Authentication

Authentication is handled via JWT tokens or with an API Key. Please contact your iComply Account Manager for your API credentials and API Key.

Note: Your iComply Account Manager will provide you with your API credentials and API Key when your account is first created. If you have any issue authenticating with the iComply API, please contact iComply support and we will be happy to assist you.

JWT Token

To interact with the iComply API from front-end applications, we generally recommend authenticating with our API using short-lived JWT tokens. The generated a token for future API calls, make a POST request to api.icomplykyc.com/api/gettoken using the credentials provided to you by your account manager.

Sample Postman Request to Get a JWT Token

This token will be valid for 20 minutes and can be used as a Bearer Token in the header of subsequent API calls.

A Valid JWT Token can be entered on Authorization Tab in Postman

An invalid or expired token will result in a 401 Unauthorized response.

Get Token Request

To make your first request, send an authenticated request to the gettoken endpoint. This will generate a token which can be used to authenticate subsequent API requests.

Generate JWT Token.

POST https://api.icomplykyc.com/api/gettoken

Creates a new JWT Token that is valid for 20 minutes. Make sure to select "form-data" on the Body tab in Postman when making a POST request to the gettoken endpoint.

Request Body

Name
Type
Description

Username*

string

The username provided to you

Password

string

The password provided to you

{
     "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ..."
}

Validate Token

To check whether a JWT token is valid and has not expired, you can call the tokenvalid endpoint.

Sample Authorization Header with JWT Token

Token Valid

GET https://api.icomplykyc.com/api/tokenvalid

Check whether a JWT token is valid and has not expired.

Authentication Type: JWT Token

Headers

Name
Type
Description

Authorization*

String

The JWT Token you want to validate

{
    "isTokenValid": true
}

API Key

For communicating with our API with back-end services, we recommend using an API Key. An API Key will be provided to you when you setup your account. It can be used as follows to authenticate with the iComply API.

Sample API Key Authentication

An invalid API Key will return a 401 Unauthorized response.

Your API Key is long-lived and does not expire and must be securely stored in a Key Vault and ONLY used for server to server communication. It should never be used with front end libraries like React where an attacker could retrieve your API Key. If you suspect your API key has been compromised, contact support immediately to have your key invalidated and reset.

PreviousGetting StartedNextData Structures

Last updated