Shufti Pro AML & Background Checks API
Screens an end-user's full name and date of birth against 1700+ global AML watchlists, sanctions, and PEP lists via the background_checks service object for ongoing compliance monitoring.
Screens an end-user's full name and date of birth against 1700+ global AML watchlists, sanctions, and PEP lists via the background_checks service object for ongoing compliance monitoring.
openapi: 3.0.1
info:
title: Shufti Pro Verification API
description: >-
Specification of the Shufti Pro identity-verification API. A single REST
endpoint accepts a verification request containing one or more service
objects - document, face, address, consent, background_checks, and kyb -
to run KYC, KYB, and AML compliance across 240+ countries and territories.
Companion endpoints retrieve verification status and proofs and delete
verification data. Requests authorize via HTTP Basic Auth (Client ID as
username, Secret Key as password) or a short-lived Bearer access token.
termsOfService: https://shuftipro.com/terms-conditions/
contact:
name: Shufti Pro Support
url: https://shuftipro.com/contact-us/
version: '1.0'
servers:
- url: https://api.shuftipro.com
paths:
/:
post:
operationId: createVerification
tags:
- Verification
summary: Create a verification request.
description: >-
Submits a verification request containing a unique reference, an
optional callback_url, and one or more service objects (document,
face, address, consent, background_checks, kyb). In offsite mode with
show_results set to "0" the request returns request.pending and final
results are delivered asynchronously to the callback_url.
security:
- basicAuth: []
- bearerAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationRequest'
responses:
'200':
description: Verification response.
headers:
Signature:
schema:
type: string
description: SHA256 signature of the response body for validation.
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationResponse'
'401':
description: Unauthorised - invalid credentials.
/status:
post:
operationId: getVerificationStatus
tags:
- Status
summary: Get verification status and proofs.
description: >-
Retrieves the current status, event, and proof URLs for a previously
submitted verification by posting its reference.
security:
- basicAuth: []
- bearerAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/StatusRequest'
responses:
'200':
description: Status response.
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationResponse'
/delete:
post:
operationId: deleteVerification
tags:
- Status
summary: Delete verification data.
description: >-
Deletes the stored verification data for a completed request by
reference. Returns request.deleted on success or request.invalid if
the reference is unknown or already deleted.
security:
- basicAuth: []
- bearerAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/StatusRequest'
responses:
'200':
description: Delete response.
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteResponse'
components:
securitySchemes:
basicAuth:
type: http
scheme: basic
description: >-
HTTP Basic Auth using your Client ID as the username and your Secret
Key as the password.
bearerAuth:
type: http
scheme: bearer
description: >-
Bearer access token shared with the client; valid for 10 minutes and
single use.
schemas:
VerificationRequest:
type: object
required:
- reference
properties:
reference:
type: string
description: Unique identifier for the verification request.
example: '17374217'
callback_url:
type: string
format: uri
description: Server endpoint to receive asynchronous notifications.
email:
type: string
format: email
description: End-user email address.
country:
type: string
description: ISO 3166-1 alpha-2 country code of the end-user.
example: US
language:
type: string
description: Language for the verification flow.
verification_mode:
type: string
enum:
- image_only
- video_only
- any
description: Capture mode for the verification.
show_results:
type: string
enum:
- '0'
- '1'
description: Set to "0" for asynchronous (offsite) responses.
allow_retry:
type: string
enum:
- '0'
- '1'
description: Set to "1" to allow real-time document re-upload.
ttl:
type: integer
description: Time-to-live, in minutes, for an onsite verification link.
document:
$ref: '#/components/schemas/DocumentService'
face:
$ref: '#/components/schemas/FaceService'
address:
$ref: '#/components/schemas/AddressService'
consent:
$ref: '#/components/schemas/ConsentService'
background_checks:
$ref: '#/components/schemas/BackgroundChecksService'
kyb:
$ref: '#/components/schemas/KybService'
DocumentService:
type: object
description: >-
Document verification supporting 10,000+ document types across 230+
countries.
properties:
proof:
type: string
description: Base64-encoded document image (omit to capture onsite).
supported_types:
type: array
items:
type: string
enum:
- id_card
- passport
- driving_license
- credit_or_debit_card
name:
$ref: '#/components/schemas/NameObject'
dob:
type: string
format: date
description: Expected date of birth on the document.
document_number:
type: string
issue_date:
type: string
format: date
expiry_date:
type: string
format: date
FaceService:
type: object
description: Facial biometric verification and liveness.
properties:
proof:
type: string
description: Base64-encoded face image (omit to capture onsite).
AddressService:
type: object
description: Address verification across 240+ territories.
properties:
proof:
type: string
description: Base64-encoded address proof document.
full_address:
type: string
name:
$ref: '#/components/schemas/NameObject'
supported_types:
type: array
items:
type: string
enum:
- id_card
- utility_bill
- bank_statement
ConsentService:
type: object
description: Handwritten or printed consent verification.
properties:
proof:
type: string
description: Base64-encoded consent image.
text:
type: array
items:
type: string
description: The consent text the user must reproduce.
supported_types:
type: array
items:
type: string
enum:
- handwritten
- printed
BackgroundChecksService:
type: object
description: >-
AML background check screening against 1700+ global watchlists,
sanctions, and PEP lists.
properties:
name:
$ref: '#/components/schemas/NameObject'
dob:
type: string
format: date
description: End-user date of birth.
alias_search:
type: string
enum:
- '0'
- '1'
filters:
type: array
items:
type: string
enum:
- sanction
- warning
- fitness-probity
- pep
- pep-class-1
- pep-class-2
- adverse-media
KybService:
type: object
description: >-
Know Your Business verification against company registries and
corporate records.
properties:
company_name:
type: string
company_jurisdiction_code:
type: string
description: Registry jurisdiction code, e.g. us_de.
company_registration_number:
type: string
NameObject:
type: object
properties:
first_name:
type: string
middle_name:
type: string
last_name:
type: string
fuzzy_match:
type: string
enum:
- '0'
- '1'
StatusRequest:
type: object
required:
- reference
properties:
reference:
type: string
description: Reference of the verification to query or delete.
example: '17374217'
VerificationResponse:
type: object
properties:
reference:
type: string
example: '17374217'
event:
type: string
description: Current verification event.
enum:
- request.received
- request.pending
- request.invalid
- request.timeout
- request.unauthorized
- request.deleted
- verification.accepted
- verification.declined
- verification.cancelled
- verification.status.changed
email:
type: string
country:
type: string
verification_url:
type: string
format: uri
description: Onsite verification URL, when applicable.
verification_result:
type: object
additionalProperties: true
description: Per-service pass/fail result map.
verification_data:
type: object
additionalProperties: true
description: Extracted data per service.
declined_reason:
type: string
declined_codes:
type: array
items:
type: string
DeleteResponse:
type: object
properties:
reference:
type: string
example: '17374217'
event:
type: string
enum:
- request.deleted
- request.invalid
example: request.deleted