NAV Navbar
shell

Introduction

Authentication, authorization, device and identity APIs for platform users and applications.

 

Authorization

Provide requires an API token to authorize the vast majority of platform requests. An API token is an encoded JWT and contains an identifier referencing the authorized entity as the subject (sub) in the claims. The encoded JWT token may also include an expiration (exp) and arbitrary data (data), among other standard JWT claims, and is signed using the RS256 algorithm. The authorized entity (i.e., the User or Application) may use the signed Token to access one or more platform resources. Unless otherwise noted, all API requests must include a header such as: Authorization: bearer <JWT>.

The bearer Authorization header is scoped to an authorized platform User or an Application as described above.

The encoded JWT is signed using the RS256 (RSA Signature with SHA-256) algorithm. The following public key can be used to verify the signature:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0yqdJMBej1X8WwMMkMZw
DV6zZzup4RHLcln0xfGSm6dMPBDM1G96fuHhOwH5+uU5MQHJP7RqW71Bu5dLIG8Z
RX+XyUtb0sxCV/7X27Nm/bKpDysaSWQ36reAmw5wVaB1SoFeN519FY5rhoCWmH3W
auBAHTzpjg57p7uR0XynYXf8NSGXlysWHppkppqwrPH64G6UZaB7SMl1PFfkJeqZ
zJpzBGYWsixdF1EjXn+Yz0mhUZO2OSPWifOuN7cpn3BuNqegg4iVdz5HDoQhJW7N
uRhf3buKd/mjat8XA3e2Rkrr2h835GloScJkj7I4BZUNkzKQuEK6C9xW/zJtbPqQ
RYEq84A1hMfSZ3G5HFe2JkqiyvXkFwS3qMc5Pur8tZSzBj6AYMoJJso/aOdphpR8
6MaaWXWTwvwfpZbMRqehOcsmQcNLF2gLJPuHzR5WtVCnWrDgvjsWyeDD1WISKusi
aOeHxZjS3Bjl4Imq48l1wi2eI/11F/Xg70F4FJaMYLVHJA2nsmBuuQ9UDYHHq876
clKvIvgIItzJcv9lnmjl1Jks1DwCUF3qF2ugYcs9A3EoEcNzhMgZNJ2j5OUzfx1E
bzVKkqoC9MQpZWXgqV0KQqKK4I3rMY+1hLqk4S4eF9ZAVlT33qfMzlf0qWTOcP1Z
i2dsm0fy4NxWxknlEn5/LhMCAwEAAQ==
-----END PUBLIC KEY-----

API Tokens

List API Tokens

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiaWF0IjoxNTY4NTI3NDk2LCJqdGkiOiIxMzIxYTNjNi0yZTk5LTQ0OGYtYjcwNy1hZWMwMDY2MzkwZDkiLCJzdWIiOiJhcHBsaWNhdGlvbjpkYzQxNTJmNy00NTZmLTQxZWQtOTZiNC1lNTJiOGZhYTA1ZmQifQ.olwBIJweWDGmzcQZhWfzyx8oUm-0ewGihk-nuRcG4aMxNtMACNkclPpnveTqyi7J5t2JZgaopwfvznCj4JvLM823Vo2JGlP7uxSgdpywVKAIg3l8vFHGpsDEaLXUPBEdXfyp6DvtbTPhd2NYSYNPjkgavJ1ECGs0E4OTIqOeTylrU73ZiNs6dDOhT3ZRAz8zn1mNB4f3CzjQ6lcEs6w0KremPUw5xf0VZo1-aJ_HzYYWzCk-jodV6jojnFH0hEKVKx02Ephy7PGf703G01jycuTsTvOVmAaa-plAO7RZUFaqzYOrbRE2hR3Ih3KnvQdUBabeObYGfvmpcHFCXrsCM3Qf931sXrVdhkCrgveIU7ilqord1mefmYB-_8tpL7tT3Aeo0dKVCWxsQdzsCSd4BBQmvWCt0nzVsLMEJhR6MKdedmrS8YnfXqaa3a1uMPWP1nks7zrOL464eC7tD3u7Og119kFNohtRSLfqCy_9OKbSOosdEszuVOxBqcqzwtkdvaGYohx13HxLdiRoelObUFEPokkv1LkTEEG_zmoYTbqQOG-pUeAoheReZFUlTUTc3uSPa9vho0BjFHO_sUK9jDwqHWXpdkRiDDAzF2laCINx5MLoA5pnco_J7NlFP7mXd0FldM5CSBEO8aymlJ-0v-jaZ_wuDAl5fp84qPGWM8A' \
    https://ident.provide.services/api/v1/tokens
HTTP/2 200

Response JSON:

