New: our AI Agent is live — 140+ live registry connections, KYB without an integration. Try it →
On this page

Integration patterns

There is more than one way to build on the Know Your Customer Limited Public API v2, which verifies companies against live official registries across 147 jurisdictions. The right shape depends on what you need: a full corporate onboarding journey, registry data on a company you already know, a scheduled re-review, continuous monitoring after onboarding, or some combination. This page describes the main implementation styles, each with a sequence diagram you can map onto your own system.

All five styles use the same building blocks from the Guide: OAuth2 client-credentials auth, the case as the unit of work, asynchronous build that you follow either by polling or, preferably, with webhooks, and the report at the end. If you have not read the core concepts yet, start there. For the exact endpoints behind each pattern, see the API Reference, and for the field-level detail of what they return, the Data Dictionary. To try any of these against real data, request free sandbox access and see the sandbox test cases you can run.

Sandbox honesty

These diagrams describe the sandbox contract, which mirrors production. Identity verification is performed by a third party (Au10tix) and its verdict arrives asynchronously; per-jurisdiction latency is approximate; and sandbox output is for evaluation only, not for production compliance use. See Async polling and latency and the Sandbox page.

Pattern A: Full corporate onboarding journey

This is the flagship pattern: you onboard a new corporate customer end to end. You search for the company, confirm the applicant, resolve the ownership structure and org-chart, run KYC on the directors and UBOs, review AML, record a decision, and produce the report. It is the pattern the sample onboarding app and the Verify a company, end to end walkthrough implement.

Use it when you are bringing a business customer on board and need the full picture: who the company is, who owns and controls it, whether anyone is sanctioned or a PEP, and an audit-ready record of the decision.

Endpoints: /connect/token, POST /v2/Companies/search, POST /v2/Companies, GET /v2/Companies/{id}, GET .../members, GET .../org-chart, GET /v2/Individuals/{id}, GET .../amlchecks, PATCH .../status, GET .../report.

The shape of the journey:

  1. Company search: find the entity in its home registry with rawname and codeiso31662.
  2. Applicant confirmation: pick the correct match and create the case.
  3. UBO and org-chart: read the members and the recursive ownership tree once the case is ready.
  4. Director and UBO KYC: for each individual you need to verify, address their individual case and collect documents (see the UBO KYC and IDV sub-flow).
  5. AML review: read AML results on the case, review and exclude false positives.
  6. Decision: record the outcome on the case status.
  7. Report: obtain the audit-ready PDF.
KYB onboarding sequence A sequence from your application to the KYB API: request a token, search or create a company case, poll until the structure is ready, read members and the org-chart, verify individuals, review AML, record a decision, and download the report. Your application KYB API POST /connect/token (client_credentials, scope=PublicApi) access_token (~10 min TTL) POST /v2/Companies/search + POST /v2/Companies (rawname, codeiso31662) caseCommonId, statusId 0 loop: poll until ready preferred: subscribe the CaseReady webhook instead GET /v2/Companies/{id} statusId 50/51/57 then 3; structure populated = ready GET …/members and GET …/org-chart controllingEntitiesAndIndividuals, nested shareholders GET /v2/Individuals/{id} (verify directors and UBOs) individual case, documents, IDV verdict GET …/amlchecks (review, exclude false positives) PATCH …/status (record decision: Approved / Rejected) GET …/report?language=en audit-ready PDF (evaluation only in sandbox)
KYB onboarding: token, search or create, then learn the case is ready (poll, or preferably subscribe the CaseReady webhook), read members and the org-chart, verify individuals, review AML, decide, and download the report. Readiness is the structure being populated, not the status text.
Prefer webhooks over the poll loop

The poll loop above is the simplest thing to write, but at scale the better pattern is to register a webhook for the CaseReady event: the API notifies you the moment the case structure is ready, so you skip the polling entirely. Polling stays a fine fallback for short-lived scripts. See Webhooks.

