# InstantKYC
Page contents
# Introduction
Our InstantKYC workflow offers identity and risk attributes as well as remote identification solutions for use in a typical domestic Know Your Customer (KYC) process. InstantKYC is available for a variety of countries, and we can add more countries on request.
InstantKYC contains a fixed series of steps that are chosen based on KYC best practices in a specific country, targeted to be compliant with local AML (anti-money laundering) and KYC requirements. This allows you to get started quickly.
If you want to further enrich the InstantKYC functionality with custom steps or information, contact us to discuss how we can design a workflow that's fully tailored to your needs:
# Concepts
Read about the key concepts in our InstantKYC flow before you start your integration.
# The flow explained
The first step of the process involves conducting risk profiling on the device, email, IP and mobile number. A score is calculated for each section, and if the risk is deemed high, the flow will be exited. Additionally, the data will be analysed to identify any known associations or instances where a particular field has been encountered multiple times previously.
The flow then progresses to the identity verification step. We will generate a URL for the appropriate eID or ID document verification, to which your user will be redirected. Once the user completes the identity verification process, the flow continues.
Address information is obtained through local data verification registers. Additionally, PEP (Politically Exposed Persons), sanction and adverse media checks are conducted on the individual. On completion of the flow, you receive a response containing all the gathered information.
The identity verification step varies depending on the country of the subject:
# Norway, Sweden, Denmark, Finland
In Norway, Sweden, Denmark and Finland, authentication takes place using the corresponding countries' eIDs. The diagram below illustrates a basic KYC workflow for onboarding with an eID.
# Netherlands
In the Netherlands, authentication takes place using an eID and identity proofing through document verification.
# Germany
In German, identity proofing takes place via an eIDV (electronic identity document verification) service. The diagram below illustrates a basic KYC workflow for onboarding with document verification.
# United Kingdom
In the UK, identity validation takes place using registry lookups to local data registries. The diagram below illustrates a basic KYC workflow for onboarding in the UK.
# Getting started
To gain access to test InstantKYC, contact us at support@signicat.com. To use webhook functionality, please provide us with your target URL.
Once you have access, you can begin testing the product. As InstantKYC is a combination of different products, you will need to use the test data provided on our test data page:
# Using the API
The InstantFlows API is used to validate and verify the identity of an individual and to gather risk attributes.
# Postman collection
This guide provides steps for using Postman (opens new window) to make API calls.
We have created a Postman collection that lets you try the InstantFlows API for InstantKYC. Click the button below to get the collection for Postman.
For more detailed instructions on how to use the collection, refer to the instructions below.
- Download the Postman collection.
- Open Postman.
- Click File > Import and browse to the collection file to import it.
- Click the name of the collection and edit the following variables:
oauth_url: Enter the URL you want to authenticate with. This will behttps://api.signicat.com/auth/open/connect/token.oauth_scope: Enter the scope you want to work with. This will besignicat-api.oauth_client_id: Enter the client ID obtained when you created an API client.oauth_client_secret: Enter the client secret obtained it when you created an API client.baseURL: Enter the base URL for the InstantFlows API. This will behttps://api.signicat.com/risk-flow/instant-flows.
- Click Save.
# Step-by-step guide
You can complete flows for all countries using the test data provided on our test data page.
A basic process varies, but will start with the following steps:
# Step 1: Obtain an access token
Acquire an access token using the OAuth 2.0 protocol.
The following is a cURL example of a request to receive an access token:
curl --location --request POST 'https://api.signicat.com/auth/open/connect/token' \
--header 'Authorization: Basic <BASE64-ENCODED CLIENTID:CLIENTSECRET>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials'
# Step 2: Start the appropriate flow
Call the following endpoint:
POST https://api.signicat.com/risk-flow/instant-flows/kyc/v1
# Form the request body
The only required fields in the request body are country and the URLs.
Note
For the URLs, the documentRedirect is used for NL, ES and DE only. For all other countries, this field is not needed.
This example shows all fields that can be included in the request:
{
"externalReference": "my-reference-12345",
"input": {
"country": "NO",
"skipRiskProfiling": "No",
"urls": {
"success": "https://example.com/success",
"abort": "https://example.com/abort",
"error": "https://example.com/error",
"documentRedirect": "https://example.com/redirect",
"mismatch": "https://example.com/mismatch"
},
"applicant": {
"details": {
"mobile": "447777777777",
"email": "email@sphonic.com",
"ip": "111.111.111.111"
},
"names": {
"firstName": "John",
"lastName": "Doe",
"middleName": "Smith",
"title": "Mr",
"gender": "Male"
},
"dateOfBirth": {
"year": "1990",
"month": "10",
"day": "30"
},
"address": {
"building": "10",
"street": "Downing Street",
"city": "London",
"county": "London",
"countryCode": "GB",
"postalCode": "E16 7XX"
}
},
"countrySpecificFields": {
"DE": {
"clientName": "Acme Bank",
"productType": "Account Opening"
}
}
}
}
The response will contain a URL which will redirect the user to the appropriate eID or eIDV. Note that the transaction ID will be used later on.
