# Check-Driven Integration ## Overview This guide walks you through integrating the Web SDK with ComplyCube using the check-driven approach, giving you direct control over individual verification steps. {% hint style="info" %} For a quick copy-paste example, use our [integration assistant](https://portal.complycube.com/developers). {% endhint %} {% hint style="warning" %} You’re viewing the **check-driven** SDK guide - an approach that provides detailed control but is best suited for **partners** or **advanced use cases.** We recommend using **workflow integration** for most implementations. {% endhint %} ## Integration flow The Web SDK runs as part of your frontend but relies on your backend to create **secure tokens**. Here’s how it works: {% stepper %} {% step %} #### **Create a client** Register a new **client** (i.e. customer) using the ComplyCube API {% endstep %} {% step %} #### **Generate an SDK token** Your backend requests a **JWT token** tied to that client. {% endstep %} {% step %} #### **Import and mount the SDK** Add the JS and CSS files, then mount the SDK in your web app. {% endstep %} {% step %} #### Capture documents, videos, and selfies The SDK guides your customer through the required steps. {% endstep %} {% step %} #### Perform verification checks Captured data is securely sent to ComplyCube for verification checks, and results are delivered in real time through the API or webhooks. {% endstep %} {% endstepper %} ![Web SDK Integration Flow](https://648014528-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Flv7UhJvTbxeq4s3KwQpn%2Fuploads%2FK0Q5uDXRom50YsDvvkYZ%2Fdocumentation_web_sdk_flow.png?alt=media\&token=9154ae1c-2b2e-4b65-907f-d9b40c39700e) ## Integration guide {% stepper %} {% step %} #### Create a client Every verification flow starts with a **client** (i.e. customer). Use the API to [create the client](https://app.gitbook.com/s/kAhgmUKSf8CFUFVL3GEe/core-resources/clients/create-a-client). **Example request** {% tabs %} {% tab title="cURL" %} ```bash curl -X POST https://api.complycube.com/v1/clients \ -H 'Authorization: ' \ -H 'Content-Type: application/json' \ -d '{ "type": "person", "email": "john.doe@example.com", "personDetails":{ "firstName": "John", "lastName" :"Doe" } }' ``` {% endtab %} {% tab title="Node.js" %} ```javascript const { ComplyCube } = require("@complycube/api"); const complycube = new ComplyCube({ apiKey: "" }); const client = await complycube.client.create({ type: "person", email: "john.doe@example.com", personDetails: { firstName: "John", lastName: "Doe" } }); ``` {% endtab %} {% tab title="Python" %} ```python from complycube import ComplyCubeClient cc_api = ComplyCubeClient(api_key='') new_client = { 'type':'person', 'email':'john.doe@example.com', 'personDetails': { 'firstName':'John', 'lastName':'Doe' } } client = cc_api.clients.create(**new_client) ``` {% endtab %} {% tab title="PHP" %} ```php use ComplyCube\ComplyCubeClient; $ccapi = new ComplyCubeClient(''); $result = $ccapi->clients()->create([ 'type' => 'person', 'email' => 'john@doe.com', 'personDetails' => [ 'firstName' => 'John', 'lastName' => 'Doe' ] ]); ``` {% endtab %} {% tab title=".NET" %} ```csharp using ComplyCube.Net; using ComplyCube.Net.Resources.Clients; var clientApi = new ClientApi(new ComplyCubeClient("")); var newClient = new ClientRequest { type = "person", email = "john@doe.com", personDetails = new PersonDetails { firstName = "John", lastName = "Doe" } } var client = await clientApi.CreateAsync(newclientRequest); ``` {% endtab %} {% endtabs %} **Example response** The response will contain an `id` (the Client ID). It is required for the next step. ```javascript { "id": "5eb04fcd0f3e360008035eb1", "type": "person", "email": "john.doe@example.com", "personDetails": { "firstName": "John", "lastName": "Doe", }, "createdAt": "2020-01-04T17:24:29.146Z", "updatedAt": "2020-01-04T17:24:29.146Z" } ``` {% hint style="info" %} See [Clients API Reference](https://app.gitbook.com/s/kAhgmUKSf8CFUFVL3GEe/core-resources/clients) to learn more. {% endhint %} {% endstep %} {% step %} #### Generate an SDK token Your backend must create an **SDK token** for each new flow. This token links the SDK session to the client. Tokens are short-lived and must not be reused. **Example request** {% tabs %} {% tab title="cURL" %} ```bash curl -X POST https://api.complycube.com/v1/tokens \ -H 'Authorization: ' \ -H 'Content-Type: application/json' \ -d '{ "clientId":"CLIENT_ID", "referrer": "https://www.example.com/*" }' ``` {% endtab %} {% tab title="Node.js" %} ```javascript const { ComplyCube } = require("@complycube/api"); const complycube = new ComplyCube({ apiKey: "" }); const token = await complycube.token.generate("CLIENT_ID", { referrer: "https://www.example.com/*" }); ``` {% endtab %} {% tab title="Python" %} ```python from complycube import ComplyCubeClient cc_api = ComplyCubeClient(api_key='') token = cc_api.tokens.create('CLIENT_ID','https://www.example.com/*') ``` {% endtab %} {% tab title="PHP" %} ```php use ComplyCube\ComplyCubeClient; $ccapi = new ComplyCubeClient(''); $report = $ccapi->tokens()->generate('CLIENT_ID', 'https://www.example.com/*'); ``` {% endtab %} {% tab title=".NET" %} ```csharp using ComplyCube.Net; using ComplyCube.Net.Resources.SDKTokens; var sdkTokenApi = new SDKTokenApi(new ComplyCubeClient("")); var sdkTokenRequest = { clientId = "CLIENT_ID", referrer = "https://www.example.com/*" } var sdkToken = await sdkTokenApi.GenerateToken(sdkTokenRequest); ``` {% endtab %} {% endtabs %} **Example response** ```javascript { "token": "" } ``` {% hint style="info" %} See [SDK Token API Reference](https://app.gitbook.com/s/kAhgmUKSf8CFUFVL3GEe/other-resources/tokens) to learn more. {% endhint %} {% endstep %} {% step %} #### Import the SDK To import our Web SDK, you need to include it in your target page HTML: ```html ...
```
