KYC Web SDK
Introduction
The KYC web SDK is a versatile component that allows you to easily handle verification submission process in your web application. The purpose of the SDK is to simplify the integration of our clients to the KYC app. Using the SDK customisable configuration, the end user would be able to complete the KYC process using either the mobile app or the web app.
How the SDK works
The main highlights of KYC web SDK are as follows:
-
The KYC web SDK can be easily embedded in any web application as a reusable web component, declared just like any other HTML element. By using the SDK as an embedded component, the entire journey can be handled within your own domain without the need for redirection to a new domain.
-
The SDK supports two operational modes to accommodate different use cases:
- Create mode initiates a new verification session, allowing full customisation of the verification journey through configurable options.

- Retrieval mode enables access to an existing verification session, allowing users to resume a session that was newly created or previously initiated.

- With a customised configuration object, you can set up the SDK according to your preferences. For example, you can determine the dimensions of the SDK placeholder to make it fill the entire screen or give it a partial view on your page.
- By providing a channel name (mobile or web) in the SDK configuration data, the end user can proceed with the verification submission process either through a web browser or by installing the KYC mobile app on their phone.
- The SDK event broadcast is a useful tool that provides visibility into user activity from the beginning to the end of the verification submission journey. It allows you to respond to user interactions during the verification submission journey by implementing a desired event handler.
SDK Integration Guide
Integrating the KYC Web SDK into your web application is a simple and straightforward process. You can follow the integration steps outlined in the following recipe:
🦉How to generate the token
**Note: **To use the token service, please contact truuth team to setup the same before following the below step in your code`
- Use the below endpoint to generate the temporary token and to use the same in below SDK initialisation flow
Access token endpoint: https://XXXX-prod.auth.ap-southeast-2.amazoncognito.com/oauth2/token
Method : POST
Authorization: BASIC
Note : the alias ‘XXXX’ in the access token URL needs to be replaced with the alias of your tenancy
(where ‘XXXX’ is the alias name) - Request parameters in header
Parameter | Required | Value |
---|---|---|
Authorization | Required | Basic base64 of Note: Truuth team will share this information |
Content-Type | Required | 'application/x-www-form-urlencoded' |
-
Request parameters in body (Form URL Encoded)
Parameter Required Value grant_type Required client_credentials client_id Required truuth team will share this scope Required websdk/websdk:run -
Note: Store the username and password into your backend service and call this token service. Then pass the token back to frontend to send the same to the SDK initialisation.
How to initialise the SDK
To initialise the SDK, you can use the truuthKYCWebSdk.init(config) method, which takes a configuration JSON object as input.
The SDK operates in two distinct modes—create and retrieval—based on the presence of a verification ID in the configuration object:
- Retrieval mode: When a verification ID is included in the configuration object, the SDK enters retrieval mode. In this mode, any additional settings provided in the config field are disregarded, and the SDK loads the verification journey associated with the provided ID.
- Create mode: If no verification ID is supplied, the SDK defaults to create mode. In this case, the config object is required to initialize a new verification session and define its behavior and appearance. In the config object, you can provide specific values for the properties based on your requirements. Adjust the property names and values accordingly to customise the initialisation of the SDK for your web application.
