Aizel Face Authentication Powered by TEE
Overview
Get Started
Try It
API Docs
Examples

Aizel Face Authentication

A privacy-first face authentication API built on Trusted Execution Environment (TEE) technology. Designed for applications that require secure, verifiable identity checks without compromising user biometric data.

TEE-Protected Biometric Processing

What is TEE?

Trusted Execution Environment (TEE) is a secure area within a processor that guarantees code and data loaded inside are protected with respect to confidentiality and integrity. Aizel leverages TEE to ensure:

  • Biometric templates are processed in hardware-isolated enclaves
  • Face embeddings never leave the secure boundary in plaintext
  • Even infrastructure operators cannot access raw biometric data
  • Attestation proofs verify the integrity of every computation

How It Works

  1. Register — Create an account and receive an API key with 100 free calls
  2. Enroll — Upload a reference face photo with a label (processed inside TEE)
  3. Verify — Submit a new photo to match against enrolled faces
  4. All matching is performed within the TEE enclave with encrypted templates

Use Cases

Identity Verification (KYC)

Verify that the person submitting documents matches their photo ID. Suitable for fintech onboarding, exchange registration, and remote account opening.

Access Control

Secure physical or digital access points with face-based authentication. Replace passwords or 2FA tokens with biometric verification for high-security environments.

Attendance & Check-in

Automated attendance tracking for events, workplaces, or educational institutions without manual ID checks.

Web3 Identity Layer

Combine with on-chain identity protocols to create sybil-resistant, privacy-preserving proof-of-personhood for DAOs, airdrops, and governance.

TEE Security Architecture

Aizel Face Authentication runs inside an Intel SGX / ARM TrustZone enclave. The security model provides:

  • Data Isolation — Face images are decrypted only inside the enclave; host OS cannot inspect memory
  • Remote Attestation — Clients can verify the enclave is running unmodified Aizel code before submitting data
  • Sealed Storage — Biometric templates are encrypted with enclave-specific keys; migration between hardware requires re-enrollment
  • Minimal TCB — The Trusted Computing Base is limited to the enclave runtime, reducing attack surface

This architecture ensures that even in the event of a server compromise, biometric data remains cryptographically protected.

Get Started

Create an account to receive your API key. Each account includes 100 free API calls for evaluation.


Quick Start Guide

  1. Register above to get your API key
  2. Use the Try It tab to test face enrollment and verification with your camera
  3. Integrate into your application using the API Docs tab
  4. Each enroll / verify / search call consumes 1 quota unit

Quota is one-time and non-renewable in the free tier. Contact contact@aizelnetwork.com for enterprise plans.

API Key

Enroll Face

Capture or upload a reference photo to register a face identity.


Verify Face (1:1)

Match a live photo against an enrolled face to verify identity.


Authentication

All API requests (except registration and login) require authentication via the X-API-Key header.

X-API-Key: your_api_key_here

You receive an API key upon registration. Each key has an associated quota (default: 100 calls). Once exhausted, the API returns 403 Quota exhausted.

Base URL

https://face.aizelnetwork.com/api/v1

Development endpoint: http://47.82.171.34:8900/api/v1

Endpoints Reference

MethodPathDescriptionAuth
POST/auth/registerCreate account, receive API keyNone
POST/auth/loginLogin, receive JWT tokenNone
GET/auth/quotaCheck remaining quotaAPI Key
POST/face/enrollRegister a face (costs 1 call)API Key
POST/face/verify1:1 face verification (costs 1 call)API Key
POST/face/search1:N face search (costs 1 call)API Key
DELETE/face/{face_id}Remove an enrolled faceAPI Key
GET/face/listList all enrolled facesAPI Key

POST /auth/register

Create a new account and receive an API key with initial quota.

