Feature

APIs & Integrations

Developer-friendly RESTful APIs, real-time webhooks, and pre-built connectors that embed video KYC directly into your existing technology stack.

Overview

Build on a Platform, Not a Silo

BASEKYC is built API-first, so every capability in the UI is also available programmatically. Versioned /api/v1 endpoints let you create verification sessions, retrieve case data and reports, and download evidence archives without ever logging into the dashboard. Generate and manage scoped API keys yourself from the API Integration area, with separate keys for the sandbox and production environments so you can build and test safely before going live. Webhook events notify your systems in real-time as sessions progress, and an embeddable SDK drops the customer journey straight into your own app. Interactive Swagger / OpenAPI documentation lets you explore and try every endpoint, and per-tenant KYC quotas keep usage predictable.

Key Highlights

  • Versioned REST API with interactive Swagger / OpenAPI documentation
  • Real-time, HMAC-signed webhook events with automatic retries
  • Self-service API keys with separate sandbox and production environments
  • Embeddable SDK to launch the customer KYC journey inside your own app
  • Per-tenant KYC quotas enforced across API and SDK sessions

Capabilities

What You Can Do

REST API with Full Documentation

Access every BASEKYC function programmatically through clean, well-documented REST endpoints. Create sessions, query case status, download recordings, manage users, and pull analytics data. Interactive API explorer lets you test calls directly from the documentation.

Webhook Events

Register endpoints to receive granular webhook events as sessions progress. Each delivery is signed with an HMAC secret so you can verify authenticity, automatically retried on failure, and recorded in a delivery log with response codes — so your downstream systems react immediately without polling, and no event is silently lost.

Embeddable Customer SDK

Drop the full customer KYC journey — invite, OTP, consent, device check and video call — directly into your own web or mobile app with the BASEKYC SDK. Launch a session against a sandbox or production key, hand control back on completion, and keep customers inside your brand the whole way through.

How It Works

01

Generate Your API Key

Create scoped API keys yourself from the API Integration area of your dashboard. Start with a sandbox key to build and test against the test environment, then issue a separate production key when you're ready to go live.

02

Integrate Endpoints

Call the versioned /api/v1 endpoints to create sessions, submit documents and retrieve verification results — or embed the customer journey with the SDK. Explore and try every call interactively in the built-in Swagger / OpenAPI docs.

03

Receive Webhooks

Register webhook endpoints to receive real-time notifications as verification events occur. Your systems stay in sync without polling, enabling automated workflows like updating CRM records, triggering account provisioning, or sending customer notifications.

Compliance

Enterprise-Grade API Security

Secure API Authentication

All programmatic access is secured with scoped, per-tenant API keys, separated by environment and revocable at any time. Combined with per-tenant IP allowlisting and TLS-encrypted transport, this satisfies RBI's Master Direction on IT Governance, which mandates strong authentication for all programmatic access to customer identity data.

Rate Limiting & Throttling

Configurable rate limits prevent abuse and ensure fair resource allocation across API consumers. Per-key and per-endpoint rate limits with graduated throttling protect against both accidental overload and deliberate misuse, satisfying the cybersecurity resilience requirements under RBI's Cyber Security Framework for Banks and CERT-In guidelines.

Comprehensive Audit Logging

Every API call is logged with request parameters, response codes, timestamps, and caller identity. These logs provide a complete trail of programmatic data access as required under the DPDPA 2023 for demonstrating lawful processing, and under RBI's KYC Master Direction for maintaining records of all CDD-related system interactions.

Data Encryption in Transit

All API communications are encrypted using TLS 1.2 or higher with strong cipher suites. Webhook payloads are signed with HMAC-SHA256 for integrity verification. These measures comply with CERT-In's encryption standards and RBI's mandate for end-to-end encryption of customer data during electronic transmission.

Specifications

Technical Specifications

RESTful

API Architecture

Webhooks

Real-Time Callbacks

HMAC-Signed

Webhook Payloads

Embeddable

Customer SDK

Sandbox + Prod

Separate Environments

API Keys

Scoped Authentication

Versioned

Backward Compatible

OpenAPI

Spec Documentation

Related Use Cases

Further Reading

Integrate in Hours, Not Months

Connect BASEKYC to your existing systems with our developer-friendly API, comprehensive documentation, and pre-built connectors.