Add highly effective, privacy-preserving age checks to any website or app, and meet the Online Safety Act without sending users away, holding their data, or knowing who they are. One orchestrator, every leading method, a single, signed yes / no result returned.
SecureYou stay anonymous. We only ever return a yes or no.
Double-blind true/false returned to the website or app. No PII, Nothing retained.
Luciditi Trust is an Age Assurance Orchestrator. You add one integration; your users get every leading method; and nobody - not you, nor any upstream provider - learns who they are.
Unlike identity verification, the process is anonymous and privacy preserving. Any data captured during a check is deleted during or immediately after the session, and the downstream provider never learns where or why a user proved their age.
Whatever the method, the result is a single cryptographically-signed boolean. No date of birth, no document, no PII is ever returned to your service.
Add highly effective age assurance with no services, certifications or infrastructure of your own to host. Luciditi carries the technology, security and compliance.
Designed around the patterns developers already know: REST, OAuth 2.0 and JWT. Most integrations go live in a day, often within a few hours.
Whilst not a requirement of the OSA, Luciditi is certified under the UK DVS Trust Framework as an Identity, Orchestration and Attribute Service Provider, so you know that a response from Luciditi Trust can be relied upon as Highly Effective.
As an OSP we can accept digital identities from other DVS suppliers and the forthcoming UK Digital Driving Licence, widening acceptance with no extra work from you.
The UK's Online Safety Act 2023 gives the country some of the toughest age laws in the world. Luciditi Trust is closely aligned with it and satisfies Ofcom's expectations on effectiveness, privacy and GDPR principles.
Because it's built to the UK standard, a UK-compliant Luciditi check will typically exceed equivalent requirements as similar laws are enacted across the world. As regulation evolves, our continual audit and certification keeps you protected.
Offer one method or a choice of several, configurable per integration, with options presented dynamically by target age. Each is Highly Effective and privacy-preserving.
A quick selfie with liveness and presentation-attack detection. Luciditi sets the right age buffer for you: a low-friction way to clear the majority of users in seconds.
A live selfie matched 1:1 to the photo on a scanned ID document, with full authenticity checks across 14,000+ document types. No trace of the document is ever retained.
The user signs in to their own bank and consents to share a single age attribute. Luciditi receives only true / false, never any account or personal information.
Single-tap consent from the free Luciditi app or interoperable wallets on the network. Prove your age once, re-use it everywhere, biometrically bound to the user's device.
A one-time code proves possession of the number; an operator lookup confirms it belongs to an age-verified adult. Across all four primary UK networks in around 1.5 seconds.
A PCI DSS Level 1, 3D Secure zero-value authorisation infers 18+ from card ownership. Universally applicable and considered Highly Effective by Ofcom.
Methods can run on their own or combined to offer user choice with auto step-up if a result fails or is inconclusive, keeping more users moving and preventing drop off for genuine users.
Whichever you choose, the result is the same anonymous, signed yes / no, and the integration is built around patterns your developers already know.
Immediate verification at the moment it's needed: an age gate, a registration step, a checkout. Launch via a simple redirect, or embed it inside your own UI with an iFrame.
Send the user a secure link to verify in their own time. Luciditi delivers it by SMS or email for you, or you distribute it however you like: in-app, your own template, anywhere.
No user interaction at all. Pass data you already hold to the Trust API and receive the result of the check directly in the response: the simplest flow of all.
Luciditi Trust enables secure server-to-server communication through RESTful APIs, protected with Bearer authentication and JWTs, built on OAuth 2.0. Results are cryptographically signed so you can validate every response with your public key.
Authenticate with your client credentials and request a Verify Now, Later or Silently session.
Redirect, embed an iFrame, or send a secure link. Mobile apps integrate via a WebView component with sample apps in multiple languages.
Receive a boolean true / false against your age criteria. Verify the signature, and you're done. No PII to store, ever.
Luciditi Trust is a REST API built on OAuth 2.0 and JWTs. Authenticate, start a session, read a signed yes / no. No additional infrastructure to host.
POST your Client ID and Secret from your backend. You receive a short-lived Bearer JWT, valid for 20 minutes and reusable for the whole check.
Choose your methods and minimum age, then call Verify Now, Later or Silently. You get back a resultId and a link that launches Luciditi Trust.