[
  {
        "id": "234da41d-0970-4561-bdf9-797ef6807fb5",
        "created_at": "2018-10-08T23:34:18.843828Z",
        "issued_at": "2018-10-08T23:34:18.842733Z",
        "expires_at": null,
        "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiaWF0IjoxNTY4NTI3NDk2LCJqdGkiOiIxMzIxYTNjNi0yZTk5LTQ0OGYtYjcwNy1hZWMwMDY2MzkwZDkiLCJzdWIiOiJhcHBsaWNhdGlvbjpkYzQxNTJmNy00NTZmLTQxZWQtOTZiNC1lNTJiOGZhYTA1ZmQifQ.olwBIJweWDGmzcQZhWfzyx8oUm-0ewGihk-nuRcG4aMxNtMACNkclPpnveTqyi7J5t2JZgaopwfvznCj4JvLM823Vo2JGlP7uxSgdpywVKAIg3l8vFHGpsDEaLXUPBEdXfyp6DvtbTPhd2NYSYNPjkgavJ1ECGs0E4OTIqOeTylrU73ZiNs6dDOhT3ZRAz8zn1mNB4f3CzjQ6lcEs6w0KremPUw5xf0VZo1-aJ_HzYYWzCk-jodV6jojnFH0hEKVKx02Ephy7PGf703G01jycuTsTvOVmAaa-plAO7RZUFaqzYOrbRE2hR3Ih3KnvQdUBabeObYGfvmpcHFCXrsCM3Qf931sXrVdhkCrgveIU7ilqord1mefmYB-_8tpL7tT3Aeo0dKVCWxsQdzsCSd4BBQmvWCt0nzVsLMEJhR6MKdedmrS8YnfXqaa3a1uMPWP1nks7zrOL464eC7tD3u7Og119kFNohtRSLfqCy_9OKbSOosdEszuVOxBqcqzwtkdvaGYohx13HxLdiRoelObUFEPokkv1LkTEEG_zmoYTbqQOG-pUeAoheReZFUlTUTc3uSPa9vho0BjFHO_sUK9jDwqHWXpdkRiDDAzF2laCINx5MLoA5pnco_J7NlFP7mXd0FldM5CSBEO8aymlJ-0v-jaZ_wuDAl5fp84qPGWM8A",
        "data": null
    },
    {
        "id": "84557020-0180-4e87-ae01-ffa05a587df4",
        "created_at": "2018-10-08T23:58:28.631901Z",
        "issued_at": "2018-10-08T23:58:28.630644Z",
        "expires_at": null,
        "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiaWF0IjoxNTY4NjE4OTQzLCJqdGkiOiI5NDRjOGMxNC00N2E4LTRhNGEtYWU0MS1kYWQxZmZjNzNlN2IiLCJzdWIiOiJhcHBsaWNhdGlvbjpkYzQxNTJmNy00NTZmLTQxZWQtOTZiNC1lNTJiOGZhYTA1ZmQifQ.gFJhOWJn6KLNOyugFkKCY9OM3MuUrDLetYw_zMmsyQilyrWcIB_pEhccUP14K6GKMMd74AwUUTbTxSxg_QZJnJYOFnQAuvO8vxoRW1izALqaqxhViZlZN09qseeQ0i0eb7rThyWSzQwXgKwRdqpQwGIVsfnXW-_xbPPdATJaKD4bAVo97AhCIzZblfctjZMsgzFNEV2fbHSQMCqeWAvm1b_cNn7N9yJJX8QMdniPHoa9TgF80nDNOmvx9blldn8niPwhifhBOL6sq5DhFY6v2n28OktOSqqclG6OjYag2zPsM7m3PMO1z2Rwv8JfkS4tMqHuKeyQNLaTX2XLAtfsxzEAH4ywhnKq6Pwad2YqDQmWprTs-R9A_ukdHcRoPv0-qjJWWQTH6cCK1x9x3C7bZHZ_Sxc2Z2bLnnrGelKtk6I8Zvrq4djsA0yyjTwW0VjnH7UHFj1z1t4B3UvVfLOl-7d3amueoiiyFmq-38fHgBRQcnRl-LQRUYefX66Qh9yzmtCZH0u4Tk77ryYqmjp7tPuRB7w5vwQ9bndc-yLuEU67eKTuAFsODRPTcoHSh3aNKL3ZsuLn_Y4y1LXjI2KX1PHq-wjYZvVgAtK1Diy0M0tkgT0gLbh8gcRtdsw0GBpunbQK4JjJs3RK6xo73Sot9InE7Ic-hZiqnaMJoMD3qj8",
        "data": null
    }
]

This endpoint enumerates previously authorized Tokens for the authorized User or Application.

