Check-Driven Integration
Integrate the Web SDK using a check-driven approach.
Overview
This guide walks you through integrating the Web SDK with ComplyCube using the check-driven approach, giving you direct control over individual verification steps.
For a quick copy-paste example, use our integration assistant.
You’re viewing the check-driven SDK guide - an approach that provides detailed control but is best suited for partners or advanced use cases. We recommend using workflow integration for most implementations.
Integration flow
The Web SDK runs as part of your frontend but relies on your backend to create secure tokens. Here’s how it works:
Integration guide
Create a client
Every verification flow starts with a client (i.e. customer). Use the API to create the client.
Example request
Example response
The response will contain an id (the Client ID). It is required for the next step.
See Clients API Reference to learn more.
Generate an SDK token
Your backend must create an SDK token for each new flow. This token links the SDK session to the client. Tokens are short-lived and must not be reused.
Example request
Example response
See SDK Token API Reference to learn more.
Import the SDK
To import our Web SDK, you need to include it in your target page HTML:
Loading the SDK with Integrity (Optional)
For additional security, you can optionally load the ComplyCube Web SDK using Subresource Integrity (SRI). This allows the browser to verify that the JavaScript and CSS files have not been modified by validating them against cryptographic checksums.
Retrieve the latest SDK integrity values
To ensure you always use the latest supported SDK version and integrity hashes, retrieve the asset metadata from the Web SDK info endpoint.
Example request
Example response
The response includes the URLs and corresponding integrity values for both the JavaScript and CSS assets.
Import the SDK using integrity attributes
Use the returned values to load the SDK in your HTML with integrity and crossorigin attributes:
Notes
Using SRI is optional, but recommended for environments with stricter security requirements.
The crossorigin="anonymous" attribute is required when using SRI with assets served from a different origin.
Integrity values may change when the SDK is updated. Always retrieve the latest values from the endpoint.
The links to complycube.min.js and style.css can be found in your developers portal.
Mount the SDK
With the generated SDK token, the Web SDK can be initialised in your frontend using the following Javascript code:
The SDK mount parameters are described in the SDK settings section below.
Referrer policy
To enable successful communication between the SDK and our servers, your web page's Referrer Policy header should be set to strict-origin-when-cross-origin. This ensures that the referrer information is securely transmitted during HTTP requests.
You can either do it programmatically or add it directly to the web page as follows:
<meta name="referrer" content="strict-origin-when-cross-origin">
Perform checks
Using the data returned by the SDK, via the onComplete callback, you can now instruct your backend server to run the appropriate checks using the create a check endpoint.
For instance, use:
documentCapture.documentIdto run a document check.documentCapture.documentIdandfaceCapture.livePhotoIdto run an identity check.documentCapture.documentIdandfaceCapture.liveVideoIdto run an enhanced identity check.poaCapture.documentIdto run a proof of address check.
If you have set up webhooks as described in our webhooks guide, you will be notified once a check completes.
To retrieve the check results, you can perform a get check request.
Example request
SDK reference
This section describes all configurable settings, callbacks, lifecycle methods, and branding options available in the ComplyCube Web SDK.
Settings
token
The SDK token generated by your backend. This is required.
Type: string
containerId
The ID of the container element where the SDK mounts. This must be an empty element.
Type: string
Default value: complycube-mount
useModal
This defines whether the UI screens load into a modal instead of inline.
Type: boolean
Default value: true
disableClientAnalytics
This defines whether we track client analytics or not.
Type: boolean
Default value: false
stages
This is the list of stages your clients will go through. Stages can be provided as strings or as objects. See Stages below to learn more.
Type: array[object] or array[string]
Default values: ['intro', 'faceCapture, 'documentCapture', 'completion']
language
The UI language. Valid values include:
en , ar, br, de, es, fr, hi, hk, id, it, ja, ko, nl, no, pl, pt, sv, th, vi, zh
Type: string
Default value: en
Callback
Callbacks let you respond to SDK lifecycle events.
onComplete
Triggered after the client completes the verification flow. Typically used to trigger a check on your backend.
