Guide to integrating and using the Mangopay-hosted verification experience
UserCategory
must be OWNER
.
LegalPersonType
is SOLETRADER
or BUSINESS
).
The other Legal user types, Organization and Partnership, are not yet supported.
FirstName
and LastName
of the Natural object.
For Legal Soletrader users, then the first name and last name of the identity document must match the FirstName
and LastName
of the LegalRepresentative
object of the corresponding Legal user.
For Legal Business users, the person completing the identity document check does not have to be the declared legal representative in the user object. However, they must be an individual listed as a company director in the relevant national registry.
Initiate the hosted session
UserId
to initiate a hosted KYC/KYB verification session.You must include a ReturnUrl
to which the session redirects once it is completed (before the outcome is known).In the API response:HostedUrl
value is the URL for the unique session, with your ReturnUrl
encoded and appended.Status
is PENDING
, indicating that the session is available via the HostedUrl
value, and the user has not successfully completed all the necessary steps.Send the user to the hosted session
HostedUrl
value received in the response.The unique session remains valid indefinitely and has no timeout, so it can used to redirect the user immediately or later via another channel, such as by email.There is also no way in Mangopay’s product to differentiate between a session that has been started or not – both have the status PENDING
. However, on your side you can track whether the HostedUrl
was accessed by the user.Let the user complete the session
HostedUrl
, the experience guides them through all the required steps for KYC/KYB verification to submit their data and take photos of their accepted ID document and a selfie.Soletrader users, who represent individuals, may also need to submit files of their accepted registration proof if the automated registry lookup fails.For Business users:HostedUrl
redirects to the ReturnUrl
and the Status
is updated from PENDING
.Receive webhooks and handle outcomes
Status
is updated. This event triggers a webhook notification and there is a dedicated event type for the relevant values.For Natural users, the session is always processed automatically and the Status value can change from PENDING
to either VALIDATED
or REFUSED
.For Legal users, the session can be fully processed automatically but it may also be inconclusive. In this case, the status changes to REVIEW
and the session is sent to Mangopay’s teams for a manual processing.Checks
performed and their outcome.IDENTITY_VERIFICATION_VALIDATED
– The IDV Session’s Status
changed to VALIDATED
and the User became KYC/KYB verified.IDENTITY_VERIFICATION_FAILED
– The IDV Session’s Status
changed to REFUSED
and the User was not KYC/KYB verified.IDENTITY_VERIFICATION_INCONCLUSIVE
– The IDV Session’s Status
changed to REVIEW
and the session is under manual review by Mangopay’s teams before an outcome can be given.IDENTITY_VERIFICATION_OUTDATED
– The IDV Session’s Status
changed to OUT_OF_DATE
indicating that the user’s KYC/KYB verification status was downgraded. To regain KYC/KYB verified status, the user must complete a new IDV Session successfully.PersonType
and, if LEGAL
, their LegalPersonType
).
This section describes the actions taken by the user and the checks performed by Mangopay.
ReturnUrl
Type | Description |
---|---|
IDENTITY_DOCUMENT_VERIFICATION | Verifies the authenticity of the identity document, the liveness of the selfie, and that the selfie matches the identity document photo. |
IDV_NAME_MATCH_CHECK | Checks whether the first name and last name of the identity document match the FirstName and LastName of the Natural user object. Only performed if IDENTITY_DOCUMENT_VERIFICATION is successful. |
IDV_AGE_CHECK | Checks whether the individual on the identity document meets the minimum age requirement for Mangopay users (age 18). Only performed if IDENTITY_DOCUMENT_VERIFICATION is successful. |
BUSINESS_VERIFICATION
)Status
value will be REVIEW
)ReturnUrl
Type | Description |
---|---|
BUSINESS_VERIFICATION | Looks up the business details entered by the user during the session in the national registry to find a match. If not successful, the user is asked to upload a registration proof document and the session status will be REVIEW . |
IDENTITY_DOCUMENT_VERIFICATION | Verifies the authenticity of the identity document, the liveness of the selfie, and that the selfie matches the identity document photo. |
IDV_NAME_MATCH_CHECK | Checks whether the first name and last name of the identity document match the FirstName and LastName of the LegalRepresentative of the Legal user object. Only performed if IDENTITY_DOCUMENT_VERIFICATION is successful. |