Create API Token

curl -i -XPOST \
    -H 'content-type: application/json' \
    -H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiaWF0IjoxNTY4NjE4OTQzLCJqdGkiOiI5NDRjOGMxNC00N2E4LTRhNGEtYWU0MS1kYWQxZmZjNzNlN2IiLCJzdWIiOiJhcHBsaWNhdGlvbjpkYzQxNTJmNy00NTZmLTQxZWQtOTZiNC1lNTJiOGZhYTA1ZmQifQ.gFJhOWJn6KLNOyugFkKCY9OM3MuUrDLetYw_zMmsyQilyrWcIB_pEhccUP14K6GKMMd74AwUUTbTxSxg_QZJnJYOFnQAuvO8vxoRW1izALqaqxhViZlZN09qseeQ0i0eb7rThyWSzQwXgKwRdqpQwGIVsfnXW-_xbPPdATJaKD4bAVo97AhCIzZblfctjZMsgzFNEV2fbHSQMCqeWAvm1b_cNn7N9yJJX8QMdniPHoa9TgF80nDNOmvx9blldn8niPwhifhBOL6sq5DhFY6v2n28OktOSqqclG6OjYag2zPsM7m3PMO1z2Rwv8JfkS4tMqHuKeyQNLaTX2XLAtfsxzEAH4ywhnKq6Pwad2YqDQmWprTs-R9A_ukdHcRoPv0-qjJWWQTH6cCK1x9x3C7bZHZ_Sxc2Z2bLnnrGelKtk6I8Zvrq4djsA0yyjTwW0VjnH7UHFj1z1t4B3UvVfLOl-7d3amueoiiyFmq-38fHgBRQcnRl-LQRUYefX66Qh9yzmtCZH0u4Tk77ryYqmjp7tPuRB7w5vwQ9bndc-yLuEU67eKTuAFsODRPTcoHSh3aNKL3ZsuLn_Y4y1LXjI2KX1PHq-wjYZvVgAtK1Diy0M0tkgT0gLbh8gcRtdsw0GBpunbQK4JjJs3RK6xo73Sot9InE7Ic-hZiqnaMJoMD3qj8' \
    https://ident.provide.services/api/v1/tokens \
    -d '{"name": "PurposeToken"}'
HTTP/2 201

Response JSON:

[
  {
    "id": "ed3d83ec-8b4f-4538-a240-bf759a2545ff",
    "created_at": "2018-10-09T02:47:25.981937848Z",
    "issued_at": "2018-10-09T02:47:25.980910555Z",
    "expires_at": null,
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiaWF0IjoxNTY4NjE4OTgzLCJqdGkiOiIyOGY4OGFmNS04ZjVlLTQ0YjQtOTQwNS1hOGJhZjVhYmM1OGUiLCJzdWIiOiJhcHBsaWNhdGlvbjpkYzQxNTJmNy00NTZmLTQxZWQtOTZiNC1lNTJiOGZhYTA1ZmQifQ.Yztl5-4NumplTSzhzRyAsb2bQb0FqHntQXMjUClsAFfhXUQ_WuQlFkVOl8ZTuu5usYiNwy11OAN4ie6Ht3lN8bUHs5B2k1FuKrSGZRdz-IhWfFLKbW9E7yobdkt7ESToJBC2Qg71_9ZlzEd7VdxzrAJQ_BHF8NP90JWZDSeJGVqGPRjZk_DTmnLlm_eDbp96ZvuiKzEgrn-V8dxem96jMxAJSufGdxYSn_tSzDpKihfy0l4wChJ8ZfA5D-eOliZjgU-cXGsNlizTdHWqeXWtGMuraRvjupHHwx7UMPgLLZKle7FjU8s45o4N7QgX14bCehRSU5XcD7RlTQLtaXtpTT6ME5eMIxVt7pKHk0EWj1JTLCN6cGpjZc_RQkjePwkpnTmRwk1q0R66nccUikaqCdgk8YdXcQiNcrNLUQJs21HQyD-sIdiF1tzMeb6NlMWchyzSNqJ0EYhOZ8tYpQtOPQyc9Tqbp75jPFShOgr6dhj-2Ee6hsPAYSb_NAl4uyGk-b5PhDpzqbkGm5TX8VaA_DvJF80mPkM-21h0CKg9cEx32Q0ynTBWU3AfSZzB0_w-OJ4rphHw7i-gXjbnQgeLvjwBp_8s01ykuqKDbw0Y4V-xaiTeI2lwJrvJKIlJLsg6otXY8YNy4uFOA8tGT1Z0A1Wiq8Km4mIzlUO8lz-vCHY",
    "data": null
}
]

This endpoint authorizes a Token on behalf of a User or Application.

Delete API Token

curl -i -XDELETE \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/tokens/84557020-0180-4e87-ae01-ffa05a587df4
HTTP/2 204

This endpoint destroys a previously authorized Token on behalf of the authorized User or Application.

URL Parameters

Parameter Description
id id of the Token

User Authentication

You can build applications that optionally leverage Provide to authenticate your users. Note that the User and the associated credentials (i.e., email and password) are the same as the ones used to login to the Provide platform.

To authorize the creation of a new Token on behalf of a platform User:

curl -i -H 'content-type: application/json' \
    https://ident.provide.services/api/v1/authenticate \
    -d '{"email": "vitalik@example.com", "password": "M38&pzQfWNZeBSq$*Qtnzd*f^d8P8RNz"}'

To authorize the creation of a new Token on behalf of a platform Application (note that the User and the associated credentials (i.e., email and password) are specific to the Application):

curl -i -H 'content-type: application/json' \
    https://ident.provide.services/api/v1/authenticate \
    -d '{"email": "vitalik@example.com", "password": "M38&pzQfWNZeBSq$*Qtnzd*f^d8P8RNz", "application_id": "cb2037f7-79fc-40f4-9720-ada636da4183"}'

The above command, regardless of whether or not the Token was authorized on behalf of an Application, returns JSON structured like this:

