Skip to main content

(Deprecated) ComPilot Identity SDK

The ComPilot Identity SDK is written in Typescript and allows you to integrate customer verification into your application through a JavaScript interface.

The verification flow provides identity verification. There are three key principles to implementing the verification flow.

  • You use the ComPilot SDK to allow customers to go through a KYC process with a KYC provider and share the information with your app.
  • ComPilot verifies the retrieved data using the compliance rules defined in the ComPilot Dashboard, and uses a webhook to tell your app the customer was approved or denied.
  • Based on the results from ComPilot, you can handle how your app should behave for that customer.

This is described in Customer experience and Integration.

There is also a know your business (KYB) flow for running KYB checks.

This page describes how to implement these flows in your app.

tip

There are several example applications built using the ComPilot Identity SDK. You can use these as a basis for building your own applications.

Setup

Before developing with the ComPilot Identity SDK, you need to have configured at least one workflow as described in Workflows.

As part of the setup process, you need to get an API key, as described in Getting an API key. This key is used as API_KEY in this document.

Back-end setup

As part of the setup, you have to do certain things on the back end of your app.

  1. Get the access token using the Generate client access token endpoint. This has to be done from a secure server to avoid leaking API_KEY. For example, in JavaScript:

    const response = await fetch("https://api.compilot.ai/kyc/auth/access-token", {
      body: JSON.stringify({ 
           address, // the address of the wallet
           blockchainNamespace, // optional , "eip155" by default, can be also "tezos" or "aptos"
      }),
      headers: {
        "Content-Type": "application/json",
        Authorization: `Bearer ${process.env.API_KEY}`,
      },
      method: "POST",
    });
    const { accessToken } = await response.json();

    Where address is the address of the customer's Web3 wallet and blockchainNamespace is the namespace of the blockchain you use.

    The back end of your app needs to implement a way of passing this to the front end of your app.

  2. Configure the webhooks to handle the data they will receive. For information about webhooks, see Webhooks.

    note

    The structure of the validation result could vary, depending on the rules, but it will still have all the necessary flags to determine whether the customer meets the requirements so that your app can allow or deny access the customer.

  3. If the customer is trying to perform an action that requires verification, check if they are verified in your records.

    • If the customer is verified and on the allowed list, let them proceed to the action.
    • If the customer is verified and on the blocked list, block them.
    • If not verified, initiate the ComPilot Identity SDK data request as described in the following steps.

Installation

The ComPilot Identity SDK can be installed using yarn.

yarn add @nexeraid/identity-sdk

Initialization

The ComPilot verification workflow requires customers to authenticate using their Web3 wallet. This has two benefits:

  • You can link your customers' real-world identity with their Web3 wallets.
  • Customers' wallets can automatically screened with an onchain screening tool connected to ComPilot.

At the end of verification, customers are issued reusable KYC reports that can be controlled using their Web3 wallets.

The following blockchains are supported.

  • All EVM chains (such as Ethereum, and Base)
  • Aptos
  • Cardano
  • Cosmos
  • Polkadot
  • Solana
  • Starknet
  • Tezos

See Web3 authentication for more information.

note

These examples use the signMessageAsync method from wagmi. Replace this with the signature function of the supported blockchain of your choice (as long as it takes string as input and returns string).

  1. The front end of your app must implement a signer that can sign with a Web3 wallet address. On Ethereum, this can be implemented with using a library like viem or ethers, and then paired with wagmi, web3auth, or another compatible library.

  2. Instantiate the KYC client, IdentityClient.

    import { IdentityClient } from "@nexeraid/identity-sdk";

    const IDENTITY_CLIENT = new IdentityClient();

  3. Configure the signing callback.

    // mandatory onSignPersonalData callback
    IDENTITY_CLIENT.onSignMessage(async (data: { message: string }) => {
      // make customer sign data with wallet, and return result
      return await signMessageAsync({ message: data.message });
    });

  4. Build the signing message and signature, which is needed to securely store KYC data in the customer's browser.

    const signingMessage = IdentityClient.buildSignatureMessage(address);
    const signature = await signMessageAsync({ message: signingMessage });

    Where address is the address of the customer's Web3 wallet. For compatibility reasons, it should be lower case.

    For more context, see here.

  5. Get the access token from your back end, and store it in a variable called accessToken. For example:

    const accessToken = getAccessTokenFromYourServer();

    Where getAccessTokenFromYourServer() is a function you create to get the access token from your server.

  6. Pass the authorization inputs to the init method.

    await IDENTITY_CLIENT.init({
      accessToken: accessToken,
      signature: signature,
      signingMessage: signingMessage,
    });

For more detailed examples, see init examples.

Methods

Once the front end has been initialized you can use the following methods.