Verify your identity

This is the one place Beige Bank's flow hands off to Polyguard. On desktop, scan the QR with Polyguard Mobile. On a phone, you'll deep-link straight in.

Starting…

Tour stop 2

The Trust Check

Four lines of code, four factors of identity. This is where Polyguard does its work — before we ask the customer to type anything.

What's happening on this page

The page mounts a single client component that loads the Polyguard SDK from https://cdn.polyguard.ai/sdk/latest/sdk.js and calls client.verify(). On desktop it renders a QR code. On mobile it offers a deep link straight into Polyguard Mobile.

<script src="https://cdn.polyguard.ai/sdk/latest/sdk.js"></script>

const client = new window.Polyguard.Client({
  appId: process.env.NEXT_PUBLIC_POLYGUARD_APP_ID,
  apiServer: 'api.polyguard.ai',
  requiredProofs: ['name', 'pg_presence', 'pg_attestation_key_id', 'pg_region'],
  scanType: 'multi',
});

const response = await client.verify('pg-qr-target', /* rawJwt */ true);

That's the whole integration on the browser side. (You can also npm install @polyguard/sdk if you'd rather bundle.)

What Polyguard Mobile does

When the applicant scans the QR (or taps the deep link), Polyguard Mobile runs a fused identity verification — four factors confirmed in a single Trust Check:

Person — 3D depth facial recognition on the applicant's device.
Document — NFC chip verification of the government ID. Not OCR.
Device — Apple AppAttest or Google Play Integrity confirms a real, untampered phone.
Location — GPS plus PG-Presence optical distance bounding confirms the applicant is physically there, in real time.

Biometric data never leaves the device. Beige Bank never sees it. Polyguard never stores it.

How we know the result

The SDK resolves the moment the Trust Check completes, with the full verification bundle — name, document type, region, PG-Presence score, biometric certainty. That data is what powers the next page, where Beige Bank pre-fills its onboarding form so the customer doesn't have to type their name or address.

In parallel, Polyguard's backend posts an AES-256-GCM-encrypted webhook to /api/webhook carrying the signed Transaction Affidavit URL. We poll our own /api/status/:linkUuid for that in the background — the user advances immediately; the affidavit just enriches the compliance record when it arrives.

This split is on purpose: the browser response is fast enough for UX, the webhook is tamper-evident enough for the audit trail.

Learn more