Authentication is handled via JWT tokens or with an API Key. Please contact your iComply Account Manager for your API credentials and API Key.
Note: Your iComply Account Manager will provide you with your API credentials and API Key when your account is first created. If you have any issue authenticating with the iComply API, please contact iComply support and we will be happy to assist you.
JWT Token
To interact with the iComply API from front-end applications, we generally recommend authenticating with our API using short-lived JWT tokens. The generated a token for future API calls, make a POST request to api.icomplykyc.com/api/gettoken using the credentials provided to you by your account manager.
Sample Postman Request to Get a JWT Token
This token will be valid for 20 minutes and can be used as a Bearer Token in the header of subsequent API calls.
A Valid JWT Token can be entered on Authorization Tab in Postman
An invalid or expired token will result in a 401 Unauthorized response.
Get Token Request
To make your first request, send an authenticated request to the gettoken endpoint. This will generate a token which can be used to authenticate subsequent API requests.
Generate JWT Token.
POSThttps://api.icomplykyc.com/api/gettoken
Creates a new JWT Token that is valid for 20 minutes. Make sure to select "form-data" on the Body tab in Postman when making a POST request to the gettoken endpoint.
Request Body
Name
Type
Description
Username*
string
The username provided to you
Password
string
The password provided to you
Unauthorized can be returned if you enter the wrong credentials.
Validate Token
To check whether a JWT token is valid and has not expired, you can call the tokenvalid endpoint.
Sample Authorization Header with JWT Token
Token Valid
GEThttps://api.icomplykyc.com/api/tokenvalid
Check whether a JWT token is valid and has not expired.
Authentication Type: JWT Token
Headers
Name
Type
Description
Authorization*
String
The JWT Token you want to validate
If the token has expired or is invalid the endpoint will return a 401 unauthorized error code with no body.
API Key
For communicating with our API with back-end services, we recommend using an API Key. An API Key will be provided to you when you setup your account. It can be used as follows to authenticate with the iComply API.
Sample API Key Authentication
An invalid API Key will return a 401 Unauthorized response.
Your API Key is long-lived and does not expire and must be securely stored in a Key Vault and ONLY used for server to server communication. It should never be used with front end libraries like React where an attacker could retrieve your API Key. If you suspect your API key has been compromised, contact support immediately to have your key invalidated and reset.
