> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didit.me/llms.txt
> Use this file to discover all available pages before exploring further.

# ID verification warnings

> Every warning Didit's ID verification module emits — auto-decline triggers, configurable risk groups, mismatch and tampering codes — with cause and remediation.

export const WarningTypes = () => <div style={{
  display: "flex",
  flexDirection: "column",
  gap: "12px",
  margin: "16px 0"
}}>
    {WARNING_TYPES.map(w => <div key={w.type} style={{
  display: "flex",
  alignItems: "flex-start",
  gap: "12px",
  padding: "12px 16px",
  borderRadius: "8px",
  background: w.bg
}}>
        <span style={{
  fontSize: "16px",
  lineHeight: "24px"
}}>{w.icon}</span>
        <div>
          <div style={{
  fontWeight: 600,
  color: w.color,
  marginBottom: "2px"
}}>
            <code style={{
  background: "transparent",
  color: w.color,
  fontWeight: 600,
  padding: 0
}}>
              {w.type}
            </code>
          </div>
          <div style={{
  fontSize: "14px",
  lineHeight: "20px",
  color: "#374151"
}}>
            {w.description}
          </div>
        </div>
      </div>)}
  </div>;

## Overview

Warnings on the ID verification report flag every condition Didit observed while reading and validating the document. They land in the `warnings[]` array on each item of `id_verifications[]` (see [ID verification report](/core-technology/id-verification/report-id-verification)), with the shape described in [Data models — Warning object](/reference/data-models#warning-object): `feature`, `risk`, `additional_data`, `log_type`, `short_description`, `long_description`, `node_id`.

Every warning has three layers:

1. **The `risk` code** — a stable identifier you can match on in your code.
2. **The `log_type`** — derived from the action your configuration assigns to the risk at evaluation time: **Decline → `error`**, **Review → `warning`**, anything else → `information`.
3. **The decision impact** — set by the workflow's configurable risk groups. The same `risk` code can be routed to **Approve**, **Review**, or **Decline** depending on how your application is configured.

## Auto-decline conditions

In workflows, the following risks always force the ID report (and the session) to `Declined`. They cannot be configured:

| Risk                                     | Trigger                                                                                                                                                                                                                                                                        |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `DOCUMENT_NOT_SUPPORTED_FOR_APPLICATION` | The submitted document type is not on your application's allowed-documents list. `additional_data` includes `issuing_state`, `document_type`, `document_subtype`, `document_region`, and `document_region_with_subtype` so you can enable the exact document in your workflow. |
| `DOCUMENT_EXPIRED`                       | The document's expiration date has passed at capture time.                                                                                                                                                                                                                     |
| `PORTRAIT_IMAGE_NOT_DETECTED`            | No portrait image could be located on the document.                                                                                                                                                                                                                            |
| `ID_DOCUMENT_IN_BLOCKLIST`               | The document matches an entry on your application's blocklist.                                                                                                                                                                                                                 |
| `AGE_BELOW_MINIMUM`                      | Adaptive age-verification workflows only: extracted age is below the minimum.                                                                                                                                                                                                  |
| `AGE_NOT_DETECTED`                       | Adaptive age-verification workflows only: age could not be extracted from the document.                                                                                                                                                                                        |

For the **standalone OCR API**, the unconditional-decline set is `DOCUMENT_EXPIRED`, `MINIMUM_AGE_NOT_MET`, `PORTRAIT_IMAGE_NOT_DETECTED`, `SCREEN_CAPTURE_DETECTED`, `PRINTED_COPY_DETECTED`, and `PORTRAIT_MANIPULATION_DETECTED`. In workflows, minimum age is configurable (default Decline) and the three document-liveness risks are threshold-driven (see below).

## Configurable verification settings

In the Didit console, the remaining ID risks are grouped into settings you can route to **Approve**, **Review**, or **Decline** (per workflow, and per node in graph workflows):

