circle-info
Explore our all new
eID Verification servicechevron-right
search
Book a demoHelp CenterLaunch Portal

Check-Driven Integration

Integrate the Web SDK using a check-driven approach.

hashtag
Overview

This guide walks you through integrating the Web SDK with ComplyCube using the check-driven approach, giving you direct control over individual verification steps.

circle-info

For a quick copy-paste example, use our integration assistantarrow-up-right.

circle-exclamation

You’re viewing the check-driven SDK guide - an approach that provides detailed control but is best suited for partners or advanced use cases. We recommend using workflow integration for most implementations.

hashtag
Integration flow

The Web SDK runs as part of your frontend but relies on your backend to create secure tokens. Here’s how it works:

1

hashtag
Create a client

Register a new client (i.e. customer) using the ComplyCube API

2

hashtag
Generate an SDK token

Your backend requests a JWT token tied to that client.

3

hashtag
Import and mount the SDK

Add the JS and CSS files, then mount the SDK in your web app.

4

hashtag
Capture documents, videos, and selfies

The SDK guides your customer through the required steps.

5

hashtag
Perform verification checks

Captured data is securely sent to ComplyCube for verification checks, and results are delivered in real time through the API or webhooks.

Web SDK Integration Flow

hashtag
Integration guide

1

hashtag
Create a client

Every verification flow starts with a client (i.e. customer). Use the API to create the client.

Example request

Example response

The response will contain an id (the Client ID). It is required for the next step.

circle-info

See Clients API Reference to learn more.

2

hashtag
Generate an SDK token

Your backend must create an SDK token for each new flow. This token links the SDK session to the client. Tokens are short-lived and must not be reused.

Example request

Example response

circle-info

See SDK Token API Reference to learn more.

3

hashtag
Import the SDK

To import our Web SDK, you need to include it in your target page HTML:

chevron-rightLoading the SDK with Integrity (Optional)hashtag

For additional security, you can optionally load the ComplyCube Web SDK using Subresource Integrity (SRI). This allows the browser to verify that the JavaScript and CSS files have not been modified by validating them against cryptographic checksums.

hashtag
Retrieve the latest SDK integrity values

To ensure you always use the latest supported SDK version and integrity hashes, retrieve the asset metadata from the Web SDK info endpoint.

Example request

curl -X POST https://api.complycube.com/v1/webSdk/latest \
     -H 'Authorization: <YOUR_API_KEY>'

Example response

The response includes the URLs and corresponding integrity values for both the JavaScript and CSS assets.

{
  "js": {
    "url": "<JAVASCRIPT_ASSET_URL>/complycube.min.js",
    "integrity": "sha384-<INTEGRITY_HASH_1> sha384-<INTEGRITY_HASH_2>"
  },
  "css": {
    "url": "<CSS_ASSET_URL>/style.css",
    "integrity": "sha384-<INTEGRITY_HASH_1> sha384-<INTEGRITY_HASH_2>"
  }
}

hashtag
Import the SDK using integrity attributes

Use the returned values to load the SDK in your HTML with integrity and crossorigin attributes:

<!DOCTYPE html>
<html>
  ...
  <head>
    <!-- Importing the Javascript library -->
    <script
      src="<JAVASCRIPT_ASSET_URL>/sdk.min.js"
      integrity="sha384-<INTEGRITY_HASH_1> sha384-<INTEGRITY_HASH_2>"
      crossorigin="anonymous">
    </script>

    <!-- Importing the default CSS -->
    <link
      rel="stylesheet"
      href="<CSS_ASSET_URL>/style.css"
      integrity="sha384-<INTEGRITY_HASH_1> sha384-<INTEGRITY_HASH_2>"
      crossorigin="anonymous">
  </link>
  </head>
  
  <!-- This is where the Web SDK will be mounted -->
  <body>
    <div id="complycube-mount"></div>
  </body>
</html>
circle-info

hashtag
Notes

  • Using SRI is optional, but recommended for environments with stricter security requirements.

  • The crossorigin="anonymous" attribute is required when using SRI with assets served from a different origin.

