Implementation
1. KYC / KYB for Withdrawers
To complete a payout/withdraw, every Withdrawer must complete verification before they can proceed with a payout through Rapid. Withdrawers only need to KYC the first time they withdraw and do not need to KYC again for any subsequent withdrawals.
Before you start, determine how you will KYC your users:
🌝 1. I want to use Approvely for KYC
Merchants who want to use Approvely for KYC should call Register User.
🇺🇸 U.S. Withdrawers
curl --location 'https://api-sandbox.coinflow.cash/api/withdraw/kyc' \
--header 'Authorization: YOUR_API_KEY' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-coinflow-auth-user-id: usher' \
--data-raw '{
"info": {
"email": "[email protected]",
"firstName": "usher",
"surName": "raymond",
"physicalAddress": "2800 N Damen Ave",
"city": "Chicago",
"state": "IL",
"zip": "60625",
"country": "US",
"dob": "19761014",
"ssn": "1234"
}
}'{
"withdrawer": {
"_id": "672400ead654e5cdd247b33f",
"currency": "USD",
"email": "[email protected]",
"verification": {
"status": "approved"
}
}
}🌍 Non-U.S. Withdrawers
curl --request POST \
--url https://api-sandbox.coinflow.cash/api/withdraw/kyc \
--header 'Authorization: YOUR_API_KEY' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-coinflow-auth-user-id: dwaynejohnsongb123' \
--data '{
"merchantId": "testtest",
"email": "[email protected]",
"country": "GB"
}'{
"withdrawer": {
"_id": "676091072cd3ae949702b0ea",
"currency": "GBP",
"email": "[email protected]",
"verification": {
"status": "approved"
}
}
}
}I am using my own KYC provider and I want to pass KYC data to Rapid
Merchants who want to pass KYC data from their existing KYC provider can call our Register User via Document endpoint.
curl --request POST \
--url https://api-sandbox.coinflow.cash/api/withdraw/kyc-doc \
--header 'accept: application/json' \
--header 'content-type: multipart/form-data' \
--header 'x-coinflow-auth-session-key: YOUR_SESSION_KEY' \
--form [email protected] \
--form country=US \
--form idType=ID_CARD \
--form idFront='@1128061-ID_front.png' \
--form idBack='@012e6a1-ID_back.png' \
--form merchantId=testtest{
"withdrawer": {
"_id": "67449b17d654e5cdd2925f1c",
"currency": "USD",
"email": "[email protected]",
"verification": {
"status": "approved"
}
}
}💼 3. I use Sumsub as my KYC provider and I want to share KYC data with Rapid
Merchants who want to share Sumsub data with Approvely will need to enter a tri-party agreement with Sumsub and Approvely. Reach out to the Approvely team with your Sumsub client ID to get started.
Once this agreement has been signed, follow these steps:
- Call Sumsub's Generate Share Token endpoint to obtain a token.
- Call our Register User Via Share Token endpoint to pass KYC data.
curl --request POST \
--url https://api-sandbox.coinflow.cash/api/withdraw/kyc/share-token \
--header 'Authorization: YOUR_API_KEY' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-coinflow-auth-user-id: user123' \
--data '{
"vendor": "sumsub",
"shareToken": "YOUR_SHARE_TOKEN",
"country": "US",
"merchantId": "testtest",
"email": "[email protected]"
}'{
"withdrawer": {
"_id": "67449b17d654e5cdd2925f1c",
"currency": "USD",
"email": "[email protected]",
"verification": {
"status": "approved"
}
}
}💼 4. I have my own KYC provider and will complete KYC reliance process with Coinflow.
Merchants must receive approval from the Compliance team regarding approval of your kyc reliance program. Once you've receive approval, follow these implementation steps.
