Create Document Process

This endpoint handles two document flows that share the same path but differ in body parameters:

• New capture — submits document image(s) in base64 for processing (document.files required).
• Reuse — skips capture by referencing a previously captured document (document.documentId required).

The active flow is determined by whether document.documentId is provided in the request body.

Before creating a document process, use Get Reusable Documents to check if the user already has a document available for reuse.

For the full integration flow, see API Overview.

Endpoint

Environment	URL
Production	POST https://api.id.unico.app/processes/v1
Sandbox	POST https://api.id.uat.unico.app/processes/v1

Request

Headers

Header	Value
Authorization	Bearer <access_token> (see Authentication)
APIKEY	Provisioned API key with Document Capture and Reuse enabled.
Content-Type	application/json

Body parameters

New capture

Field	Type	Required	Description
subject.duiType	string	yes	Identifier type. Possible values: DUI_TYPE_BR_CPF, DUI_TYPE_MX_CURP, DUI_TYPE_US_SSN, DUI_TYPE_NG_NIN, DUI_TYPE_AR_DNI, DUI_TYPE_ID_NIK.
subject.code	string	yes	User identifier value as defined by subject.duiType. No dots or dashes.
subject.name	string	no	Full name.
subject.gender	string	no	M or F.
subject.birthDate	string (ISO 8601)	no	Date of birth (YYYY-MM-DD).
subject.email	string	no	Email address.
subject.phone	string	no	E.164 phone number.
document.purpose	string	yes	Business purpose. Values: creditprocess, carpurchase, paybypaycheck, onboarding, fgts.
document.authProcessId	string	yes	ID of the biometric process linked to this document capture.
document.files	array	yes	Document images in base64 (front and/or back).
document.files[].data	string	yes	Document image in base64 (PNG, JPEG or WebP, max 800 KB).
subsidiaryId	string	no	Branch ID — required only if multiple branches exist.

Reuse

Field	Type	Required	Description
subject.duiType	string	yes	Identifier type. Possible values: DUI_TYPE_BR_CPF, DUI_TYPE_MX_CURP, DUI_TYPE_US_SSN, DUI_TYPE_NG_NIN, DUI_TYPE_AR_DNI, DUI_TYPE_ID_NIK.
subject.code	string	yes	User identifier value as defined by subject.duiType. No dots or dashes.
subject.name	string	no	Full name.
subject.gender	string	no	M or F.
subject.birthDate	string (ISO 8601)	no	Date of birth (YYYY-MM-DD).
subject.email	string	no	Email address.
subject.phone	string	no	E.164 phone number.
document.purpose	string	yes	Business purpose. Values: creditprocess, carpurchase, paybypaycheck, onboarding, fgts.
document.authProcessId	string	yes	ID of the biometric process linked to this document.
document.documentId	string	yes	ID of a previously captured document (obtained from Get Reusable Documents). When provided, document.files can be omitted.
subsidiaryId	string	no	Branch ID — required only if multiple branches exist.

Example

New capture — cURL

curl -X POST https://api.id.unico.app/processes/v1 \
  -H "Authorization: Bearer $TOKEN" \
  -H "APIKEY: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "subject": {
      "duiType": "DUI_TYPE_BR_CPF",
      "code": "12345678909",
      "name": "Luke Skywalker"
    },
    "document": {
      "purpose": "onboarding",
      "authProcessId": "80371b2a-3ac7-432e-866d-57fe37896ac6",
      "files": [
        { "data": "/9j/4AAQSkZJR..." }
      ]
    }
  }'

New capture — Node.js

import fetch from 'node-fetch';

const res = await fetch('https://api.id.unico.app/processes/v1', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.UNICO_ACCESS_TOKEN}`,
    'APIKEY': process.env.UNICO_API_KEY,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    subject: {
      duiType: 'DUI_TYPE_BR_CPF',
      code: '12345678909',
      name: 'Luke Skywalker'
    },
    document: {
      purpose: 'onboarding',
      authProcessId: '80371b2a-3ac7-432e-866d-57fe37896ac6',
      files: [{ data: documentImageBase64 }]
    }
  })
});

const result = await res.json();

Reuse — cURL

curl -X POST https://api.id.unico.app/processes/v1 \
  -H "Authorization: Bearer $TOKEN" \
  -H "APIKEY: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "subject": {
      "duiType": "DUI_TYPE_BR_CPF",
      "code": "12345678909"
    },
    "document": {
      "purpose": "onboarding",
      "authProcessId": "80371b2a-3ac7-432e-866d-57fe37896ac6",
      "documentId": "doc-abc-123"
    }
  }'

Reuse — Node.js

import fetch from 'node-fetch';

const res = await fetch('https://api.id.unico.app/processes/v1', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.UNICO_ACCESS_TOKEN}`,
    'APIKEY': process.env.UNICO_API_KEY,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    subject: {
      duiType: 'DUI_TYPE_BR_CPF',
      code: '12345678909'
    },
    document: {
      purpose: 'onboarding',
      authProcessId: '80371b2a-3ac7-432e-866d-57fe37896ac6',
      documentId: 'doc-abc-123'
    }
  })
});

const result = await res.json();

