Get KYC data
Endpoints
Get KYC Data
Retrieve signed KYC data for granted permissions
POST
Get KYC data
This endpoint returns the user’s actual KYC data. Only call this after verifying grants via
/kyc/validate.Response Signing
All KYC data responses must be signed by your private key. Recipients verify the signature using your public key from/metadata.json. This proves:
- The data came from your KYC provider
- The data hasn’t been tampered with
- You attested to the verification at the specified time
Data Structure
Thedata object contains fields based on the requested grants:
Identity Fields
Document Fields
Verification Fields
Implementation
Verifying the Signature
Recipients should verify the KYC data signature:Security Considerations
- Document image URLs are time-limited and should expire within 1 hour
- Sensitive fields like full ID numbers may be partially redacted
- Cache KYC data responses only until
expires_at - Always verify signatures before trusting the data
Headers
Caller's OCID
Unix timestamp in seconds
Unique request identifier
secp256k1 ECDSA signature
Body
application/json