Identity Layer

KYC-AI

Active

Verify individual identity documents using AI vision. Extracts all fields from passports, Emirates IDs and Iqamas. Optionally match a customer photo against the document and verify proof of address. Jurisdiction-specific compliance rules applied automatically.

Endpoint

POST/api/kyc/verify

Supported documents

Jurisdiction	document_type	Document
CA 🇨🇦	`passport`	Canadian Passport
AE 🇦🇪	`emirates_id`	Emirates ID (front + back)
SA 🇸🇦	`iqama`	Iqama Residence Permit or Passport

Request parameters

Parameter	Type	Required	Description
`customer_id`	string	Yes	Your internal reference for this customer. Used to link KYC with AML history.
`jurisdiction`	string	Yes	Compliance jurisdiction. One of: CA (Canada), AE (UAE), SA (KSA).
`document_type`	string	Yes	Type of identity document. One of: passport, emirates_id, iqama.
`document_data`	string	Yes	Base64-encoded image of the identity document (JPEG, PNG or PDF). Max 10MB.
`selfie_data`	string	No	Base64-encoded customer photo for face matching against the document. JPEG or PNG only.
`address_data`	string	No	Base64-encoded proof of address document. Accepted types vary by jurisdiction.

Response fields

Parameter	Type	Required	Description
`success`	boolean	Yes	Whether the API call succeeded.
`data.status`	string	Yes	Verification decision: approved, rejected, or review_required.
`data.risk_level`	string	Yes	Risk level: low, medium, high, or critical.
`data.confidence_score`	integer	Yes	AI confidence in the decision, 0–100.
`data.extracted_data`	object	Yes	Fields extracted from the document: full_name, date_of_birth, document_number, expiry_date, nationality, gender, mrz_valid.
`data.selfie_check`	object	No	Face match result if selfie_data was provided: face_match, match_score (0–100), match_level, assessment.
`data.address_check`	object	No	Address verification result if address_data was provided: verified, document_type, name_matches, address, document_date.
`data.compliance_flags`	array	Yes	List of compliance issues found. Each flag has: id, rule_id, severity (info/warning/critical), message, suggestion.
`data.requires_human_review`	boolean	Yes	If true, the case is added to the review queue for a compliance officer.
`data.ai_recommendation`	string	Yes	Plain-English explanation of the decision and recommended action.
`data.privacy_notice`	string	Yes	Confirmation that document images were discarded after processing.
`processing_time_ms`	integer	Yes	Total processing time in milliseconds.

Privacy

Document images are processed in memory and immediately discarded. Only extracted text fields (name, DOB, document number, expiry) are stored in your Supabase database. Images never touch persistent storage.

Code example

curl -X POST \
  https://shield.kodexa.systems/api/kyc/verify \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "CUST-AE-001",
    "jurisdiction": "AE",
    "document_type": "emirates_id",
    "document_data": "<base64-encoded-image>"
  }'

Example response

json

{
  "success": true,
  "data": {
    "status": "approved",
    "risk_level": "low",
    "confidence_score": 94,
    "ai_recommendation": "Emirates ID verified. Document is valid and not expired. MRZ checksum passes. Identity confirmed for UAE onboarding.",
    "extracted_data": {
      "full_name": "AHMED AL MANSOORI",
      "date_of_birth": "1985-03-22",
      "document_number": "784-1985-1234567-8",
      "expiry_date": "2028-03-21",
      "nationality": "AE",
      "gender": "M",
      "mrz_valid": true
    },
    "selfie_check": null,
    "address_check": null,
    "compliance_flags": [],
    "requires_human_review": false,
    "review_reasons": [],
    "privacy_notice": "Document processed and discarded. Only extracted fields are stored.",
    "request_id": "kyc_1716000000_abc123",
    "created_at": "2026-05-22T04:00:00.000Z"
  },
  "processing_time_ms": 3241,
  "jurisdiction": "AE",
  "plugin": "kyc"
}