{
    "user": {
        "id": "40bc70bf-1140-4978-99bc-b8b800672842",
        "created_at": "2018-10-10T17:56:08.047007Z",
        "name": "Vitalik Buterin",
        "email": "vitalik@example.com"
    },
    "token": {
        "id": "862c271e-2bef-4be9-92ce-43ce277f7100",
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4ODEwNTQsImp0aSI6Ijg2MmMyNzFlLTJiZWYtNGJlOS05MmNlLTQzY2UyNzdmNzEwMCIsInN1YiI6InVzZXI6M2Q5ZDYyZTgtMGFjZi00N2NkLWI3NGYtNTJjMWY5NmY4Mzk3In0.QQW5purvJbjxUXW51rH4cFReNQMLLOm4oTV2qwvi_AM"
    }
}

Reset Password Request

curl -i -H 'content-type: application/json' \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
    https://ident.provide.services/api/v1/users/reset_password \
    -d '{"email": "vitalik@example.com"}'
HTTP/2 201

Response JSON:

{
    "reset_password_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7Im5hbWUiOiJLeWxlIFRob21hcyJ9LCJleHAiOjE1Njg2MjE1ODIsImlhdCI6MTU2ODYxNzk4MiwianRpIjoiYmUyNjRmYTAtM2Q1OC00Yjk1LTg1ZTktY2MzZGM1ZWI3Y2ZjIiwic3ViIjoidXNlcjo5ZTE1NzkxYS1kYmYxLTRlNWUtOGM2Yi1hNzI1M2UxOThiNGMifQ.vthjA4dkvNz8VXFftyoAhjiT-FANVrEbmIiQ7C4kKzM"
}

Initiate a password reset request for a platform User or a User on behalf of an authorized Application, in which case the Authorization header is provided containing Application credentials.

Request Parameters

Parameter Description
email email address for the User to initiate the password reset request

Reset Password

curl -i -H 'content-type: application/json' \
    https://ident.provide.services/api/v1/users/reset_password/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7Im5hbWUiOiJLeWxlIFRob21hcyJ9LCJleHAiOjE1Njg2MjE1ODIsImlhdCI6MTU2ODYxNzk4MiwianRpIjoiYmUyNjRmYTAtM2Q1OC00Yjk1LTg1ZTktY2MzZGM1ZWI3Y2ZjIiwic3ViIjoidXNlcjo5ZTE1NzkxYS1kYmYxLTRlNWUtOGM2Yi1hNzI1M2UxOThiNGMifQ.vthjA4dkvNz8VXFftyoAhjiT-FANVrEbmIiQ7C4kKzM \
    -d '{"password": "the new password"}'
HTTP/2 204

Complete a password reset request for a platform User or a User on behalf of an authorized Application.

URL Parameters

Parameter Description
token reset password token acquired in the reset password request

Request Parameters

Parameter Description
password the new password for the User

 

Applications

List Applications

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/applications
HTTP/2 200
date: Sun, 09 Jun 2019 04:58:25 GMT
content-length: 872
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Length, Content-Type, Origin, User-Agent, X-CSRF-Token, X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: X-Total-Results-Count
x-total-results-count: 2

Response JSON:

[
    {
        "id": "5c453bea-da24-4123-9b43-d35ded159531",
        "created_at": "2019-06-09T05:32:24.526827-04:00",
        "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9",
        "user_id": "5183192d-ac85-4c5a-a78d-8031a8d20878",
        "name": "providepayments",
        "description": null,
        "config": {
            "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9"
        },
        "hidden": false
    },
    {
        "id": "3861ef98-332a-4666-b5de-d382c77d481c",
        "created_at": "2019-06-09T05:40:11.911719-04:00",
        "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9",
        "user_id": "5183192d-ac85-4c5a-a78d-8031a8d20878",
        "name": "Digitized Bill of Lading",
        "description": null,
        "config": {
            "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9"
        },
        "hidden": false
    }
]

List platform Applications visible to the authorized User.

Query Parameters

Parameter Default Description
hidden false flag to indicate if hidden Applications should be filtered
network_id n/a id of the Network for which the Applications should be filtered

Create Application

curl -i -H 'content-type: application/json' \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NjAwNTg0NTksImp0aSI6IjU0YWZmMGQ1LTFjY2ItNDRmNy1iYTRiLTExYTA3YWFhZGM2YiIsInN1YiI6InVzZXI6NTE4MzE5MmQtYWM4NS00YzVhLWE3OGQtODAzMWE4ZDIwODc4In0.jI7S0gW__iFjbZi0o8AKyqrH8D01vpCpgV3HOh9TrUE' \
    https://ident.provide.services/api/v1/applications \
    -d '{
    "config":{
        "network_id":"ef976635-545b-46c6-9576-4e3a893a68e9"
    },
    "name":"providepayments"
}'
HTTP/2 201
date: Sun, 09 Jun 2019 04:58:25 GMT
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Length, Content-Type, Origin, User-Agent, X-CSRF-Token, X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: X-Total-Results-Count

Response JSON:

{
    "id": "acc45205-9043-4174-b349-8ea5aded3685",
    "created_at": "2019-06-09T05:34:09.124485-04:00",
    "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9",
    "user_id": "5183192d-ac85-4c5a-a78d-8031a8d20878",
    "name": "providepayments",
    "description": null,
    "config": {
        "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9"
    },
    "hidden": false
}

Creates a new logical Application on behalf of the authorized platform User.

