Changelog
Home
Start typing to search…
Back to All

May 31, 2025 — Reap Compliance API v1.0.1

over 1 year ago by Reap Tech

We’re excited to announce the initial public release of the Reap Compliance API. This version introduces endpoints to manage entities, perform KYC operations, retrieve feature requirements, list available features, and configure notification connections. Below is a summary of what’s included in v1.0.1:

Entity (endpoints under /entity)

  • Create a new entity (POST /entity)

    • Accepts an externalId, a type (INDIVIDUAL or BUSINESS), and an array of requirements (each with requirementSlug + value).
    • Returns the newly created entity’s UUID.

  • List all entities (paginated) (GET /entity)

    • Supports page, limit, and requires an Accept-Version header (v1.0).
    • Returns a paginated list of entities (with id, externalId, businessId, createdAt, updatedAt) plus pagination metadata.

  • Retrieve an existing entity (GET /entity/{entityId})

    • Fetches full details for a single entity: id, externalId, businessId, type, verifiedBy, enabled features, and all submitted requirements (including status, timestamps, and value).

  • Delete an entity (DELETE /entity/{entityId})

    • Permanently deletes the specified entity.

KYC (endpoints under /entity/{entityId}/…)

  • Verify signed KYC payload (POST /entity/verify-signed-payload)

    • Accepts firstName, lastName, dob, residentialAddress, idDocumentType, idDocumentNumber, expiresAt, and a cryptographic signature.
    • Returns a JSON object { valid: boolean } indicating whether the signature is valid.

  • Generate an SDK token for identity verification (POST /entity/{entityId}/kyc?memberId={memberId})

    • Generates a provider-specific SDK token (e.g., SumSub) to launch a web‐based photo ID + liveness check flow.

    • Response includes:

      {
  "provider": "sumsub",
  "sdkToken": "_act-sbx-jwt-…"
}

  • Get signed payload for KYC verification (GET /entity/{entityId}/signed-payload?memberId={memberId})

    • Returns the same JSON object that’s used to generate a signature (all required user info plus a signature string).

Feature (endpoints under /feature)

  • Get requirements by feature ID (GET /feature/{featureId}/requirement)

    • Returns a list of compliance requirements for a given feature: each item includes requirementId, requirementLevel (REQUIRED, OPTIONAL, PREFERED), requirementSlug, associatedEntity (INDIVIDUAL, BUSINESS, etc.), and valueType (BOOLEAN, NUMERIC, STRING, FILE, JSON).

  • List all features (paginated) (GET /features)

    • Supports page, limit, and requires an Accept-Version header (v1.0).
    • Returns paginated results: each feature is an object with id, name, slug.

Notifications (endpoints under /notification)

  • Add a notification connection (POST /notification)

    • Configure up to 10 webhooks (per business). Req. body fields:

      {
  "notificationChannel": "WEBHOOK",
  "notificationTypes": ["verification_status_change", "feature_access_change", "new_feature", "reminder"],
  "webhookUrl": "https://api.example.com/webhooks/reap"
}

    • Returns the created connection’s id, channel, types, config, and createdAt.

  • List all notification connections (paginated) (GET /notification)

    • Supports page, limit, and requires an Accept-Version header (v1.0).
    • Returns a paginated array of all configured connections for the authenticated business.

  • Get a specific notification connection (GET /notification/{notificationId})

    • Returns details (id, channel, types, config, createdAt) for a single connection.

  • Update a notification connection (PUT /notification/{notificationId})

    • Replace channel, types, or webhook URL. Example request body is identical to POST /notification.
    • Returns the updated connection object.

  • Delete a notification connection (DELETE /notification/{notificationId})

    • Permanently removes the specified connection (no response body; 204 No Content).

Security & Versioning

  • Authentication: All endpoints require an x-reap-api-key header (see components.securitySchemes.ApiKeyAuth).

  • Accept-Version header: For list endpoints (GET /entity, GET /features, GET /notification), you must set Accept-Version: v1.0 in the request header.

  • Servers

    • https://sandbox-compliance.api.reap.global – Sandbox (testing)
    • https://staging-compliance.api.reap.global – Staging
    • https://compliance.api.reap.global – Production (allowlist only)

What’s Next?

  • We’ll increment to v1.0.2 for minor fixes, improved error messages, and expanded pagination support on KYC endpoints.
  • Stay tuned for support of multi‐member feature assignments and batch requirement submissions in v1.1.0.

Feel free to report any issues or feedback via our GitHub repository or Slack channel. We appreciate your support!