Verification Modes
SafePassage offers two biometric verification modes to balance compliance with user experience.
Quick Comparison
| Mode | ID Required | Best For |
|---|---|---|
| L1 | Only if estimated below challenge age | Entertainment, gaming, social media |
| L2 | Always | Regulated industries, high compliance |
L1 - Biometric Age Estimation with ID Fallback
Uses advanced facial analysis and AI to estimate age from real-time video capture. Only requires ID if the user appears younger than your challenge age.
How it works:
- Real-time face detection with comprehensive biometric analysis
- AI-powered liveness detection to prevent spoofing
- Age estimation from biometric features
- Automatic ID fallback for younger-appearing users
Flow:
- Camera permission and real-time video capture
- Face detection with liveness verification
- AI estimates age from facial biometrics
- Pass if estimated ≥ challenge age
- Request ID + face matching if estimated < challenge age
Use Cases:
- Lower-risk content
- Optimizing conversion rates
- Markets allowing age estimation
L2 - Universal ID Verification with Biometric Matching
Requires government ID for all users, regardless of appearance. Includes biometric face matching between the live capture and ID photo.
How it works:
- Real-time face detection with liveness verification
- Government ID capture and OCR extraction
- Biometric face matching between selfie and ID photo
- Age verification from official document
Flow:
- Camera permission and real-time video capture
- Face detection with liveness verification
- Government ID capture and processing
- OCR extraction of ID data and age
- Biometric face matching between video and ID
- Pass if age ≥ challenge age AND faces match
Use Cases:
- Alcohol, tobacco, cannabis
- Gambling, adult content
- Maximum compliance requirements
Configuration
Dashboard Default
Set your default mode in Dashboard > Configuration:
- Choose L1 or L2
- Set challenge age (25-99)
Per-Session Override
You can override defaults either client-side or server-side:
Client-side SDK (publishable key)
const sdk = new SafePassage({
apiKey: 'pk_your_public_key',
returnUrl: 'https://example.com/done'
});
// Override mode and/or challengeAge per verification
sdk.verify({
verificationMode: 'L1',
challengeAge: 25 // Useful for regional compliance
});
Server-side API (secret key) — Recommended
const secretKey = 'sk_your_secret_key';
const response = await fetch('https://api.safepassageapp.com/api/v1/sessions/create', {
method: 'POST',
headers: {
'Authorization': `Bearer ${secretKey}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
returnUrl: 'https://example.com/done',
verificationMode: 'L2',
challengeAge: 25
})
});
While challengeAge and verificationMode can be set client-side (useful for detecting user location for regional compliance), server-side is recommended for security-critical applications. Server-controlled parameters cannot be tampered with by end users.
Choosing a Mode
Start with L2 if:
- Industry regulations require ID
- Zero tolerance for underage access
- Unsure about compliance requirements
Consider L1 if:
- Lower-risk content
- User experience is critical
- Regulations allow age estimation
Remember: You can always change modes or use different modes for different products.
Related
- JavaScript SDK — Client-side integration
- Server Integration — API-based integration
- Sessions API — API endpoint reference
- Dashboard Guide — Configure default mode