Request Body

{ "email": "user@example.com", "password": "your_secure_password" }

Response (200)

{ "code": 0, "message": "success", "data": { "api_key": "7f4dda66bfbc4847...29f7", "quota_remaining": 100 } }

Errors

  • 400 — Email already registered

POST /face/enroll

Register a face into your personal face database. Each user has an isolated face store.

Request Body

{ "image_base64": "<base64-encoded JPEG/PNG>", "label": "john_doe" }

Response (200)

{ "code": 0, "message": "success", "data": { "face_id": "3e1ab016-4ed8-456b-a57c-38a048f93d92", "label": "john_doe", "quota_remaining": 99 } }

Notes

  • Image must contain exactly one clearly visible face
  • Recommended: frontal face, good lighting, min 200x200px
  • Max image size: 4MB (base64 encoded)
  • Supported formats: JPEG, PNG, BMP

POST /face/verify

Compare a photo against a specific enrolled face (1:1 matching).

Request Body

{ "image_base64": "<base64-encoded image>", "face_id": "3e1ab016-4ed8-456b-a57c-38a048f93d92" }

Response (200)

{ "code": 0, "message": "success", "data": { "matched": true, "confidence": 0.9847, "face_id": "3e1ab016...", "quota_remaining": 98 } }

Confidence Thresholds

  • > 0.80 — Strong match (recommended for access control)
  • 0.60 - 0.80 — Probable match (suitable for attendance)
  • < 0.60 — No match

POST /face/search

Search a photo against all enrolled faces (1:N matching).

Request Body

{ "image_base64": "<base64-encoded image>", "limit": 5 }

Response (200)

{ "code": 0, "message": "success", "data": { "matches": [ {"face_id": "3e1ab016...", "label": "john_doe", "confidence": 0.9847}, {"face_id": "a2c4f789...", "label": "jane_doe", "confidence": 0.4231} ], "quota_remaining": 97 } }

SDK Examples

Python

import requests, base64 API = "http://47.82.171.34:8900/api/v1" KEY = "your_api_key" headers = {"X-API-Key": KEY, "Content-Type": "application/json"} # 1. Enroll a face with open("photo.jpg", "rb") as f: img = base64.b64encode(f.read()).decode() r = requests.post(f"{API}/face/enroll", headers=headers, json={"image_base64": img, "label": "john_doe"}) face_id = r.json()["data"]["face_id"] print(f"Enrolled: {face_id}") # 2. Verify identity with open("verify.jpg", "rb") as f: img2 = base64.b64encode(f.read()).decode() r = requests.post(f"{API}/face/verify", headers=headers, json={"image_base64": img2, "face_id": face_id}) result = r.json()["data"] print(f"Match: {result['matched']}, Confidence: {result['confidence']}")

JavaScript / Node.js

const fs = require('fs'); const API = 'http://47.82.171.34:8900/api/v1'; const KEY = 'your_api_key'; async function enroll(imagePath, label) { const img = fs.readFileSync(imagePath).toString('base64'); const res = await fetch(`${API}/face/enroll`, { method: 'POST', headers: {'X-API-Key': KEY, 'Content-Type': 'application/json'}, body: JSON.stringify({image_base64: img, label}) }); return res.json(); } async function verify(imagePath, faceId) { const img = fs.readFileSync(imagePath).toString('base64'); const res = await fetch(`${API}/face/verify`, { method: 'POST', headers: {'X-API-Key': KEY, 'Content-Type': 'application/json'}, body: JSON.stringify({image_base64: img, face_id: faceId}) }); return res.json(); }

cURL

# Register curl -X POST http://47.82.171.34:8900/api/v1/auth/register \ -H "Content-Type: application/json" \ -d '{"email":"user@example.com","password":"pass123"}' # Enroll (with base64 image from file) IMG=$(base64 -w0 photo.jpg) curl -X POST http://47.82.171.34:8900/api/v1/face/enroll \ -H "X-API-Key: your_key" \ -H "Content-Type: application/json" \ -d "{\"image_base64\":\"$IMG\",\"label\":\"john\"}" # Verify curl -X POST http://47.82.171.34:8900/api/v1/face/verify \ -H "X-API-Key: your_key" \ -H "Content-Type: application/json" \ -d "{\"image_base64\":\"$IMG\",\"face_id\":\"abc123\"}" # Check quota curl http://47.82.171.34:8900/api/v1/auth/quota \ -H "X-API-Key: your_key"

