Skip to main content
Every transaction checks the sender’s KYC verification status using their BVN. The result feeds directly into the screening pipeline’s KYC Verification engine.

Identity Verification Providers

Embedded Providers (Default)

BVN, NIN, and vNIN verification calls are made through integrated providers. When you trigger verify-bvn or verify-nin, the platform calls the provider’s API with the ID number and cross-references the returned name against the applicant’s name (including swapped name order, which is common in Nigeria). Liveness checks use face-match and liveness detection APIs.

Bring Your Own License (BYOL)

Tenants can switch to BYOL mode and plug in their own KYC provider via a JSON configuration. This is useful when your institution already has a direct contract with an identity verification provider. How it works:
ModeProviderConfiguration
EMBEDDEDPlatform-managed (primary → fallback chain)None required
BYOLTenant-managed via CustomProviderJSON config stored per-tenant
BYOL Configuration JSON (stored in Tenant.kycProviderConfig):
{
  "providerName": "SmileIdentity",
  "baseUrl": "https://api.smileidentity.com/v1",
  "headers": { "Authorization": "Bearer sk_xxx" },
  "endpoints": {
    "nin": "/id_verification",
    "bvn": "/id_verification",
    "liveness": "/biometric"
  },
  "methods": { "nin": "POST" },
  "requestMapping": {
    "nin": { "id_number": "nin", "id_type": "'NIN'" }
  },
  "responseMapping": {
    "firstNamePath": "result.first_name",
    "lastNamePath": "result.last_name"
  },
  "supportedVerifications": ["nin", "bvn", "liveness"],
  "maxTier": "TIER_3",
  "matchConfidence": 92
}
Key mapping fields:
FieldPurpose
requestMappingMaps internal field names to provider API fields. Use {{nin}} for dynamic values or 'NIN' for literals.
responseMappingJSON paths to extract firstName and lastName from the provider response.
matchConfidenceMinimum confidence (0–100) to consider a name match successful.
supportedVerificationsWhich checks the BYOL provider supports (nin, bvn, vnin, liveness).
maxTierHighest tier this BYOL provider can achieve (TIER_1, TIER_2, TIER_3). If target tier exceeds this, platform falls back to embedded providers (if fallback is enabled).
Admins can switch modes and edit the BYOL config from Dashboard → Settings → KYC Provider.

KYC Tiers

The platform implements CBN-mandated KYC tiers. Each tier maps to different verification requirements and transaction limits:
TierRequirementsApproval From StatusCBN Typical Limit
TIER_1 · BasicBVN or NINNIN_VERIFIED / BVN_VERIFIED₦20,000 single txn
TIER_2 · StandardBVN + valid IDBVN_VERIFIED₦500,000 max balance
TIER_3 · PremiumBVN/NIN + valid ID + proof of address + livenessLIVENESS_PASSEDUnlimited
  • Applications default to TIER_1, or TIER_2 if both BVN and NIN are provided at creation
  • Tier can be explicitly set at creation via the tier field
  • Auto-upgrade: As applicants upload documents or complete verifications, the system automatically upgrades their tier when requirements are met
    • TIER_1TIER_2: requires verified BVN + valid ID (NIN alone does not qualify)
    • TIER_2TIER_3: requires verified BVN/NIN + valid ID + proof of address + liveness
  • Approved applications can be manually upgraded to a higher tier via the dashboard
  • Tier flows into transaction screening for rule-based limit enforcement

Adding Identity Information After Creation

Applicants often don’t have their BVN or NIN available when they first start the onboarding flow. The system supports updating these fields on an existing PENDING application via PATCH /api/v1/kyc/applications/:id:
# Applicant comes back with their BVN
PATCH /api/v1/kyc/applications/kyc_abc123
{
  "bvn": "22012345678",
  "dateOfBirth": "1990-03-15"
}

# Then verify it
POST /api/v1/kyc/applications/kyc_abc123/verify-bvn
{
  "bvn": "22012345678",
  "firstName": "Chinedu",
  "lastName": "Obi",
  "dateOfBirth": "1990-03-15"
}
Key rules:
  • Updates only allowed while status is PENDING, DOCUMENT_UPLOADED, NIN_VERIFIED, or BVN_VERIFIED
  • NIN and BVN are validated as exactly 11 digits; empty strings clear the field
  • If both BVN and NIN become present, tier auto-bumps from TIER_1 to TIER_2
  • After updating, the system re-evaluates auto-upgrade in case documents/verifications already qualify for a higher tier
  • The verification endpoints (verify-nin, verify-bvn) accept the ID number in the request body, so the application record doesn’t need to be pre-populated
  • Status preservation: Verifying NIN when status is already BVN_VERIFIED or LIVENESS_PASSED does not downgrade the status. The highest milestone is always preserved.

