🌐 10nPayments — End-to-End Onboarding & KYC Flow (Public API) #

With our Public API endpoints you can build a fully self-service onboarding experience—start to finish. From sending and verifying a phone number, through Borica/B-Trust web identification and cloud QES signing, to persisting KYC data and issuing tokens—everything is arranged in a sequential, step-by-step flow. By calling the endpoints in order, your client can complete onboarding smoothly and securely.

🔧 What You Get #

• A complete KYC flow structured as clear, consecutive steps.

• Guaranteed redirects (Success/Fail) from Borica, configured in the Merchant Portal.

• Robust security with OAuth 2.0 mTLS tokens and auditable correlations.

• Deterministic statuses & polling to drive the UI at each stage.

▶️ Quick Sequence (Step-by-Step) #

1. Create user POST /User
2. Email Verification POST /User/email/confirm

3. Send / Resend SMS Code
   POST /User/phone-number/send-code → POST /User/{id}/phone-number/resend-code

4. Verify Phone
   POST /User/phone-number/verify

5. Initiate External Identification (Borica/B-Trust)
   POST /Enrollment/initiate-external-identification → receive videoIdentificationUrl

6. Redirects from Borica
   Borica redirects to your Success/Fail URLs (configured in the Merchant Portal).

7. Polling — Phase A (pre-sign)
   GET /Enrollment/{id}/{userType}/true/get-identification-process-status
   Poll until SIGN_SESSION_ID_SUCCESSFULLY_CREATED, then open the returned videoIdentificationUrl to start 10nPayments document signing.

8. Success redirect after signing

9. Polling — Phase B (post-sign)
   Call the same status endpoint again (with isIdentificationCompleted=true) until DOCUMENT_SIGN_SUCCESS.

10. Persist KYC & Finalize

    • POST /User/add-additional-data — submit the structured risk/KYC JSON collected from your KYC steps.

    • POST /Enrollment/finalize-external-identification — receive correlationId and individualId.

11. Issue Access Token (mTLS)
    POST /connect/mtls/token — obtain an OAuth 2.0 Bearer token for subsequent API calls.

🔁 Redirects & Polling #

• Success/Fail redirect URLs are managed in the Merchant Portal and automatically honored by Borica.

• Use two polling phases against get-identification-process-status:

  • Until SIGN_SESSION_ID_SUCCESSFULLY_CREATED (pre-sign).

  • Until DOCUMENT_SIGN_SUCCESS (post-sign).

• Recommended client polling interval: 2–5s with a sensible timeout and clear UX.

🔒 Security by Design #

• Mutual TLS (mTLS) for token issuance; request only the scopes you need.

• Standardized error shapes (Problem Details / RFC 7807) for predictable handling.

• Auditability via correlationId and consistent status transitions.

✅ Get Started Fast #

• Configure Success/Fail redirect URLs in the Merchant Portal.

• Download the ready-made cURL for the mTLS token from the Portal.

• Implement UI for SMS code, verification, and the External Identification handoff.

• Add two-phase polling and status handling.

• Gather KYC fields during the flow, submit with /User/add-additional-data, then finalize with /Enrollment/finalize-external-identification.

 GET STARTED →