| Group                                           | Risks                                                                                                                                                                                                                     | Default action        |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| **Minimum Age**                                 | `MINIMUM_AGE_NOT_MET`                                                                                                                                                                                                     | Decline               |
| **Maximum Age**                                 | `MAXIMUM_AGE_EXCEEDED`                                                                                                                                                                                                    | Decline               |
| **Duplicated User**                             | `POSSIBLE_DUPLICATED_USER` (skipped when the document number is in your document allowlist)                                                                                                                               | Approve (information) |
| **Invalid Code**                                | `QR_NOT_DETECTED`, `BARCODE_NOT_DETECTED`, `QR_VALIDATION_FAILED`, `BARCODE_VALIDATION_FAILED`                                                                                                                            | Approve (information) |
| **Invalid MRZ**                                 | `MRZ_VALIDATION_FAILED`, `MRZ_NOT_DETECTED`                                                                                                                                                                               | Approve (information) |
| **Data Inconsistency**                          | `DATA_INCONSISTENT`, `MRZ_AND_DATA_EXTRACTED_FROM_OCR_NOT_SAME`, `DOCUMENT_NAME_DIFFERENT_FROM_OTHER_APPROVED_DOCUMENTS`, `DOCUMENT_SIDES_MISMATCH`, `ID_VERIFICATION_DATA_MISMATCH_BETWEEN_DOCUMENTS`                    | Approve (information) |
| **Invalid Validation**                          | `INVALID_DATE`, `COULD_NOT_RECOGNIZE_DOCUMENT`, `DOCUMENT_NUMBER_NOT_DETECTED`, `COULD_NOT_DETECT_DOCUMENT_TYPE`, `NAME_NOT_DETECTED`, `DATE_OF_BIRTH_NOT_DETECTED`                                                       | Review                |
| **Expected Details Mismatch**                   | `FULL_NAME_MISMATCH_WITH_PROVIDED`, `GENDER_MISMATCH_WITH_PROVIDED`, `DOB_MISMATCH_WITH_PROVIDED`, `COUNTRY_MISMATCH_WITH_PROVIDED`, `NATIONALITY_MISMATCH_WITH_PROVIDED`, `IDENTIFICATION_NUMBER_MISMATCH_WITH_PROVIDED` | Review                |
| **Expiration Date Not Detected**                | `EXPIRATION_DATE_NOT_DETECTED`                                                                                                                                                                                            | Approve (information) |
| **Document or Personal Number Format Mismatch** | `DOCUMENT_NUMBER_FORMAT_MISMATCH`, `PERSONAL_NUMBER_FORMAT_MISMATCH` (one shared action)                                                                                                                                  | Approve (information) |
| **Unparsed Address**                            | `UNPARSED_ADDRESS`                                                                                                                                                                                                        | Approve (information) |
| **Image Quality**                               | `IMAGE_TOO_BLURRY`, `IMAGE_TOO_DARK`, `IMAGE_TOO_BRIGHT` (one action per risk)                                                                                                                                            | Approve (information) |

Two ID risk families are **threshold-driven** instead of Approve/Review/Decline toggles:

* **Document liveness** — `SCREEN_CAPTURE_DETECTED`, `PRINTED_COPY_DETECTED`, `PORTRAIT_MANIPULATION_DETECTED`. Each fraud type has its own decline and review thresholds: score below the decline threshold → `error` + Declined; below the review threshold → `warning` + In Review; otherwise `information`.
* **Cross-camera face match** — `LOW_FRONT_CAMERA_FACE_MATCH_SIMILARITY`, governed by `document_selfie_portrait_match_decline_threshold` / `document_selfie_portrait_match_review_threshold`.

## Warnings produced

Verified against `collect_ocr_logs`, the document-capture flow, and `process_ocr_logs_and_get_status`. Short descriptions below are the exact `short_description` strings returned by the API.

### Document recognition and quality

| Risk                                                       | Short description                                    | Cause                                                                                                                                                                                                                                                                  | Severity                                                          |
| ---------------------------------------------------------- | ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- |
| `COULD_NOT_RECOGNIZE_DOCUMENT`                             | Could not validate Document                          | The system could not confirm the authenticity or validity of the submitted document — often poor image quality or an unsupported document type. Also used as the fallback for unrecognized processing failures.                                                        | Configurable — Invalid Validation, default Review                 |
| `COULD_NOT_DETECT_DOCUMENT_TYPE`                           | Could not detect document type                       | The OCR engine could not classify the document family (passport vs ID vs DL). When this fires, `DOCUMENT_NOT_SUPPORTED_FOR_APPLICATION` is suppressed (the type is unknown, so "not supported" would be contradictory).                                                | Configurable — Invalid Validation, default Review                 |
| `DOCUMENT_NOT_SUPPORTED_FOR_APPLICATION`                   | Document not supported for your application          | The recognized document type is not on the application's allowed list. `additional_data` carries the country, document type, subtype, and region-aware subtype.                                                                                                        | `error` — **auto-decline**                                        |
| `DOCUMENT_EXPIRED`                                         | Document expired                                     | At capture time: the document's expiration date is in the past (`error`, auto-decline). Post-approval: ongoing expiration monitoring appends this warning with `log_type: "warning"` when an approved document's date passes, and the report status becomes `Expired`. | `error` at capture; `warning` from monitoring                     |
| `DOCUMENT_SIDES_MISMATCH`                                  | Document sides mismatch                              | Front and back images do not belong to the same document.                                                                                                                                                                                                              | Configurable — Data Inconsistency, default information            |
| `PORTRAIT_IMAGE_NOT_DETECTED`                              | Portrait image not detected                          | No portrait could be located on a document that should have one (deferred when the user uploads the non-portrait side first).                                                                                                                                          | `error` — **auto-decline**                                        |
| `IMAGE_TOO_BLURRY` / `IMAGE_TOO_DARK` / `IMAGE_TOO_BRIGHT` | Document image is too blurry / too dark / too bright | The image-quality gate rejected an upload (the user is asked to retake). `additional_data` carries the failing `side`. A successful retake clears the stale warning; the gate is skipped on the user's final allowed attempt so they are never hard-blocked.           | Configurable — per-risk Image Quality action, default information |