UBO KYC and identity verification (IDV)

Inside the onboarding journey, each director or UBO you verify is an individual case. You address the individual, read their documents, upload what you collect, and read back prevalidation and, for identity documents, the IDV verdict. Documents fall into two categories: Retrieved by default (already obtained for you) and Available on demand (you request or upload them). Prevalidation is synchronous and inspects the file (good, forged, or expired). Identity verification is separate: when you upload a photoid, a Government Photo ID step is verified asynchronously by a third party (Au10tix) and flips to PASSED or FAILED after roughly 15 to 30 seconds. See Documents and Beneficial ownership and individuals.

UBO KYC and IDV sequence From a company case: list members, open an individual case, read documents by category, upload an identity document, receive synchronous prevalidation, and then receive an asynchronous IDV verdict from a third party that flips the Government Photo ID step to passed or failed. Your application KYB API IDV (Au10tix) GET /v2/Companies/{id}/members individual member caseCommonId GET /v2/Individuals/{id} + documents Retrieved by default / Available on demand POST …/documents/upload (photoid, multipart) prevalidation (sync): good / forged / expired forward photoid for Government Photo ID step async: verdict returns in ~15 to 30 seconds PASSED or FAILED loop: poll the individual step GET /v2/Individuals/{id} (read step status) Government Photo ID flips to PASSED / FAILED Final individual status reflects prevalidation and the IDV verdict.
UBO KYC and IDV: prevalidation is synchronous (good, forged, or expired); identity verification runs through a third party (Au10tix) and the Government Photo ID step flips to PASSED or FAILED asynchronously, typically 15 to 30 seconds later. Poll the individual for the verdict.

Pattern B: Registry data enrichment only

Sometimes you already know which company you are dealing with and you only need authoritative registry data: name, registration number, status, addresses, officers, and the underlying registry documents. You do not need the applicant journey, individual KYC, or a decision workflow. This is the lightest pattern.

Use it when you want to enrich or refresh a company record with live registry data and documents, without onboarding a person. For example, populating a company profile in your own system.

Endpoints: /connect/token, POST /v2/Companies/search, POST /v2/Companies, GET /v2/Companies/{id}, GET .../documents.

  1. Search the company by rawname and codeiso31662 (or supply the registration number in externalCode for an exact match).
  2. Create the case.
  3. Poll until the structure is populated, then read the entity data.
  4. Retrieve the registry documents you need, then stop. You do not have to work individuals, AML review, or a decision.

The first half of the onboarding sequence above (token, search, create, poll, read) is exactly this pattern. You simply stop after reading the entity data and documents.

Pattern C: Periodic review and refresh

An existing customer needs re-verification on a schedule. You re-run the registry pull against the current register, compare what changed since last time (status, officers, ownership), update the review date, and produce a fresh report for the file.

Use it when your policy sets a review cadence (for example, higher-risk customers reviewed more often) and you want a point-in-time refresh rather than continuous monitoring.

Endpoints: POST /v2/Companies (fresh case) or re-read of the existing case, GET .../members, GET .../org-chart, GET .../amlchecks, review-date update, GET .../report.

  1. Re-run the registry pull for the customer at review time (a fresh case reflects the current register).
  2. Compare the new structure and status against your stored record, and flag material changes: a new director, a change in ownership, a status change.
  3. Recompute AML if needed and clear any new hits.
  4. Update the review date to schedule the next cycle.
  5. Produce a new report as the point-in-time record.

See Review dates and Review, exclude, recompute. For always-on re-screening between reviews, use Pattern D.

Pattern D: Ongoing monitoring

After a customer is onboarded, you keep watching. You enable live monitoring on the case, consume alerts as new sanctions, PEP, or adverse-media matches appear, action each alert with a recorded decision, and keep the audit trail intact. This is perpetual KYB in practice. You can poll for alerts on a schedule, or register a webhook for the AmlMatch event so new matches are pushed to your systems as they happen instead of on your next poll.

Use it when you need continuous assurance between reviews, so a customer who becomes sanctioned or newly appears in adverse media raises an alert without waiting for the next scheduled review.

Endpoints: case create or onboarded case, enable monitoring, list alerts, alert detail, action an alert, audit trail.