Loading the SDK with Integrity (Optional) For additional security, you can optionally load the ComplyCube Web SDK using **Subresource Integrity (SRI)**. This allows the browser to verify that the JavaScript and CSS files have not been modified by validating them against cryptographic checksums. #### **Retrieve the latest SDK integrity values** To ensure you always use the latest supported SDK version and integrity hashes, retrieve the asset metadata from the Web SDK info endpoint. **Example request** ```bash curl -X POST https://api.complycube.com/v1/webSdk/latest \ -H 'Authorization: ' ``` **Example response** The response includes the URLs and corresponding integrity values for both the JavaScript and CSS assets. {% code overflow="wrap" %} ```json { "js": { "url": "/complycube.min.js", "integrity": "sha384- sha384-" }, "css": { "url": "/style.css", "integrity": "sha384- sha384-" } } ``` {% endcode %} #### **Import the SDK using integrity attributes** Use the returned values to load the SDK in your HTML with `integrity` and `crossorigin` attributes: ```html ...
``` {% hint style="info" %} #### Notes * Using SRI is ***optional***, but recommended for environments with stricter security requirements. * The crossorigin="anonymous" attribute is required when using SRI with assets served from a different origin. * Integrity values may change when the SDK is updated. Always retrieve the latest values from the endpoint. {% endhint %}
{% hint style="info" %} The links to `complycube.min.js` and `style.css` can be found in your [developers portal](https://portal.complycube.com/developers/webSdk). {% endhint %} {% endstep %} {% step %} #### Mount the SDK With the generated SDK token, the Web SDK can be initialised in your frontend using the following Javascript code: ```javascript ComplyCube.mount({ token: '', containerId: 'complycube-mount', stages: [ 'intro', 'documentCapture', { name: 'faceCapture', options: { mode: 'video' } }, 'completion' ], onComplete: function(data) { // Using the data attributes returned, request your // backend server to perform the necessary ComplyCube checks console.info('Capture complete'); }, onModalClose: function() { // Handle the modal closure attempt }, onError: function ({ type, message }) { if (type === 'token_expired') { // Request a new SDK token } else { // Handle other errors console.err(message); } } }); ``` {% hint style="info" %} The SDK mount parameters are described in the [SDK settings](#settings) section below. {% endhint %} {% hint style="info" %} #### Referrer policy To enable successful communication between the SDK and our servers, your web page's **Referrer Policy** header should be set to `strict-origin-when-cross-origin`. This ensures that the referrer information is securely transmitted during HTTP requests. You can either do it programmatically or add it directly to the web page as follows:\ `` {% endhint %} {% endstep %} {% step %} #### Perform checks Using the `data` returned by the SDK, via the `onComplete` callback, you can now instruct your backend server to run the appropriate checks using the [create a check endpoint](https://docs.complycube.com/api-reference/checks/create-a-check). For instance, use: * `documentCapture.documentId` to run a [document check](https://docs.complycube.com/api-reference/check-types/document-check). * `documentCapture.documentId` and `faceCapture.livePhotoId` to run an[ identity check](https://docs.complycube.com/api-reference/check-types/identity-check). * `documentCapture.documentId` and `faceCapture.liveVideoId` to run an [enhanced identity check](https://docs.complycube.com/api-reference/check-types/enhanced-identity-check). * `poaCapture.documentId` to run a [proof of address check](https://docs.complycube.com/api-reference/check-types/proof-of-address-check). If you have [set up webhooks ](https://docs.complycube.com/api-reference/other-resources/webhooks/create-a-webhook)as described in our [webhooks guide](https://docs.complycube.com/documentation/guides/webhooks), you will be notified once a check completes. To retrieve the check results, you can perform a get [check request](https://app.gitbook.com/s/kAhgmUKSf8CFUFVL3GEe/core-resources/checks/create-a-check). **Example request** {% tabs %} {% tab title="cURL" %} ```javascript curl -X GET https://api.complycube.com/v1/checks/{:checkId} \ -H 'Authorization: ' ``` {% endtab %} {% tab title="Node.js" %} ```javascript const { ComplyCube } = require("@complycube/api"); const complycube = new ComplyCube({ apiKey: "" }); const check = await complycube.check.get("CHECK_ID"); ``` {% endtab %} {% tab title="Python" %} ```python from complycube import ComplyCubeClient cc_api = ComplyCubeClient(api_key='') check = cc_api.checks.get('CHECK_ID') ``` {% endtab %} {% tab title="PHP" %} ```php use ComplyCube\ComplyCubeClient; $ccapi = new ComplyCubeClient(''); $check = $ccapi->checks()->get('CHECK_ID'); ``` {% endtab %} {% tab title=".NET" %} ```csharp using ComplyCube.Net; using ComplyCube.Net.Resources.Checks; var checkApi = new CheckApi(new ComplyCubeClient("")); var check = await checkApi.GetAsync("CHECK_ID"); ``` {% endtab %} {% endtabs %} {% endstep %} {% endstepper %} ## SDK reference This section describes all configurable settings, callbacks, lifecycle methods, and branding options available in the ComplyCube Web SDK. ### Settings
OptionDescription
tokenThe SDK token generated by your backend. This is required.