<Note>
  The capture flow can also reject an upload with the feedback codes `IMAGE_RESOLUTION_TOO_LOW`, `DOCUMENT_NOT_FULLY_VISIBLE`, and `IMAGE_QUALITY_TOO_LOW`. These prompt a retake in the SDK but are not persisted to the report's `warnings[]` — only the blurry/dark/bright risks are.
</Note>

### Field extraction

| Risk                              | Short description                        | Cause                                                                                                                                                                                                                                                                               | Severity                                                         |
| --------------------------------- | ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- |
| `NAME_NOT_DETECTED`               | First name and/or last name not detected | First name and last name could not be extracted. Exempt when the holder legitimately has a single name (one-name countries, or the MRZ itself carries a single name) and at least one name value was extracted.                                                                     | Configurable — Invalid Validation, default Review                |
| `DATE_OF_BIRTH_NOT_DETECTED`      | Date of birth not detected               | Date of birth could not be extracted from a document that should have one.                                                                                                                                                                                                          | Configurable — Invalid Validation, default Review                |
| `DOCUMENT_NUMBER_NOT_DETECTED`    | Document number not detected             | Neither the document number nor a personal number could be extracted.                                                                                                                                                                                                               | Configurable — Invalid Validation, default Review                |
| `EXPIRATION_DATE_NOT_DETECTED`    | Expiration date not detected             | Expiration date could not be extracted from a document that should have one.                                                                                                                                                                                                        | Configurable — Expiration Date Not Detected, default information |
| `INVALID_DATE`                    | Invalid Date                             | A date on the document (date of birth or expiry) doesn't parse to a valid date. In the current capture flow this surfaces as a retake prompt during upload rather than a stored warning; the code remains in the Invalid Validation routing group and may appear on older sessions. | Configurable — Invalid Validation, default Review                |
| `DOCUMENT_NUMBER_FORMAT_MISMATCH` | Document number format mismatch          | Document number does not match the expected format configured for this document type. `additional_data` carries `expected_format` and `extracted_value`.                                                                                                                            | Configurable — Format Mismatch, default information              |
| `PERSONAL_NUMBER_FORMAT_MISMATCH` | Personal number format mismatch          | Personal number does not match the expected format configured for this document type.                                                                                                                                                                                               | Configurable — Format Mismatch, default information              |

### MRZ, QR, barcode

All three MRZ risks are skipped for document types with known-unreliable MRZs.

| Risk                                       | Short description                                       | Cause                                                                                                                    | Severity                                               |
| ------------------------------------------ | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------ |
| `MRZ_NOT_DETECTED`                         | MRZ not detected                                        | MRZ could not be located on a document that should have one.                                                             | Configurable — Invalid MRZ, default information        |
| `MRZ_VALIDATION_FAILED`                    | MRZ is not valid                                        | MRZ failed checksum / format validation. Often a low-quality capture; can indicate tampering.                            | Configurable — Invalid MRZ, default information        |
| `MRZ_AND_DATA_EXTRACTED_FROM_OCR_NOT_SAME` | MRZ and data extracted from OCR have some discrepancies | MRZ contents disagree with the VIZ (visible-zone) OCR. Possible alteration.                                              | Configurable — Data Inconsistency, default information |
| `QR_NOT_DETECTED`                          | QR not detected                                         | QR code could not be located on a document that should have one.                                                         | Configurable — Invalid Code, default information       |
| `QR_VALIDATION_FAILED`                     | QR validation failed                                    | QR contents could not be validated against the rest of the document.                                                     | Configurable — Invalid Code, default information       |
| `BARCODE_NOT_DETECTED`                     | Barcode not detected                                    | Barcode could not be located on a document that should have one.                                                         | Configurable — Invalid Code, default information       |
| `BARCODE_VALIDATION_FAILED`                | Barcode validation failed                               | Barcode contents could not be validated against the rest of the document.                                                | Configurable — Invalid Code, default information       |
| `DATA_INCONSISTENT`                        | OCR data in the document is not consistent              | Data extracted from different parts of the document disagrees — typically the front and back sides of the same document. | Configurable — Data Inconsistency, default information |

