iComply API Documentation
      Back to home
      1. Knowledge Base
      2. iComply API Documentation

      Authentication

      Authentication is handled via JWT tokens or with an API Key. Please contact your iComply Account Manager for your API credentials and API Key.

       

      Note: Your iComply Account Manager will provide you with your API credentials and API Key when your account is first created. If you have any issues authenticating with the iComply API, please contact iComply support and we will be happy to assist you.

       
      JWT Token

      To interact with the iComply API from front-end applications, we generally recommend authenticating with our API using short-lived JWT tokens. To generate a token for future API calls, make a POST request to api.icomplykyc.com/api/gettoken using the credentials provided to you by your account manager.

      Sample Postman Request to Get a JWT Token:

      This token will be valid for 20 minutes and can be used as a Bearer Token in the header of subsequent API calls.

      A Valid JWT Token can be entered on the Authorization Tab in Postman:

      An invalid or expired token will result in a 401 Unauthorized response.

       
      Get Token Request

      To make your first request, send an authenticated request to the gettoken endpoint. This will generate a token which can be used to authenticate subsequent API requests.

       
      Generate JWT Token

      POST https://api.icomplykyc.com/api/gettoken

      Creates a new JWT Token that is valid for 20 minutes. Make sure to select "form-data" on the Body tab in Postman when making a POST request to the gettoken endpoint.

       
      Request Body
      Validate Token

      To check whether a JWT token is valid and has not expired, you can call the token valid endpoint.

      Sample Authorization Header with JWT Token:

       
      Token Valid

      GET https://api.icomplykyc.com/api/tokenvalid

      Check whether a JWT token is valid and has not expired.

      Authentication Type: JWT Token

      Headers:
      API Key

      For communicating with our API with back-end services, we recommend using an API Key. An API Key will be provided to you when you setup your account. It can be used as follows to authenticate with the iComply API.

      Sample API Key Authentication:

      An invalid API Key will return a 401 Unauthorized response.

      Your API Key is long-lived and does not expire and must be securely stored in a Key Vault and ONLY used for server-to-server communication. It should never be used with front-end libraries like React where an attacker could retrieve your API Key. If you suspect your API key has been compromised, contact support immediately to have your key invalidated and reset.