Skip to main content

Overview

Warnings on the ID verification report flag every condition Didit observed while reading and validating the document. They land in the warnings[] array on each item of id_verifications[] (see ID verification report), with the shape described in Data models — Warning object: feature, risk, additional_data, log_type, short_description, long_description, node_id. Every warning has three layers:
  1. The risk code — a stable identifier you can match on in your code.
  2. The log_type — derived from the action your configuration assigns to the risk at evaluation time: Decline → error, Review → warning, anything else → information.
  3. The decision impact — set by the workflow’s configurable risk groups. The same risk code can be routed to Approve, Review, or Decline depending on how your application is configured.

Auto-decline conditions

In workflows, the following risks always force the ID report (and the session) to Declined. They cannot be configured:
RiskTrigger
DOCUMENT_NOT_SUPPORTED_FOR_APPLICATIONThe submitted document type is not on your application’s allowed-documents list. additional_data includes issuing_state, document_type, document_subtype, document_region, and document_region_with_subtype so you can enable the exact document in your workflow.
DOCUMENT_EXPIREDThe document’s expiration date has passed at capture time.
PORTRAIT_IMAGE_NOT_DETECTEDNo portrait image could be located on the document.
ID_DOCUMENT_IN_BLOCKLISTThe document matches an entry on your application’s blocklist.
AGE_BELOW_MINIMUMAdaptive age-verification workflows only: extracted age is below the minimum.
AGE_NOT_DETECTEDAdaptive age-verification workflows only: age could not be extracted from the document.
For the standalone OCR API, the unconditional-decline set is DOCUMENT_EXPIRED, MINIMUM_AGE_NOT_MET, PORTRAIT_IMAGE_NOT_DETECTED, SCREEN_CAPTURE_DETECTED, PRINTED_COPY_DETECTED, and PORTRAIT_MANIPULATION_DETECTED. In workflows, minimum age is configurable (default Decline) and the three document-liveness risks are threshold-driven (see below).

Configurable verification settings

In the Didit console, the remaining ID risks are grouped into settings you can route to Approve, Review, or Decline (per workflow, and per node in graph workflows):
GroupRisksDefault action
Minimum AgeMINIMUM_AGE_NOT_METDecline
Maximum AgeMAXIMUM_AGE_EXCEEDEDDecline
Duplicated UserPOSSIBLE_DUPLICATED_USER (skipped when the document number is in your document allowlist)Approve (information)
Invalid CodeQR_NOT_DETECTED, BARCODE_NOT_DETECTED, QR_VALIDATION_FAILED, BARCODE_VALIDATION_FAILEDApprove (information)
Invalid MRZMRZ_VALIDATION_FAILED, MRZ_NOT_DETECTEDApprove (information)
Data InconsistencyDATA_INCONSISTENT, MRZ_AND_DATA_EXTRACTED_FROM_OCR_NOT_SAME, DOCUMENT_NAME_DIFFERENT_FROM_OTHER_APPROVED_DOCUMENTS, DOCUMENT_SIDES_MISMATCH, ID_VERIFICATION_DATA_MISMATCH_BETWEEN_DOCUMENTSApprove (information)
Invalid ValidationINVALID_DATE, COULD_NOT_RECOGNIZE_DOCUMENT, DOCUMENT_NUMBER_NOT_DETECTED, COULD_NOT_DETECT_DOCUMENT_TYPE, NAME_NOT_DETECTED, DATE_OF_BIRTH_NOT_DETECTEDReview
Expected Details MismatchFULL_NAME_MISMATCH_WITH_PROVIDED, GENDER_MISMATCH_WITH_PROVIDED, DOB_MISMATCH_WITH_PROVIDED, COUNTRY_MISMATCH_WITH_PROVIDED, NATIONALITY_MISMATCH_WITH_PROVIDED, IDENTIFICATION_NUMBER_MISMATCH_WITH_PROVIDEDReview
Expiration Date Not DetectedEXPIRATION_DATE_NOT_DETECTEDApprove (information)
Document or Personal Number Format MismatchDOCUMENT_NUMBER_FORMAT_MISMATCH, PERSONAL_NUMBER_FORMAT_MISMATCH (one shared action)Approve (information)
Unparsed AddressUNPARSED_ADDRESSApprove (information)
Image QualityIMAGE_TOO_BLURRY, IMAGE_TOO_DARK, IMAGE_TOO_BRIGHT (one action per risk)Approve (information)
Two ID risk families are threshold-driven instead of Approve/Review/Decline toggles:
  • Document livenessSCREEN_CAPTURE_DETECTED, PRINTED_COPY_DETECTED, PORTRAIT_MANIPULATION_DETECTED. Each fraud type has its own decline and review thresholds: score below the decline threshold → error + Declined; below the review threshold → warning + In Review; otherwise information.
  • Cross-camera face matchLOW_FRONT_CAMERA_FACE_MATCH_SIMILARITY, governed by document_selfie_portrait_match_decline_threshold / document_selfie_portrait_match_review_threshold.

