KYC API Endpoint

🛠️ Implement the KYC API Endpoint

This guide helps you implement a secure backend endpoint that can receive KYC identity data from REL-ID during user onboarding or re-verification flows.

📍 Overview

Your system must expose a POST API endpoint (e.g., /kyc) that:

Accepts JSON payloads from REL-ID
Validates the Authorization header (Basic or Bearer token)
Parses and stores/validates kyc_info
Responds with success/failure and a user ID

🌐 Sample Endpoint Definition

POST /kyc HTTP/1.1
Host: yourdomain.com
Authorization: Bearer <access_token>
Content-Type: application/json

✅ Response Format

You must respond in the following JSON format:

{
  "result": true,
  "reference_number": "KYC-2025051401",
  "user_id": "testuser1"
}

Attribute	Type	Required	Description
`result`	boolean	Yes	Indicates whether REL-ID should proceed with the workflow. Set to `true` if the KYC was successful or the data was accepted for offline processing.
`reference_number`	string	No	Optional tracking ID provided by the KYC system. Useful for correlating KYC requests across systems.
`user_id`	string	Yes	The user identifier returned by the KYC system. If different from the REL-ID `user_id` sent in the request, REL-ID will update the user's ID to match this value.

🔒 Security

HTTPS is mandatory. All traffic between REL-ID and your server must be encrypted.
Authorization header must be validated (Bearer or Basic).
You may also implement rate limiting or IP whitelisting for added protection.

🔐 Optional: Encrypted Payload Support

If encryption is enabled in REL-ID Gateway:

Request body will be AES-encrypted
You'll need to decrypt it using the specified key, IV, and cipher mode
Confirm these details with your REL-ID system admin

📝 Logging and Auditing Tips

Log the following for traceability:

requester_id
user_id
document_status.overall_document_status
Timestamps of processing

Updated 3 months ago