Request Parameters

Parameter Description
name name of the Application
network_id id of the Network where Application resources will be deployed

Retrieve Application details

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/applications/acc45205-9043-4174-b349-8ea5aded3685
HTTP/2 200
date: Sun, 09 Jun 2019 04:58:25 GMT
content-length: 380
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Length, Content-Type, Origin, User-Agent, X-CSRF-Token, X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: X-Total-Results-Count

Response JSON:

{
    "id": "acc45205-9043-4174-b349-8ea5aded3685",
    "created_at": "2019-06-09T05:34:09.124485-04:00",
    "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9",
    "user_id": "5183192d-ac85-4c5a-a78d-8031a8d20878",
    "name": "providepayments",
    "description": null,
    "config": {
        "network_id": "ef976635-545b-46c6-9576-4e3a893a68e9"
    },
    "hidden": true
}

Retrieve details for an Application.

Query Parameters

Parameter Description
id id of the Application

Update Application

curl -i -XPUT \
    -H 'content-type: application/json' \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/applications/acc45205-9043-4174-b349-8ea5aded3685 \
    -d '{"hidden": true}'
HTTP/2 204

Update an Application.

URL Parameters

Parameter Description
id id of the Application

List Application Tokens

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/applications/acc45205-9043-4174-b349-8ea5aded3685/tokens
HTTP/2 200
date: Sun, 09 Jun 2019 09:41:26 GMT
content-length: 523
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Length, Content-Type, Origin, User-Agent, X-CSRF-Token, X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: X-Total-Results-Count
x-total-results-count: 1

Response JSON:

[
    {
        "id": "dff4470f-69ae-47c7-96d3-409fe83aa2f9",
        "created_at": "2019-06-09T05:34:09.129953-04:00",
        "issued_at": "2019-06-09T05:34:09.12981-04:00",
        "expires_at": null,
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NjAwNzI4NDksImp0aSI6ImRmZjQ0NzBmLTY5YWUtNDdjNy05NmQzLTQwOWZlODNhYTJmOSIsInN1YiI6ImFwcGxpY2F0aW9uOmFjYzQ1MjA1LTkwNDMtNDE3NC1iMzQ5LThlYTVhZGVkMzY4NSJ9.Nrwb6yRqYn4TJC-j_xIN9PFoAG5ap63SYkykmuY-MAA",
        "data": null
    }
]

List Tokens associated with the specified Application.

URL Parameters

Parameter Description
id id of the Application

Users

List Users

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
    https://ident.provide.services/api/v1/users
HTTP/2 200

Response JSON:

[
  {
        "id": "7fc90f5a-45e3-42ed-84b9-c13aed6481f1",
        "created_at": "2018-10-09T02:29:30.580961Z",
        "name": "EntArchitect",
        "email": "big-arch@example.com"
    },
    {
        "id": "876e4fc6-b379-432c-8f76-7e42a955d527",
        "created_at": "2018-10-09T02:21:14.531578Z",
        "name": "SavvyExec",
        "email": "vip@example.com"
    }
]

List Users for the authorized Application.

Create User

curl -i -H 'content-type: application/json' \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
    https://ident.provide.services/api/v1/users \
    -d '{"name": "Vitalik Buterin", "email": "vitalik@example.com", password": "3sWWKn7jQhbj#XW5CXTappB!E6WzwZuc"}'
HTTP/2 201

Response JSON:

[
  {
    "id": "876e4fc6-b379-432c-8f76-7e42a955d527",
    "created_at": "2018-10-09T02:21:14.531577683Z",
    "name": "Vitalik Buterin",
    "email": "vitalik@example.com"
  }
]

Create a new platform User or a User on behalf of an authorized Application.

Request Parameters

Parameter Description
name full name of the User
email email address for the User; must be capable of receiving email at time of creation
password password for the User; an Application may create a User without a password for use with certain APIs

Update User

curl -i -XPUT \
    -H 'content-type: application/json' \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
    https://ident.provide.services/api/v1/users/876e4fc6-b379-432c-8f76-7e42a955d527 \
    -d '{"password": "the new password"}'
HTTP/2 204

Update an existing User.

URL Parameters

Parameter Description
id id of the User

Delete a User

Documentation forthcoming.

URL Parameters

Parameter Description
id id of the User

List User KYC Applications

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/users/876e4fc6-b379-432c-8f76-7e42a955d527/kyc_applications
HTTP/2 200

Response JSON:

[
  {
    "id": "5286091c-a6ea-4546-9212-9c50925289f3",
    "created_at": "2019-06-04T14:53:34.497081-04:00",
    "application_id": null,
    "user_id": "876e4fc6-b379-432c-8f76-7e42a955d527",
    "provider": "identitymind",
    "identifier": "3d03c423f58747da9ced20bfee199975",
    "type": "kyc",
    "status": "accepted",
    "params": {
        "man": "Vitalik Buterin",
        "tid": "3d03c423f58747da9ced20bfee199975"
    },
    "provider_representation": {
        "ednaScoreCard": {
            "er": {
                "profile": "DEFAULT",
                "reportedRule": {
                    "description": "Rule fired from sandbox",
                    "details": "[Fired] details",
                    "name": "Sandbox Rule",
                    "resultCode": "ACCEPT",
                    "ruleId": 1002,
                    "testResults": [
                        {
                            "condition": {
                                "left": "ed:1",
                                "operator": "eq",
                                "right": true
                            },
                            "details": "[Fired] details",
                            "fired": true,
                            "stage": "1",
                            "test": "ed:1",
                            "ts": 1559889000000
                        }
                    ]
                }
            },
            "etr": [
                {
                    "details": "true",
                    "test": "ed:20"
                },
                {
                    "details": "true",
                    "test": "ed:31"
                },
                {
                    "details": "true",
                    "test": "ed:2"
                },
                {
                    "details": "true",
                    "test": "ed:1"
                },
                {
                    "details": "true",
                    "test": "ed:28"
                }
            ],
            "sc": [
                {
                    "details": "true",
                    "test": "ed:1"
                }
            ]
        },
        "mtid": "9d26c9dbb0174f38b57d76091b979928",
        "rcd": "",
        "state": "A",
        "tid": "9d26c9dbb0174f38b57d76091b979928"
    }
  }
]