curl --request POST \
--url https://api-sandbox.coinflow.cash/api/withdraw/kyc/attested \
--header 'Authorization: YOUR_API_KEY' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-coinflow-auth-user-id: user-id' \
--data '
{
"email": "[email protected]",
"firstName": "Dwayne",
"surName": "Johnson",
"physicalAddress": "201 E Randolph St",
"city": "Chicago",
"state": "IL",
"zip": "60601",
"country": "US",
"dob": "05021972",
"ssn": "1234"
}
'{
"withdrawer": {
"_id": "685d8a89e36b426f2df64069",
"__v": 0,
"availability": {
"status": "Functional",
"reason": "Initial",
"editor": "system",
"updatedAt": "2025-06-26T17:59:37.451Z"
},
"currency": "USD",
"email": "[email protected]",
"merchant": "6840bca9c7cb21ee5baaae76",
"originalCurrency": "USD",
"riskScoreOverride": false,
"user": true,
"verification": {
"hash": "ce749aa83c2efab20c4e1bfeca602f0674e1cf1b",
"vendor": "persona",
"reference": "ver_R6E6KrEK5rZN36Hd8d7gPaKg1cms",
"status": "attested"
},
"wallets": [
{
"wallet": "user-id",
"blockchain": "user"
}
],
"watchlistExempt": "Unknown"
}
}2. Get Withdrawer Details
After calling our withdraw endpoints, you must call Get Withdrawer to get the latest verification status. This endpoint will tell you the user's verification status. The get withdrawer endpoint can also be queried at any time to get more information about a withdrawer who has already completed KYC/KYB.
curl --request GET \
--url https://api-sandbox.coinflow.cash/api/withdraw \
--header 'Authorization: YOUR_API_KEY' \
--header 'accept: application/json' \
--header 'x-coinflow-auth-user-id: usher'3. Add A Payout Destination
Withdrawers must link a payout destination so we know where to send the funds.
📘Want to use Rapid's UI for KYC and Bank Authentication?
Merchants can choose to use our UI for KYC and bank authentication, saving time by avoiding the need to build these flows and add payout destinations. You’ll only need to create the UI for displaying quotes and initiating payouts.
If you choose to use our UI, you do not need to separately implement
Step 3: Add A Payout Destinationas the bank auth UI also handles linking payout destinations.
If withdrawers are in the U.S. and want to receive USD, they can link their debit card or bank account.
Add a debit card as a payout destination:
curl --request POST \
--url https://api-sandbox.coinflow.cash/api/withdraw/debit-card \
--header 'Authorization: <YOUR_API_KEY>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-coinflow-auth-user-id: usher' \
--data '{
"cardToken": "411111YJM5TX1111", // Debit Card Tokenization recipe: https://docs.coinflow.cash/recipes/tokenize-debit-cards-for-withdraws
"expMonth": "10",
"expYear": "29"
}'Add a bank account as a payout destination:
curl --location 'https://api-sandbox.coinflow.cash/api/withdraw/account' \
--header 'Authorization: <YOUR_API_KEY>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-coinflow-auth-user-id: usher' \
--data '
{
"type": "checking",
"alias": "Ushers Savings 1",
"accountNumber": "1111222233330000",
"routingNumber": "333333334"
}
'{
"withdrawer": {
"_id": "672400ead654e5cdd247b33f",
"__v": 0,
"currency": "USD",
"email": "[email protected]",
"isBlocked": false,
"merchant": "6723f186b2f506b29dbee63d",
"originalCurrency": "USD",
"user": true,
"verification": {
"hash": "02154e69e0f38f2b31dec3b658535fa1cc283063",
"vendor": "persona",
"reference": "ver_DisMcS9M3HftnJYPpFSowNEWHyjT",
"status": "approved"
},
"wallets": [
{
"wallet": "usher",
"blockchain": "user"
}
],
"watchlistExempt": false,
"bankAccounts": [
{
"alias": "Ushers Savings 1",
"token": "0dc36240-29fc-4708-81f6-bcab19e6e597",
"routingNumber": "333333334",
"last4": "0000",
"accountHash": "cb20055931a543bcfe3183541f335f031452055a",
"rtpEligible": false,
"reference": "67240124b2f506b29dbef137",
"isDeleted": false
}
],
"cards": [
{
"last4": "1111",
"type": "VISA",
"disbursementStatus": "Immediate",
"token": "411111YJM5TX1111",
"createdAt": "2024-10-31T22:13:56.435Z"
}
],
"ibans": [],
"pixes": [],
"rtpDisabled": false,
"cardDisabled": false
}
}4. Get a Quote for the Withdraw
Merchants may show an estimated quote of how much the user will receive after fees.
