Forgery check
Forgery check protects automated processes that rely on unauthenticated documents received from third parties in pdf, jpeg and other picture formats. Typical documents include invoices, payroll slips, bank statements, KYC documents, etc. Forgery check detects forgeries and modifications, that are related to identity changes, fraudulent modification of account numbers and transaction details.

API documentation



HTTP method: POST 

Content-Type: multipart/form-data


The document that will be analyzed

relayStateThis semi-optional parameter will be returned to you at the redirect back to your server. Use it to link a unique ID of your choice that you can parse.No

A url where success/error results will automatically be POST:ed

    "id": "bb9803e8-cda0-4b12-8f1d-576efd810da7",
    "state": "Finished",
    "score": "Warning",
    "riskScore": 50,
    "trustScore": 0,
    "indicators": [
            "indicatorId": "is_double_saved_jpeg",
            "description": "This image was opened and saved after creation. This indicates that the image was modified. However, the modification may be attributed to cropping or resizing. For example, some cloud services resize images by default.",
            "category": "modifications",
            "confidence": 50,
            "metadata": {},
            "score": 50,
            "title": "Re-saved JPEG image",
            "type": "RISK"
    "relayState": "12345abc",
    "providerData": {}
    "errors": []
idSession ID
stateSession state. Can be: Created, Pending, Finished, Failed, Timeout
errorsA JSON array of error conditions, see error handling.

Can be: None, Normal, Trusted, Warning, HighRisk

None – the score was not set. A Normal score is attributed to documents where the system has identified a reason to trust them. A Warning score is given to documents that are identified as more likely to have been modified, such as scanned documents. A HighRisk score identifies the documents where the system has identified modifications that are frequently associated with fraud or forgery attempts.

riskScoreThis score estimates the likelihood that the file has been manipulated since its creation in the digital form. Modification artefacts, inconsistencies in files, existence of structural changes (such as fonts) or outright manipulation indicators discovered by our system increase the score. A high risk score indicates that the given file contains severe modifications. The sum of TrustScore and RiskScore will always be lower or equal to 100. It will not be uniform for all document types. The risk score will always reflect the estimate of modification likelihood during the digital lifecycle of the document. Any modification performed before the document was digitised will not influence the risk score. However, the particular nature of the scanned document will be reflected in the trust score. The trust score will never exceed a specific threshold for any scanned document and will never exceed another, higher threshold for documents without an electronic signature.
trustScoreThis score estimates the likelihood that the file is genuine and unmodified. The score will be the highest for unmodified, digitally signed files with well known origin. It will be reduced for files of unknown origin, scanned files (where the modification may have happened prior to scanning) or for files with a high RiskScore.
relayStateOptional parameter. Use it to link an unique ID of your choice that you can parse.

Risk indicators contains detailed information about the specific results of our analysis. This field contains detailed observations that the system was able to make about the file. Some indicators may be positive and may increase the Trust score, while the others would be negative and would increase the Risk.

indicatorId – Indicator ID

description – Description

category – Category of indicator (e.g. ‘modifications’, ‘text_hiding’, etc.)

confidence – Since not all indicators have the same level of confidence. Indicators with low confidence should be interpreted with caution.

metadata – Metadata

score – Score estimates the severity of the detection triggered by the indicator.
If the type of indicator is “risk”, the score will be high if the detected modifications indicate malicious intent of the user.
In the case of trust-type indicator, the score will be high for strong indicators of genuine document origin (e.g. documents with digital signature).

title – Title

type – Type


Data returned from provider

GET from

sessionid is the session identifier retrieved from the “start session” call, named id in the response

The best practice is to use exponential back-off to reduce load.

To set up a webhook URL for callback use webhook request parameter.