Getting Started with Trustist Ecommerce API

The Trustist Ecommerce (TE) API enables you to integrate identity verification, KYC/AML checks, and payment processing directly into your applications. This guide will help you get up and running quickly.

๐Ÿ“Œ New to Trustist? Start by creating an account and obtaining your API keys from the TrustistTransfer app. See our API Keys Guide for detailed instructions.
โš ๏ธ Important - Understanding API Key Types:

The Trustist API uses two types of keys with different capabilities:

  • Merchant Keys (self-service via TrustistTransfer) - For payment operations only
  • Tenant Keys (contact Trustist support) - Required for customer & identity verification operations

See the API Keys Guide to understand which key type you need.

What Can You Build?

๐Ÿ‘ฅ

Customer Management

Create and manage customer records for your organisation. Store customer details securely and associate them with identity verification sessions and payments.

  • Create customers with basic details
  • Search and retrieve customer information
  • Manage customer lifecycle
โœ…

Identity Verification

Conduct KYC (Know Your Customer) checks and AML (Anti-Money Laundering) verification for your customers.

  • Create identity verification sessions
  • Verify identity documents
  • Access verification results
๐Ÿฆ

Bank Account Access (AIS)

Access customer bank account information for affordability checks and proof of wealth verification via Open Banking.

  • Retrieve bank account details
  • Access real-time balances
  • View transaction history
  • Automated matching across sessions
View AIS Guide
๐Ÿ’ณ

Payment Processing

Accept bank transfers and card payments with comprehensive status tracking and 3DS support for secure transactions.

  • Hosted payment pages
  • Server-to-server card payments
  • Bank transfer payments
  • Real-time payment status
๐Ÿ””

Webhooks & Events

Receive real-time notifications when important events occur, enabling you to respond immediately to customer actions.

  • Identity verification session completion notifications
  • Payment status updates
  • Custom webhook endpoints
  • Event filtering

Quick Links

๐Ÿ” Authentication

Learn how to authenticate your API requests using Hawk authentication.

Read Guide
๐Ÿš€ Quick Start

Get up and running with code examples in multiple languages.

Start Building
๐Ÿ“– API Reference

Complete API endpoint documentation with request/response examples.

View Reference

Core Concepts

Tenants & Permissions

All API operations are scoped to a tenant. Your API key belongs to a tenant and has specific permissions that control what operations you can perform:

Permission Description
create_customer Create new customer records
read_customers Retrieve customer information
create_onboard_session Initiate identity verification sessions
read_onboard_session View identity verification session details
read_onboard_results Access verification check results
manage_webhooks Register and manage webhook endpoints
create_payment Process payments (requires merchant ID)
read_payment Retrieve payment status
create_standing_order Set up Direct Debit mandates
read_standing_order View standing order details
read_customer_bank_accounts View customer bank accounts from AIS
read_customer_bank_account_balances Retrieve customer bank account balances
read_customer_bank_account_transactions Access customer transaction history
โš ๏ธ Payment Permissions: Payment-related permissions (create_payment, read_payment, etc.) require a merchant ID to be associated with your API key. Contact support if you need payment processing capabilities.

API Versioning

All API endpoints are versioned and accessed via the /v1/ path prefix. For example: 

https://api.trustist.com/v1/customers
https://api.trustist.com/v1/onboard/sessions

Response Format

All responses are returned in JSON format. Successful responses typically return:

  • 200 OK - Successful GET request
  • 201 Created - Successful POST request that created a resource
  • 204 No Content - Successful DELETE request

Error responses include:

  • 400 Bad Request - Invalid request data
  • 401 Unauthorized - Missing or invalid authentication
  • 403 Forbidden - Insufficient permissions
  • 404 Not Found - Resource doesn't exist
  • 500 Internal Server Error - Server-side error

Next Steps

Now that you understand the basics, proceed to:

  1. Set up authentication with your API keys
  2. Follow the quick start guide to make your first API call
  3. Use the sandbox environment to test your integration
  4. Explore the complete API reference for detailed endpoint documentation
๐Ÿ’ฌ Need Help? Contact our support team at [email protected] or visit the help centre.