Glossary¶

Terms explained in plain English. Included: product-specific terms, technical concepts, acronyms, and potentially ambiguous words. Excluded: generic business terms and roles. If a non-technical reader might ask "What does this mean?"—it's here.

A¶

AI Agent¶

Software that performs tasks autonomously on behalf of a user—e.g., ChatGPT, Claude, Cowork. Moveris can verify that a live human authorized an AI agent's high-stakes action (e.g., wire transfer, contract signing).

In practice: When an AI agent is about to execute a consequential action, it calls Moveris to verify the user is present and authorized.

API¶

Application Programming Interface. A way for software to talk to another service. In our case, you send requests to Moveris servers, and they send back answers about whether a face is live or fake.

In practice: You call our API from your app or website to verify that a real person is in front of the camera.

API Key¶

A secret code that identifies you when you use the Moveris API. Think of it like a password—you must include it in every request, and you must keep it private.

In practice: You get your API key from the Moveris Developer Portal and send it in the X-API-Key header.

Attestation¶

A signed proof that a live human completed verification at a specific time. The Moveris MCP server returns attestations as JWT (ES256) so relying parties can verify them without calling the API.

In practice: After the user passes liveness, the agent receives an attestation containing verdict, confidence, timestamp, and action description. You can store it for audit or compliance (e.g., EU AI Act Article 14).

B¶

Babel¶

A tool that transforms modern JavaScript (or TypeScript) into code that older browsers and runtimes can run. It lets developers use the latest language features while supporting more environments.

In practice: When you build a React or React Native app, Babel often runs behind the scenes to compile your code.

Boolean¶

A data type that has only two values: true or false. Used in programming and API responses to represent yes/no, on/off, or similar binary states.

Bot¶

Software that runs automatically without human control. Bots can be benign (e.g., search engines) or malicious (e.g., automated fraud). Moveris helps detect when a bot is trying to impersonate a human (e.g., with a photo or video instead of a live face).

Backend¶

The server-side part of your application—the code that runs on your server, not in the user's browser. Your backend should add the API key and forward requests to Moveris, so the key stays secret.

In practice: Never put your API key in frontend code. Create a backend endpoint that receives frames, adds the key, and calls Moveris.

Base64¶

A way to convert binary data (like images) into text so it can be sent safely in JSON. Your frame images are sent as Base64-encoded strings.

In practice: Instead of sending the raw image file, you convert it to a long text string that the API can decode.

Base URL¶

The main address where all API requests are sent. For Moveris: https://api.moveris.com

In practice: Every endpoint path is added to this base URL. Example: https://api.moveris.com/api/v1/fast-check

C¶

CI (Continuous Integration)¶

Automated pipelines that run tests, linting, and builds when you push code. CI catches errors before they reach production.

In practice: GitHub Actions runs unit and integration tests on every pull request.

Claude Code¶

An AI coding assistant (by Anthropic) that runs in your terminal. It reads CLAUDE.md and AGENTS.md at session start to follow your project's rules and conventions.

In practice: Add a CLAUDE.md file to your project root; Claude Code loads it automatically and follows the rules you define.

Claude Desktop¶

A desktop application for chatting with Claude. Can be configured as an MCP host to connect to tools like the Moveris MCP server for liveness verification.

In practice: Configure Claude Desktop to connect to the Moveris MCP server so you can verify human presence from within a conversation.

CNN (Convolutional Neural Network)¶

A type of deep learning model that analyzes images by detecting patterns and features. Moveris uses CNN models for visual analysis of face frames—detecting texture, depth, and spatial patterns that help distinguish live faces from photos, screens, or masks.

In practice: CNN models in Moveris power the hybrid and anti-spoofing pipelines, analyzing frame pixels to produce liveness scores.

Conventional Commits¶

A commit message format: type(scope): description—e.g., feat(auth): add login, fix(api): handle 429 errors. Enables automated changelogs and clear history.

In practice: Use prefixes like feat:, fix:, docs:, chore:, ci: so tools can categorize commits automatically.

CommonJS¶

A module system for JavaScript used in Node.js. Uses require() and module.exports to share code between files. Contrast with ESM (ES Modules), which uses import and export.

