Configure REL-ID to Send KYC Requests
⚙️ Configure REL-ID to Send KYC Requests
This guide walks you through the configuration required in the REL-ID Gateway Management Console to enable the transmission of KYC identity data to your backend system.
🧭 Configuration Overview
You will need to:
- Enable the KYC challenge in the user activation flow.
- Set the API endpoint configuration in the Module Config Management.
- Optionally configure encryption or bearer token authentication.
🔐 Step 1: Enable KYC Challenge in Activation Flow
- Login to the Gateway Management Console.
- Navigate to Authentication Management.
- Edit the "First time activation" flow.
- Add the challenge
RELID-IDV-KYCbeforeRELID-IDV-BiometricOptIn. - Save and restart the Blaze-Server.
This ensures the KYC API is triggered immediately after successful ID scan and face match.
🌐 Step 2: Set KYC API Endpoint
Navigate to Module Config Management and configure the following:
- Component Name:
IDV Server - Config Name:
kyc.service.api.config - Config Value: JSON as shown below
{
"method": "POST",
"url": "https://127.0.0.1:9005/kyc",
"headers": [{
"headerName": "Content-Type",
"headerValue": "application/json"
}, {
"headerName": "apiversion",
"headerValue": "v2"
}
],
"requestEncryption": {
"enable": <true/false>,
"algorithm": "AES",
"key": "<Encryption AES Key>",
"ivParamSpec": "<Encryption IV Parameters>",
"cipherSpec": "<Encryption Cipher Spec>",
"blockSizeBytes": <Encryption Block size>
},
"responseDecryption": {
"enable": <true/false>,
"algorithm": "AES",
"key": "<Decryption AES Key>",
"ivParamSpec": "<Decryption IV Parameters>",
"cipherSpec": "<Decryption Cipher Spec>",
"blockSizeBytes": <Decryption Block size>
},
"requestBody": "",
"responseBody": {
"resultLocator": "result",
"referenceNumberLocator": "reference_number",
"userIdLocator": "user_id",
"primaryUserIdLocator": "",
"loginIdsLocator": "",
"statusCodeLocator": "",
"statusMessageLocator": "",
"forUserIdLocator": "",
"orchestrationUseCaseLocator": ""
},
"accessTokenEndpoint": {
"url": "https://127.0.0.1:9005/kyc-service-access-token-endpoint",
"headers": [{
"name": <Header name>,
"value": <Header value>
}
],
"method": <GET or POST>,
"postParameters": [{
"name": <Parameter name>,
"value": <Parameter value>
}
],
"bodyParameter": <raw data to be sent in body >
"accessTokenLocator": <access token locator>
}
}🔧 Top-Level Attributes
| Attribute | Description |
|---|---|
method | HTTP method used for the KYC API call. Only POST is supported. |
url | URL endpoint of the enterprise's KYC API which receives the identity verification data. Must be HTTPS. |
headers | Array of HTTP headers (name-value pairs) to include in the KYC request. May include custom headers or OAuth2 tokens. |
🔐 requestEncryption
requestEncryptionControls if the KYC request should be AES encrypted.
| Field | Description |
|---|---|
enable | Boolean flag to enable request encryption. |
algorithm | Encryption algorithm (AES only). |
key | AES encryption key. |
ivParamSpec | Initialization Vector. Overrides blockSizeBytes if present. |
cipherSpec | Cipher mode and padding (e.g., AES/CBC/PKCS5Padding). |
blockSizeBytes | Block size to use if ivParamSpec is not provided. |
🔓 responseDecryption
responseDecryptionControls if the KYC API response should be decrypted.
| Field | Description |
|---|---|
enable | Boolean flag to enable response decryption. |
algorithm | Decryption algorithm (AES only). |
key | AES decryption key. |
ivParamSpec | Initialization Vector for decryption. |
cipherSpec | Cipher mode and padding used during encryption. |
blockSizeBytes | Block size to use if IV not provided. |
📦 requestBody
requestBody| Field | Description |
|---|---|
requestBody | Custom body format. Use "" to send default JSON. Use macro __REQUEST_BODY_PAYLOAD__ to wrap the KYC payload. |
Example Usages
| requestBody | requestEncryption.enable | Behavior |
|---|---|---|
"" | false (default) | Sends plain JSON |
"" | true | Sends Base64-encoded AES-encrypted JSON |
{ "kyc_data": "__REQUEST_BODY_PAYLOAD__" } | false | Sends KYC data in a key |
{ "kyc_data": "__REQUEST_BODY_PAYLOAD__" } | true | Sends AES-encrypted KYC data in a key |
📥 responseBody
responseBodyDescribes how to extract values from the KYC API response.
| Field | Description |
|---|---|
resultLocator | JSON path for result (true/false). |
referenceNumberLocator | Path to reference number from KYC API. |
userIdLocator | Path to user ID from KYC API (mandatory). |
primaryUserIdLocator | Optional path for primary user ID. |
loginIdsLocator | Optional path for multiple login IDs. |
statusCodeLocator | Optional response code path. |
statusMessageLocator | Optional message string path. |
forUserIdLocator | Optional path for additional user ID context. |
orchestrationUseCaseLocator | Optional use case path. |
🔄 accessTokenEndpoint
accessTokenEndpointUsed to retrieve a dynamic OAuth2 Bearer token for Authorization header.
| Field | Description |
|---|---|
url | Access token endpoint URL. |
headers | Array of headers for token request. |
method | HTTP method (GET or POST). |
postParameters | Parameters for token POST request. |
bodyParameter | Raw body content (alternative to postParameters). |
accessTokenLocator | JSON path to extract token from response. |
Use eitherpostParametersorbodyParameter, not both. If both are provided,postParameterstake precedence.
🔒 Supported Ciphers
| Key Size | Cipher Modes |
|---|---|
| 128/192/256 bits with IV (16 bytes) | AES/CFB/PKCS5Padding, AES/CBC/PKCS5Padding, AES/GCM/NoPadding, etc. |
| 128/192/256 bits with IV (32 bytes) | AES/ECB/PKCS5Padding, AES/GCM/NoPadding, etc. |
🚦 Testing and Restart
- After updating the config, click Restart on the IDV Server component.
- Test activation flow on the REL-ID mobile app.
- Monitor logs to ensure KYC API is triggered and response is parsed.
Updated 3 months ago