Identomat KYC Integration
Architecture
- Frontend talks only to normalized backend routes:
POST /api/kyc/identomat/session
Loading module
Resolving locale, route permissions, and workspace projection.
Resolving locale, route permissions, and workspace projection.
Current scope: Guest
Category: 10_normative | Version: v1.0.0
Owner: DOCUMENT_CUSTODIAN | Review cycle: 90 days
Approval authority: GOVERNANCE_ADMIN
Documentation portal is read-only. Editing and mutation endpoints are disabled.
Kvary platform is originally created in Georgian. Where a Georgian version exists, Georgian is authoritative for platform UI, documentation, and legal interpretation.
Translations into other languages are provided for convenience. Some records may originate in other languages and carry their own source or legal locale for a specific flow, but where a Georgian version is available, the Georgian version prevails for platform-level wording and interpretation.
Metadata incomplete: Document ID, Version, Status, Owner Role, Last Review Date, Next Review Date, Change Log
POST /api/kyc/identomat/sessionGET /api/kyc/mePOST /api/webhooks/identomatapps/web API routes are thin proxies to svc-kycsvc-kyc owns:
Server-only:
KYC_SERVICE_URLIDENTOMAT_BASE_URLIDENTOMAT_COMPANY_KEYIDENTOMAT_SECRET_KEYIDENTOMAT_CALLBACK_API_KEYIDENTOMAT_VERIFY_WEBHOOKDATABASE_URLJWT_SECRETProduction runtime expectation:
apps/web proxies KYC requests to KYC_SERVICE_URLhttp://127.0.0.1:4030kvary-kyc.serviceops/systemd/kvary-kyc.service.examplelaunchUrl, verificationId, normalized status)/api/webhooks/identomatsvc-kycsvc-kyc verifies authenticity, stores raw payload snapshot, maps provider status, and updates normalized state idempotentlyInternal normalized statuses:
NOT_STARTEDSESSION_CREATEDIN_PROGRESSPENDING_REVIEWAPPROVEDREJECTEDEXPIREDLegacy compatibility:
APPROVED -> VERIFIEDPENDING_REVIEW / IN_PROGRESS / SESSION_CREATED -> PENDINGREJECTED -> REJECTEDEXPIRED -> UNVERIFIEDIDENTOMAT_COMPANY_KEY and related env vars for svc-kycnpm --prefix services/svc-kyc run migratenpm --prefix services/svc-kyc run devnpm --prefix apps/web run devStart Verification/api/kyc/me/api/webhooks/identomat