Skip to main content
~15s end-to-end verification
Ship step-up verification in an afternoon.
FaceSign replaces insecure SMS codes and expensive call centers with a 20-second AI-led conversation. Six models verify both the person and their state of mind.
Get started
$npm i @facesignai/api
~15s
End-to-end verification
6
Built-in security layers
5 MB
Zero-install embed
1 port
Firewall friendly
Five steps to your first session
FaceSign exposes a Model Context Protocol server. Any MCP-capable client (Claude Code, Cursor, Zed) can build, preview, and export a full Next.js app through natural language.
STEP 01
Get a key
Request an sk_live_ key from your account, or sk_test_ for the sandbox.
STEP 02
Add the MCP
Drop the FaceSign server into your client config. HTTP, one header, no install.
STEP 03
Describe it
Tell the MCP client what you’re building. It assembles the flow and writes the pages.
STEP 04
Test locally
Use launch_session_ui for a browser preview, or export_app for a full Next.js project.
STEP 05
Deploy
Push the export to any Node host. Set FACESIGN_API_KEY, point your users at it.
A real flow, not a toy.
Greeting, recognition, liveness, closing. The complete happy path in one session create call.
session-create.ts
Every outcome routes forward. Video AI analysis runs out-of-band after the session ends.
feature-flow

AI-guided flow building

Describe your use case in plain English. The MCP interviews you, builds the verification flow, and exports a production-ready app.
feature-nodes

10 verification nodes

Liveness, facial recognition, document scanning, coercion detection, KBA, and OTP — all composable in any verification flow.
feature-deploy

Deploy anywhere

Export to Next.js or static HTML. One environment variable. Zero vendor lock-in.
Seven live demos
Every reference demo is a working FaceSign integration you can try now and adapt. Each is built from the same MCP primitives.
Step-up auth
Before a sensitive action, promote the user through a short verification. Recognition + liveness + conversational check.
recognitionlivenessOTP
Coercion detection
Detects signs of duress, secondary voices, scripted responses, and environmental anomalies for high risk transactions.
intentvideo AIfraud
Account recovery
Self-serve recovery flow with knowledge-based questions, liveness, and recognition. Replaces call center KBA.
KBArecognitionself-serve
Workforce verification
Verify employees before accessing sensitive files, systems, or admin panels. Per-session identity confirmation.
internalauditSSO-adjacent
Interview verification
Confirms the person in interview two is the same from interview one. Mitigates identity fraud in remote hiring.
recognitioncontinuityhiring
Gaming and gambling
Responsible gaming check-ins. Verify the player is the account holder and not under duress or impaired.
responsible gamingcomplianceintent
KYC onboarding
Full KYC with document scan, face-to-document comparison, liveness, and recognition enrollment.
document scanface compareenrollment
13 languages, zero extra work
Browser language detection drives both avatar speech and the wrapper UI automatically. You write prompts once. FaceSign handles the rest.
🇬🇧
English
en
🇮🇹
Italian
it
🇩🇪
German
de
🇫🇷
French
fr
🇪🇸
Spanish
es
🇵🇹
Portuguese
pt
🇷🇺
Russian
ru
🇯🇵
Japanese
ja
🇮🇩
Indonesian
id
🇳🇴
Norwegian
no
🇨🇳
Chinese Simplified
zh
🇹🇼
Chinese Traditional
zh-TW
🇭🇰
Chinese Cantonese
zh-HK
How it works
The session matches the end user’s navigator.language against your langs whitelist. If it matches, that language is used for both avatar speech and the wrapper UI. Otherwise it falls back to defaultLang (default: en). BCP-47 normalization covers aliases like zh-Hans and base-language fallbacks like fr-CA. No extra localization code required.
Test any language
Append ?lang=XX to any demo URL to override browser detection — for example https://stepup.facesign.dev/?lang=it for Italian or ?lang=ja for Japanese.
The full playbook
Flow rules, edge cases, deployment gotchas, and complete example flows. Written for engineers shipping to production.

Flow builder

Node types, outcomes, valid graph patterns

Conversation rules

13 load-bearing rules for avatar behavior

Localization

Language resolution, prompts, currency formatting

Recognition branching

Proven pattern for known vs new user paths

Document scanning

Scan IDs, passports, driving licences

Pre-session pages

Branded landing pages before session starts

Recap pages

Thank-you pages, or a full verification report

Deployment

Vercel, Railway, Fly, containers

Known behaviors

Edge cases to design around

Privacy model

What’s retained, discarded, controlled

Pre-release checklist

Everything to verify before production
Prefer to build by hand?
The MCP handles most integrations, but direct SDK and REST access are first-class for teams who need lower-level control.
TypeScript / Node SDK
Official package with full types. Works in Next.js, Express, serverless functions, and anywhere Node runs.
$npm i @facesignai/api
REST API
The raw HTTP API if you’re working in Python, Go, Ruby, or any other backend. Session create, session get, and webhook events are the three endpoints you’ll use most.
API reference →
Frequently asked questions
Request an sk_live_ production key or sk_test_ sandbox key from your account dashboard. If you don’t have an account yet, email developers@facesign.ai. Keys carry no setup fee.
Yes. Every account gets a sandbox environment with an sk_test_ key that includes free sessions for development. Sandbox sessions are functionally identical to production.
Usage-based, priced per verification session. No minimums, no implementation fees, and volume discounts kick in as you scale.
Any modern Chromium, Safari 15+, or Firefox on desktop and mobile. Standard WebRTC, camera and mic permissions. No native install.
Yes. Drop the session URL into an iframe or WebView, or use the JavaScript SDK for a programmatic embed. About 5 MB, one outbound port.
Webhooks notify your backend when a session’s state changes; your server then fetches the full payload via GET /sessions/:id with your API key. Polling the same endpoint works as a fallback.
Yes. Choose from our avatar library or work with us on a branded custom avatar. 10+ languages supported.
FaceSign is a data processor; you are the data controller. Video is processed in memory and discarded. You choose your data processing region.
Architected for GDPR and CCPA from day one. SOC 2 Type II is in progress. Ask security@facesign.ai for details.
US and EU processing regions are available. Other regions are on request. Data residency can be configured at the account level. Contact security@facesign.ai to configure residency for your deployment.
Register an HTTPS endpoint with a signing secret in your dashboard. FaceSign POSTs a compact event (id, type, sessionId, createdAt) on status, media, and analysis updates — verify the HMAC-SHA256 X-FaceSign-Signature header, then fetch the full state via GET /sessions/:id. Transient delivery failures are retried automatically.
GDPR and CCPA from day one. SOC 2 Type II is in progress. For questions about compliance posture, specific certifications, or security documentation, email security@facesign.ai.
Ready to build?
Request an API key, wire up the MCP, and ship a working integration today.