Your Face Is
the Password.
Biometric MFA that stops account takeover and deepfakes — verify real users in under 2 seconds, no passwords required.
How It Works
Three steps to authenticate a user with their face.
Trigger Auth
Call the API to start a biometric auth challenge. Get a unique URL for your user.
User Proves Presence
The user opens the link and completes a liveness check — proving a real, live person.
Grant Access
Receive a pass/fail result via webhook or API polling, then grant access instantly.
Authentication Factors
Layered biometric signals that prove it’s really them.
Liveness Detection
Real-time face detection with 468 landmarks confirms a live person — blink, mouth, and head movement defeat photo and replay attacks.
Face Match
Bind the live face to a trusted reference (KTP photo or enrolled selfie) so only the real owner can authenticate.
Anti-Deepfake
Detect AI-generated faces, masks, and replays to stop synthetic identity and account-takeover attacks.
ID Binding (KTP)
Enroll and bind a user to a government ID — extract 17 KTP fields to tie the biometric factor to a real identity.
Multi-Platform Integration
One API for biometric auth. Drop it into web, mobile, or backend via WebView, iframe, or REST API.
// Start an auth challenge const res = await fetch('/api/sessions', { method: 'POST', headers: { 'Authorization': `Bearer ${apiKey}`, } }); const { id, verification_url } = await res.json();
Privacy & Security
Biometric data is processed client-side. No facial data is sent to our servers.
On-Device Processing
Face detection runs entirely in the user’s browser.
No Biometric Storage
Face landmark data never leaves the device.
End-to-End Encryption
All API communication is protected with TLS encryption.