In practice: Older Node.js projects often use CommonJS. The Moveris Node.js examples show both CommonJS and ESM + TypeScript.

Components¶

Reusable building blocks of a user interface—buttons, forms, cards, etc. In React and React Native, you compose screens from components. The Moveris SDK provides components like LivenessCheck so you don't build the camera flow from scratch.

In practice: A component is a self-contained piece of UI that you can drop into your app and customize with props.

Confidence¶

This field is currently reserved for future use and is functionally identical to real_score. Clients should use real_score for decision-making.

Credits¶

Units used to pay for API usage. Each request uses a certain number of credits. You need enough credits in your account for requests to succeed.

In practice: If you run out of credits, the API returns an insufficient_credits error.

Crops / Pre-cropped¶

Face images that have already been cut (cropped) to show only the face. The /fast-check-crops endpoint accepts these instead of full frames, which can be faster.

D¶

Deepfake¶

Video or images created or altered by AI to look like a real person.

Dependency Injection¶

A pattern where functions receive their dependencies (e.g., database, auth) as arguments instead of creating them internally. Makes code testable and modular.

In practice: FastAPI's Depends() injects auth or database connections into route handlers. Moveris helps detect when someone is trying to pass off a deepfake as a live person.

Developer Portal¶

The Moveris web application where you manage your account: create API keys, view usage and credits, access documentation, and handle billing. Available at developers.moveris.com.

In practice: Sign up, create an API key, and copy it to use in your integration.

E¶

.env¶

A file (often named .env) that stores environment variables—API keys, database URLs, and other secrets. Never commit it to version control.

In practice: Keep .env in .gitignore and load it with a tool like python-dotenv or your framework's config.

Endpoint¶

A specific URL path that accepts requests and returns responses. Each endpoint does a specific job (e.g. health check, liveness check).

In practice: /api/v1/fast-check is the endpoint for standard liveness verification.

Error Boundaries¶

In React, components that catch JavaScript errors in their child tree and display a fallback UI instead of crashing. Useful for isolating failures (e.g., in a liveness check component) from the rest of the app.

In practice: Wrap your verification flow in an error boundary so a single failed check doesn't break the entire page.

Express.js¶

A popular Node.js framework for building web servers and APIs. Used to create backend endpoints that receive requests and respond with data.

In practice: The Node.js examples use Express.js to create a /api/liveness endpoint that accepts frames from your frontend and forwards them to Moveris with your API key.

F¶

FastAPI¶

A modern Python framework for building APIs. Uses type hints, Pydantic for validation, and async support.

In practice: The Moveris Liveness API v2 is built with FastAPI.

Float¶

A number with a decimal part (e.g., 0.5, 3.14, -1.0).

G¶

.gitignore¶

A file that tells Git which files or folders to exclude from version control. Use it to keep secrets (e.g., .env) and build artifacts out of the repository.

In practice: Add .env and node_modules/ to .gitignore so they are never committed. Used in API responses like confidence and real_score where fractional precision matters.

Frame¶

A single image from a video. The API analyzes multiple frames (count varies by model: e.g. 10 for mixed-10-v2, 30 for mixed-30-v2) to determine if a face is live or fake.

FPS (Frames Per Second)¶

How many images (frames) are captured from video every second. For Moveris, we recommend ~10 FPS—about 10 images per second.

In practice: If you capture 10 frames at 10 FPS, you have roughly 1 second of video. Frame count must meet your model's minimum min_frames (recommended: send exactly that many).

Frame Object¶

The structure you send for each frame: index, timestamp_ms, and pixels (Base64-encoded image).

Facemesh Comparison¶

Comparison of 3D face landmark data (facemesh) between the current verification and historical sessions. Used for returning users: Moveris can confirm the person authorizing the action matches the person who enrolled.

In practice: When user_identifier is provided in verify_human_presence, the attestation may include facemesh_comparison with match_found and similarity_score. A score above 0.80 indicates the same person.

Frontend¶

The part of your app that runs in the user's browser or on their device—the UI, forms, and client-side logic. Your frontend captures frames and sends them to your backend, which adds the API key and calls Moveris.