{
"transactionId" : "a1e26081-35b4-4557-a46a-ef50bc91672f"
"iDPUrl" : "https://demo.app.signicat.com/broker/sp/external-service/login?messageId=123abc&transactionId=abc123"
}
# Step 3: Perform the identity verification
In this step, you will need to complete identity verification. For test information, refer to our test data page for the applicable test data.
Once the process is complete, you will be redirected to the URLs from your initial request. If configured, you will then receive a webhook.
# Step 4: Get the results
To get the result of the identity verification process, you will need to generate a new access token and call the following endpoint:
GET https://api.signicat.com/risk-flow/instant-flows/kyc/v1/transactions/{transactionId}/response
# Example response
{
"data":{
"transactionId":"transaction-id-example",
"authUrl":"https://demo.app.signicat.com/broker/sp/external-service/login?messageId=123abc&transactionId=abc123",
"overallResults":{
"finalResult":"Pass",
"identityStatus":"Verified",
"addressStatus":"Verified",
"screeningStatus":"No Match",
"riskStatus":"Low",
"reason":"Address was not verified"
},
"risk":{
"velocityAssociations":{
"result":"Pass",
"velocity":{
"band":"Medium",
"emailCount":1,
"mobileCount":1,
"ipAddressCount":1
},
"associations":{
"band":"Medium",
"emailMobileCount":1,
"emailIpCount":1,
"mobileEmailCount":1,
"mobileIpCount":1,
"ipEmailCount":1,
"ipMobileCount":1
}
},
"email":{
"riskBand":"High",
"riskScore":100,
"inputEmail":"name@email.com",
"domainName":"gmail.com",
"valid":true,
"emailExists":true,
"domainExists":true,
"disposable":true,
"totalHits":4,
"uniqueHits":2,
"emailCreatedDate":"2023-02-02T04:39:28.127Z",
"domainCreatedDate":"2023-08-11T12:52:07.624Z",
"emailFirstSeenDate":"2023-02-02T04:39:46.329Z",
"emailLastSeenDate":"2023-06-07T15:33:12.056Z"
},
"mobile":{
"riskBand":"High",
"riskScore":100,
"mobileNumber":"0123456789",
"carrierName":"Vodafone",
"valid":true,
"type":"premium rate",
"totalHits":5,
"countryCode":"GB",
"mobileFirstSeenDate":"2023-09-25",
"mobileLastSeenDate":"2023-09-25"
},
"ip":{
"riskBand":"High",
"riskScore":100,
"inputIp":"100.200.300.40",
"isp":"TalkTalk",
"harmful":true,
"proxy":true,
"tor":true,
"vpn":true,
"spamListCount":4,
"totalHits":7,
"uniqueHits":7,
"countryCode":"GB",
"ipLatitude":51.501366,
"ipLongitude":-0.14189,
"ipFirstSeenDate":"2023-08-31T15:10:30.136Z",
"ipLastSeenDate":"2023-08-31T15:10:27.519Z"
}
},
"applicant":{
"firstName":"John",
"lastName":"Doe",
"dateOfBirth":"1990-10-13",
"nin":"1990101301123",
"ninType":"Birth",
"ninIssuingCountry":"Norway",
"uniqueId":"VlWSTstQOl2vtQdXItC-hVSbpXH7YyOpYxvagkyqKI8=",
"nationalities":[
{
"isActive":true,
"alpha2":"NO",
"alpha3":"NOR",
"numerical":"578",
"startDate":"1990-12-01",
"endDate":"2010-12-01"
}
],
"citizenships":[
{
"isActive":true,
"alpha2":"NO",
"alpha3":"NOR",
"numerical":"578",
"startDate":"1990-12-01",
"endDate":"2010-12-01"
}
],
"address":{
"addressLine":"Beddingen 16, 7042 Trondheim",
"street":"Beddingen 16",
"postalCode":"7042",
"city":"Trondheim",
"country":"NO"
}
},
"screening":{
"data":[
{
"entityType":"person",
"listType":"pep",
"matchScore":"80",
"matchCertainty":"high",
"sourceName":"SCREENING_SOURCE",
"roles":[
{
"roleType":"Director",
"organization":"Signicat",
"description":"Chief Executive Office",
"startDate":"01-01-2010",
"endDate":"01-01-2020"
}
],
"media":[
{
"title":"Title of the content",
"excerpt":"An excerpt of the content",
"url":"Url to the content",
"date":"Date of the content"
}
],
"functions":[
{
"name":"Name",
"function":"Type of function",
"startDate":"string of null or <date-time>",
"endDate":"string of null or <date-time>"
}
],
"comments":[
{
"name":"",
"value":""
}
],
"associates":[
{
"name":"Name of the associate",
"association":"Type of association",
"comments":"Additional information / Detailed description"
}
],
"aliases":[
{
"status":"A hint to which attributes are set. partial : only full name, all : all attributes.",
"full":"Full name of the entity",
