Liveness Detection API

Liveness Detection API — Quickstart Guide

This guide walks you through the five steps from subscribing on AWS Marketplace to sending your first liveness detection (anti-spoofing) request.

Item	Value
API base URL	`https://liveness.api.pas-ta.io`
Customer dashboard	`https://liveness.api.pas-ta.io/console/dashboard`
Authentication method	`X-API-Key` header
Content type	`application/json` (UTF-8)

Open the Liveness Detection API (Liveness Check API) product page on AWS Marketplace.
Select a plan from View purchase options.

Plan Monthly calls Monthly price

Starter 1,000 $180

Standard 5,000 $750

Professional 10,000 $1,200

Business 30,000 $2,400

Enterprise 100,000+ (custom) $5,000+

Note: The behavior when you exceed the limit (continue on a pay-as-you-go basis / stop the API) can be switched later from the dashboard.
Once you click Subscribe, you are automatically redirected to our onboarding screen immediately after the subscription completes.

Plan	Monthly calls	Monthly price
Starter	1,000	$180
Standard	5,000	$750
Professional	10,000	$1,200
Business	30,000	$2,400
Enterprise	100,000+ (custom)	$5,000+

Step 2. Register your account information and verify your email

On the onboarding screen, your AWS Account ID and Subscription ID are displayed automatically (no input required).

Enter the following items and click Continue.

Item	Required	Notes
First name / Last name	Required	Name of the person in charge
Work email	Required	This becomes your login ID and the destination for various notifications
Company name	Required
Company website	Required	In the format `https://example.com`

A verification link (valid for 24 hours) is sent to the email address you entered. Open the link to verify your email address.

Step 3. Set a password and activate your account

From the verification link, proceed to the password setup screen.
Set a password (at least 8 characters, including at least one uppercase letter, one lowercase letter, one number, and one symbol).
Once setup is complete, your account is activated and two API keys, Primary and Secondary, are issued automatically. You are then taken to the login screen of the customer dashboard.

Step 4. Obtain your API keys

Log in to the customer dashboard at https://liveness.api.pas-ta.io/console/dashboard.
The two keys, Primary and Secondary, are shown on the API Keys screen (in the list, only the leading prefix is displayed, such as lc_abc12…).
The full key is displayed only once, on the screen right after account activation in Step 3. If you did not save it, issue a new key with Regenerate on the dashboard (the old key is invalidated immediately, and the new key is shown once, on the spot).

About the two-key scheme: Normally, you use the Primary key. In the unlikely event that a key is leaked, you can rotate without downtime by using the Secondary key while you swap out your code and then regenerating the Primary key.

Step 5. Send your first detection request

Base64-encode the face image and send it to POST /v1/check/liveness.

# Base64-encode the image and pass the body via stdin (macOS: base64 -i / Linux: base64 -w0)
{ printf '{"image": "'; base64 -i face.jpg | tr -d '\n'; printf '", "image_format": "jpeg"}'; } \
| curl -X POST https://liveness.api.pas-ta.io/v1/check/liveness \
  -H "X-API-Key: lc_abc12xxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  --data-binary @-

Expanding the Base64 string directly into an argument, as in -d "$(base64 ...)", fails with argument list too long for larger images due to the shell’s argument-length limit. The stdin approach above works up to the API’s 10 MB limit (tr -d '\n' is required to keep the JSON valid).

Field	Required	Description
`image`	○	Base64-encoded image (up to 10MB)
`image_format`	○	`"jpeg"` or `"png"`

Example response (200 OK):

{
  "metadata": {
    "ver": "1.0.1",
    "customer_id": "550e8400-e29b-41d4-a716-446655440000",
    "remaining_calls": 3850,
    "over_limit_calls": 0,
    "status": "success"
  },
  "data": {
    "isFakeFace": false,
    "isFakeLikelihood": 0.987,
    "isValidFace": true,
    "faceBrightness": 142.3,
    "latency_ms": 120
  }
}

How to read the Processing Result: isFakeFace (true = suspected photo or spoof) is a reference verdict that becomes true when isFakeLikelihood (a score from 0.0 to 1.0) exceeds the default threshold of 0.15. For stricter operation, evaluate isFakeLikelihood against a threshold on your side.

About billing: Only successful detection responses are counted as calls. Error responses (4xx/5xx), GET /v1/usage, GET /v1/health, and dashboard operations are not counted.

Next steps

Check your usage: GET /v1/usage (returns the current month’s call count, remaining credits, and plan).
Common errors: 401 invalid_api_key (invalid key) / 400 invalid_image (no face detected or corrupted image) / 429 quota_exceeded (limit reached with the stop setting enabled). See the FAQ for details.
Rate limits: In addition to the monthly credit limit per plan, there is overall throttling for fair use (429). This is not an individual guarantee of an instantaneous rate.