IDV_AGE_CHECK | Checks whether the individual on the ID document meets the minimum age requirement for Mangopay users (age 18). Only performed if IDENTITY_DOCUMENT_VERIFICATION is successful. |
BUSINESS_NAME_MATCH | Checks whether the name on the identity document is present in the name of the registered sole proprietor in the relevant national registry. This check is performed manually if BUSINESS_VERIFICATION is unsuccessful. |
BUSINESS_VERIFICATION
)ReturnUrl
Type | Description |
---|---|
BUSINESS_VERIFICATION | Looks up the business details entered by the user during the session in the national registry to find a match. If not successful, the user is asked to upload a registration proof document and the session status will be REVIEW . |
IDENTITY_DOCUMENT_VERIFICATION | Verifies the authenticity of the identity document, the liveness of the selfie, and that the selfie matches the identity document photo. |
IDV_AGE_CHECK | Checks whether the individual on the identity document meets the minimum age requirement for Mangopay users (age 18). Only performed if IDENTITY_DOCUMENT_VERIFICATION is successful. |
BUSINESS_INSIGHTS_MATCH | Checks whether the name on the ID document matches one of the directors listed in the national registry, and whether the PSC data declared in the session is coherent with the PSC data in the registry. This check is performed manually if BUSINESS_VERIFICATION is unsuccessful. |
LegalRepresentative
declared in the user object must be the individual who does the ID check.Status
value of the IDV Session object indicates the outcome.
Status
becomes VALIDATED
.
When the VALIDATED
status is returned automatically:
KYCLevel
becomes REGULAR
)IDENTITY_DOCUMENT_VERIFICATION
, IDV_NAME_MATCH_CHECK
, or IDV_AGE_CHECK
check are refused automatically then the session is automatically refused and the Status
becomes REFUSED
.
When the REFUSED
value is returned automatically:
KYCLevel
remains LIGHT
)Checks.CheckStatus
shows which checks were REFUSED
and the Checks.Reasons
shows the refusal reasons (Type
and preset Value
)BUSINESS_VERIFICATION
returned no match or a partial match or the BUSINESS_INSIGHTS_MATCH
(Business) or BUSINESS_NAME_CHECK
(Soletrader) was not validated automatically, then the session must be reviewed manually by Mangopay and the Status
becomes REVIEW
.
When the REVIEW
status is returned:
Checks.CheckStatus
shows which checks were REFUSED
and triggered the manual reviewVALIDATED
.
When the VALIDATED
status is returned following manual review:
KYCLevel
becomes REGULAR
)Checks.CheckStatus
and Checks.Reasons
are not updated, so they may still show as REFUSED
REFUSED
.
When the VALIDATED
status is returned following manual review:
KYCLevel
remains LIGHT
)Checks.CheckStatus
and Checks.Reasons
are updated to provide the Type
and a custom message in the Value
Checks
were successful. For example for businesses, if the session was refused due to the PSC data, registration proof or articles of association, then the entire session must be retried even if the IDENTITY_DOCUMENT_VERIFICATION
check was validated.
Status
may also change to OUT_OF_DATE
, which indicates that the user’s KYC/KYB verification status was downgraded. The user object’s KYCLevel
was changed from REGULAR
to LIGHT
. For more information about this mechanism, see KYC/KYB downgrade.
In this case, you need to create another IDV Session object for the user to go through the verification process again.
Checks.Data
. You can retrieve it using the GET View an IDV Session endpoint.
These data points are overwritten if the session Status
is VALIDATED
, but the Data
may be returned if the status is REFUSED
or REVIEW
.
As part of the IDENTITY_DOCUMENT_VERIFICATION
, the data in the next table is extracted from the ID document. If this check fails, the session Status
is REFUSED
and no data is overwritten.
Note that in the case of a Business user, the data below is overwritten even if the individual who completed the session’s ID check is not the one previously entered in the LegalRepresentative
of the user object.
Data.Type value extracted from ID | User object property overwritten if Status is VALIDATED |
---|---|
FIRST_NAME | FirstName |
LAST_NAME | LastName |
BIRTHDATE | Birthday |
LEGAL_REPRESENTATIVE_FIRST_NAME | LegalRepresentative.FirstName (or LegalRepresentativeFirstName on non-SCA object) |
LEGAL_REPRESENTATIVE_LAST_NAME | LegalRepresentative.LastName (or LegalRepresentativeFirstName on non-SCA object) |
LEGAL_REPRESENTATIVE_BIRTHDATE | LegalRepresentative.Birthday (or LegalRepresentativeBirthday on non-SCA object) |
BUSINESS_VERIFICATION
, the data in the next table is entered by the user and then validated against the national registry. If this check fails, then the session goes for manual review. If the session Status
is ultimately VALIDATED
, then the data entered is considered validated and overwritten in the user object. If the session outcome is REFUSED
, no data is overwritten.