List KYCApplications associated with a User.

URL Parameters

Parameter Description
id id of the User

 

KYC

Provide has built a KYC service which acts as an API gateway to third-party digital identity management platforms in an effort to create a standard, developer-friendly way to interact with digital signing identities in the context of KYC (and KYB), AML compliance and fraud prevention. The KYC API gateway allows applications to conform to an upstream partner's compliance requirements without compromising the UX of their own applications. We are open to adding support for additional third-party KYC/AML API providers. If you would like to see us add support for a new provider, please contact us.

The KYC API gateway acts as a passthrough to a configured third-party API (the provider). Provide manages the KYC/KYB application lifecycle to help your compliance department perform remediation. Upon submission of a KYC (or KYB) application, the platform asyncronously monitors the application for state changes; subscriptions can be configured to notify your application when manual remediation is required. More details on these notifications will be provided in a subsequent update to this documentation.

Third-Party API Support

Provide's KYC service currently supports the following third-party vendors:

Name KYC Application Provider API Reference
IdentityMind identitymind https://edoc.identitymind.com/reference
Vouched vouched https://docs.vouched.id

Webhook Support

The Provide KYC API gateway implements fault-tolerant KYC remediation. When the status of a KYC application changes, your application can be configured to receive notifications at a configured HTTP webhook_url. Webhook notifications requests sent to this URL include a signature in the X-Request-Signature header. This allows you to verify that the requests were sent by Provide and not by a third party. Signatures can only be verified manually at this time as described below.

Preventing replay attacks

A replay attack is when an attacker intercepts a valid payload and its signature and retransmits them. To mitigate such attacks, Provide includes a timestamp in the X-Request-Signature header. Because this timestamp is also part of the signed payload, it is verified by the signature. An attacker cannot change the timestamp without invalidating the signature. If the signature is valid but the timestamp is too old, you can have your application reject the payload at your discretion.

We recommend that you use Network Time Protocol (NTP) to ensure that your server's clock is accurate and synchronizes with the time on Provide's servers.

Provide generates the timestamp and signature each time we send an notification to your endpoint. If a notification is retried (i.e., in the event your configured endpoint previously issued a non-2xx response), then a new signature and timestamp is generated for the retry attempt.

Verifying signatures

We may release webhook signature verification examples using one of our official libraries in the future. Please use the following instructions to implement signature verification in your configured webhook endpoint.

The X-Request-Signature header contains a timestamp and signature. The timestamp and signature are prefixed by t= and s=, respectively, and comma-delimited.

X-Request-Signature: t=1257894000,s=5b5e838f593e1bae355109bce56939f5ccae74586635f4f95d68bb6b526c40ac

Provide generates signatures using a hash-based message authentication code (HMAC) with SHA-256.

It is not currently possible to have multiple active secrets for generating signatures.

Step 1: Extract the timestamp and signatures from the header

Split the header, using the , character as the delimiter to split on, to get a list of key/value pair strings. Then split each raw string, using the = character as the separator, to arrive at each key and its associated value.

The value for the prefix t corresponds to the timestamp, and s corresponds to the signature.

Step 2: Generate the signed payload string

You achieve this by concatenating:

Step 3: Determine the expected signature

Compute an HMAC with the SHA-256 hash function. Use the application's signing secret as the key, and use the signed payload string generated in step (2) above as the message.

Step 4: Compare signatures

Compare the signature in the header to the expected signature. If the signatures match, compute the difference between the current and received timestamps. It is up to you to determine if the difference is within your tolerance. A higher tolerance is more susceptible to replay attaacks.

To protect against timing attacks, use a constant-time string comparison to compare the expected signature to the received signature.