Type: string
containerId

The ID of the container element where the SDK mounts. This must be an empty element.

Type: string
Default value: complycube-mount

useModalThis defines whether the UI screens load into a modal instead of inline.

Type: boolean
Default value: true
disableClientAnalytics

This defines whether we track client analytics or not.

Type: boolean
Default value: false

stages

This is the list of stages your clients will go through. Stages can be provided as strings or as objects. See Stages below to learn more.

Type: array[object] or array[string]

Default values: ['intro', 'faceCapture, 'documentCapture', 'completion']

language

The UI language. Valid values include:

en , ar, br, de, es, fr, hi, hk, id, it, ja, ko, nl, no, pl, pt, sv, th, vi, zh

Type: string
Default value: en

### Callback Callbacks let you respond to SDK lifecycle events.
OptionDescription
onComplete

Triggered after the client completes the verification flow. Typically used to trigger a check on your backend.

Depending on the stages provided, data may include the following attributes:

  • documentCapture

    • documentId: ID of the captured document.
    • documentType: Type of document uploaded.

  • faceCapture

    • liveVideoId: ID of the captured video. OR;
    • livePhotoId: ID of the captired photo.

  • poaCapture

    • documentId: ID of the uploaded proof of address document.
    • documentType: Type of the uploaded proof of address document.
onError

Triggered when an error occurs. The error object has two attributes:

  • type: This can be:

    • exception
    • token_expired : indicates the token has expired. When this occurs, a new SDK token must be provided.
  • message: Description of the error.
onExitThis callback is triggered when your client exits before completing the flow. It will return the exit reason, e.g., USER_CONSENT_NOT_GRANTED.
onModalCloseTriggered when the client tries to close the modal. You can allow or prevent closure by updating the isModalOpen attribute using updateSettings.
### Updating settings A number of settings can be updated at runtime as follows: ```javascript complycube = ComplyCube.mount({...}); // Replace the SDK token complycube.updateSettings({ token: "NEW_SDK_TOKEN" }); ... // Open the modal complycube.updateSettings({ isModalOpen: true }); //Close the modal complycube.updateSettings({ isModalOpen: false }); ``` ### Unmounting the SDK If you are using the SDK in a Single Page Application (SPA), you can call the unmount function to remove the SDK and reset its state. ```javascript complycube = ComplyCube.mount({...}); ... complycube.unmount() ``` ## Stages The `stages` array defines the verification flow. Each stage can be passed as a **string** or as an **object** with options. #### Supported stage names * `intro`: Welcome screen. * `userConsentCapture`: Capture customer consent. * `documentCapture`: Capture ID documents. * `faceCapture`: Capture selfies or liveness videos. * `poaCapture`: Capture proof of address document. * `completion`: End of flow. {% hint style="info" %} When `userConsentCapture` is enabled, always handle the `onExit` callback if the client declines consent. {% endhint %} {% hint style="info" %} Please make sure you pass the [`clientConsent`](https://docs.complycube.com/api-reference/checks) parameter when consent is granted by your client. {% endhint %} When a stage is passed as **object**, it will have two attributes, `name` and `options`. ### Name This is the [stage name](#supported-stage-names) ### Options This allows you to customize each stage as follows:
Stage NameOptions
intro
  • heading: Change the intro screen heading.
  • message: A list of messages to display on the intro screen. Max size 3.
  • startButtonText: Change the text of the start button on the intro screen.
documentCapture
  • crossDeviceOnly: A boolean that indicates whether to force users to capture their document using their phone. This removes the document upload option.

