Banking regulations require that financial institutions perform a Know Your Customer (KYC) process to verify a customers' identity before they can use their accounts.
Bond provides connections between you and banks. You can have partnership programs with multiple banks, with each program having a unique
program_id. The Bond platform provides APIs to perform the customer verification process on behalf of the bank.
You initiate the KYC process after you create a
customer object representing the consumer who wants to set up an account. The consumer provides the required personal information during the application process.
customer_id is a required path parameter for the API request to initiate a KYC process. The
program_id is a required body parameter.
The combination of these two parameters in the request indicate that Bond will do a verification check on a particular customer on behalf of a particular bank partnered with you.
As part of the KYC process you may be asked to upload supporting documentation for verifying the identity of the customer. For details see Running KYC.
The KYC request for the customer is asynchronous (meaning that the reply is not always immediate), so you must configure a webhook to listen for KYC events.
Bond provides a
failed response to the
callback_url (for example, www.url.com/bond-kyc) configured in the webhook.
passed, the customer's information has been validated and they are eligible to access the services provided by the bank. You can now create a card for the customer.
The KYC endpoint is idempotent and repeated requests using the same
Idempotency-Keywithin a 24 hour period will fail.
Once a customer has successfully passed the KYC process, no further KYC attempts are allowed. Any further call for KYC authentication responds with an error and returns the timestamp of the previously successful KYC process.
Idempotency is a Web API design principle that prevents you from running the same operation multiple times. Because a certain amount of intermittent failure is to be expected, you need a way to reconcile failed requests with a server, and idempotency provides a mechanism for that. Including an idempotency key (an optional string) makes POST requests idempotent, which prompts the API to do the record keeping required to prevent duplicate operations. You can safely retry requests that include an idempotency key as long as the second request occurs within 24 hours from when you first receive the key (keys expire after 24 hours).
Updated 6 months ago