List KYC Applications

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/kyc_applications
HTTP/2 200
date: Wed, 12 Jun 2019 05:39:19 GMT
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Length, Content-Type, Origin, User-Agent, X-CSRF-Token, X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: X-Total-Results-Count
x-total-results-count: 3

Response JSON:

[
    {
        "id":"72258a99-1518-4526-a5fa-043081eee7f0",
        "created_at":"2019-06-12T02:31:33.613098-04:00",
        "application_id":"bca2348c-442f-4c48-99a4-7b3510385e53",
        "user_id":"47069619-2035-4193-bdd0-af4d5096b649",
        "provider":"identitymind",
        "identifier":null,
        "type":"kyc",
        "status":"failed",
        "name":"Tim Evans",
        "description":"No national id country specified, and invalid format for US Social Security Number",
    },
    {
        "id":"13bd0b24-f0d9-4caa-89ab-259c058877ce",
        "created_at":"2019-11-13T03:55:02.687098-05:00",
        "application_id":"dc4152f7-456f-41ed-96b4-e52b8faa05fd",
        "user_id":"9a253758-197a-4308-8d2d-61cfe9317644",
        "provider":"vouched",
        "identifier":"OsccQPWf",
        "type":"kyc",
        "status":"remediate",
        "name":"John Smith",
        "description": null
    },
    {
        "id":"e40a34d8-5df9-4ab3-be79-b8b34844eb3d",
        "created_at":"2019-11-05T22:23:31.126578-05:00",
        "application_id":"dc4152f7-456f-41ed-96b4-e52b8faa05fd",
        "user_id":"3fceea52-b71c-4b7f-bb88-712046523310",
        "provider":"vouched",
        "identifier":"oRM3YnSy",
        "type":"kyc",
        "status":"accepted",
        "name":"Joe Lubin",
        "description": null
    }
]

List KYC applications visible to the authorized User or Application.

Create KYC Application

curl -i -XPUT \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/kyc_applications/1bd7e730-67e5-4418-b624-c0c47b072f8b \
    -d '{
    "user_id": "00d4adc9-b0ca-4c94-9d90-3c61f696b8bd",
    "provider": "vouched",
    "params": {
        "type": "id-verification",
        "webhook_url": "https://url.to.my/webhook",
        "date_of_birth": "1988-10-01",
        "first_name": "John",
        "last_name": "Smith",
        "id_photo": "<base64-encoded image data>",
        "id_photo_back": "<base64-encoded image data>",
        "selfie": "<base64-encoded image data>",
    }
}'
HTTP/2 201

Response JSON:

{
  "id": "205d1f45-4b45-4d85-a692-8db40d94ab89",
  "created_at": "2019-11-13T04:24:48.241681-05:00",
  "application_id": "dc4152f7-456f-41ed-96b4-e52b8faa05fd",
  "user_id": "00d4adc9-b0ca-4c94-9d90-3c61f696b8bd",
  "provider": "vouched",
  "identifier": null,
  "type": "kyc",
  "status": "pending",
  "name": "John Smith",
  "description": null,
  "params": {
      "date_of_birth": "1988-10-01",
      "first_name": "John",
      "last_name": "Smith",
      "id_photo": "<base64-encoded image data>",
      "id_photo_back": "<base64-encoded image data>",
      "selfie": "<base64-encoded image data>",
      "type": "id-verification",
      "webhook_url": "https://url.to.my/webhook"
    }
}

Create a KYC application using the specified third-party provider.

Request Parameters

Name Type Default Description
provider string vouched third-party KYC provider; delegate to which the API gateway will dispatch the KYC or KYB application
params object nil KYC application parameters, normalized for generic use with any supported provider; a nested params object, if included within this parameter, is completely passed through to the third-party provider API
type string KYC application type (kyc or kyb)
user_id uuid kyc id of the User which is the subject of the KYC application; this parameter is only relevant if calling the API on behalf of an Application

For provider-specific params reference, please see Third-Party API Support.

Update KYC Application

curl -i -XPUT \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/kyc_applications/1bd7e730-67e5-4418-b624-c0c47b072f8b \
    -d '{
    "status": "accepted"
}'
HTTP/2 202

Response JSON:

{
    "application_id": "dc4152f7-456f-41ed-96b4-e52b8faa05fd",
    "created_at": "2019-11-13T04:24:48.241681-05:00",
    "description": null,
    "id": "205d1f45-4b45-4d85-a692-8db40d94ab89",
    "identifier": "VS5eRURs",
    "name": "Truong Tri Tung",
    "provider": "vouched",
    "status": "accepted",
    "type": "kyc",
    "user_id": "9a253758-197a-4308-8d2d-61cfe9317644",
}

Update a previously submitted KYC application and asynchronously resubmit it to the third-party provider on behalf of the authorized User or Application.

Request Parameters

Name Type Description
status string the status of the KYC application; must be a valid state transition in the context of the application's current state

For provider-specific params reference, please see Third-Party API Support.

KYC Application Status & Accepting or Rejecting a KYC Application

The status parameter represents the current status of the KYC application; the following are valid status values:

Value Description
accepted the KYC application was accepted
failed the KYC application submission to the third-party provider failed
pending the KYC application is in the process of being submitted to the third-party provider
rejected the KYC application was rejected, either by the third-party provider AI, or manually by way of remediation
remediate the KYC application requires remediation due to its similarity with another KYC application or other risk factors
review the KYC application has been submitted to the third-party provider and is currently being processed
submitted the KYC application has been submitted to the third-party provider but no decision has been resolved

Retrieve KYC Application Details

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/kyc_applications/1bd7e730-67e5-4418-b624-c0c47b072f8b
HTTP/2 200

Response JSON (Identitymind provider):

