Skip to main content

C.3 InApp KYC

InApp KYC enables brokers to embed their Know Your Customer verification processes directly within cTrader, allowing users to complete compliance requirements without leaving the trading platform. This module streamlines the compliance workflow while maintaining broker control over verification processes.

Overview

The InApp KYC module enables:

  • Embedded KYC verification within cTrader interface
  • Seamless compliance workflow integration
  • Broker-branded verification screens
  • Real-time verification status updates
  • Support for document upload and identity verification

Prerequisites

Before implementing InApp KYC, ensure completion of:

  • Part A: All foundation requirements
  • Part B: Either B.1 (Full SSO) or B.2 (Light Identity Handoff)

Architecture

Integration Flow

  1. User Initiation: User triggers KYC process in cTrader
  2. Token Generation: cTrader backend generates OT token for user context
  3. Screen Launch: Broker KYC screen opens with token authentication
  4. Verification Process: User completes KYC verification in broker interface
  5. Status Communication: Verification status communicated back to cTrader

Authentication Methods

  • Full SSO: Long-term tokens with broker-owned identity
  • Light Identity: One-time tokens with cTrader identity provider

Implementation Flow

KYC Verification Flow

Stage 1: User Initiation

  1. User triggers KYC process

    • Triggers:
      • First deposit attempt
      • Account creation completion
      • Compliance requirement notification
      • Manual initiation from account settings
    • Context: User ID, account info, KYC requirement type

  2. cTrader backend generates OT token

    • Endpoint: /ctid2/inAppOneTimeToken/data (Light Identity)
    • Context: User ID, account info, action type (kyc)
    • Token: Short-lived token for broker authentication

Stage 2: Broker Screen Launch

  1. cTrader opens broker KYC screen

    • URL: https://brokerCrmUrl.com/inapp/kyc
    • Parameters: token, lang, source, theme, kycType
    • Method: Opens in embedded browser/modal within cTrader

  2. Broker screen validates and pre-loads

    • Token Validation: Verify OT token validity and user context
    • User Identification: Extract user information from token
    • KYC Status: Load current KYC verification status
    • Requirements: Display specific KYC requirements based on user context

Stage 3: KYC Verification Process

  1. User completes KYC verification

    • Personal Information: Name, address, date of birth
    • Identity Document: Passport, ID card, driver's license upload
    • Address Verification: Utility bill, bank statement upload
    • Additional Verification: Tax identification, source of funds

  2. Broker processes verification

    • Document Validation: Automated document verification
    • Data Validation: Cross-reference with external databases
    • Manual Review: Escalation to compliance team if needed
    • Status Updates: Real-time status updates throughout process

Stage 4: Completion and Communication

  1. KYC verification completion

    • Verification Status: Approved, rejected, or additional info required
    • Account Limits: Update account limits based on verification level
    • Notification: User notification of verification result

  2. Status communication to cTrader

    • Callback: Notify cTrader of KYC status change
    • Account Update: Update account status and limits in cTrader
    • User Notification: Show verification result to user

KYC Types and Levels

Basic KYC

  • Requirements: Basic personal information, email verification
  • Limits: Lower deposit and trading limits
  • Processing Time: Immediate to 24 hours

Standard KYC

  • Requirements: Personal information, identity document, address verification
  • Limits: Standard deposit and trading limits
  • Processing Time: 1-3 business days

Enhanced KYC

  • Requirements: All standard requirements plus source of funds, tax identification
  • Limits: Higher deposit and trading limits
  • Processing Time: 3-5 business days

API Specifications

cTrader Backend Endpoints

OT Token Generation (Light Identity)

GET /ctid2/inAppOneTimeToken/data
Authorization: Bearer {userSessionToken}

Response Example:

{
    "otToken": "abc123xyz789",
    "userId": 12345,
    "email": "user@example.com",
    "tradingLogin": 67890,
    "action": "kyc",
    "kycType": "standard",
    "expiresAt": "2023-01-01T12:05:00Z"
}

Broker CRM Required Endpoints

Token Validation

POST /api/validate-token
Content-Type: application/json

Request Body:

{
    "token": "abc123xyz789"
}

Response Example:

{
    "valid": true,
    "userId": 12345,
    "email": "user@example.com",
    "tradingLogin": 67890,
    "kycStatus": "pending",
    "kycLevel": "basic",
    "requiredDocuments": ["identity", "address"]
}

KYC Status Update Callback

POST /ctrader/callback/kyc-status
Content-Type: application/json
Authorization: Bearer {crmApiToken}

Request Body:

{
    "tradingLogin": 67890,
    "kycStatus": "approved",
    "kycLevel": "standard",
    "verificationDate": "2023-01-01T12:00:00Z",
    "accountLimits": {
        "dailyDeposit": 10000.00,
        "monthlyDeposit": 50000.00,
        "maxPosition": 100000.00
    },
    "timestamp": "2023-01-01T12:00:00Z"
}

Required Screens

KYC Verification Screen

  • URL: /inapp/kyc
  • Parameters: token, kycType (optional)
  • Functionality:
    • Personal information collection
    • Document upload interface
    • Progress tracking
    • Status display
    • Additional information requests