The customised configuration used to initialise the SDK. The JSON object schema is defined as follows:
Parameter | Type | Required | Description |
---|---|---|---|
tenant | String | Required | Tenant alias with all letters in lower case. |
token | String | Required | The access token required for calling SDK endpoints. Refer above How to generate the token section |
apiUrl | String | Required | The base URL used for the verification submission process. Please set https://portal.api.au.truuth.id/kyc/ as the value for the AU region and https://portal.api.eu.truuth.id/kyc/ for the EU region. Note: Replace "au" and "eu" with the appropriate region code. |
width | String | Optional | The width of the SDK element in percentage. |
height | String | Optional | The height of the SDK element in percentage. |
verificationId | String | Optional | Determines whether the SDK operates in retrieval mode. If provided, the SDK loads an existing verification session, and the config field will be ignored. |
restartSession | boolean | Optional | When set to true, this attribute instructs the SDK to initiate a new verification session rather than continuing a previous one. This is particularly helpful for guaranteeing a clean restart in each verification flow during retrieval mode. |
timeout | Number | Optional | The amount of time in seconds to wait for the verification result. The default value is 60 seconds. If the result is not received within this timeout, the process will be considered as timed out. In create mode, if not provided, the SDK will look for this value in the config object. |
timeoutMessage | String | Optional | A custom message to be displayed if the verification processing takes longer than expected. If no value is set, the SDK will use the default message. In create mode, if not provided, the SDK will look for this value in the config object. |
config | Object | Conditionally Required | Required when creating a new verification session (create mode). Defines the behavior and appearance of the SDK. Ignored if verificationId is present. Refer to the 'Configuration' section for detailed properties and values. |
Configuration
Parameter | Type | Required | Description |
---|---|---|---|
identityOwner | Object | Required | Attributes are listed below |
email | String | Optional / Required | The customer's email id to save as part of the verification record |
givenName | String | Optional | The customer's legal given name, also known as the first name. |
familyName | String | Optional | The customer's legal family name, also known as the last name or surname. |
middleName | String | Optional | The customer's legal middle name. |
gender | String | Optional | The gender of the customer can be specified using 'M' for male, 'F' for female, or 'O' for others. |
mobileNumber | String | Optional / Required | The customer's contact number. |
dateOfBirth | String | Optional | The customer's date of birth in the format "YYYY-MM-DD". |
externalRefId | String | Optional | The reference ID. Please enter only alphanumeric characters. |
options | Object | Optional | Additional options for customisation. Please refer to the Options section for more details on the properties and their values. |
Options
Custom Framework
Parameter | Type | Required | Description |
---|---|---|---|
channel | String | Optional | Specifies the channel for the verification submission process. Possible values include |
frameworkType | string | Optional | Specify the type. Possible values are: |
proofingFrameworks | String[] | Optional | Configured as part of your subscription. The service picks the first proofing framework by default. Contact Truuth to get the list applicable to your subscription and use the exact value. |
customFramework | object | Optional | Refer to the custom framework section. Mandatory when frameworkType is CUSTOM . |
timeout | Number | Optional | Time in seconds to wait for the verification result. Default is 60 seconds. If the result is not received within this time, it will be considered timed out. |
timeoutMessage | String | Optional | Custom message shown if verification takes too long. Defaults to the SDK's built-in message if not set. |
showWelcomePage | Boolean | Optional | Show the Welcome page in the Truuth KYC app. Set to |
showTermsAndConditionsPage | Boolean | Optional | Show the Terms and Conditions page in the Truuth KYC app. Set to |
showSkipDocumentButton | Boolean | Optional | Visible when set to |
sanctionsAndPepCheckRequired | Boolean | Optional | Enables a detailed background check (e.g., for employment). Defaults to |
businessVerificationRequired | Boolean | Optional | Enables company credit and public record verification using ACN. Pulls data from Equifax. Defaults to |
identityOwnerCheckSource | string | Optional |
Security Check
Attribute | Type | Required | Description |
---|---|---|---|
name | String | Required | Below is the list of checks that can be performed as part of the proofing check. One or more checks can be added as needed: |
requried | Boolean | Required | Default value is true. |
numberOfDays | Number | Optional | Applicable only for documentRecencyCheck. |
promptUser | Boolean | Optional | Applicable only for documentRecencyCheck. |
Logging Event Information
As mentioned, the SDK Event broadcast helps provide visibility into user activity from the beginning to the end of the verification submission journey and allows you to respond to user interactions in the verification submission journey by implementing a desired event handler in your code.
The "detail" property of each event provides details about that event. The fields of the "detail" property dispatched by the SDK are as follows:
- type: It specifies the main event types triggered during the verification submission process. You can find a full list of event types in the following table.
- tenant: It indicates the tenant alias on which the SDK has been set up.
- verificationId: This can be transaction identifier.
- timestamp: It indicates event's creation date.
- body: This is an optional field that provides additional details about the event type. You can find more information about the body structure in the following table.
