumio/callback
PORT default: 3000
Run
cd webhook/
cp .env.example .env
npm install
npm start # runs `tsx server.ts`
Configure Ory
- Use
ory-actions.yamlas the snippet forselfservice.flows.{registration,login}.after.hooks. - The body templates are in
jsonnet/. - The
/jumio/callbackURL must be publicly reachable; configure it as the workflow callback in Jumio Customer Portal → Workflow Definition with the matchingJUMIO_CALLBACK_SECRET.
