Skip to main content
Identity verification proves a person (KYC) or company (KYB) is who they claim to be, with real evidence: a complete form, document uploads validated by OCR and a video liveness check. It has two sides:
  1. Your own verification (onboarding) — mandatory: until approved, your account can only fund (payins, crypto deposits, incoming transfers) and read. Person ⇒ KYC; company ⇒ KYB.
  2. Verifying your customers (company accounts only) — generate hosted links or send data through the API to verify your own end customers, with a fixed fee per verification.

Your own verification (onboarding)

When you register, your account starts unverified (kyc_status: none) and can only fund and read. Any outgoing-money action (payouts, transfers, withdrawals, banking, cards) answers 403 verification_required until you are approved.
1

Request your verification link

201 response (if you already have an open link, the same one is returned with 200):
The kind derives from your account type: person ⇒ kyc, company ⇒ kyb. Onboarding is free for you.
2

Complete the wizard

Open the url: the hosted wizard guides you through the form, document uploads (identity, proof of residence; corporate documents for companies) and — for KYC — the camera liveness check.
3

Wait for review

Check your state any time:
When compliance approves, your kyc_status becomes approved automatically and every service unlocks (you receive the kyc_verification_status_changed webhook with self_onboarding: true).The approval also backfills your account profile with the verified identity: display_name (person = first + last name; company = legal name), tax_id and country are taken from the verification and from then on are immutable via PATCH /v1/me (409 identity_locked) — the verified identity is the source of truth.
While you wait you can fund normally: payins on every method, crypto deposits and incoming transfers work from day one. If your verification is rejected (kyc_status: rejected), contact your operator — they may ask you to retry with a new link.

Verifying your customers (company accounts only)

A verified company account can verify its own end customers. Each created verification bills the configured fixed fee (kyc_verification / kyb_verification; 0 = free), automatically refunded if creation fails. Person accounts receive 403 company_account_required. Your customer completes EVERYTHING in the white-label wizard: form, documents and liveness. You only generate the link and wait for the webhook.
  • external_customer_id (required): YOUR reference for the verified customer — echoed back on every webhook and query. Values equal to self or ending in :self are reserved for account onboarding and are rejected with 400 invalid_payload.
  • idempotency_key (required): a retry with the same key returns the original link and never double-charges.
  • country (KYB only): us, cl, ve, br, mx, co, pe, bo, py, ar or generic (with generic_country ISO alpha-2, e.g. "ES"). Individual KYC takes no country.
  • expires_in_days (optional, 1–30): omitted, the link never expires.
201 response:
Query and history (every POST has its GET):

Option B — Data through the API

If you already hold the customer’s data, create the verification directly (no wizard). The submission enters the same review queue:
Data-mode notes:
  • Countries in ISO alpha-3 (CHL, USA, VEN…); dates YYYY-MM-DD; id_type: passport | id_card | drivers_license.
  • KYB: body { external_customer_id, country?, business: {…}, ubos?, directors?, signers?, bank_info?, metadata? } on POST /v1/kyb/submissions.
  • No liveness is required at creation: the KYC submission carries liveness_pending: true; close it with a liveness link.
  • Re-sending with the same external_customer_id while the submission is open (pending_review, changes_requested, more_info_required) updates the same submission and does not charge again.
201 response:
Query and history:
The detail adds what compliance requested: pending_documents, rejection_reason, changes_requested_comments; on KYC also liveness_pending and documents_received; on KYB aml_decision.

Documents through the API

Documents are optional at creation (if missing, compliance will request them via more_info_required). 3-step flow:
1

Presign

Categories — KYC: identity, proofOfResidence; KYB: legalPresence, ownershipStructure, controlStructure, companyDetails. Types: application/pdf, image/png, image/jpeg; 15 MB max; the upload URL expires in 15 minutes.
2

Upload

PUT the binary straight to upload_url with the same Content-Type.
3

Confirm

Confirming queues the OCR validation; the result arrives via the kyc_document_validated / kyb_document_validated webhook and is queryable with GET:
outcome: MATCH, REVIEW (manual review), NO_MATCH.
KYC submissions created through the API are born with liveness_pending: true (the liveness check is a browser camera flow). Generate a minimal hosted link for your customer to complete it:
  • Free (the service was billed when the submission was created). If an open link exists, the POST returns the same one; if the check already passed, 400 liveness_already_completed.
  • GET .../liveness_link returns the latest link and the current check state ({ "liveness": { "status", "outcome", "passed" } }).
  • On pass (outcome PASS or REVIEW): the submission clears liveness_pending and the kyc_liveness_completed webhook fires.

One verification for everything (reusable identity)

A customer’s approved verification is their single identity inside CBPay: you never re-type their data or re-upload their documents in any other product.
  • Third-party banking: POST /v1/banking/third-parties requires the verification_id of an approved verification of the third party. The type (INDIVIDUAL/COMPANY) comes from the kind (KYC ⇒ person, KYB ⇒ company), the data (name, email, address) auto-fills from the verified profile, and the already-validated documents are re-delivered automatically to the banking provider (documents_synced in the response). Details in Banking.
  • Cards for designated persons: POST /v1/cards with a person cardholder requires cardholder.verification_id of that person’s approved KYC. The cardholder’s identity and documents come from the verification; you only add the issuer-specific fields (occupation, salary_usd). Details in Cards.
  • Your own account: your approved onboarding is reused too — when creating your banking customer or your first card, missing data and documents auto-fill from your verification.
Explicit fields in your request always win over the autofill.
Without an approved verification of the third party, the banking registration and designated card issuance answer 422 verification_required. Verify first (hosted links or API data) and use the approved submission_id as verification_id.

Compliance report (KYB only)

For every KYB verification you can download the signed compliance report (PDF, evidence for your own auditors):
It is free (the service was billed when the verification was created).

Webhooks

Example payload (kyc_verification_status_changed):
Your own onboarding arrives with "self_onboarding": true instead of external_customer_id. Subscribe like every other event (see Webhooks).

Costs (configured by your operator, can be 0)

The charge comes out of your default settlement balance, is refunded if creation fails, and your own onboarding never bills. Re-sends of an open submission and liveness links do not charge again.

Errors

FAQ

Every account must approve its identity verification before moving money out (a regulatory requirement). Meanwhile you can fund (payins, crypto deposits, incoming transfers) and explore the API. Request your link with POST /v1/me/verification/link and complete it — approval unlocks everything automatically.
It bills when CREATING a third-party link or submission (live mode). Not billed: your own onboarding, re-sends of an open submission (same external_customer_id), liveness links, queries and documents. If creation fails, the fee is refunded automatically.
You will receive more_info_required with pending_documents in the submission detail. Upload each document with this page’s presign → upload → confirm flow; on confirmation the submission returns to the review queue.
No: they complement each other. Verification proves identity with evidence (documents, video); AML screening checks the identity against sanctions/PEP/adverse-media lists and can watch it continuously.
Yes — that is the design: an approved verification works as the single identity. Pass its submission_id as verification_id when registering a third-party banking user or issuing a card for a designated person: data and documents auto-fill. See reusable identity.
Last modified on July 15, 2026