Document Upload Screen

  • URL: /inapp/kyc/upload
  • Parameters: token, documentType
  • Functionality:
    • File upload interface
    • Image capture (mobile)
    • Document preview
    • Quality validation
    • Upload progress

KYC Status Screen

  • URL: /inapp/kyc/status
  • Parameters: token
  • Functionality:
    • Current status display
    • Required actions
    • Document checklist
    • Processing timeline
    • Contact support options

Implementation Requirements

Broker CRM Requirements

KYC Processing

  • Document Verification: Automated document validation
  • Identity Verification: Integration with identity verification services
  • Compliance Checks: AML and sanction list screening
  • Review Workflow: Manual review processes for edge cases

Security Requirements

  • Data Protection: Secure handling of personal data
  • Document Storage: Encrypted document storage
  • Access Control: Role-based access to KYC data
  • Audit Trail: Complete audit trail for compliance

Frontend Requirements

Document Upload

  • File Formats: Support for common image formats (JPEG, PNG, PDF)
  • File Size Limits: Appropriate file size restrictions
  • Quality Validation: Image quality and readability checks
  • Mobile Support: Camera integration for mobile devices

User Experience

  • Progress Indicators: Clear progress tracking
  • Instructions: Step-by-step guidance
  • Error Handling: Clear error messages and recovery options
  • Mobile Optimization: Mobile-first design for document capture

URL Examples

KYC URLs

<!-- Basic KYC URL -->
https://brokerCrmUrl.com/inapp/kyc?token=abc123&lang=en

<!-- With specific KYC type -->
https://brokerCrmUrl.com/inapp/kyc?token=abc123&kycType=standard&lang=en

<!-- Document upload URL -->
https://brokerCrmUrl.com/inapp/kyc/upload?token=abc123&documentType=identity&lang=en

<!-- KYC status URL -->
https://brokerCrmUrl.com/inapp/kyc/status?token=abc123&lang=en

Error Handling

Document Upload Errors

{
    "error": "Upload Failed",
    "message": "Document upload failed. Please try again.",
    "code": "UPLOAD_FAILED",
    "retryAllowed": true
}

Document Quality Issues

{
    "error": "Document Quality",
    "message": "Document image quality is too low. Please upload a clearer image.",
    "code": "DOCUMENT_QUALITY_LOW",
    "suggestions": ["Use better lighting", "Ensure all text is readable", "Avoid blurry images"]
}

Verification Rejection

{
    "error": "Verification Failed",
    "message": "Identity verification failed. Please contact support.",
    "code": "VERIFICATION_REJECTED",
    "reason": "Document appears to be altered",
    "contactSupport": true
}

Security Considerations

Data Protection

  • Encryption: Encrypt all personal data transmission and storage
  • Data Minimization: Collect only necessary personal data
  • Retention Policies: Implement appropriate data retention policies
  • Access Controls: Strict access controls for sensitive data

Compliance Requirements

  • GDPR Compliance: GDPR and other privacy regulation compliance
  • AML Compliance: Anti-Money Laundering compliance measures
  • Regulatory Reporting: Required regulatory reporting mechanisms
  • Audit Requirements: Comprehensive audit trail maintenance

Testing Requirements

Functional Testing

  • KYC Flow: Test complete KYC verification process
  • Document Upload: Test document upload and validation
  • Status Updates: Test status update mechanisms
  • Error Scenarios: Test various error conditions

Security Testing

  • Data Protection: Verify data protection measures
  • Access Control: Test access control mechanisms
  • Document Security: Test document storage security
  • Privacy Compliance: Verify privacy compliance measures

Performance Testing

  • Upload Performance: Test document upload performance
  • Processing Time: Test verification processing times
  • Concurrent Users: Test with multiple concurrent KYC processes
  • System Load: Test system performance under load

Business Benefits

For Compliance

  • Regulatory Compliance: Meet regulatory KYC requirements
  • Risk Management: Better risk assessment and management
  • Audit Trail: Complete audit trail for compliance reporting
  • Automated Processing: Reduced manual compliance workload

For User Experience

  • Convenience: Complete KYC without leaving trading platform
  • Speed: Faster verification processing
  • Transparency: Clear status updates and progress tracking
  • Mobile Support: Mobile-optimized document capture

For Operations

  • Efficiency: Streamlined KYC processing workflow
  • Cost Reduction: Reduced manual processing costs
  • Scalability: Scalable verification processes
  • Analytics: Better KYC process analytics and insights

Best Practices

User Experience

  • Clear Instructions: Provide clear, step-by-step instructions
  • Progress Feedback: Keep users informed of progress
  • Mobile Optimization: Optimize for mobile document capture
  • Error Recovery: Easy recovery from errors

Technical Implementation

  • Async Processing: Use asynchronous processing for verification
  • Retry Logic: Implement retry logic for failed uploads
  • Logging: Comprehensive logging for debugging and monitoring
  • Monitoring: Real-time monitoring of KYC processes

Compliance

  • Data Minimization: Collect only necessary data
  • Retention Policies: Implement appropriate data retention
  • Privacy by Design: Build privacy protections into the system
  • Regular Audits: Conduct regular compliance audits

This InApp KYC integration provides a seamless compliance experience within cTrader, enhancing regulatory compliance while maintaining excellent user experience.