In practice: Never put your API key in frontend code. The frontend sends frames to your backend; the backend calls Moveris.

H¶

HTTP¶

Hypertext Transfer Protocol. The protocol used to send and receive data on the web. APIs typically use HTTP methods like GET (retrieve) and POST (send). Moveris is accessed over HTTPS (secure HTTP).

In practice: When you call fetch() or send a request to the API, you are using HTTP under the hood.

Header¶

Extra information sent with an HTTP request. Headers are separate from the main body. Common ones: Content-Type, X-API-Key.

In practice: You put your API key in the X-API-Key header so the API knows who is making the request.

HttpStream¶

An MCP transport that uses HTTP for communication. The MCP server runs as a standalone service; the host (e.g., Cowork) connects to it over the network. Use httpStream for production or remote hosts.

In practice: Deploy the MCP server, expose it at a URL, and point the host to that URL. Contrast with stdio, where the host starts the server as a subprocess.

Hooks¶

Functions that React (or similar frameworks) call at specific moments—for example, when a component loads or when data changes. The Moveris SDK provides hooks like useLivenessCheck so you can trigger verification from your components without writing low-level code.

In practice: Instead of managing camera and API calls manually, you use a hook and get back the result and loading state.

I¶

Integration Test¶

Tests that run your code against real or cloned services (e.g., database, API). Slower than unit tests but catch integration issues.

In practice: Run integration tests in CI with a real PostgreSQL clone to verify API endpoints work end-to-end.

Integer¶

A whole number with no decimal part (e.g., 0, 1, -5, 42). Used in programming and API fields like index or score when fractional values are not needed.

Integration¶

The process of connecting Moveris (or any service) into your app or workflow. An integration might involve adding the SDK, calling the API, and wiring up the results to your UI.

In practice: "Integrating Moveris" means adding liveness verification to your sign-up, KYC, or checkout flow.

J¶

JWT¶

JSON Web Token. A standard format for signed data that can be verified without calling the API. The Moveris MCP server returns attestations as JWT (ES256) so relying parties can validate them locally.

In practice: After the user passes liveness, the agent receives a JWT attestation. The JWT includes an exp claim (TTL) so you can check if it is still valid.

L¶

JPEG¶

Joint Photographic Experts Group. A common image format that uses lossy compression. Smaller file size than PNG but may lose some detail. PNG is recommended for Moveris frames for better liveness accuracy.

JavaScript¶

A programming language that runs in web browsers and on servers (via Node.js). Used to build interactive websites and, with React and React Native, mobile and web apps.

In practice: Moveris provides JavaScript and TypeScript examples for integrating the API.

JSON¶

JavaScript Object Notation. A standard text format for exchanging data between systems. Uses key-value pairs and lists, easy for both humans and machines to read. The Moveris API sends and receives data in JSON.

In practice: Your request body is JSON (e.g. frames, session_id). Successful API responses wrap the payload in the standard envelope: {"data": { "verdict": "live", ... }, "success": true, "message": "OK"} — read data for the result. See Errors for error responses.

Live (Verdict)¶

The API decided the face is from a real person in front of the camera.

Latency¶

The time between sending a request and receiving the response. In APIs, lower latency means a faster response. Shown in the processing_ms field (milliseconds).

In practice: If latency is too high, users may abandon the verification flow. The fast model typically returns results in under 1 second.

Liveness / Liveness Detection¶

Checking whether a face belongs to a real, living person in front of the camera—and not a photo, screen, mask, or deepfake.

In practice: Moveris uses biological signals (e.g. micro-movements) that are hard to fake.

K¶

KYC¶

Know Your Customer. Regulatory process to verify a customer's identity. Moveris liveness detection is often used as part of KYC flows to prove the person is physically present.

M¶

MediaPipe¶

Google's open-source framework for ML models (e.g., face detection).

Monorepo¶

A single repository that contains multiple related projects or packages. The Moveris SDK is organized as a monorepo with shared core logic (@moveris/shared), React package (@moveris/react), and React Native package (@moveris/react-native).

ML Kit¶

Google's mobile SDK for on-device machine learning. Provides face detection, barcode scanning, and other capabilities. The Moveris SDK can use ML Kit for face detection on React Native before sending crops to the API.

