Playground biometrics demo BioID home page

QualityCheck Web API

POST /qualitycheck?full=true&issuer=ICAO

With the quality check Web API a single facial media sample can be uploaded to the BWS to perform a rigorous quality check according to ICAO (International Civil Aviation Organization) requirements for machine readable travel documents (MRTDs), which include a standard for the digital image quality of facial images, defining requirements for photographic and digital characteristics (see ISO/IEC 19794-5:2011, ISO/IEC 29794-5:2010 or ICAO Document 9303).

Quality checks for traits other than face are currently not supported with this API.


The quality checks performed with this method are descried with the SOAP Quality Check API.

Request Information

  • Parameters

  • full
    Optional, defaults to true. A boolean parameter to select full document mode or token data mode. If set to true, the checks are performed according to the ICAO specifications for travel documents and an output sample is created according to these specifications, whereby the content of the sample is not modified. Otherwise, if set to false, the so called token data is extracted from the given sample, which is typically intended to be stored for later use with a biometric recognition system.
  • issuer
    Optional, defaults to ICAO. The quality checks of facial images can be performed according to document-issuer specific settings defined by this parameter. Currently supported issuers are: ICAO (the default settings as specified by ICAO), BioID (similar to ICAO but with a bigger token image) and various ISO 3166-1 alpha-2 country codes specifying the document issuing country.
  • state
    Optional parameter that is simply passed through to the BWS log and to the returned object.
Request Body Format

The request body contains a single image media sample, encoded into a Data-URL using the data URI scheme as described in RFC 2397 (see also at Wikipedia).

Response Information

The QualityCheck Web API returns a QualityCheckResult object, which informs about the Success of the check and lists Errors that occurred during the check. Refer to the SOAP Quality Check API for a list of possible error-codes. Additionally the coordinates of the found EyeCenters are returned. Finally the processed image is returned in the ProcessedSample element if possible, encoded into a Data-URL.

Response Body Format

The call returns one of the standard HTTP status codes. With the success code (200) you receive the QualityCheckResult object in the body text. With erroneous codes you typically receive a Message field within the body text describing the error. The most commonly return codes are:

  • 200 OK
    The response body contains the QualityCheckResult  object.
  • 400 Bad Request

    No or an invalid sample data has been uploaded.

  • 401 Unauthorized
    No or an invalid authentication header has been specified. This call requires Basic Authentication.
  • 403 Forbidden
    Access has been denied (typically due to a wrong or invalid app-id).
  • 500 Internal Server Error
    A server side exception occurred.

Sample Code

private static async Task<string> QualityCheckAsync(bool full, string issuer, string dataUrlImage)
    using (var client = new HttpClient())
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes($"{APP_IDENTIFIER}:{APP_SECRET}")));
        using (var content = new StringContent(dataUrlImage))
        using (var response = await client.PostAsync(ENDPOINT + $"qualitycheck?full={full}&issuer={issuer}", content))
            Console.Write("QualityCheck Response... ");
            if (response.StatusCode == HttpStatusCode.OK)
                string result = await response.Content.ReadAsStringAsync();
                var json = JObject.Parse(result);
                bool success = (bool)json["Success"];

                var errors = json["Errors"];
                var eyeCenters = json["EyeCenters"];
                string base64ProcessSample = (string)json["ProcessedSample"];

                return json.ToString();

            return string.Empty;
// using OkHttpClient from the OkHttp library
HttpUrl url = HttpUrl.parse("").newBuilder()
        .addQueryParameter("full", "true")
        .addQueryParameter("issuer", "ICAO")
Request request = new Request.Builder()
        .addHeader("Authorization", Credentials.basic(APP_IDENTIFIER, APP_SECRET))
        .post(RequestBody.create(MediaType.parse("text/plain"), "data:image/png;base64," + Base64.getEncoder().encodeToString(getPngAsByteArray())))
OkHttpClient client = new OkHttpClient();
Response response = client.newCall(request).execute();
if (response.code() == 200) {
    // using org.json.JSONObject from JSON-java library
    JSONObject json = new JSONObject(response.body().string());
    if (json.getBoolean("Success")) {
        System.out.println("quality check has been performed");
    } else {
        System.out.println("quality check was not possible");