  • Integrity values may change when the SDK is updated. Always retrieve the latest values from the endpoint.

circle-info

The links to complycube.min.js and style.css can be found in your developers portalarrow-up-right.

4

hashtag
Mount the SDK

With the generated SDK token, the Web SDK can be initialised in your frontend using the following Javascript code:

circle-info

The SDK mount parameters are described in the SDK settings section below.

circle-info

hashtag
Referrer policy

To enable successful communication between the SDK and our servers, your web page's Referrer Policy header should be set to strict-origin-when-cross-origin. This ensures that the referrer information is securely transmitted during HTTP requests.

You can either do it programmatically or add it directly to the web page as follows: <meta name="referrer" content="strict-origin-when-cross-origin">

5

hashtag
Perform checks

Using the data returned by the SDK, via the onComplete callback, you can now instruct your backend server to run the appropriate checks using the create a check endpointarrow-up-right.

For instance, use:

If you have set up webhooks arrow-up-rightas described in our webhooks guidearrow-up-right, you will be notified once a check completes.

To retrieve the check results, you can perform a get check requestarrow-up-right.

Example request

hashtag
SDK reference

This section describes all configurable settings, callbacks, lifecycle methods, and branding options available in the ComplyCube Web SDK.

hashtag
Settings

Option
Description

token

The SDK token generated by your backend. This is required. Type: string

containerId

The ID of the container element where the SDK mounts. This must be an empty element.

Type: string Default value: complycube-mount

useModal

This defines whether the UI screens load into a modal instead of inline. Type: boolean Default value: true

disableClientAnalytics

This defines whether we track client analytics or not.

Type: boolean Default value: false

stages

This is the list of stages your clients will go through. Stages can be provided as strings or as objects (to enable customization). See Stages below to learn more.

Type: array[object] or array[string]

Default values: ['intro', 'faceCapture, 'documentCapture', 'completion']

language

The UI language. Valid values include:

en , ar, br, de, es, fr, hi, hk, id, it, ja, ko, nl, no, pl, pt, sv, th, vi, zh

Type: string Default value: en

hashtag
Callback

Callbacks let you respond to SDK lifecycle events.

Option
Description

onComplete

Triggered after the client completes the verification flow. Typically used to trigger a check on your backend.

Depending on the stages provided, data may include the following attributes:

  • documentCapture

    • documentId: ID of the captured document.

    • documentType: Type of document uploaded.

  • faceCapture

    • liveVideoId: ID of the captured video. OR;

    • livePhotoId: ID of the captired photo.

  • poaCapture

    • documentId: ID of the uploaded proof of address document.

    • documentType: Type of the uploaded proof of address document.

onError

Triggered when an error occurs. The error object has two attributes:

  • type: This can be:

    • exception

    • token_expired : indicates the token has expired. When this occurs, a new SDK token must be provided.

  • message: Description of the error.

onExit

This callback is triggered when your client exits before completing the flow. It will return the exit reason, e.g., USER_CONSENT_NOT_GRANTED.

onModalClose

Triggered when the client tries to close the modal. You can allow or prevent closure by updating the isModalOpen attribute using updateSettings.

hashtag
Updating settings

A number of settings can be updated at runtime as follows:

complycube = ComplyCube.mount({...});

// Replace the SDK token
complycube.updateSettings({ token: "NEW_SDK_TOKEN" });
...
// Open the modal
complycube.updateSettings({ isModalOpen: true });

//Close the modal
complycube.updateSettings({ isModalOpen: false });

hashtag
Unmounting the SDK

If you are using the SDK in a Single Page Application (SPA), you can call the unmount function to remove the SDK and reset its state.

complycube = ComplyCube.mount({...});
...
complycube.unmount()

hashtag
Stages

The stages array defines the verification flow. Each stage can be passed as a string or as an object with options.

hashtag
Supported stage names

  • intro: Welcome screen.

  • userConsentCapture: Capture customer consent.

  • documentCapture: Capture ID documents.

  • faceCapture: Capture selfies or liveness videos.

  • poaCapture: Capture proof of address document.

