Automation with the Connect Dashboard API

Extract and Archive. Best practice.

Personal KYC data should not sit in your KYC Connect database forever. Using the API with the archive option will allow you to securely meet your data retention requirements.

After creating an API key, you can use this Dashboard API to extract individuals' Identities, including provided personal info attributes, and store them in a secure environment.

Archived candidate Identities

When an Identity is archived in the KYC Connect Dashboard all raw KYC personal info (Identity attributes) will be deleted. Only metadata (e.g. status, history) and any certificates provided will remain.

If the Identity attribute data has been extracted using the API, candidate Identities can be automatically archived.

Encryption

To further protect candidates' personal information you can encrypt the API return data.

tip

If you wish to use AES encryption as an additional security layer on the extracted data, please contact Blockpass directly for more information about the protocols and keys you will require.

1. Generate a AES key for this API request
2. Encrypt the AES key to the Blockpass Cloud Dashboard RSA public key
3. Include the encrypted AES key in the header of the API request
4. The AES key is recovered using the Blockpass Cloud Dashboard private key
5. The API response data is encrypted using the AES key provided

KYC API data description:

• refId: Reference ID of user in Merchant's platform (e.g. Your internal User ID, uuid)

• recordId: Reference ID of user in KYC Connect platform. This ID is different for each service registered by the user.

• blockPassID: Blockpass registration ID. Unique for each user.

• status: Status of KYC application

  • incomplete: Blockpass verifications pending
  • waiting: Operator's review pending
  • inreview: In review by Operator
  • approved: KYC application has been approved
  • rejected: Operator has rejected one or more attributes, User must resubmit different data
  • blocked: Operator has blocked the profile, User cannot resubmit
  • review_requested: Operator has requested a profile update, User can resubmit different or identical data

• isArchived: KYC application archived status

  • true: All KYC applications' attributes were deleted by operator
  • false: Data are still available in KYC Connect

• inreviewDate: Start review date

• waitingDate: Last submitted date

• approvedDate: Approval date

• willArchiveAtDate: KYC Connect will auto archive when date is reached (only returned if Archive after extract data was defined in API key management settings)

Examples

• Get status for all candidates
• Get status or all data for a single candidate
• Archive candidate Identities after fetch

Best practices for securily using API keys

danger

Publicly exposing an API key can result in your users' personal data being compromised.

You must follow best practices for securely using API keys.

Some best practices:

• Do not add API keys directly in the frontend or backend code.
• Do not store API keys in your code tree or version control.
• Delete API keys from the Blockpass Console when they are not used.
• Create new API keys periodically and delete old ones.
• Do not share API keys on public channels.