How KYC Works
A complete walkthrough of the verification lifecycle from Application creation to final result.
End-to-end flow
Call POST-profiles to create or locate a Profile for the user, then POST-applications with the externalUserId and target levelId. The API returns an Application Token valid for 1 hour.
Use the Application Token to initialize the AdvanGuard Web SDK or Mobile SDK. The SDK renders the appropriate collection screens based on the Level's configured Steps.
The user submits fixedInfo (form data), uploads ID documents, and completes any liveness steps. Application status is init throughout this phase.
Once collection is complete, the Application moves to pending. The DAG engine runs all configured Check Nodes — OCR extraction, document fraud detection, AML screening, etc.
If any check node returns a waiting state (e.g. AML alert, manual review required), the Application moves to onHold. Your compliance team reviews it in the AdvanGuard Dashboard.
When the Application reaches completed, AdvanGuard pushes a Webhook event to your registered endpoint. The event contains the final reviewAnswer: GREEN (pass) or RED (fail).
On completion, verified data (verifiedInfo, idDocs, levelId) is committed to the Profile, ready for future Applications to re-use.
Multiple application scenarios
| Scenario | How it works |
|---|---|
| Same Level retry (previous failed) | Profile loads previous draft data. User only re-uploads what needs updating. |
| Level upgrade (Basic → Enhanced) | New Application loads already-verified Profile data. Passes checks that used data from the previous Level, only runs new checks. |
| Periodic re-KYC | New Application starts fresh collection, but inherits stable Profile data (fixedInfo) to reduce friction. |
Conflict strategy
Each Profile can have only one active (non-terminal) Application at a time. When creating an Application, use conflictStrategy to control behavior when an active Application already exists:
| Strategy | Behavior |
|---|---|
RESUME_SAME_LEVEL (default) | If an existing active Application has the same levelId, return it. Otherwise, return an error with the conflicting Application. |
REJECT_IF_ACTIVE | Always return an error if any non-terminal Application exists. |
Updated 5 days ago