Data.Type value entered by user | User object property overwritten if Status is VALIDATED |
---|---|
COMPANY_NAME | CompanyName |
COMPANY_NUMBER | CompanyNumber |
Status
is REFUSED
), further information on the checks performed is in the Checks
property. You can retrieve this using the GET View an IDV Session endpoint.
For Checks
that have CheckStatus
of REFUSED
, the reasons for the refusal are given in the Reasons
array, containing one or more objects containing Type
and Value
fields.
This information helps you understand why the session was refused and guide the user in retrying a new session successfully.
All the Checks.Reasons.Type
values are listed below by CheckType
along with recommendations for resolution.
Checks.Reasons.Value
field for the customized comment from the person who conducted the review.The Value
is preset if the session was automatically refused. If a Natural user session is refused it is always automatic (manual review is not possible), and a Legal user session may also be automatically refused.CheckType | Refusal Reasons.Type | Issue | Recommendation |
---|---|---|---|
IDENTITY_DOCUMENT_VERIFICATION | DOCUMENT_NOT_ACCEPTED | The document is not in the list of accepted identity documents; it doesn’t fit the verification requirements outlined by Mangopay. | Check the Accepted ID documents to know whether your document is accepted based on its country of issue. Retry in a new session with your accepted document. |
FACE_MATCH_FAIL | The face on the selfie does not match the face of the document. | Retry in a new session, ensuring that the person who owns the ID is taking the selfie. | |
DOCUMENT_FALSIFIED | The document seems to be fraudulent or contains inconsistent information. | Check that the document used is in line with the accepted documents and has not been altered by any means. | |
DOCUMENT_UNREADABLE | The document is not clear enough. | Check that the document used is accepted. Retry the session ensuring the photos taken are clear and not blurred. | |
DOCUMENT_HAS_EXPIRED | The document has passed its expiry date; it is no longer valid. | Check that your document is not expired. Retry the session with an in-date accepted document. | |
IDV_AGE_CHECK | DOCUMENT_NOT_ACCEPTED | The age of the individual must be over 18. | |
IDV_NAME_MATCH_CHECK | DOCUMENT_NOT_ACCEPTED | The first name and last name of the identity document did not match with the FirstName and LastName of the natural user or the declared LegalRepresentative in the user object. | First, update the data of the user object to match the identity document.Then, retry the session using the same identity document. |
BUSINESS_VERIFICATION | DOCUMENT_NOT_ACCEPTED | Generic refusal status. See the specific comment in the Checks.Reasons.Value . | Review the custom comment provided and respond accordingly. |
DOCUMENT_TYPE_NOT_SUPPORTED | The document is not listed as accepted for the country of registration. | Check that the document corresponds to the requirements and retry the session. | |
DOCUMENT_HAS_EXPIRED | The document is not valid or was issued more than 3 months ago. | Check that the document was issued within the last 3 months. For some countries, the requirements don’t include the 3-month rule but the document has a validity period which it has passed and/or it must be the latest up-to-date version of the document. | |
DOCUMENT_UNREADABLE | The document is not clear enough. | Check the clarity and readability of your file before retrying the session, submitting a clear and up-to-date accepted document. | |
DOCUMENT_INCOMPLETE | The document is incomplete or not sufficient on its own. | Ensure the document is dated and that all pages are present and in one of the supported languages (or along with a sworn translation).For most countries, declared legal representative should appear in the document(s). | |
BUSINESS_INSIGHTS_MATCH | BUSINESS_INSIGHTS_MATCH_FAILED | For Business users, the name on the identity document is not in the list of business directors obtained from the national registry. | Review the custom comment provided and respond accordingly. |
BUSINESS_NAME_MATCH | BUSINESS_NAME_MATCH_FAILED | For Soletrader users, the name on the identity document does not feature in the registered name of the sole proprietor. | Review the custom comment provided and respond accordingly. |