Ongoing monitoring sequence From an onboarded case: enable monitoring, then in a loop an alert appears, you fetch its detail, action it with a recorded decision, and the case status and audit trail are updated. Your application KYB API Case onboarded, then enable live monitoring monitoring active on the case loop: while monitoring is on alert appears (new sanctions / PEP / adverse-media match) GET alert detail (matched party, reason) action the alert (confirm or dismiss, with reason) alert closed, decision recorded recompute / update status; read audit trail
Ongoing monitoring: enable monitoring on the onboarded case, then consume and action alerts as they appear. Each actioned alert records a decision and keeps the audit trail intact.

See Live-monitoring alerts and Perpetual KYB.

Pattern E: Embedded versus backend-only

The four patterns above describe the API calls. This one is about where the calls live and what your users see. You have four options, and you can mix them.

OptionWhat it isUse when
API-only (backend)You call the API server-side and render results in your own product. No Know Your Customer UI.You want full control of the experience, or you are enriching data with no end-user journey (Pattern B).
Sample onboarding appThe clonable reference onboarding web app, running a full KYB journey with the raw API calls visible in a debug view.You want a working reference implementation to read, run on day one, and adapt (Pattern A).
Workspace consoleThe ready-to-use operator console at workspace.knowyourcustomer.dev: case list and tabbed case detail over your tenant.Your compliance reviewers need to browse and action cases without you building a review UI.
Bespoke UIYour own front end, calling the API through your backend, tailored to your workflow and brand.Onboarding is a core part of your product and you want it fully embedded.

A common shape: a bespoke customer-facing onboarding flow (embedded) backed by your server calling the API, with your compliance team using the Workspace console for review and the sample app as the reference you started from.

Clients without spare front-end or backend capacity often have Know Your Customer Limited’s own delivery team build this layer for them, at a fixed price, on the same API described here.

Async polling and latency

Every pattern that builds a case is asynchronous. You create the case, then poll until it is ready. Two rules from the case lifecycle matter for all of them:

  • Readiness is the structure being populated (members present or org-chart nodes present), not a status text value and not any single intermediate statusId. The status text can stay “Open” while the case builds.
  • The intermediate status set varies by case and jurisdiction. Key your logic off the terminal state, not off seeing a particular intermediate code.
Async polling and status flow A state flow: create a case at statusId 0 (Open), poll while it processes through 50, 51 and 57, then reach ready when the structure is populated, or handle failed and expired terminal states by retrying or escalating. create case statusId 0 (Open) processing statusId 50 / 51 / 57 ready statusId 3 + structure or pushed to you via the CaseReady webhook read result poll with backoff failed retry / escalate expired recreate the case Approximate per-jurisdiction latency (sandbox mirrors production timings): GB, SG: a few minutes HK: about 5 to 10 minutes CN: about 30 to 40 minutes (unvalidated) Bands are approximate. Poll with backoff and set generous timeouts; do not tight-loop.
Async polling: create at statusId 0 (Open), poll with backoff through processing statuses, reach ready when the structure is populated, and handle failed or expired terminal states by retrying or recreating. Latency varies by jurisdiction and the bands shown are approximate.

For the full status table and error model, see the Reference appendix and Poll until ready.

If you would rather not poll, register a webhook for the CaseReady event and the API pushes a message the moment a case finishes building. Polling suits short-lived scripts; webhooks suit running at scale or driving work from events. See Webhooks.

Choosing a pattern

You need toPattern
Onboard a new business customer end to end, with UBOs, KYC, AML, decision, and reportA: Full corporate onboarding
Pull authoritative registry data and documents for a company you already knowB: Registry data enrichment
Re-verify an existing customer on a schedule and record what changedC: Periodic review
Keep watching an onboarded customer continuously and action alertsD: Ongoing monitoring
Decide where the calls live and what your users seeE: Embedded versus backend-only

Most integrations combine several: onboard with Pattern A, keep customers under Pattern D, and re-review with Pattern C. To try any of them, request free sandbox access, read the Guide, run the sandbox test cases, and browse your cases in the Workspace console.