Fetch the result and checkresult.verifieda true / false against your age criteria. Validate the signature with your public key. Nothing to store, no PII retained.
const API = "https://trustapi********/api/v1.0/external";
const clientID = "your-client-id-here";
const clientSecret = "your-client-secret-here";
// 1 · Authenticate from your backend, never the browser
const { access_token } = await fetch(`${API}/auth`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ clientID, clientSecret })
}).then(r => r.json());
// 2 · Start a Verify Now session, pick the methods + minimum age
const ageDetails = {
version: "1.0",
requiredAge: 18,
ageAssuranceProducts: ["ageFaceEstimation", "digitalId", "openBanking"]
};
const { resultId, link } = await fetch(`${API}/verify-now/redirect`, {
method: "POST",
headers: { Authorization: `Bearer ${access_token}`, "Content-Type": "application/json" },
body: JSON.stringify({ ageDetails, redirectUrl: "https://your.site/age/return" })
}).then(r => r.json());
// → send the user to `link`; they verify; you return to redirectUrl
// 3 · Retrieve the signed, anonymous result
const { result, signature } = await fetch(`${API}/result/${clientID}/${resultId}`,
{ headers: { Authorization: `Bearer ${access_token}` } }
).then(r => r.json());
if (result.verified) grantAccess(); // true / false, no DOB, no PII, nothing retainedimport requests
API = "https://trustapi********/api/v1.0/external"
client_id = "your-client-id-here"
client_secret = "your-client-secret-here"
# 1 · Authenticate from your backend, never the browser
auth = requests.post(f"{API}/auth", json={
"clientID": client_id,
"clientSecret": client_secret,
}).json()
token = auth["access_token"]
# 2 · Start a Verify Now session, pick the methods + minimum age
age_details = {
"version": "1.0",
"requiredAge": 18,
"ageAssuranceProducts": ["ageFaceEstimation", "digitalId", "openBanking"],
}
session = requests.post(f"{API}/verify-now/redirect",
headers={"Authorization": f"Bearer {token}"},
json={"ageDetails": age_details, "redirectUrl": "https://your.site/age/return"},
).json()
# → send the user to session["link"]; they verify; you return to redirectUrl
# 3 · Retrieve the signed, anonymous result
res = requests.get(f"{API}/result/{client_id}/{session['resultId']}",
headers={"Authorization": f"Bearer {token}"}).json()
if res["result"]["verified"]: # True / False, no DOB, no PII, nothing retained
grant_access()using System.Net.Http.Json;
using System.Text.Json.Serialization;
using var http = new HttpClient { BaseAddress = new("https://trustapi********/api/v1.0/external/") };
var yourClientId = "your-client-id-here";
var yourClientSecret = "your-client-secret-here";
// 1 · Authenticate from your backend, never the browser
var authResponse = await http.PostAsJsonAsync("auth",
new
{
clientID = yourClientId,
clientSecret = yourClientSecret
}
);
var authResponseContent = await authResponse.Content.ReadFromJsonAsync<TrustAuthResponse>();
http.DefaultRequestHeaders.Authorization = new("Bearer", authResponseContent.access_token);
// 2 · Start a Verify Now session, pick the methods + minimum age
var ageDetails = new
{
version = "1.0",
requiredAge = 18,
ageAssuranceProducts = new[] { "ageFaceEstimation", "digitalId", "openBanking" }
};
var newSessionResponse = await http.PostAsJsonAsync("verify-now/redirect",
new {
ageDetails,
redirectUrl = "https://your.site/age/return"
}
);
var redirectSessionContent = await newSessionResponse.Content.ReadFromJsonAsync<RedirectUrlResponse>();
// → send the user to session.link; they verify; you return to redirectUrl
// 3 · Retrieve the signed, anonymous result
var result = await http.GetFromJsonAsync<AgeResult>($"result/{yourClientId}/{redirectSessionContent.ResultId}");# 1 · Authenticate (server-side) → returns a 20-minute Bearer JWT
curl -X POST https://trustapi********/api/v1.0/external/auth \
-H "Content-Type: application/json" \
-d '{"clientID":"your-client-id-here","clientSecret":"your-client-secret-here"}'
# 2 · Start a Verify Now session with your methods + minimum age
curl -X POST https://trustapi********/api/v1.0/external/verify-now/redirect \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"ageDetails":{"version":"1.0","requiredAge":18,"ageAssuranceProducts":["ageFaceEstimation","digitalId","openBanking"]},"redirectUrl":"https://your.site/age/return"}'
# 3 · Retrieve the signed result once the user has finished
curl https://trustapi********/api/v1.0/external/result/$CLIENT_ID/$RESULT_ID \
-H "Authorization: Bearer $TOKEN"
# → { "product": "age_assurance", "result": { "verified": true }, "signature": "…" }Tell us about your use case and we'll show you the lightest way to meet it. Request the API docs and test with our Postman collection and demo credentials, or book a 20-minute walkthrough — we'll help you go live in days, not weeks.