Credit Card Identity Verification

This guide describes how to integrate credit card identity verification into your website.The credit card identity verification service is used to confirm the identity of the user and the accuracy of the user's identity information submitted through the credit card under the user's name.

STEP1Add i'mport library
client-side

Add the i'mport library to your identity verification page. Credit card identity verfication is supported in i'mport JavaScript v1.1.7 or later versions.

For the latest library version information, check the JavaScript SDK Release Notes page. 
  <!-- jQuery -->
  <script type="text/javascript" src="https://code.jquery.com/jquery-1.12.4.min.js" ></script>
  <!-- iamport.payment.js -->
  <script type="text/javascript" src="https://cdn.iamport.kr/js/iamport.payment-{SDK-latest-version}.js"></script>

You must install jQuery 1.0 or later version.
STEP2Prepare for verification
client-side

On the identity verification page, initialize the global object IMP using your Merchant ID.
    var IMP = window.IMP; // Can be omitted
    IMP.init("{Merchant ID}"); // Example: imp00000000
STEP3Request verification
client-side

Call IMP.certification in the popup or redirection mode by passing the required identity information.

You can open the identity verfication page in a mobile popup window. When verification is complete, post-processing is performed through the callback function specified as the second argument of IMP.certification.

Redirection Mode (For Mobile Only)

In a mobile environment, you can redirect to the identity verification page by setting param.popup to false (default). When verification is complete, you will be redirected back to the URL specified by param.m_redirect_url. To use the popup (default) mode, set param.popup to true.

In environments where popups are blocked, such as WebView, it is recommended to set popup to false.

Call IMP.certification with required identity information to request verification as follows: 

  // Call IMP.certification(param, callback)
  IMP.certification({ // param
    merchant_uid: "ORD20180131-0000011", // Order ID
    m_redirect_url : "{Redirect URL}", // Required when popup:false in mobile, Example: https://www.myservice.com/payments/complete/mobile
    popup : false // Always set to true in PC
  }, function (rsp) { // callback
    if (rsp.success) {
      ...,
      // When verification is successful,
      ...
    } else {
      ...,
      // When verification fails,
      ...
    }
  });
STEP4Send verification information
client-side

Send Verification ID to Server via Popup

Based on the the verfication result (sucess/fail) in the response object (rsp) returned after the verification process is complete, add the post-verification processing logic in the callback function.

When the payment is successful, add the logic to send the verification ID (imp_uid) to the server as follows:
  IMP.certification({
    /* ...Omitted... */
  }, function (rsp) { // callback
    if (rsp.success) { // When verification is successful
      // jQuery HTTP request
      jQuery.ajax({
        url: "{server-side endpoint to receive verification info}", // Example: https://www.myservice.com/certifications
        method: "POST",
        headers: { "Content-Type": "application/json" },
        data: { imp_uid: rsp.imp_uid }
      });
    } else {
      alert("Verification failed. Error: " +  rsp.error_msg);
    }
  });

Send Verification ID to Server via Redirection

The page is redirected to the URL specified in param.m_redirect_url of IMP.certification as follows:
GET {m_redirect_url}?imp_uid={}&merchant_uid={merchant_uid for verification}&success={true or false}
STEP5Get and use verfication information
server-side

After receiving the verification information from the client, use imp_uid to get the user's information.
1Get verification ID
Build a server-side API endpoint to get the verification ID (imp_uid).
  app.use(bodyParser.json());
  ...
  // Route POST request to "/certifications"
  app.post("/certifications", async (request, response) => {
    const { imp_uid } = request.body; // Get imp_uid from req.body
  })
2Get verification information
To get verification information from the i'mport server, you must first get a REST API access token.

Use the access token and imp_uid (verification ID) to call the REST API (GET https://api.iamport.kr/certifications/${imp_uid}) that returns the verification information as follows:
  app.use(bodyParser.json());
  ...
  // Route POST request to "/certifications"
  app.post("/certifications", async (request, response) => {
    const { imp_uid } = request.body; // Get imp_uid from request.body
    try {
      // Get access token
      const getToken = await axios({
        url: "https://api.iamport.kr/users/getToken",
        method: "post", // POST method
        headers: { "Content-Type": "application/json" }, // "Content-Type": "application/json"
        data: {
          imp_key: "imp_apikey", // REST API Key
          imp_secret: "ekKoeW8RyKuT0zgaZsUtXXTLQ4AhPFW3ZGseDA6bkA5lamv9OqDMnxyeB9wqOsuO9W3Mx9YSJ4dTqJ3f" // REST API Secret
        }
      });
      const { access_token } = getToken.data.response; // Access token
      ...
      // Get verification info from i'mport server using imp_uid
      const getCertifications = await axios({
        url: \`https://api.iamport.kr/certifications/\${imp_uid}\`, // Pass imp_uid
        method: "get", // GET method
        headers: { "Authorization": access_token } // Add access token to Authorization header
      });
      const certificationsInfo = getCertifications.data.response; // Save verification info
      ...
    } catch(e) {
      console.error(e);
    }
  });
3Using verification information
Retrieve the following user information from the verification information and add the necessary service logic.
  • name: name
  • gender: gender
  • birth: date of birth
  • unique_key: unique key to identify the user (CI value issued by KISA, has 1:1 mapping to resident registration number)
  • unique_in_site: unique key to identify the user per site (DI value issued by KISA)
In addition to the above information, if you need access to a user's foreigner status (foreigner), you must post a Consent to Provision of Personal Information on your website and send a request to cs@iamport.kr.

unique_key and unique_in_site

If multiple credit cards are used to verify the same person, the same unique_key and unique_in_site values are returned for the cards under the same name.
Get the user information and use it as needed. For example, you can use the user information to check age restrictions or one account per person policy as follows:
  // Route POST request to "/certifications"
  app.post("/certifications", async (request, response) => {
    const { imp_uid } = request.body; // Get imp_uid from request.body
    try {
      // Get access token
      /* ...Omitted... */
      // Get verification info using imp_uid 
      /* ...Omitted... */
      const certificationsInfo = getCertifications.data.response; // Save verification info
      // unique_key: Unique key for user, unique_in_site: Unique key for user per site
      const { unique_key, unique_in_site, name, gender, birth } = certificationsInfo;
      ...
      // Check age restrictions
      if (new Date(birth).getFullYear() <= 1999) {
        // Check successful
      } else {
        // Check failed
      }
      ...
      // one account per person check
      // Query database with unique_key to check for existing account
      Users.find({ certificationKey: unique_key })
      .then((user) => {
        if (!user) {
          // New user
        } else {
          // Existing user
        }
      });
    } catch(e) {
      console.error(e);
    }
  });