KYC Verification Flow
This guide details the complete verification process in the FinHub platform v2.1. The new APIs integrate verification directly into the customer registration flow, with automatic verification request creation and streamlined document upload. The process ensures compliance with regulatory requirements while providing a seamless user experience.Flow Overview
The following sequence diagram illustrates the integrated verification process with v2.1 APIs:Key Improvements in v2.1
- Integrated Flow: Verification request created automatically during registration
- Streamlined Upload: Single endpoint for all document types
- Smart Processing: Risk-based routing for automated vs manual review
- Real-time Status: Webhook notifications for status changes
- Automatic Activation: Account activation immediately after approval
Prerequisites
- Customer registered with verification request ID (from registration response)
- Admin token for initial operations
- Valid verification documents ready for upload
Detailed API Flow
Step 1: Upload Verification Documents
Upload all required verification documents based on the customer’s risk category. API Request:- OCR Data Extraction: Automatic extraction of document data
- Data Validation: Cross-checks extracted data with registration data
- Match Scoring: AI-based matching of document photos with selfies (if required)
- Address Verification: Validates proof of address against registered address
Step 2: Check Verification Status
Monitor the verification status through polling or webhooks. API Request:Step 3: Handle Manual Review (High Risk Cases)
For high-risk customers, tenant admins can review and approve through the admin API. API Request:Step 4: Account Activation
Once verification is approved, activate the customer account. API Request:Document Requirements by Risk Level
Low Risk Customers
- Identity Document: Passport, National ID, or Driver’s License
- Selfie: Optional liveness check
Medium Risk Customers
- Identity Document: As above
- Proof of Address: Utility bill, bank statement (< 3 months old)
- Selfie: Required with liveness detection
High Risk Customers
- All Medium Risk requirements plus:
- Source of Funds: Bank statements, employment contract
- Enhanced Due Diligence: Video call verification may be required
- Additional Documentation: Based on risk factors
Verification Checks
The v2.1 API performs comprehensive automated checks:Identity Verification
- Document Authenticity: AI-powered forgery detection
- Data Extraction: OCR with 99%+ accuracy
- Face Matching: Biometric comparison with selfie
- Data Consistency: Cross-validation with registration data
Compliance Screening
- Sanctions Lists: OFAC, EU, UN, INTERPOL, and 200+ lists
- PEP Screening: Politically exposed persons database
- Adverse Media: Negative news screening
- Risk Scoring: ML-based risk assessment
Address Verification
- Document Validation: Proof of address authenticity
- Address Matching: Comparison with registered address
- Geocoding: Location verification
Error Handling
| Error Code | HTTP Status | Description |
|---|---|---|
| INVALID_DOCUMENT_FORMAT | 400 | Unsupported file format (use JPEG, PNG, PDF) |
| DOCUMENT_TOO_LARGE | 413 | File size > 10MB |
| POOR_IMAGE_QUALITY | 422 | Document not readable (blur, glare, partial) |
| EXPIRED_DOCUMENT | 422 | Identity document has expired |
| DATA_MISMATCH | 422 | Document data doesn’t match registration |
| DUPLICATE_UPLOAD | 409 | Document already uploaded |
| VERIFICATION_LOCKED | 423 | Too many failed attempts |
| UNSUPPORTED_DOCUMENT | 422 | Document type not accepted |
Best Practices
Document Upload
- Image Quality: Minimum 300 DPI, clear and unobstructed
- File Format: JPEG or PNG for images, PDF for documents
- File Size: Keep under 5MB for optimal processing
- Document Preparation: Ensure all corners visible, no glare
Integration Tips
- Progress Indicators: Show upload and processing status
- Retry Logic: Allow re-upload for rejected documents
- Webhook Integration: Use webhooks for real-time updates
- Error Messages: Provide clear guidance for document issues
Security Considerations
- Secure Upload: Use HTTPS for all document transfers
- Data Encryption: Documents encrypted at rest
- Access Control: Limit document access to authorized personnel
- Retention Policy: Documents deleted per compliance requirements