Django app for integration with the Onfido API (v3)
The current version supports Django 3.1+/4.0+ and Python 3.7+.
For v2 API please check version prior to 1.0
Onfido is an online identity verification service. It provides API access to a range of tests (identity, right to work, criminal history, credit report). It is assumed that you are only interested in this project because you are already aware of what Onfido does, and so I won't repeat it here. If you want to find out more, head over to their website.
If you are using Onfido, and you are using Django, then this project can be used to manage Onfido checks against your existing Django users. It handles the API interactions, as well as providing the callback webhooks required to support live status updates.
The project is available through PyPI as django-onfido:
$ pip install django-onfido
And the main package itself is just onfido:
>>> from onfido import api, models, views, urls, admin, signals, helpers, decoratorsThe main use case is as follows:
- Create an Onfido Applicant from your Django user:
>>> from django.contrib.auth import get_user_model
>>> from onfido.helpers import create_applicant
>>> user = get_user_model().objects.last() # any old one will do
>>> applicant = create_applicant(user)
DEBUG Making POST request to https://api.onfido.com/v3/applicants
DEBUG <Response [201]>
DEBUG {u'first_name': u'hugo', u'last_name': u'rb', u'middle_name': None, ...}
DEBUG Creating new Onfido applicant from JSON: {u'first_name': u'hugo', u'last_name': u'rb', ...}
<Applicant id=a2c98eae-XXX user='hugo'>- Create your check + reports for the applicant:
>>> from onfido.helpers import create_check
>>> create_check(applicant, 'standard', ['identity', 'right_to_work'])
>>> assert Check.objects.count() == 1
>>> assert Report.objects.count() == 2This will create the Check and Report objects on Onfido, and store them locally as Django model objects.
- Wait for callback events to update the status of reports and checks:
DEBUG Received Onfido callback: {"payload":{...}}
DEBUG Processing 'check.completed' action on check.bd8232c4-...NB If you are using the callback functionality, you must set the ONFIDO_WEBHOOK_TOKEN
property (see settings section below). The callback handler will force verification of the
X-Signature request header as specified in the webhooks documentation.
The raw JSON returned from the API for a given entity (Applicant,
Check, Report) is stored on the model as the raw attribute, and
this can be parsed into the relevant model attributes. (Yes this does mean
duplication of data.) The core pattern for interaction with the API on a per-
object basis is a read-only fetch / pull pattern (analagous to git operations
of the same name). If you call the fetch method on an object, it will use
the href value in the raw JSON to fetch the latest data from the API and
parse it, but without saving the changes. If you want to update the object,
use the pull method instead.
The Report object is a special case, where the raw data from the API often
contains sensitive information that you may not wish to store locally
(passport numbers, Visa information, personal data). In order to get around
this, there is a scrub_report_data function that will remove certain
attributes of the raw data before it is parsed. By default this will remove
the breakdown and properties elements.
>>> check = Check.objects.last()
>>> check.raw
{
"id": "c26f22d5-4903-401f-8a48-7b0211d03c1f",
"created_at": "2016-10-15T19:05:50Z",
"status": "awaiting_applicant",
"type": "standard",
"result": "clear",
"href": "applicants/123/checks/456"
}
>>> check.fetch() # fetch and parse the latest raw data
>>> check.pull() # calls fetch and then saves the objectThere is a management command onfido_sync which can be used to pull all the objects
in a queryset. It takes a single positional arg - 'applicant', check' or 'report', and has two
options - --filter and --exclude - both of which take multiple space-separated
args which can be used to manage the queryset that is used.
Examples:
$ ./manage.py onfido_sync check
$ ./manage.py onfido_sync report
$ ./manage.py onfido_sync check --filter complete
$ ./manage.py onfido_sync check --exclude completeThe following settings can be specified as environment settings or within the Django settings.
ONFIDO_API_KEY: your API key, found under setting in your Onfido account.ONFIDO_WEBHOOK_TOKEN: (optional) the Onfido webhook callback token - required if using webhooks.
The following settings can be specified in the Django settings:
ONFIDO_LOG_EVENTS: (optional) if True then callback events from the API will also be recorded asEventobjects. Defaults to False.ONFIDO_REPORT_SCRUBBER: (optional) a function that is used to scrub sensitive data fromReportobjects. The default implementation will remove breakdown and properties.
If you want to run the tests manually, install poetry.
$ poetry install $ poetry run pytest
If you are hacking on the project, please keep coverage up.
Standard GH rules apply: clone the repo to your own account, make sure you update the tests, and submit a pull request.