Face Search
Search a face image (1:N) against your application’s face search index — faces enrolled from verification sessions, saved standalone API calls, direct user-profile face uploads, and your block/allow lists — and get back ranked similarity matches plus blocklist and duplicate warnings.
How it works. The largest detected face in user_image is embedded and searched against the index, scoped to your application. Up to 5 matches above the similarity floor are returned in matches, each with similarity_percentage, the originating session (session_id, session_number, status, vendor_data), user_details extracted during that session’s document verification, is_blocklisted / is_allowlisted flags, and a source discriminator (session, imported, or list_entry).
search_type=most_similar(default) ranks every enrolled face by similarity — use it for deduplication and fraud-ring investigation.search_type=blocklisted_or_approvedrestricts candidates to blocklisted faces, allowlisted faces, faces from approved sessions, and imported user-profile faces, ranking blocklisted entries first — use it when the primary goal is blocklist screening.
status is Declined only when a FACE_IN_BLOCKLIST or POSSIBLE_FACE_IN_BLOCKLIST warning fires; DUPLICATED_FACE / POSSIBLE_DUPLICATED_FACE (information) and MULTIPLE_FACES_DETECTED (warning) never decline. Unlike Passive Liveness, this endpoint does not exclude prior sessions with the same vendor_data from matching. A passive-liveness analysis also runs internally and is stored with the persisted session, but its result is not part of this response.
Billing. Each 200 response consumes one Face Search API credit (standalone APIs have no free tier). Insufficient balance returns 403 before any image processing.
Session persistence and face enrollment (save_api_request, default true). When true, the call is persisted as an API-type session (Business Console, GET /v3/session/{sessionId}/decision/ via the returned request_id, status.updated webhook) and the searched face is enrolled into your face search index. Faces enrolled by Face Search calls are excluded from future Face Search results, so repeated searches never match each other. When false, the call is one-shot: nothing is stored, the face is not enrolled, and match_image_url values are internal storage paths rather than downloadable URLs.
Sandbox. Sandbox API keys skip all processing and billing: after request validation (malformed input still returns 400), the endpoint returns a static Approved mock payload, no session is persisted, and no credits are consumed.
Authentication. Send your application’s API key in the x-api-key header. Missing or invalid credentials return 403 ({"detail": "You do not have permission to perform this action."}) — this API never returns 401.
Rate limit. Shared write budget of 300 requests/min per API key across all POST/PATCH/DELETE endpoints; exceeding it returns 429.
Authorizations
Body
Front-facing face image to search with. Allowed extensions: tiff, jpg, jpeg, png, webp. Maximum upload size: 5 MB (larger files are rejected with 400). Images are automatically compressed to ~0.5 MB before processing, so very high resolutions do not improve accuracy. The image must contain at least one detectable face — otherwise the endpoint returns 400. When several faces are present, the largest one is searched and a MULTIPLE_FACES_DETECTED warning is added.
Search policy. most_similar (default) ranks every enrolled face in your application by similarity. blocklisted_or_approved restricts candidates to blocklisted faces, allowlisted faces, faces from approved sessions, and imported user-profile faces — with blocklisted entries ranked first.
most_similar, blocklisted_or_approved "most_similar"
When true, the service tries 90-degree rotations of the input and uses the orientation that yields the best face detection. Useful when EXIF orientation is missing. Adds latency.
false
When true (default), persists the call as an API-type session, emits a status.updated webhook, presigns match_image_url values, and enrolls the searched face into your face search index (Face Search enrollments are excluded from future searches). When false, the search is one-shot — no session is stored and the face is not enrolled.
true
Optional opaque identifier (your user id, email, UUID…) stored on the persisted session and echoed back. It does not exclude same-user faces from the search results.
"user-123"
Optional JSON object stored with the session (when save_api_request=true) and echoed back. In multipart requests, send it as a JSON-encoded string field — it is parsed into an object.
{ "flow": "dedup_check" }Response
Face search completed. face_search.matches holds up to 5 similar faces ordered by similarity; an empty array means no enrolled face exceeded the similarity floor. status is Declined only on blocklist hits — duplicate matches alone return Approved, so inspect matches and warnings, not just status. When save_api_request=true, request_id is the persisted session id.
Persisted session id when save_api_request=true (usable with GET /v3/session/{sessionId}/decision/); otherwise a transient correlation UUID.
Echo of the vendor_data you sent, or null.
Echo of the metadata object you sent, or null.
ISO 8601 timestamp (UTC) of when the response was generated, e.g. 2026-06-12T01:04:42.763237+00:00.