In practice: ML Kit runs on the user's device, so faces can be detected and cropped without sending full frames to a server first.

MCP (Model Context Protocol)¶

A standard for connecting AI agents to external tools and services. The Moveris MCP server allows AI agents (e.g., Claude, Cowork) to trigger liveness verification when performing high-stakes actions on behalf of users. The agent sends the user a verification link; after the user completes the check, the agent receives a signed attestation.

In practice: Use MCP when your AI agent needs to verify that a live human authorized an action (e.g., wire transfer, contract signing).

MCP Host¶

The application that connects to and runs the MCP server—e.g., Cursor, Claude Desktop, Cowork. The host spawns the server (stdio) or connects to it over HTTP (httpStream), then uses the exposed tools.

In practice: When you "configure the host," you tell Cursor or Cowork where to find the Moveris MCP server so it can call liveness tools.

N¶

Node.js¶

A JavaScript runtime that runs outside the browser, on servers or your computer. Lets you use JavaScript for backend code, APIs, and scripts. The Moveris Node.js examples use Node.js to process frames and call the API.

In practice: Use Node.js when you need server-side liveness checks (e.g., processing uploaded videos) or a backend proxy that adds the API key.

npm¶

The default package manager for Node.js. Used to install libraries and tools (e.g. npm install express sharp). Most Node.js projects use npm to manage dependencies.

In practice: Run npm install in your project to install the packages listed in package.json.

O¶

OAuth¶

Open Authorization. A standard protocol for authorization that lets applications obtain limited access to user accounts (e.g., "Log in with Google") without sharing passwords. The user authorizes via a redirect flow.

In practice: The Moveris MCP verification flow is similar to OAuth for agents: the agent gets a session URL, the user completes verification in their browser, and the agent receives a signed attestation without handling credentials.

P¶

PNG¶

Portable Network Graphics. A common image format that supports lossless compression. Recommended for frame images sent to the API because it preserves quality better than JPEG.

In practice: Use PNG encoding when capturing frames—better accuracy for liveness detection.

PPG (Photoplethysmography)¶

A technique that measures blood volume changes—typically heart rate—from skin color variations in video. Real faces show subtle pulse; photos and screens do not. Moveris uses PPG signals as a biological indicator for liveness detection.

In practice: PPG helps detect deepfakes and screen replays because AI-generated faces lack the natural pulse visible in real skin.

Postman¶

A popular tool for testing and exploring APIs. Lets you send HTTP requests (GET, POST, etc.) manually without writing code. Useful for trying out Moveris endpoints before integrating them into your app.

Pydantic¶

A Python library for data validation using type hints. Validates request bodies, config, and responses before they reach your code.

In practice: Define CreateItemRequest(BaseModel) and FastAPI automatically validates incoming JSON against it.

pnpm¶

A fast, disk-efficient package manager for Node.js. Alternative to npm and yarn. Use pnpm add instead of npm install to add packages.

Pixels¶

In the API request, this is the Base64-encoded image data for a frame. The field is named pixels in each frame object.

Polling¶

Repeatedly asking the server for status (e.g., "is the verification done?") at fixed intervals until you get a final result. Contrast with webhooks, where the server pushes results to your URL.

In practice: If you don't use a webhook, poll check_verification_status every 1–2 seconds until the session is completed, failed, expired, or cancelled.

Proxy¶

A server that forwards requests on your behalf. A backend proxy receives requests from your frontend, adds the API key, and forwards them to Moveris—keeping the key secure.

In practice: Your frontend calls https://yourserver.com/api/liveness; your backend adds the API key and forwards to https://api.moveris.com/api/v1/fast-check.

Processing Time¶

How long the server takes to analyze your frames and return a result. Shown in the processing_ms field (milliseconds).

Project Root¶

The top-level folder of your project—where package.json, pyproject.toml, or the main config file lives. Files like CLAUDE.md belong here.

In practice: Place CLAUDE.md next to your README.md or package.json.

Production¶

The live environment where real users access your app—as opposed to development or staging. Production deployments should use secure configuration, rate limiting, and proper error handling.

In practice: Before going to production, ensure your API key is stored securely (e.g., in environment variables) and that requests are proxied through your backend.