Responses

200 OK

{
  "id": "80371b2a-3ac7-432e-866d-57fe37896ac6",
  "status": 3,
  "document": {
    "id": "doc-abc-123",
    "type": "unico.moja.dictionary.br.cnh.v2.Cnh",
    "cpfMatch": true,
    "faceMatch": true,
    "content": {
      "numero": "12345678",
      "nomeCivil": "Luke Skywalker",
      "dataNascimento": "2000-05-20T00:00:00Z",
      "categoria": "B",
      "dataExpiracao": "2030-05-20T00:00:00Z"
    },
    "fileUrls": [
      "https://storage.unico.app/documents/doc-abc-123/front.jpg"
    ]
  }
}

Field	Type	Description
id	string (UUID)	Process identifier.
status	integer	3 (finished with success), 5 (finished with failure).
document.id	string	Captured document identifier. Use this value in future document.documentId requests for reuse.
document.type	string	Identified document type. Possible values: unico.moja.dictionary.br.rg.v2.Rg, unico.moja.dictionary.br.cnh.v2.Cnh, unico.moja.dictionary.br.cin.v1.Cin, unico.moja.dictionary.br.passaporte.v1.Passaporte.
document.cpfMatch	boolean	true if the identifier extracted from the document matches subject.code.
document.faceMatch	boolean	true if the document face matches the biometric selfie from document.authProcessId.
document.content	object	Fields extracted via OCR. Structure varies by document type — see below.
document.fileUrls	array	Temporary URLs (10-minute validity) for downloading the document images.

400 Bad Request

The payload is malformed, the image is invalid, or required fields are missing. See Error Codes below.

403 Forbidden

Bearer token or APIKEY missing, expired, or invalid. See Authentication.

409 Conflict

The processId provided already exists for this tenant. See Error Codes below.

Error Codes

400 Bad Request

Code	Message	Description
99989	The document is invalid.	document object has an invalid structure.
99988	The document is empty.	document object is missing from the request body.
20900	O base64 informado não é válido.	The base64 parameter is invalid. Possible causes: it's not an image or it's an injection attempt.
20807	A imagem precisa estar no padrão HD ou possuir uma resolução superior a 640 x 480.	The resolution of the uploaded image is too low.
20509	The subject.name field is invalid.	subject.name contains invalid characters.
20508	The subject.gender field is invalid.	subject.gender must be M or F.
20507	O parâmetro subject.code é inválido.	Non-standard or non-existent identifier value.
20506	O base64 informado é muito grande. O tamanho máximo suportado é até 800kb.	Image size exceeds 800 KB; compress to JPEG92.
20505	O base64 informado não é suportado. Os formatos aceitos são png, jpeg e webp.	The base64 format is invalid or unsupported.
20068	The document.documentId or document.files parameter must be present.	Neither document.documentId nor document.files were provided.
20067	The document.purpose parameter is invalid.	Unrecognized value in document.purpose.
20066	The document.authProcessId parameter is invalid.	Invalid value in document.authProcessId.
20062	The useCase field is invalid.	Unrecognized value in the useCase field.
20021	The subject.phone field is invalid.	subject.phone format is invalid (IDD + area code + number, 13 chars).
20019	The subject.birthDate field is invalid.	subject.birthDate is outside ISO 8601 format (YYYY-MM-DD).
20009	O parâmetro imagebase64 não foi informado.	The document image parameter is missing.
20008	The subject.email field is invalid.	Invalid email format in subject.email.
20005	O parâmetro subject.code não foi informado.	The subject.code parameter is missing.
20004	O parâmetro subject não foi informado.	The subject parameter is missing.
20003	The request body is missing or invalid.	Null or invalid payload.
20002	O parâmetro APIKey não foi informado.	The APIKEY parameter is missing from the request header.
20001	O parâmetro authtoken não foi informado.	The integration token parameter is missing from the request header.
10508	The JWT with the captured face has already been used.	The JWT can only be used once.
10507	The JWT with the captured face is expired.	JWT expired; must be sent within 10 minutes.
10506	The imageBase64 field is not a valid JWT from SDK.	The imageBase64 is not a valid JWT generated by the SDK.

403 Forbidden

Code	Message	Description
30017	User does not have permission to perform this action.	Malformed JWT or user without permission to perform this operation.
10502	O token informado está expirado.	The access-token has expired.
10501	O token informado é inválido.	The authentication token is invalid.
10201	O AppKey informado é inválido.	The APIKEY is invalid or does not exist.

409 Conflict

Code	Message	Description
20073	The processID already exists.	The processId provided already exists for this tenant.

500 Internal Server Error

Code	Message	Description
99999	Internal failure! Try again later	When there is an internal error.

What's next

• To check if a document is already available before this call, see Get Reusable Documents.
• For biometric process creation (required for document.authProcessId), see Create Process.