  • documentTypes: The list of ID document types visible to the user. Valid document types include:

    • passport
    • driving_license
    • national_identity_card
    • residence_permit


    Each value can be either a boolean or a country object. A boolean toggles the visibility of the document type, while a country object specifies the issuing country for non-passport documents, bypassing the country selection screen. The country value is the two-letter country ISO code.

faceCapture
  • mode: The mode of the facial capture. Possible values are: photo or video.
poaCapture

  • documentTypes: The list of Proof of Address (POA) document types visible to the client. Valid POA document types include:

    • bank_statement
    • utility_bill

The value of each document type is a boolean that toggles the visibility of the document type.

completion
  • heading: Change the completion screen heading.
  • message: A message to display on the completion screen. Max size 1.
#### Example options object ```javascript stages: [ { name: "intro", options: { heading: "We need to verify your identity", message: [ "In order to open an account, we need to check a few things.", "This will take only a moment", ], startButtonText: "Start Verification" }, }, "userConsentCapture", { name: "documentCapture", options: { crossDeviceOnly: true, documentTypes: { passport: true, driving_license: false, national_identity_card: true, residence_permit: { country: "GB", }, }, }, }, { name: "faceCapture", options: { mode: "video" }, }, { name: "poaCapture", options: { documentTypes: { bank_statement: true, utility_bill: false, }, }, }, { name: "completion", options: { heading: "Thank you for completing the process", message: ["we will get in touch shortly"] }, } ]; ``` ## Branding You can customise the SDK’s look and feel with the `branding` object. It comprises of the attributes outlined below. ### Appearance The `appearance` object allows you to customize the color scheme of the SDK with CSS values (e.g. RGBA, Hex). Customizable attributes include:
AttributeDescription
infoPopupColorWarning popup background color.
infoPopupTextColorWarning popup background color.
infoPopupLinkHoverColorWarning popup fallback Link on hover background color.
infoPopupLinkActiveColorWarning popup fallback Link active background color.
errorPopupColorError popup background color.
errorPopupTextColorError popup text color.
errorPopupLinkHoverColorError popup fallback Link on hover background color.
errorPopupLinkActiveColorError popup fallback Link active background color.
cameraButtonHoverColorCamera button on hover background color.
cameraButtonActiveColorCamera button active background color.
iconButtonActiveColorIcon button active background color.
iconButtonHoverColorIcon button on hover background color.
primaryButtonColorPrimary button background color.
primaryButtonTextColorPrimary button text color.
primaryButtonActiveColorPrimary button active background color.
primaryButtonHoverColorPrimary button on hover background color.
primaryButtonBorderColorPrimary button border color.
secondaryButtonColorSecondary button background color.
secondaryButtonTextColorSecondary button text color.
secondaryButtonActiveColorSecondary button active background color.
secondaryButtonHoverColorSecondary button on hover background color.
secondaryButtonBorderColorSecondary button border color.
documentSelectorColorDocument selector background color.
documentSelectorTextColorDocument selector text color.
documentSelectorActiveBorderColorDocument selector active background color.
documentSelectorHoverBorderColorDocument selector on the hover background color.
linkHoverColorLink on the hover background color.
linkActiveColorLink active background color.
linkUnderlineColorLink underline color.
linkHoverTextColorLink on the hover text color.
bodyTextColorSDK content text color.
headingTextColorSDK heading text color.
subheadingTextColorSDK subheading text color.
### Logo The `logo` object has the following attributes: * `lightLogoUrl`: URL for your logo's light version. * `darkLogoUrl`: URL for your logo's dark version. #### Example of logo branding ```javascript branding: { appearance: { primaryButtonColor: '#FF0000', }, logo: { lightLogoUrl: 'light_logo_url', darkLogoUrl: 'dark_logo_url', } }, ``` ### Text Brand The `textBrand` attribute represents the textual format of your brand. #### Example of text branding ```javascript branding: { appearance: { primaryButtonColor: '#FF0000', }, textBrand: 'Acme Bank' } ``` {% hint style="info" %} If `logo` and `textBrand` attributes are specified at the same time, `logo` takes precedence. {% endhint %}