How KYC Works

A complete walkthrough of the verification lifecycle from Application creation to final result.

End-to-end flow

Your backend creates a Profile and Application

Call POST-profiles to create or locate a Profile for the user, then POST-applications with the externalUserId and target levelId. The API returns an Application Token valid for 1 hour.

Pass the Token to your frontend

Use the Application Token to initialize the AdvanGuard Web SDK or Mobile SDK. The SDK renders the appropriate collection screens based on the Level's configured Steps.

User completes the collection phase

The user submits fixedInfo (form data), uploads ID documents, and completes any liveness steps. Application status is init throughout this phase.

AdvanGuard runs automated checks

Once collection is complete, the Application moves to pending. The DAG engine runs all configured Check Nodes — OCR extraction, document fraud detection, AML screening, etc.

Manual review (if applicable)

If any check node returns a waiting state (e.g. AML alert, manual review required), the Application moves to onHold. Your compliance team reviews it in the AdvanGuard Dashboard.

Receive the result via Webhook

When the Application reaches completed, AdvanGuard pushes a Webhook event to your registered endpoint. The event contains the final reviewAnswer: GREEN (pass) or RED (fail).

Data committed to Profile

On completion, verified data (verifiedInfo, idDocs, levelId) is committed to the Profile, ready for future Applications to re-use.


Multiple application scenarios

ScenarioHow it works
Same Level retry (previous failed)Profile loads previous draft data. User only re-uploads what needs updating.
Level upgrade (Basic → Enhanced)New Application loads already-verified Profile data. Passes checks that used data from the previous Level, only runs new checks.
Periodic re-KYCNew Application starts fresh collection, but inherits stable Profile data (fixedInfo) to reduce friction.

Conflict strategy

Each Profile can have only one active (non-terminal) Application at a time. When creating an Application, use conflictStrategy to control behavior when an active Application already exists:

StrategyBehavior
RESUME_SAME_LEVEL (default)If an existing active Application has the same levelId, return it. Otherwise, return an error with the conflicting Application.
REJECT_IF_ACTIVEAlways return an error if any non-terminal Application exists.


Did this page help you?