{
    "id": "1bd7e730-67e5-4418-b624-c0c47b072f8b",
    "created_at": "2019-06-07T02:30:00.115517-04:00",
    "application_id": null,
    "user_id": "00d4adc9-b0ca-4c94-9d90-3c61f696b8bd",
    "provider": "identitymind",
    "identifier": "95ed799287ee48ccadf4cf1f654e064c",
    "type": "kyc",
    "status": "accepted",
    "description":null,
    "params": {
        "man": "Joe Lubin",
        "tea": "joe@example.com"
    },
    "provider_representation": {
        "ednaScoreCard": {
            "er": {
                "profile": "DEFAULT",
                "reportedRule": {
                    "description": "Rule fired from sandbox",
                    "details": "[Fired] details",
                    "name": "Sandbox Rule",
                    "resultCode": "ACCEPT",
                    "ruleId": 1002,
                    "testResults": [
                        {
                            "condition": {
                                "left": "ed:1",
                                "operator": "eq",
                                "right": true
                            },
                            "details": "[Fired] details",
                            "fired": true,
                            "stage": "1",
                            "test": "ed:1",
                            "ts": 1559891359000
                        }
                    ]
                }
            },
            "etr": [
                {
                    "details": "true",
                    "test": "ed:20"
                },
                {
                    "details": "true",
                    "test": "ed:31"
                },
                {
                    "details": "true",
                    "test": "ed:2"
                },
                {
                    "details": "true",
                    "test": "ed:1"
                },
                {
                    "details": "true",
                    "test": "ed:28"
                }
            ],
            "sc": [
                {
                    "details": "true",
                    "test": "ed:1"
                }
            ]
        },
        "mtid": "95ed799287ee48ccadf4cf1f654e064c",
        "rcd": "",
        "state": "A",
        "tid": "95ed799287ee48ccadf4cf1f654e064c"
    }
}

Response JSON (Vouched provider):

{
  "id": "e494ee10-bbf5-45bb-81aa-7e3561d8c729",
  "created_at": "2019-09-15T02:42:00.743047-04:00",
  "application_id": "dc4152f7-456f-41ed-96b4-e52b8faa05fd",
  "user_id": "9e15791a-dbf1-4e5e-8c6b-a7253e198b4c",
  "provider": "vouched",
  "identifier": "hDj_HOv",
  "type": "kyc",
  "status": "submitted",
  "description": null,
  "params": {
    "params": {
        "date_of_birth": "06/22/1990",
        "first_name": "Janice",
        "last_name": "Way",
        "id_photo": "<base64-encoded image data>",
        "id_photo_back": "<base64-encoded image data>",
        "selfie": "<base64-encoded image data>",
        "type": "id-verification",
        "webhook_url": 
    },
    "type": "id-verification"
  },
  "provider_representation": {
    "errors": [
      {
        "message": "Invalid or unsupported id",
        "suggestion": null,
        "type": "InvalidIdPhotoError"
      },
      {
        "message": "Invalid or unsupported selfie",
        "suggestion": null,
        "type": "InvalidUserPhotoError"
      },
      {
        "message": "Id and selfie faces do not match",
        "suggestion": null,
        "type": "FaceMatchError"
      },
      {
        "message": "Name is below the confidence threshold",
        "suggestion": null,
        "type": "NameMatchError"
      },
      {
        "message": "Birth date is below the confidence threshold",
        "suggestion": null,
        "type": "BirthDateMatchError"
      }
    ],
    "id": "hDj_HOv",
    "request": {
      "callbackURL": "https://google.com/gdpr",
      "parameters": {
        "carInsurancePhoto": null,
        "dob": "06/22/1990",
        "dotPhoto": null,
        "firstName": "Janice",
        "idPhoto": "<base64-encoded image data>",
        "idPhotoBack": null,
        "lastName": "Way",
        "twicPhoto": null,
        "userPhoto": "<base64-encoded image data>"
      },
      "type": "id-verification"
    },
    "result": {
      "confidences": {
        "backId": null,
        "faceMatch": 0,
        "id": 0.4327,
        "idMatch": 0,
        "selfie": 0.0434
      },
      "country": "US",
      "dob": null,
      "errors": null,
      "firstName": null,
      "id": null,
      "lastName": null,
      "state": "WI",
      "success": false,
      "type": "drivers-license"
    },
    "status": "completed",
    "submitted": "2019-09-15T06:42:02+00:00"
  }
}

Retrieve a previously submitted KYC application and enrich it with the latest third-party representation. This is useful to check the remediation status of an application.

Upload KYC Application Document

curl -i -XPOST \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/kyc_applications/5286091c-a6ea-4546-9212-9c50925289f3/documents \
    -d '{}'
HTTP/2 202

Response JSON:

{}

Upload and attach a document to an existing KYC application.

Documentation forthcoming.

List KYC Application Documents

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/kyc_applications/5286091c-a6ea-4546-9212-9c50925289f3/documents
HTTP/2 200

Response JSON:

[
    {}
]

List documents attached to a KYC application.

Documentation forthcoming.

Download KYC Application Document

curl -i \
    -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.NQLm__LbMWor-9GMG0LPcH4yQIbu9Uw70kJfRt1KP64' \
    https://ident.provide.services/api/v1/kyc_applications/5286091c-a6ea-4546-9212-9c50925289f3/documents
HTTP/2 200

Response JSON:

[
    {}
]

Download a document attached to a KYC application.

Documentation forthcoming.