Onboard Sessions

Create identity verification and AML check sessions for your customers. Onboard sessions enable KYC compliance, fraud prevention, and bank account verification through the TrustistOnboard portal.

?? REQUIRES TENANT KEY: Onboard session endpoints require a tenant-scoped API key with onboard permissions. Merchant keys (from the TrustistTransfer app) will not work. Contact Trustist support to request a tenant key.

Overview

Onboard sessions are time-limited workflows where customers complete verification steps through a secure portal. Each session can include:

  • Identity Verification: Document upload, liveness detection, facial matching
  • Document Checks: Passport, driving license, national ID validation
  • Proof of Address: Utility bills, bank statements
  • AML Screening: Sanctions lists, PEPs (Politically Exposed Persons), adverse media
  • AML Monitoring: Ongoing monitoring for changes in risk profile
  • Account Information Services (AIS): Bank account verification, balances, transactions

Session Lifecycle

Typical Onboard Flow
  1. Create Customer - Create a customer record via POST /v1/customers
  2. Create Session - Generate onboard session with desired options
  3. Redirect Customer - Send customer to the returned onboardUrl
  4. Customer Completes - Customer uploads documents, completes checks in the portal
  5. Receive Webhook - Get notified when session completes (if webhooks configured)
  6. Query Results - Retrieve detailed verification results
  7. Process Results - Accept/reject customer based on outcomes

Endpoints

Create an Onboard Session

POST /v1/onboard/sessions

Required Permissions: create_onboard_session

Request Body

Field Type Required Description
customerId string Yes ID of existing customer (ShortGuid or GUID format)
options object No Session configuration (see Options below)
orgId string No Your internal organisation/branch identifier
returnUrl string No Absolute HTTPS URL the customer will be redirected back to when the session completes. If omitted, the TrustistOnboard portal will show a completion screen.

Options Structure

Identity Options (options.identity):

Field Type Default Description
identityCheck boolean true Verify identity via document and selfie
documentCheck boolean true Validate government-issued ID documents
proofOfAddressCheck boolean true Verify residential address
amlStandardScreening boolean false Basic AML checks (sanctions lists)
amlExtensiveScreening boolean true Comprehensive AML (PEPs, adverse media)
amlStandardMonitoring boolean false Ongoing basic monitoring
amlExtensiveMonitoring boolean false Ongoing comprehensive monitoring

AIS Options (options.ais):

Field Type Default Description
accounts boolean false Request access to bank account information
balances boolean false Request access to bank account balances
transactions boolean false Request access to bank transactions
accountLimit integer null Maximum number of accounts customer can select (null = unlimited)
?? AIS Dependencies: Enabling balances or transactions automatically enables accounts. Your tenant must have completed merchant onboarding to use AIS features.

Example Request: Identity Verification Only

{
  "customerId": "3kTp9j2mN5xR",
  "options": {
    "identity": {
      "identityCheck": true,
      "documentCheck": true,
      "proofOfAddressCheck": false,
      "amlExtensiveScreening": true
    }
  }
}

Example Request: Bank Account Verification Only

{
  "customerId": "3kTp9j2mN5xR",
  "emailAddress": "[email protected]",
  "options": {
    "ais": {
      "accounts": true,
      "balances": true,
      "transactions": false,
      "accountLimit": 1
    }
  }
}

Example Request: Complete KYC + AIS

{
  "customerId": "3kTp9j2mN5xR",
  "emailAddress": "[email protected]",
  "options": {
    "identity": {
      "identityCheck": true,
      "documentCheck": true,
      "proofOfAddressCheck": true,
      "amlExtensiveScreening": true,
      "amlExtensiveMonitoring": false
    },
    "ais": {
      "balances": true,
      "transactions": false,
      "accountLimit": null
    }
  }
}

Example Response

{
  "sessionId": "7mQx4nPk8vWz",
  "onboardUrl": "https://onboard.trustist.com/session/7mQx4nPk8vWz"
}
Next Step: Redirect your customer to the onboardUrl to complete verification. The URL is valid for 7 days.

Get Session Status

GET /v1/onboard/sessions/{sessionId}

Required Permissions: read_onboard_session

Parameters

Parameter Type Description
sessionId string Session ID (ShortGuid or standard GUID format)

Example Request

GET /v1/onboard/sessions/7mQx4nPk8vWz
Authorization: HMAC-SHA256 Credential=YOUR_KEY_ID, Signature=...

Example Response

{
  "id": "7mQx4nPk8vWz",
  "status": "complete",
  "progress": {
    "identity": {
      "completed": true,
      "confirmed": true,
      "completedAt": "2025-01-21T15:30:00Z"
    },
    "ais": {
      "completed": true,
      "completedAt": "2025-01-21T15:35:00Z"
    }
  },
  "created": "2025-01-21T14:00:00Z",
  "updated": "2025-01-21T15:35:00Z",
  "attemptCount": 1
}

Session Statuses

Status Description
pending Session created, customer hasn't started
inprogress Customer is actively completing verification
complete All checks completed (check individual results for pass/fail)
expired Session expired before completion (7 days)

Get Verification Results

GET /v1/onboard/sessions/{sessionId}/results

Required Permissions: read_onboard_results

Retrieves comprehensive verification check results including identity verification outcomes, AML screening results, document validation, and more. Use this endpoint after receiving a session completion webhook or confirming the session status is complete.

