Getting Started
Overview
The Reap Compliance API verifies cardholders and businesses for card issuance through the Reap CaaS API. Four integration methods are supported across two entity types, differentiated by verification source and submission shape.
Approval of an entity returns a signed payload that authorises card creation through POST /cards. Approval status is delivered asynchronously by webhook for methods that support webhook notifications.
Method Selection
Comparison
| Method | Entity Type | Verification Source | Submission Shape | Webhooks | Guide |
|---|---|---|---|---|---|
| KYCaaS | INDIVIDUAL | SumSub WebSDK hosted by Reap | SDK token request | Supported | KYCaaS Integration Guide |
| SumSub KYC Token Sharing | INDIVIDUAL | SumSub account belonging to the integrator | Share token via CSV batch or single record sync | Not supported | SumSub KYC Sharing Guide |
| Universal KYC | INDIVIDUAL | External provider operated by the integrator | Canonical KYC Pack with document uploads | Supported | Universal KYC Guide |
| Universal KYB | BUSINESS | Canonical KYB Pack submitted by the integrator | KYB Pack with DDQ, optional EDD, and document uploads | Not supported | Universal KYB Guide |
Decision Guide
Conditions apply in order.
- Entity type. Business customers route to Universal KYB. Individual cardholders proceed to step 2.
- Existing SumSub verifications. Applicants already verified in a separate SumSub account route to SumSub KYC Token Sharing. All other cardholders proceed to step 3.
- Verification ownership. Verification hosted by Reap through the SumSub WebSDK routes to KYCaaS. Verification performed externally with results submitted to Reap routes to Universal KYC. The provisioned method specified in the CaaS contract takes precedence over this guide. Reap account managers can confirm the provisioned method when unclear.
Integration Methods
KYCaaS
Hosted identity verification for individual cardholders through the SumSub WebSDK. Reap orchestrates the verification and returns the decision via webhook.
| Property | Value |
|---|---|
| Entity type | INDIVIDUAL |
| Verification location | SumSub WebSDK embedded on the integrator frontend |
| Requirements | Identity document, address verification, liveness check |
| Approval delivery | Webhook (account_status_change) |
| Approval output | Single JWT string (signedPayload) returned by GET /entity/entityId/signed-payload |
| Jurisdiction handling | Include binCountry only for issuing BINs with jurisdiction specific rules (currently MEX) |
Use a different method when applicants are already verified in a separate SumSub account (SumSub KYC Token Sharing) or when verification results from an alternative provider are submitted directly (Universal KYC).
SumSub KYC Token Sharing
Migration of applicants already verified in a separate SumSub account into Reap with no repeat verification required. Two ingestion modes are available, batch CSV upload and single record synchronous ingestion.
| Property | Value |
|---|---|
| Entity type | INDIVIDUAL |
| Verification location | Completed previously in a separate SumSub account |
| Batch endpoint | POST /entity/kyc/import/batch |
| Sync endpoint | POST /entity/kyc/import/sync |
| Batch status endpoint | GET /entity/kyc/import/batch/batchId |
| Webhook events | None for this method |
| Prerequisites | Signed Sumsub Reusable KYC Agreement and Reap added as an authorised recipient in the donor SumSub account |
| BIN sponsorship | cardProcessorPublicToken required in batch and sync requests when applicable |
Use a different method when applicants require initial verification through Reap (KYCaaS) or when verification was performed through a provider other than SumSub (Universal KYC).
Universal KYC
Submission of verified individual cardholder data to Reap using a canonical payload structure. Reap retains final approval authority.
| Property | Value |
|---|---|
| Entity type | INDIVIDUAL |
| Verification location | External provider operated by the integrator |
| Submission endpoint | POST /entity/entityId/ukyc |
| Required content | Identity, identification document, residential address, liveness result, provider verification outcome |
| Document uploads | ukyc-id-document, ukyc-proof-of-address-document, ukyc-curp-document (when identity.nationality = "MEX") |
| Jurisdiction handling | Include binCountry and matching jurisdictionData.<COUNTRY> for issuing BINs with jurisdiction specific rules (currently MEX) |
| Approval delivery | Webhook (account_status_change) |
| Approval output | Structured object containing verified identity fields and a signature, returned by GET /entity/entityId/signed-payload. Shape differs from KYCaaS |
Behaviour after approval depends on the sponsorship model. Programs without BIN sponsorship fetch the signed payload and call POST /cards. Programs with BIN sponsorship use the verified data directly in downstream card issuance.
Use a different method when Reap should host the verification UI (KYCaaS) or when applicants were already verified in a separate SumSub account (SumSub KYC Token Sharing).
Universal KYB
Onboarding of business entities into the Reap platform using a canonical payload structure. Coverage includes legal identity, ultimate beneficial owners, due diligence questionnaire, optional enhanced due diligence, and supporting business documents.
| Property | Value |
|---|---|
| Entity type | BUSINESS |
| Verification location | Compliance review by the Reap team based on the submitted KYB Pack |
| KYB Pack endpoint | POST /entity/entityId/ukyb (legal identity, UBO declaration, principal place of business, nature of business) |
| DDQ endpoint | POST /entity/entityId/ukyb/ddq (card authorities, expected spend profile, headcount) |
| EDD endpoint | POST /entity/entityId/ukyb/edd (source of funds, source of wealth, submitted only when requested by Reap compliance) |
| Document uploads | Certificate of Incorporation, UBO Proof of Identity (ubo-kyc), Board Resolution, and additional slugs as required |
| Approval delivery | Communicated by the Reap compliance team |
| Webhook events | None for this method |
Use a different method when the entity is an individual cardholder (KYCaaS, SumSub KYC Token Sharing, or Universal KYC).