Warnings produced

Verified against collect_ocr_logs, the document-capture flow, and process_ocr_logs_and_get_status. Short descriptions below are the exact short_description strings returned by the API.

Document recognition and quality

RiskShort descriptionCauseSeverity
COULD_NOT_RECOGNIZE_DOCUMENTCould not validate DocumentThe system could not confirm the authenticity or validity of the submitted document — often poor image quality or an unsupported document type. Also used as the fallback for unrecognized processing failures.Configurable — Invalid Validation, default Review
COULD_NOT_DETECT_DOCUMENT_TYPECould not detect document typeThe OCR engine could not classify the document family (passport vs ID vs DL). When this fires, DOCUMENT_NOT_SUPPORTED_FOR_APPLICATION is suppressed (the type is unknown, so “not supported” would be contradictory).Configurable — Invalid Validation, default Review
DOCUMENT_NOT_SUPPORTED_FOR_APPLICATIONDocument not supported for your applicationThe recognized document type is not on the application’s allowed list. additional_data carries the country, document type, subtype, and region-aware subtype.errorauto-decline
DOCUMENT_EXPIREDDocument expiredAt capture time: the document’s expiration date is in the past (error, auto-decline). Post-approval: ongoing expiration monitoring appends this warning with log_type: "warning" when an approved document’s date passes, and the report status becomes Expired.error at capture; warning from monitoring
DOCUMENT_SIDES_MISMATCHDocument sides mismatchFront and back images do not belong to the same document.Configurable — Data Inconsistency, default information
PORTRAIT_IMAGE_NOT_DETECTEDPortrait image not detectedNo portrait could be located on a document that should have one (deferred when the user uploads the non-portrait side first).errorauto-decline
IMAGE_TOO_BLURRY / IMAGE_TOO_DARK / IMAGE_TOO_BRIGHTDocument image is too blurry / too dark / too brightThe image-quality gate rejected an upload (the user is asked to retake). additional_data carries the failing side. A successful retake clears the stale warning; the gate is skipped on the user’s final allowed attempt so they are never hard-blocked.Configurable — per-risk Image Quality action, default information
The capture flow can also reject an upload with the feedback codes IMAGE_RESOLUTION_TOO_LOW, DOCUMENT_NOT_FULLY_VISIBLE, and IMAGE_QUALITY_TOO_LOW. These prompt a retake in the SDK but are not persisted to the report’s warnings[] — only the blurry/dark/bright risks are.

Field extraction

RiskShort descriptionCauseSeverity
NAME_NOT_DETECTEDFirst name and/or last name not detectedFirst name and last name could not be extracted. Exempt when the holder legitimately has a single name (one-name countries, or the MRZ itself carries a single name) and at least one name value was extracted.Configurable — Invalid Validation, default Review
DATE_OF_BIRTH_NOT_DETECTEDDate of birth not detectedDate of birth could not be extracted from a document that should have one.Configurable — Invalid Validation, default Review
DOCUMENT_NUMBER_NOT_DETECTEDDocument number not detectedNeither the document number nor a personal number could be extracted.Configurable — Invalid Validation, default Review
EXPIRATION_DATE_NOT_DETECTEDExpiration date not detectedExpiration date could not be extracted from a document that should have one.Configurable — Expiration Date Not Detected, default information
INVALID_DATEInvalid DateA date on the document (date of birth or expiry) doesn’t parse to a valid date. In the current capture flow this surfaces as a retake prompt during upload rather than a stored warning; the code remains in the Invalid Validation routing group and may appear on older sessions.Configurable — Invalid Validation, default Review
DOCUMENT_NUMBER_FORMAT_MISMATCHDocument number format mismatchDocument number does not match the expected format configured for this document type. additional_data carries expected_format and extracted_value.Configurable — Format Mismatch, default information
PERSONAL_NUMBER_FORMAT_MISMATCHPersonal number format mismatchPersonal number does not match the expected format configured for this document type.Configurable — Format Mismatch, default information