Example Response

{
  "identity": {
    "outcome": "clear",
    "document": {
      "type": "passport",
      "number": "123456789",
      "country": "GB",
      "verified": true,
      "authentic": true,
      "expiryDate": "2030-05-15"
    },
    "facialSimilarity": 0.98,
    "livenessCheck": "passed",
    "extractedData": {
      "firstName": "Sarah",
      "lastName": "Johnson",
      "dateOfBirth": "1985-03-15",
      "nationality": "GB"
    }
  },
  "aml": {
    "outcome": "clear",
    "sanctionsMatches": 0,
    "pepStatus": "none",
    "adverseMedia": [],
    "riskScore": 12
  }
}

Check Outcomes

Outcome Description Recommended Action
clear Passed all checks Approve customer
consider Potential issues detected Manual review required
warning Issues detected but not blocking Review and decide
rejected Failed critical checks Reject customer

Working with Bank Accounts (AIS)

When AIS options are enabled in an onboard session, customers can connect their bank accounts via Open Banking. Once connected, you can retrieve account information, balances, and transactions.

โ„น๏ธ Important: When you create an onboard session with options.ais set, the customer must complete the AIS flow for that session, even if they already have accessible bank accounts from previous sessions. This ensures fresh token authorization with the requested permissions and allows for token refresh or additional account linking.

AIS Behaviour Differences:

  • Onboard Sessions: Always require the customer to complete AIS when options.ais is set, regardless of existing bank access.
  • Payments: May skip AIS redirect if the customer already has valid bank access that satisfies the payment's aisRequirements.

See the Customer Bank Accounts (AIS) guide for detailed information on accessing bank account data.

Webhooks

Register webhooks to receive real-time notifications when onboard sessions complete. This eliminates the need for polling and enables immediate response to verification outcomes.

See the Identity Verification Webhooks guide for detailed webhook documentation.

Quick Example: Register Webhook

POST /v1/onboard/webhooks

{
  "url": "https://yourapp.com/webhooks/onboard",
  "name": "Production Onboard Webhook",
  "events": ["onboard.session.completed"]
}

Common Use Cases

1. Financial Service KYC

// Create customer and start comprehensive KYC
const customer = await teClient.customers.create({
  firstName: "Alice",
  lastName: "Brown",
  emailAddress: "[email protected]",
  dateOfBirth: "1990-06-15"
});

const session = await createOnboardSession({
  customerId: customer.id,
  options: {
    identity: {
      identityCheck: true,
      documentCheck: true,
      amlExtensiveScreening: true,
      amlExtensiveMonitoring: true
    }
  }
});

// Redirect customer to session.onboardUrl
window.location.href = session.onboardUrl;

2. Lending Affordability Check

// Request bank account access for affordability assessment
var sessionRequest = new EcommerceOnboardSessionCreateRequest
{
    CustomerId = customerId,
    Options = new EcommerceOnboardSessionOptions
    {
        Ais = new EcommerceAisOptions
        {
            Balances = true,
            Transactions = true,
            AccountLimit = 3  // Allow up to 3 accounts
        }
    }
};

var session = await CreateOnboardSessionAsync(sessionRequest);

// After completion, retrieve bank data
var accounts = await GetCustomerBankAccountsAsync(customerId);
foreach (var account in accounts)
{
    var balance = await GetBankAccountBalanceAsync(customerId, account.Id);
    var transactions = await GetBankAccountTransactionsAsync(
        customerId, account.Id, startDate, endDate);
    
    // Analyze affordability
    var affordability = CalculateAffordability(balance, transactions);
}

3. High-Value Transaction Verification

# Combined identity + bank verification for high-value purchases
session = te_client.create_onboard_session({
    'customerId': customer_id,
    'options': {
        'identity': {
            'identityCheck': True,
            'amlExtensiveScreening': True
        },
        'ais': {
            'balances': True,
            'accountLimit': 1
        }
    }
})

# After completion, verify both identity and funds
results = te_client.get_session_results(session['sessionId'])

if results['identity']['outcome'] == 'clear':
    accounts = te_client.get_customer_bank_accounts(customer_id)
    if accounts and len(accounts) > 0:
        balance = te_client.get_bank_account_balance(
            customer_id, accounts[0]['id'])
        
        if balance['available'] >= purchase_amount:
            # Proceed with transaction
            process_high_value_purchase(customer_id, purchase_amount)

Best Practices

  • Request Only What You Need: Only enable verification checks required for your use case. Excessive checks increase friction and customer drop-off.
  • Use Webhooks: Register webhooks instead of polling for session completion. This improves response time and reduces API calls.
  • Handle Expired Sessions: Sessions expire after 7 days. Create a new session if the customer needs to re-attempt verification.
  • Store Session IDs: Link session IDs to your customer records for audit trails and historical reference.
  • Manual Review Queue: For consider outcomes, implement a manual review process rather than auto-rejecting customers.
  • Communicate Clearly: Explain to customers why verification is required and what documents they'll need.

Error Responses

Status Code Error Description
400 Bad Request Invalid customer ID Customer ID format is invalid or customer not found
400 Bad Request no_merchant Tenant must complete merchant onboarding before using AIS features
401 Unauthorized Invalid API key API key is missing, invalid, or missing tenant context
403 Forbidden Session belongs to different tenant You can only access sessions belonging to your tenant
404 Not Found Session not found Session with specified ID does not exist

Next Steps