openapi: 3.0.1 info: title: Shufti Pro Verification API description: >- Specification of the Shufti Pro identity-verification API. A single REST endpoint accepts a verification request containing one or more service objects - document, face, address, consent, background_checks, and kyb - to run KYC, KYB, and AML compliance across 240+ countries and territories. Companion endpoints retrieve verification status and proofs and delete verification data. Requests authorize via HTTP Basic Auth (Client ID as username, Secret Key as password) or a short-lived Bearer access token. termsOfService: https://shuftipro.com/terms-conditions/ contact: name: Shufti Pro Support url: https://shuftipro.com/contact-us/ version: '1.0' servers: - url: https://api.shuftipro.com paths: /: post: operationId: createVerification tags: - Verification summary: Create a verification request. description: >- Submits a verification request containing a unique reference, an optional callback_url, and one or more service objects (document, face, address, consent, background_checks, kyb). In offsite mode with show_results set to "0" the request returns request.pending and final results are delivered asynchronously to the callback_url. security: - basicAuth: [] - bearerAuth: [] requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/VerificationRequest' responses: '200': description: Verification response. headers: Signature: schema: type: string description: SHA256 signature of the response body for validation. content: application/json: schema: $ref: '#/components/schemas/VerificationResponse' '401': description: Unauthorised - invalid credentials. /status: post: operationId: getVerificationStatus tags: - Status summary: Get verification status and proofs. description: >- Retrieves the current status, event, and proof URLs for a previously submitted verification by posting its reference. security: - basicAuth: [] - bearerAuth: [] requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/StatusRequest' responses: '200': description: Status response. content: application/json: schema: $ref: '#/components/schemas/VerificationResponse' /delete: post: operationId: deleteVerification tags: - Status summary: Delete verification data. description: >- Deletes the stored verification data for a completed request by reference. Returns request.deleted on success or request.invalid if the reference is unknown or already deleted. security: - basicAuth: [] - bearerAuth: [] requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/StatusRequest' responses: '200': description: Delete response. content: application/json: schema: $ref: '#/components/schemas/DeleteResponse' components: securitySchemes: basicAuth: type: http scheme: basic description: >- HTTP Basic Auth using your Client ID as the username and your Secret Key as the password. bearerAuth: type: http scheme: bearer description: >- Bearer access token shared with the client; valid for 10 minutes and single use. schemas: VerificationRequest: type: object required: - reference properties: reference: type: string description: Unique identifier for the verification request. example: '17374217' callback_url: type: string format: uri description: Server endpoint to receive asynchronous notifications. email: type: string format: email description: End-user email address. country: type: string description: ISO 3166-1 alpha-2 country code of the end-user. example: US language: type: string description: Language for the verification flow. verification_mode: type: string enum: - image_only - video_only - any description: Capture mode for the verification. show_results: type: string enum: - '0' - '1' description: Set to "0" for asynchronous (offsite) responses. allow_retry: type: string enum: - '0' - '1' description: Set to "1" to allow real-time document re-upload. ttl: type: integer description: Time-to-live, in minutes, for an onsite verification link. document: $ref: '#/components/schemas/DocumentService' face: $ref: '#/components/schemas/FaceService' address: $ref: '#/components/schemas/AddressService' consent: $ref: '#/components/schemas/ConsentService' background_checks: $ref: '#/components/schemas/BackgroundChecksService' kyb: $ref: '#/components/schemas/KybService' DocumentService: type: object description: >- Document verification supporting 10,000+ document types across 230+ countries. properties: proof: type: string description: Base64-encoded document image (omit to capture onsite). supported_types: type: array items: type: string enum: - id_card - passport - driving_license - credit_or_debit_card name: $ref: '#/components/schemas/NameObject' dob: type: string format: date description: Expected date of birth on the document. document_number: type: string issue_date: type: string format: date expiry_date: type: string format: date FaceService: type: object description: Facial biometric verification and liveness. properties: proof: type: string description: Base64-encoded face image (omit to capture onsite). AddressService: type: object description: Address verification across 240+ territories. properties: proof: type: string description: Base64-encoded address proof document. full_address: type: string name: $ref: '#/components/schemas/NameObject' supported_types: type: array items: type: string enum: - id_card - utility_bill - bank_statement ConsentService: type: object description: Handwritten or printed consent verification. properties: proof: type: string description: Base64-encoded consent image. text: type: array items: type: string description: The consent text the user must reproduce. supported_types: type: array items: type: string enum: - handwritten - printed BackgroundChecksService: type: object description: >- AML background check screening against 1700+ global watchlists, sanctions, and PEP lists. properties: name: $ref: '#/components/schemas/NameObject' dob: type: string format: date description: End-user date of birth. alias_search: type: string enum: - '0' - '1' filters: type: array items: type: string enum: - sanction - warning - fitness-probity - pep - pep-class-1 - pep-class-2 - adverse-media KybService: type: object description: >- Know Your Business verification against company registries and corporate records. properties: company_name: type: string company_jurisdiction_code: type: string description: Registry jurisdiction code, e.g. us_de. company_registration_number: type: string NameObject: type: object properties: first_name: type: string middle_name: type: string last_name: type: string fuzzy_match: type: string enum: - '0' - '1' StatusRequest: type: object required: - reference properties: reference: type: string description: Reference of the verification to query or delete. example: '17374217' VerificationResponse: type: object properties: reference: type: string example: '17374217' event: type: string description: Current verification event. enum: - request.received - request.pending - request.invalid - request.timeout - request.unauthorized - request.deleted - verification.accepted - verification.declined - verification.cancelled - verification.status.changed email: type: string country: type: string verification_url: type: string format: uri description: Onsite verification URL, when applicable. verification_result: type: object additionalProperties: true description: Per-service pass/fail result map. verification_data: type: object additionalProperties: true description: Extracted data per service. declined_reason: type: string declined_codes: type: array items: type: string DeleteResponse: type: object properties: reference: type: string example: '17374217' event: type: string enum: - request.deleted - request.invalid example: request.deleted