Retrieving results

When you need a customer's current verification result on demand, look it up by email or phone. This complements webhooks: use webhooks as the primary signal, and retrieval for reconciliation, retries, or when you cannot host a webhook receiver.

Look up a customer

From your backend, send your credentials and the customer's email or phone. Email is matched first, then phone, scoped to your client.

http

POST https://api.sentinel.example.com/customers/status/clientAuth

Field	Type	Description
clientUuidrequired	string	Your client identifier.
clientSecretrequired	string	Your client secret. Server-side only.
email	string	Required if phoneNumber is absent. Matched first.
phoneNumber	string	Required if email is absent. Matched if email is not provided or not found.
optimizedDownload	boolean	When true, trims image payloads to reduce response size. Defaults to false.

request

{
  "clientUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "clientSecret": "xxxxxxxxxxxxxxxx",
  "email": "jane.doe@example.com",
  "phoneNumber": "+971501234567",
  "optimizedDownload": false
}

A match returns 200 with the result. No match returns 404 with { "message": "Row not found" }. Invalid credentials and validation errors follow the conventions on Authentication.

The result

The data object holds the customer's identity fields, the liveness result, and each submitted document with its face-match and OCR data. Documents that were not submitted are null.

response

{
  "message": "Success",
  "data": {
    "uuid": "3f9c1e8a-1d77-4a2b-9f2e-7c6b5a4d3e21",
    "status": 6,
    "name": "Jane",
    "surname": "Doe",
    "gender": "female",
    "dateOfBirth": "1990-05-12",
    "nationality": "GBR",
    "email": "jane.doe@example.com",
    "phoneNumber": "+971501234567",
    "isLive": true,
    "isLiveScore": 98.6,
    "isLiveFaces": ["data:image/jpeg;base64,..."],
    "idFace": "data:image/jpeg;base64,...",
    "emiratesId": {
      "emiratesIdNumber": "784-1990-1234567-1",
      "dateOfIssue": "2022-01-15",
      "dateOfExpiry": "2027-01-15",
      "authority": "Federal Authority for Identity and Citizenship",
      "countryOfIssue": "ARE",
      "idMatch": true,
      "idScore": 96.4,
      "idClassificationPassed": true,
      "frontImage": "data:image/jpeg;base64,...",
      "backImage": "data:image/jpeg;base64,...",
      "idImage": "data:image/jpeg;base64,...",
      "ocrEmiratesId": { "emiratesIdNumber": "784-1990-1234567-1", "dateOfExpiry": "2027-01-15" }
    },
    "passport": null,
    "createdAt": "2026-05-20T10:10:00.000Z",
    "updatedAt": "2026-05-20T10:15:30.000Z"
  }
}

Top-level fields

Field	Type	Description
uuid	string	Customer UUID. Use it as your external key.
status	number	Status code. See the codes on Webhooks.
name, surname	string	The customer’s name.
gender	string	The customer’s gender.
dateOfBirth	string	Date of birth.
nationality	string	Nationality.
email, phoneNumber	string	Contact details captured.
isLive	boolean	Whether liveness passed.
isLiveScore	number	Liveness confidence.
isLiveFaces	string[]	Captured liveness frames as base64 data URIs.
idFace	string	Reference face as a base64 data URI.
passport, emiratesId, egyptNationalId	object \| null	The submitted document, or null if not submitted. See document fields below.
createdAt, updatedAt	string (ISO)	Record timestamps.

Document fields

Field	Type	Description
passportNumber / emiratesIdNumber	string	The document number.
dateOfIssue, dateOfExpiry	string	Document validity dates.
authority	string	Issuing authority.
countryOfIssue	string	Issuing country.
idMatch	boolean	Whether the live face matched the document portrait.
idScore	number	Face-match confidence.
idClassificationPassed	boolean	Whether the document classification passed.
frontImage, backImage, idImage	string	Document images as base64 data URIs.
ocrPassport / ocrEmiratesId	object	Fields read from the document by OCR.

Passports additionally include passportType and placeOfIssue, and the exact fields vary by document type. The screening outcome is reflected in status; raw sanctions data is not part of this response. The response may also include internal fields, such as database identifiers and pointers, that you can safely ignore.

Treat the result as sensitive

It contains personal data and document images. Serve requests over HTTPS, do not log the payload, and store only what your compliance program requires. To reduce response size, set optimizedDownload to true, or use the without-images endpoint below.

