# Document data review

### Overview

When a document is scanned during verification, data is extracted automatically via OCR. The Document data review feature allows this extracted data to be reviewed and corrected — by the applicant, the operator, or both — before a final decision is made.

All edits are fully logged with timestamps and actor information, preserving a complete audit trail accessible via session activities.

***

#### Data source trust hierarchy

Not all fields are editable. The system enforces a strict trust hierarchy based on how data was read:

| Source           | Editable     |
| ---------------- | ------------ |
| NFC              | Never        |
| QR               | Never        |
| MRZ              | Never        |
| OCR              | Configurable |
| Manually entered | Configurable |

Fields populated from NFC, QR, or MRZ are **permanently read-only** regardless of configuration. This rule is enforced at the backend level and cannot be overridden.

***

#### Configurable fields

The following fields can be enabled for review and correction:

* First Name (English)
* First Name (Local)
* Middle Name (English)
* Middle Name (Local)
* Last Name (English)
* Last Name (Local)
* Father's Name (English)
* Father's Name (Local)
* Date of Birth
* Place of Birth
* Sex
* Citizenship
* Nationality
* Document Number
* Authority
* Document Expiry Date
* Document Issue Date
* Document Issuing State
* Personal Number\*
* Address
* State

***

#### Enabling the feature

The feature is controlled by the **Enable document data editing** toggle inside the **ID verification step** of your configuration.

* **Via the No-code workflow builder:** Enable the toggle in the [ID verification step settings](/no-code-workflows/kyc-steps.md#id-verification). Once enabled, additional options become available:
  * **Who can edit** — applicant only, operator only, or both
  * **Which fields are editable** — per field, with editable and mandatory settings
* **Via API — step configuration:** The review behavior is configured inside the `identity-document` step using the `review` object. See [ID Verification step](/developer-tools/developer-guide/kyc-know-your-customer.md#identity-document-verification) in the **Developer guide** for the full configuration reference.

***

#### End-user flow

When the review step is enabled, the applicant is shown a review page after document scanning where they can verify and correct the extracted data.

**When the review page is shown:** The review page is only presented if at least one field is editable and at least one of those fields is either empty or not sourced from MRZ, NFC, or QR. If all editable fields were populated from trusted sources, **the review step is skipped automatically.**

**Field visibility rules:**

* Editable fields are always shown, prefilled if data was extracted
* Non-editable fields that are filled are shown as read-only
* Non-editable empty fields are not shown

**Mandatory fields:** if a field is marked mandatory, the applicant must fill it before proceeding.

**Reset behavior:** review page data resets only if the applicant re-scans the document. Navigating back and forward without rescanning does not reset entered data.

***

#### Operator flow

If operator editing is enabled, operators can review and correct document data directly from the session in Manage.

**Edit mode:** Sessions open in read-only mode by default. The operator clicks **Edit details** to enter edit mode, makes corrections, then clicks **Save** to store changes. A **Cancel** button reverts any unsaved edits.

**Manual check:** Saving an edit automatically moves the session to **Manual check**, requiring a final decision from the operator. The **Edit** button is only available when the session is not in an **Approved** or **Rejected** state. If the session has already been decided, the operator must first move it back to Manual check before editing is possible.

***

#### Audit trail

Every field stores a full history of changes including the original OCR value, any user or operator edits, the final value, and timestamps with actor information for each change.

Each field in the session UI displays a **source tag** indicating where the current value came from — for example `OCR`, `MRZ`, `NFC`, `User`, or `Operator`. Hovering over the tag shows the full edit history for that field.

The complete activity log, including all data edits, can be retrieved via the[ `list-session-activities` endpoint.](/developer-tools/api-reference.md#list-session-activities-list-of-session-activities)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.identomat.com/platform-concepts/document-data-review.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.