MRZ, QR, barcode

All three MRZ risks are skipped for document types with known-unreliable MRZs.
RiskShort descriptionCauseSeverity
MRZ_NOT_DETECTEDMRZ not detectedMRZ could not be located on a document that should have one.Configurable — Invalid MRZ, default information
MRZ_VALIDATION_FAILEDMRZ is not validMRZ failed checksum / format validation. Often a low-quality capture; can indicate tampering.Configurable — Invalid MRZ, default information
MRZ_AND_DATA_EXTRACTED_FROM_OCR_NOT_SAMEMRZ and data extracted from OCR have some discrepanciesMRZ contents disagree with the VIZ (visible-zone) OCR. Possible alteration.Configurable — Data Inconsistency, default information
QR_NOT_DETECTEDQR not detectedQR code could not be located on a document that should have one.Configurable — Invalid Code, default information
QR_VALIDATION_FAILEDQR validation failedQR contents could not be validated against the rest of the document.Configurable — Invalid Code, default information
BARCODE_NOT_DETECTEDBarcode not detectedBarcode could not be located on a document that should have one.Configurable — Invalid Code, default information
BARCODE_VALIDATION_FAILEDBarcode validation failedBarcode contents could not be validated against the rest of the document.Configurable — Invalid Code, default information
DATA_INCONSISTENTOCR data in the document is not consistentData extracted from different parts of the document disagrees — typically the front and back sides of the same document.Configurable — Data Inconsistency, default information

Identity matching

RiskShort descriptionCauseSeverity
ID_DOCUMENT_IN_BLOCKLISTID document in blocklistThe document matches a blocklisted document (same date of birth, issuing country, and exact document number) or a manually blocklisted document number. additional_data carries the blocklisted session reference.errorauto-decline
ID_DOCUMENT_IN_ALLOWLISTID document in allowlistThe document number matches your document allowlist, so the duplicate-user action was skipped. additional_data carries the document_number.information
POSSIBLE_DUPLICATED_USERPossible duplicated user from other sessionAnother document in your application has the same date of birth, the same issuing country, and a highly similar full name — under a different user (vendor_data), regardless of that session’s status. additional_data carries the duplicate session reference.Configurable — Duplicated User, default information
DOCUMENT_NAME_DIFFERENT_FROM_OTHER_APPROVED_DOCUMENTSDocument name differs from other approved documentsName on this document differs from previously approved documents for the same user. Only produced for Didit-protocol (UserKYC) accounts, not standard API sessions.Configurable — Data Inconsistency, default information
ID_VERIFICATION_DATA_MISMATCH_BETWEEN_DOCUMENTSData mismatch between ID verification documentsTwo ID documents in the same session disagree on name / date of birth.Configurable — Data Inconsistency, default information
LOW_FRONT_CAMERA_FACE_MATCH_SIMILARITYSelfie during document capture doesn’t match document portraitThe face captured from the user’s front camera during document capture does not match the portrait on the document well.Threshold-driven: error below the decline threshold, warning at or below the review threshold

Document liveness (tampering)

Threshold-driven per fraud type in workflows; unconditionally declining on the standalone OCR API.
RiskShort descriptionCauseSeverity
SCREEN_CAPTURE_DETECTEDScreen capture of document detectedDocument was captured from a screen rather than a physical document.error below the decline threshold, warning below the review threshold, else information
PRINTED_COPY_DETECTEDPrinted copy of document detectedDocument appears to be a printed copy rather than the original.Same tri-bucket thresholds
PORTRAIT_MANIPULATION_DETECTEDPortrait manipulation detectedThe portrait region appears to have been replaced or altered.Same tri-bucket thresholds

