API Reference
Home
Start typing to search…

KYC

The KYC (Know Your Customer) API enables identity verification for individual entities, including directors, owners, and representatives. This section supports both direct data verification and integration with third-party SDKs (e.g. SumSub). These endpoints are essential for collecting and verifying required identity documents as part of regulatory compliance.

🔍 What is KYC in Reap?

KYC ensures that all individuals tied to a business are properly identified and validated. The process may include:

  • Basic identity checks (name, DOB, address)
  • Document submission (passport, national ID, etc.)
  • Liveness checks and photo ID validation (via provider SDK)

🔧 Supported Operations

MethodEndpointDescription
POST/entity/{entityId}/kycGenerate an SDK token for identity verification
GET/entity/{entityId}/signed-payloadRetrieve a signed payload for client-side verification
POST/entity/verify-signed-payloadVerify a signed KYC payload server-side

🔐 SDK-Based Verification (e.g., SumSub)

If you're using a provider like SumSub:

  1. Use POST /entity/{entityId}/kyc to generate a secure sdkToken
  2. Pass the token to your web or mobile client to launch the provider’s verification flow
  3. Let the provider handle liveness detection, photo uploads, and document checks
{
  "provider": "sumsub",
  "sdkToken": "_act-sbx-jwt-..."
}

✍️ Signed Payload Verification

If you're handling KYC form data yourself, you can:

  • Get a signed payload using GET /entity/{entityId}/signed-payload
  • Submit the payload and signature via POST /entity/verify-signed-payload
  • Reap will verify the payload hasn’t been tampered with and respond with { valid: true | false }

This is useful for clients implementing custom onboarding forms or integrating biometric verification from another provider.

🧠 Best Practices

  • Ensure your users complete KYC before granting access to features.
  • Use webhook notifications to listen for status changes (see the Notifications section).

🚀 What’s Next?

After KYC is completed, continue with:

  • Submitting or updating any remaining requirements via the Entity API
  • Checking verification statuses via GET /entity/{entityId}
  • Enabling or gating feature access based on compliance state

👉 See Notifications to track verification events in real time.