Without images

For status and data without any image payloads, use the lighter endpoint. It takes the same identifiers and returns the same shape, with the image fields returned as null.

http

POST https://api.sentinel.example.com/customers/statusWithoutImages/clientAuth

Field	Type	Description
clientUuidrequired	string	Your client identifier.
clientSecretrequired	string	Your client secret. Server-side only.
email	string	Required if phoneNumber is absent. Matched first.
phoneNumber	string	Required if email is absent.

request

{
  "clientUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "clientSecret": "xxxxxxxxxxxxxxxx",
  "email": "jane.doe@example.com",
  "phoneNumber": "+971501234567"
}

response

{
  "message": "Success",
  "data": {
    "uuid": "3f9c1e8a-1d77-4a2b-9f2e-7c6b5a4d3e21",
    "status": 6,
    "name": "Jane",
    "surname": "Doe",
    "nationality": "GBR",
    "email": "jane.doe@example.com",
    "phoneNumber": "+971501234567",
    "isLive": true,
    "isLiveScore": 98.6,
    "isLiveFaces": null,
    "idFace": null,
    "emiratesId": {
      "emiratesIdNumber": "784-1990-1234567-1",
      "dateOfIssue": "2022-01-15",
      "dateOfExpiry": "2027-01-15",
      "authority": "Federal Authority for Identity and Citizenship",
      "countryOfIssue": "ARE",
      "idMatch": true,
      "idScore": 96.4,
      "idClassificationPassed": true,
      "frontImage": null,
      "backImage": null,
      "idImage": null
    },
    "passport": null
  }
}

Listing customers

To page through your customers with their documents, use the list endpoint. Images are omitted, and each customer carries an expiredIds array naming any documents that have expired.

http

POST https://api.sentinel.example.com/customers/listWithDoc/clientAuth

Field	Type	Description
clientUuidrequired	string	Your client identifier.
clientSecretrequired	string	Your client secret. Server-side only.
page	number	Page number. Defaults to 1.
entriesPerPage	number	One of 10, 50, or 100. Defaults to 50.
sortBy	string	One of name, phoneNumber, nationality, gender, status, updatedAt. Defaults to updatedAt.
sortingOrder	string	asc or desc. Defaults to desc.

request

{
  "clientUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "clientSecret": "xxxxxxxxxxxxxxxx",
  "page": 1,
  "entriesPerPage": 50,
  "sortBy": "updatedAt",
  "sortingOrder": "desc"
}

response

{
  "message": "Success",
  "data": {
    "meta": { "total": 128, "perPage": 50, "currentPage": 1, "lastPage": 3 },
    "data": [
      {
        "uuid": "3f9c1e8a-1d77-4a2b-9f2e-7c6b5a4d3e21",
        "status": 6,
        "name": "Jane",
        "surname": "Doe",
        "email": "jane.doe@example.com",
        "phoneNumber": "+971501234567",
        "passports": [],
        "emiratesIds": [
          { "emiratesIdNumber": "784-1990-1234567-1", "dateOfExpiry": "2027-01-15", "idMatch": true }
        ],
        "egyptNationalIds": [],
        "expiredIds": []
      }
    ]
  }
}

Updating contact details

Correct a customer's email or phone with the contact endpoint. Identify the customer by customerUuid and pass the fields to change. A value already in use by another customer returns 409.

http

POST https://api.sentinel.example.com/customers/contact/clientAuth

Field	Type	Description
clientUuidrequired	string	Your client identifier.
clientSecretrequired	string	Your client secret. Server-side only.
customerUuidrequired	string	The customer to update.
email	string	New email. Required if phoneNumber is omitted.
phoneNumber	string	New phone number. Required if email is omitted.

request

{
  "clientUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "clientSecret": "xxxxxxxxxxxxxxxx",
  "customerUuid": "3f9c1e8a-1d77-4a2b-9f2e-7c6b5a4d3e21",
  "email": "jane.new@example.com"
}

response

{
  "message": "Success",
  "data": {
    "uuid": "3f9c1e8a-1d77-4a2b-9f2e-7c6b5a4d3e21",
    "email": "jane.new@example.com",
    "phoneNumber": "+971500000000",
    "updatedAt": "2026-05-20T11:00:00.000Z"
  }
}

Status codes

status uses the same codes as webhook newStatus. See the full table on Webhooks and callbacks, and Core concepts for the lifecycle.

Manage verifications and configure your tenant in the dashboard, or set up re-verification in Re-KYC and screening.