Question

During testing of the 'Provide customer’s liveness record' API call (POST /liveness/records), we received 'INVALID_DATA' upon repeating the attempt. The logs show an error: 'Replay attack detected'.

Answer

This is a DIS server feature that blocks reply attack attempts. When this function is enabled in the DIS configuration file, it is not possible to send the same request (i.e. the same binary file) more than once. 

For testing purposes, this feature can be disabled in the DIS server configuration file (configuration/application.yaml) by setting

innovatrics.dot.dis.replay-attack-detection.enabled to false.

Additional Notes

For security reasons, it is not advisable to disable the feature during the production process.

See also change log https://developers.innovatrics.com/digital-onboarding/technical/remote/dot-dis/latest/documentation/#_1_41_0_2024_08_08

Relevant Product / Version

DIS server 1.41.0 +