Authentication
All Reap Compliance API requests require an API key passed in the x-reap-api-key header.
x-reap-api-key: <API_KEY>| Environment | Base URL |
|---|---|
| Sandbox | https://sandbox-compliance.api.reap.global |
| Production | https://compliance.api.reap.global |
API keys are generated in the Reap Dashboard at Settings → Product Settings → KYC API Keys and are linked to a Business UUID (BUUID) that scopes all activity to the issuing business. Sandbox validation is required before switching to production keys.
Core Concepts
Business
The organisation registered with Reap, identified by a unique API Key and Business UUID (BUUID). All entities, requirements, and KYC activity are scoped to the BUUID.
Entity
The individual or business being verified. Every applicant is represented as an entity created via POST /entity with type: INDIVIDUAL or type: BUSINESS.
Reap assigns a unique entityId at creation. An optional externalId may be supplied to correlate the entity with the integrator's internal records.
{
"entityId": "ent_123e4567-e89b-12d3-a456-426614174000",
"externalId": "user_123"
}Entity type by method.
| Method | Entity Type |
|---|---|
| KYCaaS | INDIVIDUAL |
| SumSub KYC Token Sharing | INDIVIDUAL |
| Universal KYC | INDIVIDUAL |
| Universal KYB | BUSINESS |
Feature
A capability enabled for a business. Card Issuance is the feature governing verification and card issuance authority and must be enabled by Reap before use.
Requirement Slug
A typed string identifier for a specific document category or canonical submission. Examples include ukyc-id-document and ukyc-proof-of-address-document for Universal KYC, and certificate-of-incorporation, ubo-kyc, and board-resolution for Universal KYB.
Status
Every entity and requirement carries a status from the RequirementStatus enum.
| Status | Meaning |
|---|---|
APPROVED | Verification passed. Card issuance is enabled for the entity |
PENDING | Submitted and under review |
REJECTED | Verification failed. Inspect reviewRejectType to determine retry eligibility |
Signed Payload
A cryptographically signed object retrieved from Reap once an entity reaches APPROVED. The payload authorises card creation when passed into POST /cards.
Shape depends on the method.
| Method | Signed Payload Shape |
|---|---|
| KYCaaS | Single JWT string (signedPayload) |
| Universal KYC | Structured object containing verified identity fields and a signature |
| SumSub KYC Token Sharing | No separate signed payload retrieval step |
| Universal KYB | Card issuance authority is granted through feature access at the BUUID level |
External ID
An integrator supplied identifier passed as externalId and echoed back by Reap. Used to correlate Reap records with integrator internal records.
BIN Country and Jurisdiction Data
binCountry is the ISO 3166-1 alpha-3 code of the issuing BIN. The field is included only when the issuing BIN belongs to a jurisdiction with jurisdiction specific KYC requirements (currently MEX).
For Universal KYC, a matching jurisdictionData.<COUNTRY> block accompanies binCountry. The field is independent of identity.nationality, and nationality driven document requirements (such as ukyc-curp-document for Mexican nationals) are determined separately.
Webhook Notifications
Webhooks deliver asynchronous compliance status updates from Reap, available only for KYCaaS and Universal KYC. SumSub KYC Token Sharing and Universal KYB do not emit account_status_change events.
All supported deliveries use the account_status_change event type. The most common event is card_issuance_api_access_updated, signalling that an entity's Card Issuance KYC API access has been granted, revoked, or that an individual requirement has been rejected.
| Resource | Document |
|---|---|
| Endpoint registration, subscription management, and signature verification | Webhook Setup |
Full schema and status semantics for card_issuance_api_access_updated | Card Issuance KYC API Access Webhook |
Documentation Map
| Document | Coverage |
|---|---|
| KYCaaS Integration Guide | Reap hosted individual cardholder verification through the SumSub WebSDK, including SDK token generation and signed payload retrieval |
| SumSub KYC Sharing Guide | Migration of previously verified SumSub applicants into Reap via batch CSV upload or synchronous ingestion, including share token generation |
| Universal KYC Guide | Submission of a canonical KYC Pack and supporting documents for individual cardholders verified externally, including the BIN sponsorship branch |
| Universal KYB Guide | Submission of a canonical KYB Pack, DDQ, optional EDD, and supporting documents for BUSINESS entities |
| Webhook Setup | Registration, lifecycle management, and signature verification of webhook subscriptions for KYCaaS and Universal KYC |
| Card Issuance KYC API Access Webhook | Reference schema and status semantics for the card_issuance_api_access_updated event |
Next Steps
- Identify the appropriate integration method using the Comparison table and Decision Guide.
- For KYCaaS or Universal KYC, configure the webhook endpoint first by following the Webhook Setup guide.
- Follow the appropriate integration guide.
Updated 3 days ago