### Identity matching

| Risk                                                    | Short description                                              | Cause                                                                                                                                                                                                                                                               | Severity                                                                                          |
| ------------------------------------------------------- | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| `ID_DOCUMENT_IN_BLOCKLIST`                              | ID document in blocklist                                       | The document matches a blocklisted document (same date of birth, issuing country, and exact document number) or a manually blocklisted document number. `additional_data` carries the blocklisted session reference.                                                | `error` — **auto-decline**                                                                        |
| `ID_DOCUMENT_IN_ALLOWLIST`                              | ID document in allowlist                                       | The document number matches your document allowlist, so the duplicate-user action was skipped. `additional_data` carries the `document_number`.                                                                                                                     | `information`                                                                                     |
| `POSSIBLE_DUPLICATED_USER`                              | Possible duplicated user from other session                    | Another document in your application has the same date of birth, the same issuing country, and a highly similar full name — under a different user (`vendor_data`), regardless of that session's status. `additional_data` carries the duplicate session reference. | Configurable — Duplicated User, default information                                               |
| `DOCUMENT_NAME_DIFFERENT_FROM_OTHER_APPROVED_DOCUMENTS` | Document name differs from other approved documents            | Name on this document differs from previously approved documents for the same user. Only produced for Didit-protocol (UserKYC) accounts, not standard API sessions.                                                                                                 | Configurable — Data Inconsistency, default information                                            |
| `ID_VERIFICATION_DATA_MISMATCH_BETWEEN_DOCUMENTS`       | Data mismatch between ID verification documents                | Two ID documents in the same session disagree on name / date of birth.                                                                                                                                                                                              | Configurable — Data Inconsistency, default information                                            |
| `LOW_FRONT_CAMERA_FACE_MATCH_SIMILARITY`                | Selfie during document capture doesn't match document portrait | The face captured from the user's front camera during document capture does not match the portrait on the document well.                                                                                                                                            | Threshold-driven: `error` below the decline threshold, `warning` at or below the review threshold |

### Document liveness (tampering)

Threshold-driven per fraud type in workflows; unconditionally declining on the standalone OCR API.

| Risk                             | Short description                   | Cause                                                                | Severity                                                                                      |
| -------------------------------- | ----------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
| `SCREEN_CAPTURE_DETECTED`        | Screen capture of document detected | Document was captured from a screen rather than a physical document. | `error` below the decline threshold, `warning` below the review threshold, else `information` |
| `PRINTED_COPY_DETECTED`          | Printed copy of document detected   | Document appears to be a printed copy rather than the original.      | Same tri-bucket thresholds                                                                    |
| `PORTRAIT_MANIPULATION_DETECTED` | Portrait manipulation detected      | The portrait region appears to have been replaced or altered.        | Same tri-bucket thresholds                                                                    |

### Expected-details mismatches

When you pass `expected_details` to a session, Didit raises a mismatch warning per field that does not match. One grouping (`expected_details_mismatch_action`, default Review) controls routing for all of these:

| Risk                                           | Short description                                        | Cause                                                                                  |
| ---------------------------------------------- | -------------------------------------------------------- | -------------------------------------------------------------------------------------- |
| `FULL_NAME_MISMATCH_WITH_PROVIDED`             | Full name mismatch with provided information             | Provided name scores below the name-match threshold against the document.              |
| `DOB_MISMATCH_WITH_PROVIDED`                   | Date of birth mismatch with provided information         | Provided date of birth does not match.                                                 |
| `GENDER_MISMATCH_WITH_PROVIDED`                | Gender mismatch with provided information                | Provided gender does not match.                                                        |
| `COUNTRY_MISMATCH_WITH_PROVIDED`               | Country mismatch with provided information               | Provided country does not match `issuing_state`.                                       |
| `NATIONALITY_MISMATCH_WITH_PROVIDED`           | Nationality mismatch with provided information           | Provided nationality does not match.                                                   |
| `IDENTIFICATION_NUMBER_MISMATCH_WITH_PROVIDED` | Identification number mismatch with provided information | Provided ID number does not match the document number, personal number, or tax number. |

Each mismatch warning carries the expected and extracted values in `additional_data`.