-
On sandbox, pass the following for token:
4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU
-
On production, pass the following for token:
EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v
curl --location 'https://api-sandbox.coinflow.cash/api/withdraw/quote?token=4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU&amount=3&merchantId=YOUR_MERCHANT_ID&usePermit=true' \
--header 'Authorization: <YOUR_API_KEY>' \
--header 'accept: application/json' \
--header 'x-coinflow-auth-blockchain: solana' \
--header 'x-coinflow-auth-user-id: usher'//Response
{
"quote": {
"cents": 300,
"currency": "USD"
},
"gasFees": {
"gasFees": {
"cents": 0
},
"gasFeesWei": "0"
},
"same_day": {
"fee": {
"cents": 50,
"currency": "USD"
},
"finalSettlement": {
"cents": 250,
"currency": "USD"
},
"limit": {
"cents": 10000000,
"currency": "USD"
}
},
"standard": {
"fee": {
"cents": 100,
"currency": "USD"
},
"finalSettlement": {
"cents": 200,
"currency": "USD"
},
"limit": {
"cents": 10000000,
"currency": "USD"
}
},
"card": {
"fee": {
"cents": 200,
"currency": "USD"
},
"finalSettlement": {
"cents": 100,
"currency": "USD"
},
"limit": {
"cents": 5000000,
"currency": "USD"
}
}
}This endpoint enables a user to submit a payout. Upon sending the request, funds from your Approvely in-app balance will decrement, and the end-user will receive their funds in their selected payout destination.
- Note: To get the tokenized bank account or debit card, call get withdrawer and reference the
tokenparam. For example, for bank account:bankAccounts[0]['token'] - Pass any of the following as the
speeddepending on the payout method the withdrawer selects:
speed = cardfor instant debit card payouts
speed = asapfor instant, RTP payout
speed = same_dayfor same day ACH payout
speed = standardfor standard ACH payout
curl --request POST \
--url https://api-sandbox.coinflow.cash/api/merchant/withdraws/payout/delegated \
--header 'Authorization: YOUR_API_KEY' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"amount": {
"cents": 300
},
"speed": "asap",
"account": "0dc36240-29fc-4708-81f6-bcab19e6e597", // Replace this with the bank account token or debit card token
"userId": "usher"
}
'//Response
{
"signature": "4Cv4nbe6fkGpdSYcqhPHXkdndeiyTa8mhFoWW5x3vroxRibAUssrbXZ5VW4vxkPedcX3xTRKu7ZpkJXWKdJBCGuq"
}6. Get In-App Wallet Balance
Optional: Call Get Balance to get the fund balance of your in-app wallet.
7. See Withdrawals
Go to Merchant Dashboard > Withdrawals > See Withdraw status.
FAQ / Troubleshooting
FAQ / Troubleshooting
What is a 451 response on the verification?
A 451 response indicates that we need additional information to verify the withdrawer.
When you receive a 451 response, you must redirect the withdrawer to the verificationLink provided in the response body (i.e., response.verificationLink). This link takes them to our provider’s verification page, where they typically need to upload a photo ID and take a selfie.
Once the withdrawer completes the verification, send a subsequent request to the get withdrawer endpoint to confirm the verification.status == approved.
What is bank authentication and why do I need to implement this?
Bank authentication verifies that a user owns the bank account they're connecting. It's essential for preventing fraud, ensuring regulatory compliance, reducing payment failures, and protecting against chargebacks. Per our AML policies, we require it before allowing withdrawals.
How do I get thecardToken, and why is card tokenization required?
You can obtain the cardToken by using our secure frontend components, which capture and tokenize card details. This token replaces sensitive card information and is then passed to your backend for further processing.
Tokenizing the card is essential for PCI compliance. It ensures that raw card data never touches your servers, helping keep your system out of PCI scope. As a PCI-compliant provider, we handle the sensitive data securely, significantly reducing your compliance burden.
If you do not have an AOC for PCI DSS, follow our Tokenize Debit Cards for Withdraws guide. If you do have an AOC, you may instead follow our Tokenize Card Data via API for Debit Card Payouts recipe.
How do I know if I have a valid AOC for PCI DSS?
Merchants with PCI DSS certification should be able to provide a valid Attestation of Compliance (AOC) as proof. Here is an example of an acceptable AOC for merchants.
If you're a service provider implementing on behalf of a merchant, you must provide a valid AOC specific to service providers. This is an example of an acceptable AOC for service providers. Additionally, your AOC must be reviewed and approved by a Qualified Security Assessor (QSA).
How do I fund the Approvely wallet balance on production?
Merchants who are ready to go live have the option to:
- Send USDC on Solana directly. (Ask Approvely for your production wallet address).
- Wire funds. (Ask Approvely for wiring instructions).
Is there a Pre-Built UI for my merchant payout flow?
At this time, Rapid does not provide a UI for the merchant payout flow. Merchants have the option of using our UI for bank authentication only.
Updated 4 months ago