Prompt¶

The text or instruction you send to an AI model. In AI APIs, the prompt defines what the model should do or answer. Moveris MCP uses prompts to instruct AI agents when to trigger liveness verification.

In practice: When building an AI agent, you design prompts that tell it to verify human presence before high-stakes actions.

Props¶

Short for "properties." In React and similar frameworks, props are values you pass into a component (like settings or data) so it can display or behave correctly.

Python¶

A popular programming language for servers, scripts, and data processing. The Moveris Python examples show how to send frames from Python to the API (e.g., from uploaded videos or OpenCV).

In practice: Use Python when you need to process video files server-side or run liveness checks from scripts.

R¶

React¶

A JavaScript library for building user interfaces. Uses components and hooks to create interactive UIs. Moveris provides React components and hooks for liveness verification.

In practice: Import Moveris React components into your app to add a liveness check flow with minimal code.

React Component¶

A reusable piece of UI built with React. Components receive props and can contain state. The Moveris SDK provides React components like LivenessCheck for the verification flow.

In practice: Drop a Moveris React component into your app and pass it props (e.g., onComplete) to customize behavior.

React Native¶

A framework for building mobile apps (iOS and Android) using JavaScript or TypeScript and React. You write one codebase and deploy to both platforms. Moveris offers a React Native SDK.

In practice: Use the Moveris React Native SDK to add liveness verification to your iOS or Android app.

Rate Limit¶

A limit on how many requests you can make in a given period. Exceeding it returns a rate_limit_exceeded error.

Risk Level¶

In MCP verification, the level of assurance required: standard (mixed-10 model, 10 frames) or high (mixed-30 model, 30 frames). Higher risk levels use more frames for stronger verification.

In practice: Use standard for routine approvals; use high for wire transfers, contract signing, and regulatory actions.

Real Score¶

A value from 0.0 to 1.0 that represents how likely the face is to be real. Higher values mean more likely live; lower values mean more likely fake. Use this field for decision-making (the confidence field is reserved for future use and is functionally identical to real_score).

In practice: The API converts this to a 0–100 score for display. A score of 65 or above (0.65 for real_score) is considered live.

Request¶

A message you send to the API (e.g. a POST request with frames and your API key).

Response¶

The message the API sends back (e.g. verdict, score, session_id).

Rendering¶

The process of turning your code (e.g., React components) into what the user sees on screen. When data changes, the framework re-renders to update the UI.

In practice: After a liveness check completes, your component re-renders to show the result.

REST¶

Representational State Transfer. A style of API design that uses standard HTTP methods (GET, POST, PUT, DELETE) and URLs. Moveris is a REST API. When you see "REST" in docs, it refers to this architectural style.

REST API¶

A style of API that uses standard HTTP methods (GET, POST, etc.) and URLs. Moveris is a REST API.

S¶

SDK¶

Software Development Kit. A package of pre-built code (components, functions, types) that makes it easier to integrate a service into your app. Moveris offers SDKs for React and React Native with ready-to-use camera and verification UI.

In practice: Use the Moveris SDK instead of calling the API directly—it handles camera access, frame capture, and API calls for you.

Score¶

A number from 0 to 100 representing how likely the face is to be real. Used for display. 65–100 = live, 0–64 = fake.

Scope (API Key Scope)¶

A permission that restricts what an API key can do. Moveris supports scopes such as detection:write, detection:read, session:write, session:read, session:audit, keys:read, keys:write, usage:read, credits:read, webhooks:read, webhooks:write, hosts:read, and hosts:write. Keys with no scopes have full access (backward compatible). Keys with scopes are limited; calls requiring a missing scope return 403 with insufficient_scope.

In practice: Create scoped keys in the Developer Portal for least-privilege access. Use detection:write only for liveness checks, or detection:read only for result retrieval.

Server¶

A computer that runs your backend code and responds to requests from clients. Your server receives frames from the frontend, adds the API key, and forwards requests to Moveris.

In practice: Never put your API key in client-side code. Your server should add it before calling Moveris.

