# Help for client's customers

# How can we explain to our customers what they need to do to pass the verification?

We have prepared a document which describes in detail all the steps.

# What types of documents are accepted for address verification?

The following forms of proof of place of residence are accepted as UTILITY_BILL document type:

  • Energy provider bill
  • Bank statement
  • Tax assessment
  • Photographic ID
  • Mortgage statement
  • Certificate of voter registration
  • Correspondence between you and a government authority regarding the receipt of benefits such as a pension, unemployment benefits, housing benefits, etc.
  • Utility company bills
  • Bills from energy companies older than three months may not be uploaded as proof of residence. Generally accepted documents are:
  • Gas bill
  • Electricity bill
  • Water bill
  • Cable company bill (but not from satellite TV companies)
  • Landline telephone bill
  • Bills for mobile services such as mobile phone etc. are not accepted as proof of place of residence.

Proof of residence should contain your full name, address and have been issued in the last 3 months.

# File types and storage time

# What file extensions do you accept? Are there file size limits?

MediaType File formats
image/jpeg jpeg, jpg
image/png png
application/pdf pdf
video/mp4 mp4
video/webm webm
video/quicktime mov

There are no file size limits.

# How long do you keep the documents?

We have no time limit for storing files.

# API issues

# I'm getting a 405 Method not allowed error.

Make sure that you use a correct HTTP verb. E.g. you don't use GET where POST is needed. Also as a rule of thumb specify -H Accept:application/json HTTP header, which makes sense in most cases, unless you are getting binary content like images or PDFs. Refer to the API for more details.

# I'm getting a 415 Unsupported media type error.

Make sure that you use the correct headers provided for the expected return type (in most cases -H Accept:application/json HTTP header) and if you are making a POST request you specify, e.g. -H Content-Type:application/json or -H Content-Type:multipart/form-data headers. Refer to the API for more details.

# I'm getting a 401 error code

Make sure that all authorization headers have been provided according to documentation.

Description Reason
Invalid app token [if] Invalid App Token format.
Invalid app token [nf] App Token value not found.
Invalid app token [sm] App Token private part mismatch.
[APP-Token] Unauthorized: signature mismatch Signature encoded value doesn't match request content (HTTP method name, endpoint or body).
[APP-Token] Unauthorized: request is expired X-App-Access-Ts header value doesn't match our server time (UTC).

# Testing in the test environment

# Why is the applicant in pending status for a long time in the test environment?

The test server is only needed to implement integration with us. The test server does not automatically check the applicants. If you need to change the status of the applicant on the test server, you can do this by yourself, please click here for more info.

This method is not only a trigger for sending a webhook, but also changes the status of the applicant. Therefore, if you want to change the status of the applicant, you can use this method.

# Getting the production credentials

# How we can get the production credentials?

In order to ensure the best experience for you and your users, before giving you access to the production environment, we would like to test the flow and pass the verification as your end-user. To do so, we would kindly ask you to provide us with a link to your server.

Ensure that:

  • Integration on the test environment is completed, works and meets your requirements:
  • There are no dev console errors or warnings
  • You saved our applicantIds to your database and matched your users
  • You received and successfully processed test webhooks from our side
  • You know how to correlate results received in the webhook payload with your users

Please note that we may send several final webhooks, so be prepared to change the user's status on your side too. A typical example is when a user was approved, but later on he was detected as a fraudster, and therefore we block him with a second "RED" webhook.

# What information should be provided to obtain the production credentials?

Please provide us with:

  • An email where we can send the production credentials
  • A webhook URL for the production environment (you can set them up by yourself here)
  • A list of countries to be excluded in Alpha-3 code (Example: USA, RUS, IRL)
  • The age threshold for your users

# Verification results

# Why does your service only support the asynchronous method?

In order to guarantee quality of service we don't really provide the asynchronous method. Some databases can be hanging and therefore it may take a longer time to process a result. Plus, if there is a corner case, it's reviewed by a compliance officer of ours to give you the absolutely correct answer. This way, regardless of the external circumstances, we can guarantee the best possible answer for you. We are interested in the quality and coverage first of all (while at the same time being able to guarantee quite good SLA times).

# Why should we make endpoint for getting webhooks from your service?

Your service should accept webhooks from our service in order to automatically receive information about the results of applicant verification and change the account status in real time. If you think that the result of verification has not been received by your service, you can make a request at any time to obtain the status of the applicant. Click here for more info.

# When I receive a webhook, where is the answer?

It's in the field reviewResult.reviewAnswer. Supported values are GREEN (applicant passed verification) and RED (applicant failed verification, but in most cases he can fix the problem by uploading new documents).

# How can I get the result of an applicant's document recognition?

After verification is complete, we will send a webhook to your endpoint. If "reviewAnswer":" GREEN", then you can take the result of the applicant's document recognition. Click here for more info.

# How can I get the result of checked documents?

After verification is complete, we will send you a webhook to your endpoint. You can then make a request to get the verification results of each document. Click here for more info.

# What's the format of document recognition results?

Different types of documents have different sets of fields that you can get by method after verification is complete.

# Field formats:

# How to notify users about verification result?

After verification is complete, we can send the user an email with the results. Email contains the result of verification and a link, by clicking on which the user can reupload the documents, if the verification was completed unsuccessfully. It is possible to customize letters in dashboard for production and test environments: you can change the company logo, redirection link and signature.

Example email

By default if you set sending emails from our side, a user will get a link to our WebSDK, located at api.sumsub.com. From Company settings at the dashboard you can provide us with Client applicant URL that will change the link domain for your users to proceed from email. Also to make direct link to verification on your page for a particular user there is a Secret key to sign the applicant link field which is JWT query parameter to the link that contains user information.

# Sending emails on your behalf

When you want to allow SumSub to send emails on behalf of your email domain, you must have an SPF record on your DNS server. For this:

  • Create or edit an SPF record to reference SumSub
  • Edit your domain's DNS settings to add a TXT record. The steps vary depending on your domain registrar.
  • We recommend to use the following SPF record:
v=spf1 include:sumsub.com ?all
  • If you've already set up an SPF record for another purpose, you can simply add a reference to SumSub (include:sumsub.com)

To examine your record you can use these tools that will display your the published record and inform you of the issues, if any:

# Others

# What if I have more questions that I can't find answers for?

Please contact us via email, or via Telegram for an even faster response. We are happy to help!

Last Updated: 10/12/2020, 12:55:34 PM