Depending on the stages provided, data may include the following attributes:
documentCapturedocumentId: ID of the captured document.documentType:Type of document uploaded.
faceCaptureliveVideoId: ID of the captured video. OR;livePhotoId: ID of the captired photo.
poaCapturedocumentId: ID of the uploaded proof of address document.documentType: Type of the uploaded proof of address document.
onError
Triggered when an error occurs. The error object has two attributes:
type: This can be:exceptiontoken_expired: indicates the token has expired. When this occurs, a new SDK token must be provided.
message: Description of the error.
onExit
This callback is triggered when your client exits before completing the flow. It will return the exit reason, e.g., USER_CONSENT_NOT_GRANTED.
onModalClose
Triggered when the client tries to close the modal. You can allow or prevent closure by updating the isModalOpen attribute using updateSettings.
Updating settings
A number of settings can be updated at runtime as follows:
Unmounting the SDK
If you are using the SDK in a Single Page Application (SPA), you can call the unmount function to remove the SDK and reset its state.
Stages
The stages array defines the verification flow. Each stage can be passed as a string or as an object with options.
Supported stage names
intro: Welcome screen.userConsentCapture: Capture customer consent.documentCapture: Capture ID documents.faceCapture: Capture selfies or liveness videos.poaCapture: Capture proof of address document.completion: End of flow.
When userConsentCapture is enabled, always handle the onExit callback if the client declines consent.
Please make sure you pass the clientConsent parameter when consent is granted by your client.
When a stage is passed as object, it will have two attributes, name and options.
Name
This is the stage name
Options
This allows you to customize each stage as follows:
intro
heading: Change the intro screen heading.message: A list of messages to display on the intro screen. Max size 3.startButtonText: Change the text of the start button on the intro screen.
documentCapture
crossDeviceOnly: A boolean that indicates whether to force users to capture their document using their phone. This removes the document upload option.documentTypes: The list of ID document types visible to the user. Valid document types include:passportdriving_licensenational_identity_cardresidence_permit
Each value can be either a boolean or a country object. A boolean toggles the visibility of the document type, while a country object specifies the issuing country for non-passport documents, bypassing the country selection screen. The country value is the two-letter country ISO code.
faceCapture
mode: The mode of the facial capture. Possible values are:photoorvideo.
poaCapture
documentTypes: The list of Proof of Address (POA) document types visible to the client. Valid POA document types include:bank_statementutility_bill
The value of each document type is a boolean that toggles the visibility of the document type.
completion
heading: Change the completion screen heading.message: A message to display on the completion screen. Max size 1.
Example options object
Branding
You can customise the SDK’s look and feel with the branding object. It comprises of the attributes outlined below.
Appearance
The appearance object allows you to customize the color scheme of the SDK with CSS values (e.g. RGBA, Hex). Customizable attributes include:
infoPopupColor
Warning popup background color.
infoPopupTextColor
Warning popup background color.
infoPopupLinkHoverColor
Warning popup fallback Link on hover background color.
infoPopupLinkActiveColor
Warning popup fallback Link active background color.
errorPopupColor
Error popup background color.
errorPopupTextColor
Error popup text color.
errorPopupLinkHoverColor
Error popup fallback Link on hover background color.
errorPopupLinkActiveColor
Error popup fallback Link active background color.
cameraButtonHoverColor
Camera button on hover background color.
cameraButtonActiveColor
Camera button active background color.
iconButtonActiveColor
Icon button active background color.
iconButtonHoverColor
Icon button on hover background color.
primaryButtonColor
Primary button background color.
primaryButtonTextColor
Primary button text color.
primaryButtonActiveColor
Primary button active background color.
primaryButtonHoverColor
Primary button on hover background color.
primaryButtonBorderColor
Primary button border color.
secondaryButtonColor
Secondary button background color.
secondaryButtonTextColor
Secondary button text color.
secondaryButtonActiveColor
Secondary button active background color.
secondaryButtonHoverColor
Secondary button on hover background color.
secondaryButtonBorderColor
Secondary button border color.
documentSelectorColor
Document selector background color.
documentSelectorTextColor
Document selector text color.
documentSelectorActiveBorderColor
Document selector active background color.
documentSelectorHoverBorderColor
Document selector on the hover background color.
linkHoverColor
Link on the hover background color.
linkActiveColor
Link active background color.
linkUnderlineColor
Link underline color.
linkHoverTextColor
Link on the hover text color.
bodyTextColor
SDK content text color.
headingTextColor
SDK heading text color.
subheadingTextColor
SDK subheading text color.
Logo
The logo object has the following attributes:
lightLogoUrl: URL for your logo's light version.darkLogoUrl: URL for your logo's dark version.
Example of logo branding
Text Brand
The textBrand attribute represents the textual format of your brand.
Example of text branding
If logo and textBrand attributes are specified at the same time, logo takes precedence.