Skip to main content

Getting Started

Scantrust Secure Codes (SSC) come with a secure graphic that serves as a copy-resistant anti-counterfeiting feature. These codes can be authenticated using the Scantrust Mobile App or the Scantrust Enterprise App (for iOS / Android). However, this requires users to download the dedicated app and for the phone to be supported, ie. to have a camera calibrated by Scantrust to perform video-auth.

To provide users with an alternative to app-based authentication, Scantrust developed the Photo-auth feature, which enables users to upload photos for authentication. This feature removes the need to download an app or use a calibrated phone. This document outlines the Scantrust API for Photo-auth.

Before implementing a custom landing page or integrating Photo-auth into your app, please review the notes below for implementation:

Supported Printing Technologies

Though all Scantrust Secure Codes work with photo-auth, it has been optimized for usage with digitally printed codes using HP Indigo technology. Make sure to check with your Scantrust Project Manager to make sure your codes are compatible with PhotoAuth..

Provide clear instructions to the end user

When using the Photo-auth endpoint, it's important to remember that bad quality photos will not authenticate. This means that landing pages or apps must provide clear instructions to end-users on how to take a good quality photo. These instructions should include:

  • The correct distance to hold the camera from the QR code. The camera should be as close as possible to the minimum focus distance to capture a large enough image of the secure graphic.
  • Tapping to focus the camera to prevent blurry images.
  • Zooming in on the QR code to ensure it's in focus.
  • Switching on the flash to capture the image with the best possible lighting, which can help to take a sharper image of the QR code.
  • Tilting the camera slightly to prevent glare when the flash is on.
  • Reminding the user that the QR code will not scan automatically and that they must take a photo.

For an example implementation see the Photo Auth Landing Page example.

Phone Camera limitations

Photo-auth is more flexible than video-auth in terms of phone compatibility, and most current smartphones are supported. However, some older phones or phones with poor camera quality may not take good photos. Additionally, some phones with adequate camera quality may be challenging to focus correctly. Factors that may affect photo quality can include image distortion by photo apps (like "beautification"), low-quality lenses, or lenses not optimized for close-up images.

To address these issues, the landing page or app that calls Photo-auth should have a mechanism for detecting repeated failures and notify the user that there could be an issue with their phone. By identifying possible issues early on, users can be informed and seek suitable alternatives to complete their authentication.

Landing Page Redirection

When using Photo-auth, the scan result only includes authentication data and does not handle the redirection of the user to a landing page. It's up to the client app to decide where to redirect the user. The "consumer_url" from the photo-auth API response can be used or the scan UUID can be used to look up additional campaign data through the Scantrust Consumer API. For more details, please refer to the Consumer API Documentation which can be found here:

Combatting Fake URLs

Counterfeiters often use a common tactic of creating fake landing pages with a fake QR code that mimics the look and function of your legitimate landing pages. To prevent this, it's essential to communicate with your users that Photo-auth can only be accessed through a trusted channel, such as a link from your official website or Facebook account.

If you need more information or have concerns regarding this issue, please contact your Scantrust Account Manager for advice and guidance. They can provide you with further information and assistance in navigating this complicated topic.