Skip to main content

Shared KYC via SumSub shareToken

Preamble

This document serves as a complete guide for integrating the SumSub KYC flow seamlessly into Guardarian’s customer creation process. In this document, we will cover the technical aspects of KYC sharing using internal SumSub tokens, how Guardarian can accept these tokens, and how passing a sharing token will affect the target user’s experience. With this integration, you can streamline your customer onboarding process, reduce manual effort and ensure compliance with regulatory requirements. By following the instructions in this document, you can quickly and easily integrate your SumSub KYC flow into Guardarian’s platform and start offering a seamless onboarding experience to your customers.

SumSub shareToken implementation

One of the key challenges that SumSub’s shareToken aims to solve is the cumbersome requirement for users to pass another KYC verification process when switching between platforms, even when those platforms are tightly integrated. SumSub’s solution is designed to simplify this process, by enabling the secure sharing of KYC data between platforms using a unique sharing token. With shareToken, customers only need to complete the KYC process once, and can then seamlessly switch between integrated platforms without having to go through the KYC process again. The solution proposed by SumSub is as follows:

  • Assume a user A passed KYC in service X, and is now registering at the partner service Y.
  • X generates a share token and passes it to Y
  • Y calls our API with the share token and receives an applicant for user A (with all its data and documents) on their account.

Sumsub integration schema

Generating a shareToken

SumSub’s internal API offers an endpoint to generate a shareToken for your customer, passing its internal SumSub applicantId and the service clientId as query parameters:

## applicantId and Y's client ID must be provided
curl -X POST 'https://api.sumsub.com/resources/accessTokens/-/shareToken?applicantId=5ce412012b4da877b2d910bd&forClientId=CoolCoinLtd'

Response:

{
  "token": "_act-460a698b-d2bc-4cbc-9456-5f36fee38083",
  "forClientId": "CoolCoinLtd"
}

You can read more information about this flow in the SumSub API Reference.

Integrating with Guardarian

Currently, Guardarian accepts passing the shareToken as a parameter when creating the transaction. Several fields are required to be set in the request for this flow to trigger:

field nametypeacceptable values
kyc_shared_tokenstringany shareToken generated by SumSub
kyc_shared_token_providerstring enumsumsub

Example:

// POST /v1/transaction
{
  // Example transaction data:
  "from_amount": 1200.24,
  "from_currency": "EUR",
  "to_currency": "BTC",
  "from_network": "EUR",
  "to_network": "BTC",
  // KYC share token data:
  "kyc_shared_token": "_act-460a698b-d2bc-4cbc-9456-5f36fee38083",
  "kyc_shared_token_provider": "sumsub"
}

Please note the required kyc_shared_token_provider field. For SumSub KYC integrations, use the sumsub value.

Final flow

The transaction flow for users who have passed KYC on your platform should follow the steps outlined below:

  1. Get your user’s applicantId and prepare your service’s clientId
  2. Use the prepared applicantId and clientId to obtain a shareToken from SumSub via its API
  3. While creating a transaction on the Guardarian platform, pass the obtained shareToken in the field kyc_shared_token and set the kyc_shared_token_provider field value to sumsub.

Users passed to Guardarian via this flow will not need to pass the required KYC steps on the platform.

Notes
  • Guardarian offers KYC skipping for users with verified profiles (green review result). Users with SumSub profiles not in verified state will still need to pass KYC on the platform.
  • While the shareToken will help users skip Guardarian KYC process, we still subject users to our internal risk checks. Those checks can trigger additional verifications by SumSub - such as card verifications, live face matches, and so on. For more information, please refer to our AML/CTF policy.
  • SumSub outlines the necessity of a tripartite agreement on personal data sharing between SumSub and the integrating services before using shareToken functionality.