Authentication
Authentication is handled via JWT tokens or with an API Key. Please contact your iComply Account Manager for your API credentials and API Key.
Last updated
Authentication is handled via JWT tokens or with an API Key. Please contact your iComply Account Manager for your API credentials and API Key.
Last updated
Note: Your iComply Account Manager will provide you with your API credentials and API Key when your account is first created. If you have any issue authenticating with the iComply API, please contact iComply support and we will be happy to assist you.
To interact with the iComply API from front-end applications, we generally recommend authenticating with our API using short-lived JWT tokens. The generated a token for future API calls, make a POST request to api.icomplykyc.com/api/gettoken using the credentials provided to you by your account manager.
This token will be valid for 20 minutes and can be used as a Bearer Token in the header of subsequent API calls.
An invalid or expired token will result in a 401 Unauthorized response.
To make your first request, send an authenticated request to the gettoken endpoint. This will generate a token
which can be used to authenticate subsequent API requests.
POST
https://api.icomplykyc.com/api/gettoken
Creates a new JWT Token that is valid for 20 minutes. Make sure to select "form-data" on the Body tab in Postman when making a POST request to the gettoken endpoint.
Username*
string
The username provided to you
Password
string
The password provided to you
To check whether a JWT token is valid and has not expired, you can call the tokenvalid endpoint.
GET
https://api.icomplykyc.com/api/tokenvalid
Check whether a JWT token is valid and has not expired.
Authentication Type: JWT Token
Authorization*
String
The JWT Token you want to validate
For communicating with our API with back-end services, we recommend using an API Key. An API Key will be provided to you when you setup your account. It can be used as follows to authenticate with the iComply API.
An invalid API Key will return a 401 Unauthorized response.
Your API Key is long-lived and does not expire and must be securely stored in a Key Vault and ONLY used for server to server communication. It should never be used with front end libraries like React where an attacker could retrieve your API Key. If you suspect your API key has been compromised, contact support immediately to have your key invalidated and reset.