### Age

| Risk                   | Short description    | Cause                                                                                                                                 | Severity                                                                                               |
| ---------------------- | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| `MINIMUM_AGE_NOT_MET`  | Minimum age not met  | Holder is below the configured minimum age (global or per-country/state). `additional_data` carries `min_age_allowed` and `user_age`. | Configurable — Minimum Age, default Decline (`error`); unconditional decline on the standalone OCR API |
| `MAXIMUM_AGE_EXCEEDED` | Maximum age exceeded | Holder is above the configured maximum age. `additional_data` carries `max_age_allowed` and `user_age`.                               | Configurable — Maximum Age, default Decline (`error`)                                                  |
| `AGE_NOT_DETECTED`     | Age not detected     | Adaptive age-verification workflows: age could not be extracted from the document.                                                    | `error` — **auto-decline**                                                                             |
| `AGE_BELOW_MINIMUM`    | Age below minimum    | Adaptive age-verification workflows: extracted age is below the minimum.                                                              | `error` — **auto-decline**                                                                             |

### Address

| Risk               | Short description                    | Cause                                                                                               | Severity                                             |
| ------------------ | ------------------------------------ | --------------------------------------------------------------------------------------------------- | ---------------------------------------------------- |
| `UNPARSED_ADDRESS` | Unable to determine address location | The document defines an address field, but the extracted address could not be parsed or geolocated. | Configurable — Unparsed Address, default information |

## Cross-session document matches

In addition to the warnings above, the V3 ID report ships a `matches[]` array — up to 5 other documents in your application with the same date of birth, the same issuing country, and a highly similar full name (blocklisted documents additionally require an exact document-number match), excluding sessions that belong to the same user. Documents added to your blocklist appear with `is_blocklisted: true`. Documents on your allowlist still appear in matches, but their duplicate-user action is skipped.

Each match includes `session_id`, `session_number`, `vendor_data`, `verification_date`, `user_details` (`name`, `document_type`, `document_number`), `status`, `is_blocklisted`, `api_service`, and a signed `front_image_url`.

## Examples

### Configurable warning at its default routing (information)

```json theme={null}
"warnings": [
  {
    "feature": "ID_VERIFICATION",
    "risk": "QR_NOT_DETECTED",
    "additional_data": null,
    "log_type": "information",
    "short_description": "QR not detected",
    "long_description": "The system couldn't find or read the QR code on the document. This could be due to poor image quality or an unsupported document type.",
    "node_id": "id_primary"
  }
]
```

### Auto-decline on expired document

```json theme={null}
"warnings": [
  {
    "feature": "ID_VERIFICATION",
    "risk": "DOCUMENT_EXPIRED",
    "additional_data": null,
    "log_type": "error",
    "short_description": "Document expired",
    "long_description": "The document's expiration date has passed, rendering it no longer valid for use.",
    "node_id": "id_primary"
  }
]
```

### Expected-details mismatch with payload

```json theme={null}
"warnings": [
  {
    "feature": "ID_VERIFICATION",
    "risk": "DOB_MISMATCH_WITH_PROVIDED",
    "additional_data": {
      "expected_dob": "1990-01-01",
      "extracted_dob": "1991-03-15"
    },
    "log_type": "warning",
    "short_description": "Date of birth mismatch with provided information",
    "long_description": "The provided date of birth in `expected_details` doesn't match the date extracted from the document.",
    "node_id": "id_primary"
  }
]
```

## Warning types

Each risk is assigned a severity based on your application's configuration. The three severities are:

<WarningTypes />

## Related

* [ID verification report](/core-technology/id-verification/report-id-verification) — full report schema and statuses.
* [Document monitoring](/core-technology/id-verification/document-monitoring-id-verification) — how Didit detects tampering and cross-session duplicates.
* [Webhooks](/integration/webhooks) — `session.status.updated` carries the warnings as soon as the ID step finishes.
* [Data models — ID verification](/reference/data-models#id-verification) — canonical field-by-field schema.
* [Data models — Warning object](/reference/data-models#warning-object) — the shape of every entry in `warnings[]`.
