Callback & Ongoing Monitoring

The client can either query the verification result using the query KYC/KYB APIs or subscribe to our callback. Please make sure the callbackUrl attribute in the API request is specified. Upon any status change, we trigger a callback on this URL with the latest results.

Callback sample request:

{
  "fraudCheckId": "304ec122-eb94-4525-a89d-6a954353534",
  "createdDate": "2021-10-01 16:01:51",
  "userStatus": "DECLINED",
  "serviceDetails": [
    {
      "service": "FACE",
      "details": {
        "status": "DECLINED",
        "declineCodes": [
          {
            "code": "FACE_NOT_VERIFIED",
            "message": "string"
          }
        ]
      }
    }
  ],
  "user": {
    "firstName": "John",
    "middleName": null,
    "lastName": "Doe",
    "emailAddress": "[email protected]",
    "address": {
      "streetAddress": "Oxford Street",
      "city": "London",
      "zip": "LY3121J",
      "state": null,
      "country": "MT"
    },
    "language": "mt",
    "identityDocument": {
      "number": "541589M",
      "issueDate": "2013-10-01",
      "expiryDate": "2023-10-01"
    }
  },
  "ongoingBackgroundChecks": false,
  "documents": [
    {
      "id": "f8c30b23-9413-4261-8888-432423342",
      "uploadedAt": "2021-10-01 16:01:51",
      "fileName": "passport.jpg",
      "type": "PASSPORT"
    },
    {
      "id": "e3862881-51ee-40c5-9675-434234342",
      "uploadedAt": "2021-10-01 16:01:52",
      "fileName": "DRIVINGLICENCE.jpg",
      "type": "ID_CARD"
    }
  ],
  "credentialsId": "abc23423-ed33-4a9f-a109-1a60b0dcbec3"
}

Please note that the serviceDetails field can include the following services:

  • DOCUMENT
  • ADDRESS
  • CONSENT
  • FACE
  • BACKGROUND_CHECKS

Possible Decline Codes:

  • FACE_NOT_VERIFIED
  • FACE_NOT_IN_IMAGE
  • IMAGE_ALTERED
  • IMAGE_FOUND_WEB
  • FACE_WEARING_GLASSES
  • FACE_FROM_OTHER_SCREEN
  • FACE_TAKEN_FROM_WEB
  • MULTIPLE_FACES
  • FACE_SCREENSHOT
  • FACE_IMAGE_NOT_MATCHED
  • DOCUMENT_NOT_MATCHED
  • CAMERA_NOT_ACCESSIBLE
  • FACE_NOT_FOUND
  • DOCUMENT_ORIGIN_NOT_VERIFIED
  • NAME_NOT_MATCHED
  • DOB_NOT_MATCHED
  • EXPIRY_DATE_NOT_MATCHED
  • ISSUE_DATE_NOT_MATCHED
  • DATE_NOT_MATCHED
  • NUMBER_NOT_MATCHED
  • ISSUE_COUNTRY_NOT_SUPPORTED
  • DOCUMENT_OPTIONS_NOT_MATCHED
  • AGE_NOT_IN_RANGE
  • FACE_CAMERA_NOT_MATCHED
  • DOCUMENT_EXPIRED
  • BLURRED_DOCUMENT
  • PROOFS_DIFFERENT_DOCS
  • FRONT_BACK_NOT_MATCHED
  • PROOF_SCREENSHOT
  • PROOF_ALTERED
  • PROOF_PAPER_BASED
  • PROOF_BROKEN
  • PROOF_OTHER_SCREEN
  • HOLOGRAM_MISSING
  • PROOF_NOT_FULLY_DISPLAYED
  • PROOF_INFO_NOT_VISIBLE
  • DOCUMENT_INFO_EDITED
  • DOCUMENT_INFO_HIDDEN
  • DOCUMENT_NOT_PROVIDED_COUNTRY
  • ISSUE_DATE_NOT_VISIBLE
  • EXPIRY_DATE_NOT_VISIBLE
  • DOB_NOT_VISIBLE
  • NAME_NOT_VISIBLE
  • NUMBER_NOT_VISIBLE
  • NUMBER_NOT_AUTHENTICATED
  • PROOF_NOT_SAME_PERSON
  • ADDRESS_DOCUMENT_NOT_MATCHED
  • GENDER_NOT_VERIFIED
  • ISSUE_PLACE_NOT_VERIFIED
  • DOCUMENTS_NAME_NOT_MATCHED
  • ADDRESS_NAME_NOT_MATCHED
  • ADDRESS_NOT_MATCHED
  • DOCUMENT_TYPE_NOT_ACCEPTED
  • ADDRESS_COUNTRY_NOT_VERIFIED
  • ADDRESS_DOCUMENT_BILL_NOT_MATCHED
  • ADDRESS_INVALID
  • ADDRESS_NOT_VISIBLE
  • ADDRESS_NOT_VALIDATED
  • SAME_ID_SUBMITTED
  • CONSENT_NOTE_INCORRECT
  • CONSENT_TYPE_NOT_ACCEPTED
  • AML_FAILED
  • USER_SANCTIONED
  • USER_WARNING
  • USER_FITNESS_PROBITY
  • USER_PEP
  • USER_ADVERSE_MEDIA
  • BUSINESS_SANCTIONED
  • BUSINESS_WARNING
  • BUSINESS_FITNESS_PROBITY
  • BUSINESS_PEP
  • BUSINESS_ADVERSE_MEDIA
  • PHONE_NUMBER_NOT_MATCHED
  • PHONE_NUMBER_NOT_VERIFIED
  • DOCUMENT_SCANNED
  • DOCUMENT_BLACK_AND_WHITE
  • DOCUMENT_EDITED_CROPPED
  • DOCUMENT_FOUND_ON_INTERNET
  • DOCUMENT_LAMINATED
  • DOCUMENT_SCANNED_OR_COPY
  • DOCUMENT_PAPER_BASED_LAMINATED
  • DOCUMENT_TEST_CARD
  • DOCUMENT_BROKEN
  • DOCUMENT_PHOTOCOPY
  • DOCUMENT_EDITED
  • DOCUMENT_PUNCHED
  • DOCUMENT_CRACKED
  • DOCUMENT_CROPPED
  • DOCUMENT_HANDWRITTEN

Callback Signature

For security reasons we include an HTTP request header X-Payload-Signature in the callback request which must be interpreted and verified by the client to confirm authenticity of the callback.

The steps to generate this signature are as following:

  1. Retrieve the raw JSON request body.
  2. Using a password, provided by Sekuritance that is unique for every client, use HmacSHA256 algorithm to hash the JSON payload.
  3. Check whether the generated signature matches the one received in the header.
  4. If it doesn’t match, do not process the request as it might have been sent from an outsider.

Callback Signature V2

This is a more secured signature using the HmacSHA512 algorithm to hash the payload. It is sent in another request header called X-Payload-Signature-V2. Please make sure to update your system to use this signature as the older one will be removed on the 1st of October 2022.

Ongoing monitoring

To enable AML Ongoing monitoring, make sure that the ongoingCheck attribute in the API request is true