Error Codes

HTTP StatusMeaning
400Bad request — invalid parameters or duplicate email
401Unauthorized — missing or invalid API key
403Forbidden — quota exhausted
404Not found — face_id does not exist
500Server error — face processing failed (check image quality)

All error responses follow the format: {"detail": "error message"}

Rate Limits & Quotas

  • Free tier: 100 API calls per account (one-time, non-renewable)
  • Rate limit: 10 requests per second per API key
  • Max face database size: 1,000 faces per account
  • Image size limit: 4MB (base64 encoded)

For higher limits or enterprise deployment, contact contact@aizelnetwork.com.

Live Test Results

The following are real API responses captured during integration testing:

1. Face Enrollment — Success

POST /face/enroll
{
  "code": 0,
  "message": "success",
  "data": {
    "face_id": "3e1ab0164ed8456ba57c38a048f93d92",
    "label": "test_person",
    "quota_remaining": 96
  }
}

2. Face Verification — Different Person (No Match)

POST /face/verify → confidence: 0.2809
{
  "code": 0,
  "message": "success",
  "data": {
    "matched": false,
    "confidence": 0.2809,
    "face_id": "3e1ab0164ed8456ba57c38a048f93d92",
    "quota_remaining": 95
  }
}

3. List Enrolled Faces

GET /face/list
{
  "code": 0,
  "message": "success",
  "data": {
    "faces": [
      {"face_id": "3e1ab016...", "label": "test_person", "created_at": "2026-05-22 15:46:54"},
      {"face_id": "f9b9c187...", "label": "test_person", "created_at": "2026-05-22 15:46:17"}
    ],
    "total": 2
  }
}

4. Quota Check

GET /auth/quota
{
  "code": 0,
  "message": "success",
  "data": {
    "quota_remaining": 95,
    "email": "facetest@aizel.io"
  }
}

Integration Scenarios

Scenario A: Secure Login Flow

1. User registers → receives API key 2. User enrolls their face (selfie) → stores face_id 3. On each login attempt: - Capture live photo via webcam - POST /face/verify with stored face_id - If confidence > 0.80 → grant access - If confidence < 0.60 → deny + alert

Scenario B: KYC Onboarding

1. User uploads government ID photo → enroll as "id_photo" 2. User takes live selfie → verify against "id_photo" 3. If confidence > 0.75 → ID ownership confirmed 4. Store face_id for future re-verification

Scenario C: Multi-user Access Control

1. Admin enrolls all authorized personnel 2. Camera captures visitor face 3. POST /face/search with limit=1 4. If top match confidence > 0.80 → unlock 5. Log all attempts to usage_logs for audit

Disclaimer

  • This service is provided "as-is" for evaluation, development, and authorized business use only.
  • Aizel Network does not store raw face images after processing. Only encrypted biometric templates are retained within TEE-protected storage.
  • Users are responsible for obtaining proper consent from individuals whose faces are enrolled.
  • This service must not be used for mass surveillance, unauthorized tracking, or any purpose that violates applicable privacy laws (GDPR, CCPA, PDPA, etc.).
  • Aizel Network is not liable for damages arising from misuse, unauthorized access, or service interruptions.
  • Accuracy depends on image quality, lighting conditions, and face visibility. Do not use as sole authentication factor for life-critical systems.
  • Free tier quota is non-refundable and non-transferable.

For enterprise licensing, SLA guarantees, or compliance documentation, contact:
contact@aizelnetwork.com