"first":"First/given name of the entity",
"last":"Last/surname of the entity"
}
],
"subject":{
"firstName":"John",
"lastName":"Doe",
"gender":"unknown",
"fullName":"John Doe"
}
}
]
},
"jawJsonData":{
"eID":{
"firstName":"John",
"lastName":"Doe",
"dateOfBirth":"1990-10-13",
"nin":"1990101301123",
"ninType":"Birth",
"ninIssuingCountry":"Norway",
"uniqueId":"VlWSTstQOl2vtQdXItC-hVSbpXH7YyOpYxvagkyqKI8=",
"iDPSpecifcData":{
"legalLastName":"Vries",
"legalLastNamePrefix":"de",
"preferredLastName":"Vries-Jansen",
"preferredLastNamePrefix":"de",
"partnerLastName":"Jansen",
"partnerLastNamePrefix":"de",
"address":"Pascalstreet 19, 0000AA, Maastricht, NL\t",
"18OrOlder":"true",
"initials":"VJ"
}
},
"document":{
"status":"pending",
"processType":"document",
"processId":"8afb3ac6-6780-42e4-bbc2-3713e2f6d97c",
"provider":"eid",
"finalResult":{
"firstName":"John",
"dateOfBirth":"1970-09-19",
"lastName":"Doe",
"personalIdentificationNumber":"12123456",
"nationality":"GBR",
"gender":"M",
"documentNumber":"CA412356",
"documentType":"passport",
"livenessDetected":"true",
"similarityScore":"high",
"placeOfBirth":"Portugal",
"issuingCountry":"GBR",
"dateOfIssue":"2021-01-01",
"dateOfExpiry":"2024-03-02",
"lastNameSecondLine":"e/v Molenaar"
},
"providerSpecificResults":{
"webId":{
"actionId":"9digitref",
"transactionId":"some-transaction-id",
"actionType":"auto_ident",
"success":true,
"responseType":"string",
"finishedOn":"someTimeandDate",
"identMode":"automated_ident",
"agentId":"someIdentifier",
"identifiedOn":"someTimeandDate",
"idDocument":{
"authority":"",
"dateOfExpiry":"2025-10-13",
"dateOfIssue":"2015-10-13",
"documentType":"passport",
"idNumber":"someIdentNumber",
"mrz":"someString",
"nameAtBirth":"Hans",
"nationality":"DEU",
"placeOfBirth":"Hamburg"
},
"rejectionReason":"someString",
"user":{
"gender":"Male",
"firstName":"Hans",
"lastName":"Merkel",
"dateOfBirth":"2000-12-29",
"address":{
"street":"Rosenweg",
"streetNumber":"10",
"addressLine1":"Rosenweg 10",
"addressLine2":"12345 Berlin",
"region":"Berlin",
"zip":"12345",
"city":"Berlin",
"country":"DEU"
}
}
},
"ocr":{
"lastName":"Reynolds",
"dateOfExpiry":"1900-01-01",
"healthNumber":"366355550",
"gender":"F",
"documentType":"identityCard",
"socialSecurityNumber":"11876398740",
"documentNumber":"122336694ZY4",
"taxNumber":"200693803",
"personalIdentificationNumber":"12123456",
"livenessDetected":"{\"valid\":true}",
"dateOfBirth":"1973-02-10",
"similarityScore":"high",
"firstName":"John",
"nationality":"PRT",
"issuingCountry":"PRT",
"securityChecks":{
"nonExpired":{
"valid":true
},
"notUnderage":{
"valid":true
},
"dataIntegrity":{
"valid":true
},
"liveness":{
"valid":true
},
"sidesMatch":{
"valid":true
},
"notBWCopy":{
"valid":true
},
"notFaceSpoofing":{
"valid":true
},
"untamperedDocument":{
"valid":true
}
},
"features":[
{
"name":"Header 2",
"found":true,
"bbox":{
"x":517,
"y":21,
"width":97,
"height":17
},
"side":"front"
}
]
}
}
},
"addresses":{
"postalAddresses":[
{
"isActive":true,
"isConfidential":true,
"startDate":"1990-12-01",
"endDate":"2010-12-01",
"addressLines":"Beddingen 16, 7042 Trondheim",
"street":"Tistelvegen 207",
"postalCode":"7033",
"city":"TRONDHEIM",
"alpha3":"NOR",
"alpha2":"NO"
}
],
"permanentAddresses":[
{
"isActive":true,
"isConfidential":true,
"startDate":"1990-12-01",
"endDate":"2010-12-01",
"addressLines":"Beddingen 16, 7042 Trondheim",
"street":"Tistelvegen 207",
"postalCode":"7033",
"city":"TRONDHEIM",
"alpha2":"NO",
"alpha3":"NOR"
}
],
"foreignAddresses":[
{
"isActive":true,
"isConfidential":true,
"startDate":"1990-12-01",
"endDate":"2010-12-01",
"addressLines":"Beddingen 16, 7042 Trondheim",
"street":"Tistelvegen 207",
"postalCode":"7033",
"city":"TRONDHEIM",
"alpha2":"NO",
"alpha3":"NOR"
}
]
}
}
}
}
# API reference and test data
In our InstantFlows API reference, you can find information about the available endpoints and properties, as well as sample requests and responses. You can complete flows for all countries using the test data provided on our test data page.