Type | Body | Comments |
---|---|---|
VERIFICATION_CREATED | First event in the verification lifecycle. Broadcast only in create mode. Not emitted in retrieval mode, since the verification is assumed to be created outside the SDK. | |
VERIFICATION_STATUS_CHANGED | { "currentStatus": "string", "previousStatus": "string" } | Emitted on every status transition (e.g., new → InProgress, InProgress → processing, processing → done). |
VERIFICATION_SUBMISSION_STARTED | Indicates that the user has started the submission journey | |
TERMS_AND_CONDITION_ACCEPTED | Indicates the user has accepted the terms and conditions. | |
TERMS_AND_CONDITION_DECLINED | Indicates the user has declined the terms and conditions. | |
VERIFICATION_SUBMISSION_ABORTED | { "abortedReasonCode": "string" } | Emitted if the submission process is aborted. Refer to Aborted Reason Codes for details. |
VERIFICATION_SUBMISSION_COMPLETED | Indicates that the user has completed the submission process | |
VERIFICATION_PROCESSING_STARTED | Marks the beginning of verification processing once the submission process completed. | |
VERIFICATION_PROCESSING_TIMEOUT | Indicates the processing phase has timed out based on the amount of time to wait for the verification result. | |
VERIFICATION_COMPLETED |
| Indicates that the verification process is complete, either because all processing steps were successfully completed or because the user declined the terms and conditions during the submission flow. |
ERROR |
| Emitted when an error occurs during the SDK journey. Refer to Error Codes for specific cases. |
- Aborted Reason Codes
Name | Description |
---|---|
UserRequested | If the user taps on 'Come back later' during the KYC submission process, an event of type "VERIFICATION_SUBMISSION_ABORTED" will be captured. The event object for this type would include the "abortedReasonCode" property, which indicates the reason for the verification submission being aborted. |
- Error Codes
Name | Message | Comments |
---|---|---|
InvalidTenantError | Tenant not found. | |
UnauthorizedError | Unauthorized Access | It can be replicated by passing an invalid token in create mode, or by providing a mismatched token and verification ID pair in retrieval mode. |
BadRequestError | Invalid request. Please check SDK parameters provided. [(Parameter: <param_name>)] | |
Error | It looks like something went wrong. Please try again and if the problem still persists please contact your service provider. | |
UnsupportedPlatformError | Sorry, your operating system is not supported. This probably means you have an old phone, or have not updated your phone’s software. Please update and try again, or try on a newer phone. | It can be replicated by trying KYC web invitation on Safari < 13.0. |
JailBreakDetectedError | This device is jailbroken or rooted. For security reasons, you can't use this app. If you are using Android, you may have Developer Options turned on. Please check your Settings and turn them off. | It can be replicated by trying KYC mobile invitation on a jailbroken / rooted phone. |
AppUpdateError | It looks like your version of the app is out of date. Please uninstall Truuth ID and start again by clicking on the link in your email. | It can be replicated by trying KYC mobile invitation using an old version of mobile app installed on the phone. |
SDK Completion Scenarios and Broadcast Events
The timeout allows the client to move the user onto next screens in cases where the result is not yet received. The timeout is the ending of SDK connection to the truuth backend and no more interaction is expected so, it is upto the client to decide if they wait for the result however long it is, or if after the timeout they move the use on and then control the experience to take further actions within their own web app. The client can then wait for the results from the callback to further inform their flow.
The SDK finishes working in one of the following situations:
1- Getting the result from backend -> broadcasting VERIFICATION_COMPLETED
2- Not getting any results from backend and timeout -> broadcasting VERIFICATION_PROCESSING_TIMEOUT
3- Error -> broadcasting ERROR
4- Come back by user -> broadcasting VERIFICATION_SUBMISSION_ABORTED (The event is broadcast when the user tries 'Come back later' option in the middle of verification submission journey and the client can move the user onto next screens in their own web site.)
Mobile and Desktop Browser Support
The KYC Web SDK supports the following browsers on different platforms:
- iOS: iOS Safari (version >= 13.0) and Chrome.
- Android: Chrome and Samsung Internet browser.
- Desktop: Firefox, Chrome, Samsung Internet, and Safari.
Please ensure that the specified browser versions are met for optimal compatibility and functionality with the KYC Web SDK.
Compatibility and Versioning
If the channel is selected as "mobile" in the SDK configuration, the KYC mobile app needs to be installed on the end user's phone as the KYC app platform.
- The KYC mobile app is compatible with Android devices running version 5.0 and above, with android:minSdkVersion="21" and android:targetSdkVersion="33" specified.
- For iOS devices, the KYC mobile app is compatible with iOS version 11.0 and above.
Also, the latest version of KYC web SDK is '1.0'.
Updated 10 days ago