Session Hijacking¶

When an attacker steals or reuses a valid session token to impersonate a user. If someone gets your session token, they can act as you until it expires. Moveris MCP mitigates this by re-verifying human presence before high-stakes actions.

In practice: Instead of trusting a stale session, the agent calls Moveris to confirm a live human is authorizing the action (e.g., wire transfer).

Session ID¶

A unique identifier you create for each verification attempt. It helps you track a specific check and appears in the API response.

In practice: Use a UUID like 550e8400-e29b-41d4-a716-446655440000 for each new session.

Spoofing / Spoofed¶

Attempting to trick the system—for example, showing a photo or video of a face instead of being in front of the camera. The API tries to detect and reject these.

Step-up Authentication¶

Additional verification required for high-stakes actions. Instead of trusting a session token alone, you re-verify the user (e.g., with liveness) before allowing the action.

In practice: Moveris MCP implements step-up auth: when an AI agent is about to run a consequential action, it calls Moveris to verify a live human authorized it.

Source¶

In the request, indicates where the frames came from: "live" (real-time camera) or "media" (file/recording). Default is "media".

stdio (Standard Input/Output)¶

An MCP transport where the host (e.g., Cursor, Claude Desktop) starts the MCP server as a subprocess and communicates via stdin/stdout. Ideal for local development and desktop AI tools.

In practice: Set MCP_TRANSPORT=stdio and configure Cursor to launch the Moveris MCP server. Contrast with httpStream for remote/production use.

String¶

A sequence of text characters (letters, numbers, symbols). In programming and the API, strings are enclosed in quotes—e.g., "live", "fake", or Base64-encoded image data.

T¶

TTL¶

Time To Live. How long something stays valid before it expires. For sessions, TTL is how long the verification URL works (e.g., 5 minutes). For attestations, TTL is how long the signed proof can be trusted.

In practice: Moveris session TTL defaults to 300 seconds. Completed attestations include an expires_at claim in the JWT so you can enforce validity independently.

TypeScript¶

A superset of JavaScript that adds static types. Helps catch errors earlier and improves editor support. Many React and React Native projects use TypeScript.

In practice: The Moveris SDK ships with TypeScript definitions so your editor can suggest types and detect mistakes.

U¶

Unit Test¶

Tests that run a single function or module in isolation—no database, no network. Fast and focused on logic.

In practice: Unit tests for a calculate_score() function mock inputs and assert the output; they don't call the API.

UI (User Interface)¶

The part of an app that users see and interact with—screens, buttons, forms, etc. The Moveris SDK provides UI components so you can show the verification flow without building it from scratch.

In practice: A "verification UI" is the screen where the user sees themselves and follows instructions to complete liveness detection.

UX (User Experience)¶

The overall experience a user has when interacting with your app—how easy, clear, and pleasant it is. Good UX in verification means minimal friction, clear instructions, and fast feedback.

In practice: Time-windowed attestation balances security and UX by allowing multiple actions within a short window without re-verifying each time.

UUID¶

Universally Unique Identifier. A standard format for IDs that look like: 550e8400-e29b-41d4-a716-446655440000. Uniquely identifies a session or object.

V¶

Verdict¶

The API's final decision: "live" (real person) or "fake" (spoofed/not real).

Verification Session¶

In MCP, a session created by verify_human_presence. It has a URL the user opens to complete liveness, and moves through states: pending → in progress → completed (or failed/expired/cancelled).

In practice: The agent creates a session, surfaces the URL to the user, and polls check_verification_status until completed. The session ID links all related API calls.

W¶

Webhook¶

A URL your server provides. When an event occurs (e.g., verification complete), the API sends an HTTP POST to that URL instead of you having to poll for status.

In practice: Register a webhook URL to receive verification results as they happen. Contrast with polling, where you repeatedly ask for status.

2¶

2FA (Two-Factor Authentication)¶

A security method that requires two forms of verification—for example, a password plus a code from your phone. Moveris liveness can serve as a second factor by proving you are physically present.

X¶

X-API-Key¶

The HTTP header where you send your API key. The name is literal—it’s sent as X-API-Key: your-api-key in each request.

Y¶

Yarn¶

A fast Node.js package manager. Alternative to npm and pnpm. Use yarn add to add packages to your project.