  • completion: End of flow.

circle-info

When userConsentCapture is enabled, always handle the onExit callback if the client declines consent.

circle-info

Please make sure you pass the clientConsentarrow-up-right parameter when consent is granted by your client.

When a stage is passed as object, it will have two attributes, name and options.

hashtag
Name

This is the stage name

hashtag
Options

This allows you to customize each stage as follows:

Stage Name
Options

intro

  • heading: Change the intro screen heading.

  • message: A list of messages to display on the intro screen. Max size 3.

  • startButtonText: Change the text of the start button on the intro screen.

documentCapture

  • crossDeviceOnly: A boolean that indicates whether to force users to capture their document using their phone. This removes the document upload option.

  • documentTypes: The list of ID document types visible to the user. Valid document types include:

    • passport

    • driving_license

    • national_identity_card

    • residence_permit

    Each value can be either a boolean or a country object. A boolean toggles the visibility of the document type, while a country object specifies the issuing country for non-passport documents, bypassing the country selection screen. The country value is the two-letter country ISO codearrow-up-right.

faceCapture

  • mode: The mode of the facial capture. Possible values are: photo or video.

poaCapture

  • documentTypes: The list of Proof of Address (POA) document types visible to the client. Valid POA document types include:

    • bank_statement

    • utility_bill

The value of each document type is a boolean that toggles the visibility of the document type.

completion

  • heading: Change the completion screen heading.

  • message: A message to display on the completion screen. Max size 1.

hashtag
Example options object

hashtag
Branding

You can customise the SDK’s look and feel with the branding object. It comprises of the attributes outlined below.

hashtag
Appearance

The appearance object allows you to customize the color scheme of the SDK with CSS values (e.g. RGBA, Hex). Customizable attributes include:

Attribute
Description

infoPopupColor

Warning popup background color.

infoPopupTextColor

Warning popup background color.

infoPopupLinkHoverColor

Warning popup fallback Link on hover background color.

infoPopupLinkActiveColor

Warning popup fallback Link active background color.

errorPopupColor

Error popup background color.

errorPopupTextColor

Error popup text color.

errorPopupLinkHoverColor

Error popup fallback Link on hover background color.

errorPopupLinkActiveColor

Error popup fallback Link active background color.

cameraButtonHoverColor

Camera button on hover background color.

cameraButtonActiveColor

Camera button active background color.

iconButtonActiveColor

Icon button active background color.

iconButtonHoverColor

Icon button on hover background color.

primaryButtonColor

Primary button background color.

primaryButtonTextColor

Primary button text color.

primaryButtonActiveColor

Primary button active background color.

primaryButtonHoverColor

Primary button on hover background color.

primaryButtonBorderColor

Primary button border color.

secondaryButtonColor

Secondary button background color.

secondaryButtonTextColor

Secondary button text color.

secondaryButtonActiveColor

Secondary button active background color.

secondaryButtonHoverColor

Secondary button on hover background color.

secondaryButtonBorderColor

Secondary button border color.

documentSelectorColor

Document selector background color.

documentSelectorTextColor

Document selector text color.

documentSelectorActiveBorderColor

Document selector active background color.

documentSelectorHoverBorderColor

Document selector on the hover background color.

linkHoverColor

Link on the hover background color.

linkActiveColor

Link active background color.

linkUnderlineColor

Link underline color.

linkHoverTextColor

Link on the hover text color.

bodyTextColor

SDK content text color.

headingTextColor

SDK heading text color.

subheadingTextColor

SDK subheading text color.

The logo object has the following attributes:

  • lightLogoUrl: URL for your logo's light version.

  • darkLogoUrl: URL for your logo's dark version.

hashtag
Example of logo branding

branding: {
  appearance: {
    primaryButtonColor: '#FF0000',
  },
  logo: {
    lightLogoUrl: 'light_logo_url',
    darkLogoUrl: 'dark_logo_url',
  }
},

hashtag
Text Brand

The textBrand attribute represents the textual format of your brand.

hashtag
Example of text branding

branding: {
  appearance: {
    primaryButtonColor: '#FF0000',
  },
  textBrand: 'Acme Bank'
}
circle-info

If logo and textBrand attributes are specified at the same time, logo takes precedence.