Meimo ID

Platform

Everything identity requires, built as one system

Meimo ID isn't a bundle of separate vendors stitched together. Authentication, verification, biometrics, organizations, and the developer platform all share one identity record and one audit trail.

Authentication

One permanent Meimo ID per person — a zero-padded, never-reused identifier. Sign in with a password, a one-time code, or live face capture confirmed with a 4-digit PIN. Sessions are backed by real access/refresh JWT rotation, not client-trusted flags.

Identity verification (KYC)

Government ID and passport capture with a dedicated extraction pipeline. Passports are read from the ICAO 9303 machine-readable zone and checksum-validated — document number, date of birth, expiry, and a composite check all have to pass before a field is trusted. National IDs and licenses use structured label extraction. Every document carries full provenance: which engine ran, what came from the MRZ versus OCR, and the confidence behind each field.

Biometrics & liveness

Enrollment happens from a live, multi-frame selfie capture — not a single static photo. Sign-in re-runs 1:N face identification against enrolled users, confirmed with a device PIN. Duplicate-face detection flags when a new enrollment closely matches a different account, and every match is logged to an audit trail reviewers can see, never silently auto-resolved.

Organizations & KYB

A single Meimo ID can belong to any number of organizations, each with its own membership and role. Companies register and go through business verification (KYB) — legal name, registration number, country, and supporting documents — before their applications can request user data.

Risk & fraud signals

Rules-based scoring, not an opaque model: low OCR confidence, shared IP addresses across accounts, elevated failed-login history, and submission velocity each contribute a fixed, documented number of points. Every flagged submission is traceable back to the exact rule that fired.

Access control & permissions

Platform staff roles (support, admin, super admin) gate the console. Organization membership carries its own role per org. OAuth scopes are granted per consent, per application — an integration only ever sees what a user actually agreed to share.

Developer platform

Standards-compliant OAuth 2.0 authorization code flow with PKCE — "Continue with Meimo," built like Continue with Google. A versioned REST API, per-organization API keys, and outbound webhooks for real-time identity events.

Data minimization by design

Every OAuth scope maps to exactly what it discloses — identity, profile, phone — nothing bundled in by default. Claims returned from userinfo are filtered strictly by what was actually granted at consent, every time, not just at first authorization.

See it as a developer

Real endpoints, real OAuth flow, no sales call required to read the docs.

Developer platform