Quick Start

From API key to first signed JWT in three steps. Total time: a single sitting. The Lorica API is one POST. The response is a JWT. Your backend verifies it locally with the shared signing secret. There is no callback, no webhook, no eventual consistency.

1. Get sandbox keys

Express interest at /contact. Sandbox keys issue immediately. You receive an API key prefixed lorica-sbx- and a JWT signing secret. Production keys issue after your first verify call against sandbox clears.

2. Enroll a user

Call POST /v1/enroll with your user's identifier and one or more captured face frames as base64-encoded JPEGs. The API computes a 512-dimensional embedding, encrypts it Fernet-AES, and stores it keyed per tenant.

curl -X POST https://api.loricaapi.com/v1/enroll \
  -H "Authorization: Bearer lorica-sbx-..." \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "usr_4Z9X2fK8mPq",
    "frames": ["data:image/jpeg;base64,..."]
  }'

3. Verify on every high-risk action

When a user initiates a withdrawal or wire, call POST /v1/verify with fresh frames captured from their camera. The API validates and returns a signed JWT in 292ms median.

curl -X POST https://api.loricaapi.com/v1/verify \
  -H "Authorization: Bearer lorica-sbx-..." \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "usr_4Z9X2fK8mPq",
    "action": "withdrawal",
    "amt": "50000",
    "asset": "USDT",
    "frames": ["data:image/jpeg;base64,..."]
  }'

What you get back

The response contains a JWT. Decode and verify it locally with your signing secret:

{
  "jwt": "eyJhbGciOiJIUzI1NiI...",
  "verification_id": "ver_xK2mP9nL3jH",
  "match": true,
  "score": 0.9847,
  "iat": 1720123456,
  "exp": 1720123516
}

If match is true and score is above your threshold (typically 0.9 for standard withdrawals, 0.95 for whales), proceed with the action. The JWT is your audit artifact — store it alongside the transaction.