Skip to main content

CPR FAQs

Client Side Integration

How can a client restart the flow for a user?
  • In the workflow, add an input key (e.g., restartJourneyId)
  • The client passes the same value against this key normally
  • When the user journey needs to be restarted, the client changes this input value → this refreshes the transaction and the flow starts from the beginning
Why is a client still unable to call the generate-Auth-Token API even after whitelisting their IP?

Ensure that:

  • The IP is static
  • Compare the client's actual IP (from Kibana logs) with the whitelisted IP

HV Configs

Is CPR enabled by default?

No. CPR must be explicitly configured in the workflow.

What happens if both Local Resume and CPR are enabled?

CPR will take precedence. Best practice is to disable Local Resume if CPR is enabled.

Is it required to configure rate limits for CPR APIs?

No rate limit needs to be configured for CPR APIs.

Which SDK versions support CPR Auth?

WebSDK: 8.12.0 and above.

How does CPR handle S3 URLs that expire quickly?

CPR refreshes URLs when returning the stored state to the SDK.

User Journey

How many times can a user retry the Auth Flow?

Unlimited — there is no restriction on retry attempts.

What happens when a flow reaches an end state and the user tries to resume?

Depends on the configuration:

  • If exitOnEndStates is configured and the user reaches that state → journey doesn't restart, SDK closes
  • If resumeFrom is configured and status is auto_declined → flow resumes from the specified module
  • In other cases → flow restarts from the beginning
How often is the user journey's state updated?

Every time the user completes a simple module, the SDK calls the PUT Transaction API to save the latest progress.

When the user dropped off and came back, why did the flow restart instead of resuming?

The flow restarts due to:

  • State expiry — data retention period exceeded (default 14 days)
  • Workflow changes — hash mismatch between stored and current workflow (i.e., changes were made to the workflow)
  • Input parameter mismatch — client sent different parameters than the previous session
Is the state saved on each retake in selfie and ID card modules?

No. The PUT transaction API is only called after execution of each simple module (like API modules, Document Module), not on retakes within a module.

Will CPR expiry always be in sync with HVOne portal expiry?

For most cases, yes. Edge case:

  • Transaction T1 created on Day 1, appId has 14-day retention
  • Day 1: user completes 5 of 10 modules
  • Day 13: user completes 4 more modules, goes into error status
  • CPR expiry is still Day 14, but HVOne portal expiry extends to Day 27 (Day 13 + 14) because HVOne extends expiry on each successful FT call
  • If user returns on Day 15: must start from scratch on CPR
  • But on Day 15: data for modules completed on Day 13 is still visible in Case Management (modules from Day 1 would have expired on HVOne too)

CPR Auth

Do we support multiple authentication methods in a single flow?

No. Currently, CPR Auth supports only one authentication method per flow (mobile OTP or email OTP, not both).

InfoSec

Which region is CPR data stored?

Currently only stored in the India region.

How is sensitive API data protected?
  • PII data is encrypted at rest using Field Level Encryption at the database level
  • This is in addition to AWS's standard Encryption at Rest policies
Tags:
OwnerUnknown
Last reviewed onNever
Last updated onApr 10, 2026
Last updated bySrinija
Was this helpful?
Ask AI

Ask anything about the internal documentation

AI answers are based on internal documentation. Verify critical information.