Expected-details mismatches

When you pass expected_details to a session, Didit raises a mismatch warning per field that does not match. One grouping (expected_details_mismatch_action, default Review) controls routing for all of these:
RiskShort descriptionCause
FULL_NAME_MISMATCH_WITH_PROVIDEDFull name mismatch with provided informationProvided name scores below the name-match threshold against the document.
DOB_MISMATCH_WITH_PROVIDEDDate of birth mismatch with provided informationProvided date of birth does not match.
GENDER_MISMATCH_WITH_PROVIDEDGender mismatch with provided informationProvided gender does not match.
COUNTRY_MISMATCH_WITH_PROVIDEDCountry mismatch with provided informationProvided country does not match issuing_state.
NATIONALITY_MISMATCH_WITH_PROVIDEDNationality mismatch with provided informationProvided nationality does not match.
IDENTIFICATION_NUMBER_MISMATCH_WITH_PROVIDEDIdentification number mismatch with provided informationProvided ID number does not match the document number, personal number, or tax number.
Each mismatch warning carries the expected and extracted values in additional_data.

Age

RiskShort descriptionCauseSeverity
MINIMUM_AGE_NOT_METMinimum age not metHolder is below the configured minimum age (global or per-country/state). additional_data carries min_age_allowed and user_age.Configurable — Minimum Age, default Decline (error); unconditional decline on the standalone OCR API
MAXIMUM_AGE_EXCEEDEDMaximum age exceededHolder is above the configured maximum age. additional_data carries max_age_allowed and user_age.Configurable — Maximum Age, default Decline (error)
AGE_NOT_DETECTEDAge not detectedAdaptive age-verification workflows: age could not be extracted from the document.errorauto-decline
AGE_BELOW_MINIMUMAge below minimumAdaptive age-verification workflows: extracted age is below the minimum.errorauto-decline

Address

RiskShort descriptionCauseSeverity
UNPARSED_ADDRESSUnable to determine address locationThe document defines an address field, but the extracted address could not be parsed or geolocated.Configurable — Unparsed Address, default information

Cross-session document matches

In addition to the warnings above, the V3 ID report ships a matches[] array — up to 5 other documents in your application with the same date of birth, the same issuing country, and a highly similar full name (blocklisted documents additionally require an exact document-number match), excluding sessions that belong to the same user. Documents added to your blocklist appear with is_blocklisted: true. Documents on your allowlist still appear in matches, but their duplicate-user action is skipped. Each match includes session_id, session_number, vendor_data, verification_date, user_details (name, document_type, document_number), status, is_blocklisted, api_service, and a signed front_image_url.

Examples

Configurable warning at its default routing (information)

"warnings": [
  {
    "feature": "ID_VERIFICATION",
    "risk": "QR_NOT_DETECTED",
    "additional_data": null,
    "log_type": "information",
    "short_description": "QR not detected",
    "long_description": "The system couldn't find or read the QR code on the document. This could be due to poor image quality or an unsupported document type.",
    "node_id": "id_primary"
  }
]

Auto-decline on expired document

"warnings": [
  {
    "feature": "ID_VERIFICATION",
    "risk": "DOCUMENT_EXPIRED",
    "additional_data": null,
    "log_type": "error",
    "short_description": "Document expired",
    "long_description": "The document's expiration date has passed, rendering it no longer valid for use.",
    "node_id": "id_primary"
  }
]

Expected-details mismatch with payload

"warnings": [
  {
    "feature": "ID_VERIFICATION",
    "risk": "DOB_MISMATCH_WITH_PROVIDED",
    "additional_data": {
      "expected_dob": "1990-01-01",
      "extracted_dob": "1991-03-15"
    },
    "log_type": "warning",
    "short_description": "Date of birth mismatch with provided information",
    "long_description": "The provided date of birth in `expected_details` doesn't match the date extracted from the document.",
    "node_id": "id_primary"
  }
]

Warning types

Each risk is assigned a severity based on your application’s configuration. The three severities are: