Extract and Archive. Best practice.
Personal KYC data should not sit in your KYC Connect database forever. Using the API with the archive option will allow you to securely meet your data retention requirements.
Archived candidate Identities
When an Identity is archived in the KYC Connect Dashboard all raw KYC personal info (Identity attributes) will be deleted. Only metadata (e.g. status, history) and any certificates provided will remain.
If the Identity attribute data has been extracted using the API, candidate Identities can be automatically archived.
To further protect candidates' personal information you can encrypt the API return data.
👉 If you wish to use AES encryption as an additional security layer on the extracted data, please contact Blockpass directly for more information about the protocols and keys you will require.
- Generate a AES key for this API request
- Encrypt the AES key to the Blockpass Cloud Dashboard RSA public key
- Include the encrypted AES key in the header of the API request
- The AES key is recovered using the Blockpass Cloud Dashboard private key
- The API response data is encrypted using the AES key provided
KYC API data description:
refId: Reference ID of user in Merchant's platform (e.g. Your internal User ID, uuid)
recordId: Reference ID of user in KYC Connect platform. This ID is different for each service registered by the user.
blockPassID: Blockpass registration ID. Unique for each user.
status: Status of KYC application
incomplete: Blockpass verifications pending
waiting: Operator's review pending
inreview: In review by Operator
approved: KYC application has been approved
rejected: Operator has rejected one or more attributes, User can resubmit
blocked: Operator has blocked the profile, User cannot resubmit
isArchived: KYC application archived status
true: All KYC applications' attributes were deleted by operator
false: Data are still available in KYC Connect
inreviewDate: Start review date
waitingDate: Last submitted date
approvedDate: Approval date
willArchiveAtDate: KYC Connect will auto archive when date is reached (only returned if
Archive after extract datawas defined in
API keymanagement settings)
- Get status for all candidates
- Get status or all data for a single candidate
- Archive candidate Identities after fetch
Best practices for securily using API keys
⚠️ Publicly exposing an API key can result in your users' personal data being compromised.
You must follow best practices for securely using API keys.
Some best practices:
- Do not add API keys directly in the frontend or backend code.
- Do not store API keys in your code tree or version control.
- Delete API keys from the Blockpass Console when they are not used.
- Create new API keys periodically and delete old ones.
- Do not share API keys on public channels.