A face verification API does one thing: it confirms that a real human face was present in real-time. Not a photo, not a video replay, not a deepfake image — a live face with active liveness detection. This makes it the strongest signal available for "is this person actually human?"

Developers use face verification APIs for three primary use cases: replacing CAPTCHAs at signup, adding identity assurance to high-value actions (large transactions, account recovery, age verification), and meeting regulatory requirements for KYC flows.

This guide walks through TrueLens's face verification API specifically — it's the most developer-friendly option with the simplest integration path. Skip to the API comparison table if you want to evaluate alternatives first.

How a Face Verification API Works

The flow has three parts:

The key insight: the token is the deliverable. You're not storing face data — you're getting a cryptographic receipt that says "a verified human was present at time T." Your database stores the token, not the image.

TrueLens Face Verification API: 4-Step Integration

  1. Get your API key

    Sign up at /pricing. Free tier includes 50 verifications. Your key is available immediately — no approval process, no KYC for the developer.

  2. Embed the verification widget

    Add the TrueLens iframe or SDK script to your signup page. The widget handles camera access, liveness challenge, and token generation. Customize with your brand colors via CSS variables.

  3. Receive the verification token

    On successful liveness check, the widget posts a truelens:verified event with a signed JWT token to your page. Store it in a hidden field or sessionStorage.

  4. Verify server-side before account creation

    Send the token to your backend. Call the TrueLens verify endpoint. Only create the account if the response is verified: true.

Code Examples

Client-Side: Embed the Verification Widget

<!-- Add to your signup page -->
<div id="truelens-widget"
     data-api-key="tl_live_your_key_here"
     data-callback="onVerified">
</div>

<!-- Hidden field to hold the token -->
<input type="hidden" id="verification-token" name="verificationToken">

<script src="https://cdn.truelens.io/v1/widget.js"></script>
<script>
function onVerified(event) {
  if (event.status === 'verified') {
    document.getElementById('verification-token').value = event.token;
    document.getElementById('submit-btn').disabled = false;
  }
}
</script>

Server-Side Verification

// Node.js / Express
const TRUELENS_API_KEY = process.env.TRUELENS_API_KEY;

async function verifyLiveness(token) {
  const response = await fetch('https://api.truelens.io/v1/verify', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${TRUELENS_API_KEY}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ token })
  });

  if (!response.ok) throw new Error('Verification service unavailable');
  return response.json();
  // Returns: { verified: true, liveness_score: 0.98, verification_id: "vrf_..." }
}

app.post('/signup', async (req, res) => {
  const { email, password, verificationToken } = req.body;

  if (!verificationToken) {
    return res.status(400).json({ error: 'Face verification required' });
  }

  try {
    const { verified, liveness_score } = await verifyLiveness(verificationToken);

    if (!verified || liveness_score < 0.95) {
      return res.status(403).json({ error: 'Verification failed. Please try again.' });
    }

    // Token is valid — create the account
    const user = await createUser({ email, password });
    res.json({ success: true, userId: user.id });

  } catch (err) {
    console.error('Liveness check error:', err);
    res.status(500).json({ error: 'Verification service error' });
  }
});
import os
import requests
from flask import Flask, request, jsonify

app = Flask(__name__)
TRUELENS_API_KEY = os.environ.get('TRUELENS_API_KEY')

def verify_liveness(token: str) -> dict:
    response = requests.post(
        'https://api.truelens.io/v1/verify',
        headers={
            'Authorization': f'Bearer {TRUELENS_API_KEY}',
            'Content-Type': 'application/json'
        },
        json={'token': token},
        timeout=10
    )
    response.raise_for_status()
    return response.json()
    # Returns: {'verified': True, 'liveness_score': 0.98, 'verification_id': 'vrf_...'}

@app.route('/signup', methods=['POST'])
def signup():
    data = request.get_json()
    token = data.get('verificationToken')

    if not token:
        return jsonify({'error': 'Face verification required'}), 400

    try:
        result = verify_liveness(token)

        if not result['verified'] or result['liveness_score'] < 0.95:
            return jsonify({'error': 'Verification failed. Please try again.'}), 403

        # Create user account
        user = create_user(data['email'], data['password'])
        return jsonify({'success': True, 'userId': user['id']})

    except requests.RequestException as e:
        return jsonify({'error': 'Verification service error'}), 500
# Test the verify endpoint with cURL
curl -X POST https://api.truelens.io/v1/verify \
  -H "Authorization: Bearer tl_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."}'

# Successful response:
# {
#   "verified": true,
#   "liveness_score": 0.98,
#   "verification_id": "vrf_01HXYZ...",
#   "expires_at": "2026-05-24T05:00:00Z"
# }

# Failed response (photo replay attack):
# {
#   "verified": false,
#   "liveness_score": 0.31,
#   "failure_reason": "spoof_detected"
# }

Try TrueLens Free

50 free verifications. No credit card. Integrate in under an hour.

No credit card · 2-second user experience · GDPR-compliant

Face Verification API Response Reference

Every successful verify call returns:

Security note: Always verify tokens server-side. Never trust client-side liveness results — the client is controlled by the attacker. The server-to-server API call is the trust boundary.

Face Verification API Comparison (2026)

API Liveness Type Accuracy GDPR Pricing Dev Friendliness
TrueLens Active (passive option) 99.9% GDPR-ready From $19/mo Excellent
AWS Rekognition Passive 98%+ Complex $0.001–0.004/call Steep learning curve
FaceTec Active (3D liveness) 99.9% Yes Enterprise only SDK-heavy integration
iProov Active (genuine presence) 99%+ UK/EU compliant Enterprise only Slow sales process
Microsoft Azure Face Passive 95–97% Complex consent Pay-per-call Medium complexity

When to Use a Face Verification API

Face liveness is the right tool when a fake account causes measurable damage. Consider it for:

Common Integration Mistakes

Three pitfalls that most first integrations hit:

Full API documentation, sandbox endpoints, and interactive testing at /docs. For pricing and plan limits, see /pricing.

Also useful: how to stop bot signups without CAPTCHA covers the full layered approach — liveness is the strongest layer, but combining it with rate limiting and email checks covers even more ground.