Aizel Face Authentication
A privacy-first face authentication API built on Trusted Execution Environment (TEE) technology. Designed for applications that require secure, verifiable identity checks without compromising user biometric data.
What is TEE?
Trusted Execution Environment (TEE) is a secure area within a processor that guarantees code and data loaded inside are protected with respect to confidentiality and integrity. Aizel leverages TEE to ensure:
- Biometric templates are processed in hardware-isolated enclaves
- Face embeddings never leave the secure boundary in plaintext
- Even infrastructure operators cannot access raw biometric data
- Attestation proofs verify the integrity of every computation
How It Works
- Register — Create an account and receive an API key with 100 free calls
- Enroll — Upload a reference face photo with a label (processed inside TEE)
- Verify — Submit a new photo to match against enrolled faces
- All matching is performed within the TEE enclave with encrypted templates
Use Cases
Identity Verification (KYC)
Verify that the person submitting documents matches their photo ID. Suitable for fintech onboarding, exchange registration, and remote account opening.
Access Control
Secure physical or digital access points with face-based authentication. Replace passwords or 2FA tokens with biometric verification for high-security environments.
Attendance & Check-in
Automated attendance tracking for events, workplaces, or educational institutions without manual ID checks.
Web3 Identity Layer
Combine with on-chain identity protocols to create sybil-resistant, privacy-preserving proof-of-personhood for DAOs, airdrops, and governance.
TEE Security Architecture
Aizel Face Authentication runs inside an Intel SGX / ARM TrustZone enclave. The security model provides:
- Data Isolation — Face images are decrypted only inside the enclave; host OS cannot inspect memory
- Remote Attestation — Clients can verify the enclave is running unmodified Aizel code before submitting data
- Sealed Storage — Biometric templates are encrypted with enclave-specific keys; migration between hardware requires re-enrollment
- Minimal TCB — The Trusted Computing Base is limited to the enclave runtime, reducing attack surface
This architecture ensures that even in the event of a server compromise, biometric data remains cryptographically protected.
Get Started
Create an account to receive your API key. Each account includes 100 free API calls for evaluation.
Quick Start Guide
- Register above to get your API key
- Use the Try It tab to test face enrollment and verification with your camera
- Integrate into your application using the API Docs tab
- Each enroll / verify / search call consumes 1 quota unit
Quota is one-time and non-renewable in the free tier. Contact contact@aizelnetwork.com for enterprise plans.
API Key
Enroll Face
Capture or upload a reference photo to register a face identity.
Verify Face (1:1)
Match a live photo against an enrolled face to verify identity.
Authentication
All API requests (except registration and login) require authentication via the X-API-Key header.
You receive an API key upon registration. Each key has an associated quota (default: 100 calls). Once exhausted, the API returns 403 Quota exhausted.
Base URL
Development endpoint: http://47.82.171.34:8900/api/v1
Endpoints Reference
| Method | Path | Description | Auth |
|---|---|---|---|
| POST | /auth/register | Create account, receive API key | None |
| POST | /auth/login | Login, receive JWT token | None |
| GET | /auth/quota | Check remaining quota | API Key |
| POST | /face/enroll | Register a face (costs 1 call) | API Key |
| POST | /face/verify | 1:1 face verification (costs 1 call) | API Key |
| POST | /face/search | 1:N face search (costs 1 call) | API Key |
| DELETE | /face/{face_id} | Remove an enrolled face | API Key |
| GET | /face/list | List all enrolled faces | API Key |
POST /auth/register
Create a new account and receive an API key with initial quota.
Request Body
Response (200)
Errors
400— Email already registered
POST /face/enroll
Register a face into your personal face database. Each user has an isolated face store.
Request Body
Response (200)
Notes
- Image must contain exactly one clearly visible face
- Recommended: frontal face, good lighting, min 200x200px
- Max image size: 4MB (base64 encoded)
- Supported formats: JPEG, PNG, BMP
POST /face/verify
Compare a photo against a specific enrolled face (1:1 matching).
Request Body
Response (200)
Confidence Thresholds
> 0.80— Strong match (recommended for access control)0.60 - 0.80— Probable match (suitable for attendance)< 0.60— No match
POST /face/search
Search a photo against all enrolled faces (1:N matching).
Request Body
Response (200)
SDK Examples
Python
JavaScript / Node.js
cURL
Error Codes
| HTTP Status | Meaning |
|---|---|
| 400 | Bad request — invalid parameters or duplicate email |
| 401 | Unauthorized — missing or invalid API key |
| 403 | Forbidden — quota exhausted |
| 404 | Not found — face_id does not exist |
| 500 | Server error — face processing failed (check image quality) |
All error responses follow the format: {"detail": "error message"}
Rate Limits & Quotas
- Free tier: 100 API calls per account (one-time, non-renewable)
- Rate limit: 10 requests per second per API key
- Max face database size: 1,000 faces per account
- Image size limit: 4MB (base64 encoded)
For higher limits or enterprise deployment, contact contact@aizelnetwork.com.
Live Test Results
The following are real API responses captured during integration testing:
1. Face Enrollment — Success
{
"code": 0,
"message": "success",
"data": {
"face_id": "3e1ab0164ed8456ba57c38a048f93d92",
"label": "test_person",
"quota_remaining": 96
}
}
2. Face Verification — Different Person (No Match)
{
"code": 0,
"message": "success",
"data": {
"matched": false,
"confidence": 0.2809,
"face_id": "3e1ab0164ed8456ba57c38a048f93d92",
"quota_remaining": 95
}
}
3. List Enrolled Faces
{
"code": 0,
"message": "success",
"data": {
"faces": [
{"face_id": "3e1ab016...", "label": "test_person", "created_at": "2026-05-22 15:46:54"},
{"face_id": "f9b9c187...", "label": "test_person", "created_at": "2026-05-22 15:46:17"}
],
"total": 2
}
}
4. Quota Check
{
"code": 0,
"message": "success",
"data": {
"quota_remaining": 95,
"email": "facetest@aizel.io"
}
}
Integration Scenarios
Scenario A: Secure Login Flow
Scenario B: KYC Onboarding
Scenario C: Multi-user Access Control
Disclaimer
- This service is provided "as-is" for evaluation, development, and authorized business use only.
- Aizel Network does not store raw face images after processing. Only encrypted biometric templates are retained within TEE-protected storage.
- Users are responsible for obtaining proper consent from individuals whose faces are enrolled.
- This service must not be used for mass surveillance, unauthorized tracking, or any purpose that violates applicable privacy laws (GDPR, CCPA, PDPA, etc.).
- Aizel Network is not liable for damages arising from misuse, unauthorized access, or service interruptions.
- Accuracy depends on image quality, lighting conditions, and face visibility. Do not use as sole authentication factor for life-critical systems.
- Free tier quota is non-refundable and non-transferable.
For enterprise licensing, SLA guarantees, or compliance documentation, contact:
contact@aizelnetwork.com