KYC Application Statuses

Applications progress through the following statuses during verification:
StatusMeaning
PENDINGSubmitted, awaiting document upload
DOCUMENT_UPLOADEDID documents uploaded
NIN_VERIFIEDNIN check passed against provider
BVN_VERIFIEDBVN check passed against provider
LIVENESS_PASSEDBiometric liveness and face-match passed
APPROVEDFully verified by compliance officer
REJECTEDFailed verification or fraudulent documents
EXPIREDVerification expired, re-verification required

Screening Impact

When a transaction is screened, the KYC Verification engine evaluates the sender’s status. If no KYC application exists, the engine flags it accordingly.
ConditionScoreOutcomeWhat Happens
No KYC record100BLOCKTransaction blocked, officer notified, customer prompted to complete KYC
PENDING100BLOCKTransaction blocked unti-verification completes
DOCUMENT_UPLOADED100BLOCKTransaction blocked-ntil verification completes
NIN_VERIFIED / BVN_VERIFIED100BLOCKMaps to IN_PROGRESS — transaction blocked until fully verified
LIVENESS_PASSED0APPROVEMaps to VERIFIED — no risk contribution (Tier 3 equivalent)
APPROVED0APPROVEFully verified — no risk contribution
EXPIRED100BLOCKTransaction blocked, re-verification required
REJECTED100BLOCKTransaction blocked, enhanced due diligence required

KYC Trust Modes

Tenants can configure how KYC status is resolved during transaction screening:
ModeBehavior
STRICTDefault. KYC records must exist in the DB. Payload KYC is ignored.
HYBRIDUses payload KYC if provided, falls back to DB lookup. senderKycTier optional.
EXTERNALRequires KYC status and senderKycTier in every transaction payload. No local DB lookup.
Set the mode via PATCH /api/v1/tenants/me with kycTrustMode.

Document Upload & Storage

KYC applications support document uploads via the API. Documents are stored in MinIO (an S3-compatible object storage server) and referenced in the database.

Supported Document Types

TypeDescription
PASSPORTInternational passport
NATIONAL_IDNational identity card
DRIVERS_LICENSEDriver’s license
VOTERS_CARDVoter’s card
UTILITY_BILLUtility bill (address proof)
BANK_STATEMENTBank statement
SELFIESelfie photograph
LIVENESS_VIDEOLiveness check video recording
SIGNATURESignature specimen
OTHERAny other document

Document Endpoints

MethodEndpointDescription
POST/api/v1/kyc/applications/:id/documentsUpload document (multipart/form-data)
GET/api/v1/kyc/applications/:id/documentsList documents with presigned URLs
GET/api/v1/kyc/applications/:id/documents/:docId/downloadGet 5-minute presigned download URL
DELETE/api/v1/kyc/applications/:id/documents/:docIdDelete document (admin only)

How It Works

  1. Upload: POST with multipart/form-data containing file and documentType
  2. Storage: File is saved to MinIO under kyc/{applicationId}/{timestamp}-{filename}
  3. Database: A KYCDocument record is created with the MinIO object key
  4. Retrieval: The API returns presigned URLs (5-minute expiry) for secure viewing
  5. Deletion: Admin users can delete documents — this removes from both MinIO and the database

Upload Example

curl -X POST /api/v1/kyc/applications/kyc_abc123/documents \
  -H "Authorization: Bearer <token>" \
  -F "file=@passport.pdf" \
  -F "documentType=PASSPORT"
Note: Documents are tenant-scoped. You can only access documents belonging to applications in your tenant.

BYOL Fallback Mode

When a BYOL provider is unavailable, tenants can configure the fallback behavior:
ModeBehavior
NONEDefault. Returns ServiceUnavailableException.
WALLET_RESERVEFalls back to the embedded provider if the wallet has available funds.
Set the mode via PATCH /api/v1/tenants/me with byolFallbackMode.
Note: If senderBvn is not provided in the request and no KYC payload is supplied, KYC status defaults to “No KYC record” (score 100, BLOCK). Always include the sender’s BVN or KYC payload for accurate screening.