Implementing YouLive: a backend integration guide for liveness detection Written on
TL;DR
-
YouLive is an ISO-certified API for Liveness Detection (PAD) that instantly verifies a user's face is real, protecting your digital systems (KYC, onboarding) from spoofing attacks (photos, deepfakes).
-
The YouLive API adds a quick, powerful layer of security that verifies whether a face is genuinely live. It detects spoofing attempts using advanced technology and is certified under ISO 30107-3, the global benchmark for liveness detection.
-
This guide walks you through the simplest and most secure way to integrate YouLive using a backend implementation with Python or Node.js.
Why spoofing detection matters
Biometric verification excels in digital onboarding, KYC (Know Your Customer) processes, and workflows requiring robust security authentication. However, the integrity of these systems relies entirely on one critical factor: ensuring the face being scanned belongs to a real, live person—not a photo, a screen replay, or a deepfake. This process is known as Liveness Detection, or Presentation Attack Detection (PAD).
The YouLive API provides a robust, ISO/IEC 30107-3 certified solution to instantly verify the liveness of a user's face, protecting your systems from spoofing attacks.
This technical guide details the recommended and most secure way to integrate YouLive: via a secure, server-side (backend) implementation. By routing all API calls through your trusted backend environment, you safeguard your sensitive API keys and ensure strict compliance with data privacy regulations.
The YouLive integration architecture
YouLive is Youverse’s Liveness Detection API, ready to implement with 3 lines of code. Key features include:
-
Protection against identity fraud with ISO 30107 Level 1 and 2 compliant liveness.
-
Deployment in cloud or on-premise environments. Features SDKs for Web, iOS, and Android for quick integration and <1s REST API latency for frictionless user flows.
-
No storage of biometrics or PII, maintaining alignment with regulations like GDPR and CCPA.
-
Alignment with global standards and continuous ISO compliance checks. Focus on industry-specific compliance for banking and government sectors.
-
Bias free across all skin tones, genders, and ages. Equality is built directly into the heart of our model which makes its design reliable for any demographics.
The recommended setup is a two-step process involving the frontend (mobile/web) and your secure backend server. The role of the frontend is solely to capture the image and securely pass it to your server.
Frontend
-
Capture mechanism: Use the official Youverse WebComponent or a custom implementation on your mobile/web app to capture the user's selfie. The web component allows you to align with CEN/TS 18099 for injection/deepfake attacks as well as man-in-the-middle protection. Our web-component is free to use with our APIs.
-
Transmission: Send the Base64 image string to a dedicated endpoint on your own trusted backend server (e.g., /api/liveness-check). Do not call the YouLive API directly from the frontend.
Backend
The YouLive API is accessible via a single, simple REST endpoint. The request payload must be a JSON object containing the Base64 image and a configuration array.
JSON
{
"image": "BASE64_STRING",
"configuration": [
{ "name": "liveness_method", "value": "merged" }
]
}
You can optionally specify how to handle multiple faces or tune security levels, but for most cases the default configuration is enough. For further details checkout our documentation.
Interpreting the response
The API returns an interpretable response with simple yet crucial output fields for any application: score, status, and confidence_level.
|
Property |
Type |
Description |
|
score |
float |
Liveness confidence value. |
|
status |
string |
Image analysis status (e.g., VALID_IMAGE, ILLUMINATION_ERROR, MULTIPLE_FACES). |
|
confidence_level |
string |
Categorical assurance level (Low, Medium for Level 1, High for Level 2). |
Your backend should first check the image status, then decide whether to accept or reject the verification based on your security needs.
Code integration samples
The following examples demonstrate the secure backend call to the YouLive API using popular server-side languages.
Python integration sample
This example uses the requests library to manage the secure API call and JSON payload construction.
Python
import requests
import base64
import json
# Replace with your actual base BASE_URL and API_KEY key
image_b64 = base64.b64encode(open("selfie.jpg","rb").read()).decode()
payload = {"image": image_b64, "configuration":[{"name":"liveness_method","value":"merged"}]}
response = requests.post(f"{BASE_URL}/liveness", json=payload, headers={"x-api-key": API_KEY})
Node.js integration sample
This example utilizes the popular axios HTTP client for asynchronous requests in a Node.js environment.
JavaScript
import axios from "axios";
import fs from "fs";
// Replace with your actual base BASE_URL and API_KEY key
const imageBase64 = fs.readFileSync("selfie.jpg").toString("base64");
const payload = { image: imageBase64, configuration: [{ name: "liveness_method", value: "merged" }] };
const response = await axios.post(`${BASE_URL}/liveness`, payload, { headers: { "x-api-key": API_KEY }});
Test with a micro pilot
The YouLive API provides an industry-certified, high-security solution for integrating presentation attack detection into your identity and authentication workflows. By adhering to the secure, server-side integration methodology outlined in this guide, you can leverage YouLive’s capabilities while maintaining the highest standards of security, privacy, and compliance.
The flexibility of the REST endpoint, combined with clear configuration options for security level and face selection, makes YouLive an adaptable tool for fintech, gaming, telecom, and government identity programs.
Ready to enhance your digital security? Start your secure YouLive API integration today and protect your users from presentation attacks. Try it for free over 10 days!
