Overview
Know Your Customer (KYC) is the identity verification process every user must complete before they can hold an account or a card on Reap. You embed the verification experience in your app, Reap manages the compliance orchestration behind the scenes.How it works
Reap integrates with a third-party identity verification provider. When you initiate KYC for a user, Reap generates a short-lived verification token. Your backend fetches this token and passes it to your frontend, which uses it to launch the provider SDK inside your app.- The user uploads their documents and completes liveness checks in the SDK.
- Reap receives the result from the provider and updates the user application status.
- You listen for webhooks to keep your system in sync.
Application statuses
User KYC is tracked via an application status on the user resource.| Status | Meaning | Typical next step |
|---|---|---|
NOT_STARTED | Application created, verification not yet initiated | Call Initiate application flow to get an SDK token |
IN_REVIEW | User has submitted documents, under review by compliance | Wait for USER_APPLICATION_STATUS_UPDATED |
APPROVED | Identity verified, user can hold an account and cards | Proceed to account creation |
REJECTED | Verification failed and cannot be recovered | Check rejectionReason, inform user, do not re-initiate |
RETRY_REQUIRED | Submission incomplete or unclear, user can try again | Call Initiate application flow again and re-launch the SDK |
application object on a user includes both status and rejectionReason.
rejectionReason is populated only when status is REJECTED or RETRY_REQUIRED.
What users are asked to provide
During the verification SDK flow, the user is guided through a set of checks. The exact steps depend on the user’s country of residence and risk profile. Typical checks include:| Check | Description |
|---|---|
| Government-issued ID | Passport, national ID card, or driver’s licence. Both sides may be required. |
| Nationality | Captured from the document and user input to determine eligibility and screening rules. |
| Residential address | Collected as part of the profile. |
| Liveness check | Selfie or short video to confirm the document matches a live person. |
Rejection reasons
If a user’s application isREJECTED or RETRY_REQUIRED, the rejectionReason field explains why.
Common examples include:
| Example reason | What it might mean | Typical action |
|---|---|---|
| Document expired | The submitted ID document is no longer valid | Ask the user to resubmit with a valid document |
| Document unreadable | Image quality was too low to process | Ask the user to retake photos in better lighting |
| Face mismatch | Liveness selfie did not match the ID document | Ask the user to redo the liveness check |
| Unsupported jurisdiction | User resides in a restricted jurisdiction | User cannot be onboarded |
rejectionReason comes from the provider or from Reap’s compliance review.
Present it in your UI in a way that is clear to your users.
Unsupported jurisdictions
Reap cannot onboard users from some jurisdictions due to regulatory restrictions. Attempting to verify a user from a restricted country will result in a rejected application. For the current list of restricted jurisdictions, contact your account manager.Key principles
- You do not manage compliance. Reap handles provider communication, verification status, and orchestration.
- One active application per user. A user has a single KYC application. If a retry is needed, you generate a new token for the same user.
- KYC is a gate. A user cannot have an account created or a card issued until their KYC status is
APPROVED. - Webhooks are the source of truth. Do not poll for status changes. Listen for
USER_APPLICATION_STATUS_UPDATEDevents and update your UI and internal systems from there.