Skip to main content

Overview

If you already operate your own Sumsub account and have a verified user base, you do not have to put those users through KYC again when you onboard them to Reap. Sumsub’s Token Sharing feature lets you hand Reap a per-user share token from your Sumsub account. Reap imports the existing verification and the user becomes APPROVED on Reap without going through the Sumsub SDK a second time. This is offered alongside the standard SDK flow. Use this guide if your product runs Sumsub KYC under your own account by design and you want Reap to consume those verifications.
Token Sharing is a data import, not a re-verification. Reap does not re-screen the user. There is no IN_REVIEW step. A successful import moves the user straight to APPROVED.

Prerequisites

Before you can share tokens with Reap, two one-time steps need to be in place. Your Reap account manager will guide you through both.
1

Sign Sumsub's Reusable KYC Agreement

This authorises your company as a donor of KYC data and Reap as the recipient.
2

Add Reap as a recipient inside your Sumsub account

Use the setup token your Reap account manager will provide. Sumsub’s partner setup guide covers the exact steps.
Until both are done, token imports will fail regardless of how the request is made.

How it works

You mint a fresh share token in your Sumsub immediately before the call, hand it to Reap together with the Reap userId, and get an immediate success or failure response. A failed import (for example, an expired token) leaves the user at NOT_STARTED and returns an error you can act on. You can retry by minting a fresh token and calling again.

How statuses update

The contract is the same as the SDK flow:
  • A successful import transitions the user to APPROVED.
  • Reap emits a USER_APPLICATION_STATUS_UPDATED event for that user.
  • Your existing webhook handler picks it up. No new event type and no new payload to integrate.
See Application statuses for the full status model.

Constraints

A few things are worth knowing up front because they affect how you build around the feature.
  • Share tokens are valid for 20 minutes. Mint the token immediately before the import call.
  • Rate limited. Reap accepts up to 3 imports per second per business. If you create users faster than that, you’ll get rate limit errors.
  • externalId must be the Reap userId. This is the only mapping Reap uses to attach the imported verification to the right user. Your own internal IDs will be rejected.
  • Token Sharing assumes the user is already approved in your Sumsub. Only share tokens for users who have completed KYC successfully on your side. Sharing tokens for in-review or rejected users is not supported.
The Reusable KYC Agreement and partner setup with Sumsub are hard prerequisites. Token imports will fail until both are in place.

Get started

Sumsub Token Sharing is enabled per program. Talk to your Reap account manager to:
1

Walk through the Sumsub agreement and partner setup

2

Get access enabled on your account

Once enabled, the integration follows the flow above.