Frequently Asked Questions
General
What is Colleckt?
Colleckt is an identity verification platform designed for virtual address and mailbox providers to comply with USPS Form 1583 requirements. It automates the collection, extraction, and validation of identity documents.
How does the platform handle USPS 1583 compliance?
The platform provides a complete workflow for USPS 1583 compliance, including document collection (photo ID and proof of address), OCR extraction, automated validation against expected data, manual review capabilities, and audit trail logging.
What environments are available?
Each workspace has a production and sandbox environment. The sandbox behaves identically to production but isolates test data. Use the sandbox for integration testing.
What is a flow?
A flow defines the verification process configuration, including which document types are required, which document types are accepted per country, and which extraction providers are used. Two default flows are available: usps1583 and identity.
Authentication
How do I get an API token?
Log in to your workspace dashboard, navigate to Settings → API Tokens, and create a new token. The token is displayed only once — store it securely.
How long do API tokens last?
API tokens expire after 180 days by default. After expiration, a new token must be created.
What happens if my token is compromised?
Delete the compromised token from the dashboard immediately and create a new one. Update your application with the new token.
Can I have multiple API tokens?
Yes, you can create multiple tokens with different names. This is useful for distinguishing between environments (production vs development) or applications.
Verifications
What is the difference between expected data and extracted data?
Expected data is what you submit when creating a verification — the information the system should validate against. Extracted data is what OCR technology reads from the uploaded document images. Validation rules compare the two to determine matches.
How long does verification processing take?
Processing time depends on the extraction providers and document complexity. Most verifications complete within seconds to a few minutes after submission.
Can I update a verification after it's created?
Yes, you can update the expected data (person, address, documents) while the verification is in Started status using the PATCH endpoint. Once submitted, the verification cannot be modified.
What happens when a verification expires?
Verifications that are not submitted within the configured TTL expire. Expired verifications are in a terminal state and cannot be acted upon.
Can I cancel a verification?
Yes, verifications in Started, Submitted, Hold, or Double Check status can be canceled. Canceled verifications cannot be resumed or resubmitted.
Documents
What document types are supported?
Three categories: Photo ID (passport, driver license, ID card), Proof of Address (utility bill, bank statement), and Selfie (live capture for face matching).
What image formats are accepted?
Images must be base64-encoded JPEG or PNG. Maximum file size is 10 MB per side.
How are documents stored?
Document images are stored in Amazon S3 with server-side encryption. They are accessible via temporary signed URLs that expire after 30 minutes.
Can I replace a document after uploading?
Yes, delete the existing document and upload a new one. A verification can have at most one document per document type at any time.
What is a single-sided document?
Some documents (like US Passports) only require a front side image. Others (like US Driver Licenses) require both front and back. The requirement depends on the document type configuration for the selected country.
Decisions
What happens when a verification is approved?
The verification status changes to Approved, a verification finished event fires, and any configured webhooks are triggered.
What happens when a verification is rejected?
The verification status changes to Rejected, a verification finished event fires, and webhooks are triggered. The end user can resubmit with new documents.
What is Double Check status?
Double Check means the automated system could not make a clear decision and the verification needs manual review. A human reviewer examines the documents and extracted data, then either approves or rejects.
Can I override an automatic decision?
Yes, you can make manual decisions on individual documents using the Decisions endpoint or the dashboard. Manual decisions override the automated results.
Webhooks
What events can I subscribe to?
Eight events: verification.started, verification.submitted, verification.finished, verification.canceled, document.uploaded, document.canceled, decision.made, decision.canceled.
How do I verify webhook signatures?
Each webhook request includes a Signature header containing an HMAC-SHA256 hash of the request body. Verify this signature using your webhook's signing secret.
What if my webhook endpoint is down?
Failed deliveries are retried with exponential backoff. You can view failed deliveries in the webhook logs and manually resend them.
Can I test webhooks in the sandbox?
Yes, webhooks work identically in the sandbox environment. This is the recommended way to test your integration.
Billing
How am I charged?
Charges are based on the verifications processed in your workspace. Pricing is configured per flow and per product.
How do I view my invoices?
Navigate to Invoices in the workspace dashboard. Invoices can be downloaded as PDF files.
Users & Roles
What roles are available?
Four roles: Admin (full access), Supervisor (manage verifications and reviews), Reviewer (perform manual reviews), Read-Only (view-only access).
Can I change a user's role?
Yes, administrators can update any user's role from the user edit screen.
How do I invite a new user?
Navigate to Users, click Invite User, enter the user's details, and select a role. An invitation email is sent with a link to set up their account.
What happens when a user is deleted?
The user is soft-deleted. Their API tokens are invalidated, but their historical data (comments, activity) is preserved for audit purposes. Deleted users can be restored within a recovery window.
Troubleshooting
Why am I getting a 401 Unauthorized error?
Your API token is missing, invalid, or expired. Check that you are sending the Authorization: Bearer {token} header with a valid token.
Why am I getting a 422 Validation error?
One or more required fields are missing or invalid. Check the errors object in the response for specific field-level error messages.
Why is my verification stuck in "Started" status?
Verifications must be explicitly submitted to trigger processing. Upload the required documents and submit the verification using the submit endpoint.
Why did my webhook delivery fail?
Check the webhook logs for the error details. Common causes include network issues, invalid endpoints, SSL verification failures, and timeouts.
How do I get support?
Contact your account representative or reach out through the support channels provided during onboarding.