Onboarding Receive-Only Users
Overview
The following guide outlines steps for onboarding receive-only Business & Personal Users. Business Users and Personal Users who are designated with a kyb / kyc type as receive-only are not required to Authenticate or Authorize with Astra.
Personal vs. Business User
There are two categories of Astra Users: Personal Users and Business Users. A Personal User does not represent a Business, and vice versa.
LLCs, Sole Proprietorships, S-Corps, C-Corps, etc all constitute Businesses.
For compliance reasons, a Business must register with Astra as a Business User. Onboarding a Business User as a Personal User can result in both User suspension and additional consequences for your integration with Astra. In addition, Personal Users will be blocked from connecting Business Debit Cards to their profile.
Step 01: Create a Business Profile or UserIntent
Through Astra’s Business Profile object and UserIntent object, your application owns the scope of designing the frontend and user experience for collecting the required information for onboarding Users accordingly. The outcome of creating a Business Profile will be a business_profile_id, while the outcome of creating a UserIntent will be a user_intent_id.
For Clients who are approved for KYB/KYC Delegation, and/or are approved to onboard Business and Personal Users with a kyb_type / kyc_type as receive-only or unverified, limited information is required to onboard the User to our platform. Below is an outline of the required information that needs to be collected by way of the Business Profile and UserIntent objects for Users who are (1) KYB / KYC Delegated (2) Receive-Only or (3) Unverified:
For KYB / KYC Delegated programs, please specify the
kyb_type / kyc_typeasverified. For programs approved to onboard Users asunverifiedorreceive-onlyplease specify thekyb_type / kyc_typeaccordingly.
Required Receive-Only Information
Receive-Only / Unverified Business Information (Business Profile)
- Business info:
- Business name
- DBA
- Business type
- Business address
- For Sole Prop businesses:
- Full name for Admin
- Email for Admin
- For other business types:
- Full name for Controller
- Full name for Admin
- Email for Admin
Receive-Only / Unverified Personal Profile Information (UserIntent)
- Phone
- First Name
- Last Name
- Physical Address
- DOB
- IP Address
Step 02: Obtain a Session Token
Once a Business Profile or UserIntent has been created (and the UserIntent status has transitioned to approved, see the related webhook for status changes), call Astra’s partner/identity/verification endpoint with the following Payload:
Client Request
Endpoint: POST /v1/partner/identity/verification
Headers: {
"Content-Type": "application/json",
"Accept": "application/json",
"Authorization": "Basic \*\*\*\*",
}
{
"provider": "",
"provider_data": {
"customer_id": ""
},
"client_id": "client_123456",
"user_id": "user_123456",
"user_intent_id": "user_intent_123456",
"business_profile_id": "Busines_profile_123456"
}
Astra Response
{
"token": "token_123456"
}Only provide one of
user_id,user_intent_id, orbusiness_profile_id
Provide a
user_intent_idif you are signing up the User for Astra’s services (Authorizing)
Provide a
user_idif you are signing them in (Authenticating)
Provide a
business_profile_idif you are signing up a business user (Authorizing)
Step 03: Authorize the User
Once you’ve obtained a session_token, call Astra’s partner/identity/token endpoint. This will return the User's tokens (an access_token and refresh_token)
Client Request
Endpoint: POST /v1/partner/identity/token
Headers: {
"Content-Type": "application/x-www-form-urlencoded",
"Accept": "application/json",
"Authorization": "Basic \*\*\*\*",
}
{
"token": "token_123456",
"user_consent_captured": true,
"expires_in": 300
}
Astra Response
{
"access_token": "access_token_abc123",
"expires_in": 7200
"refresh_token": "refresh_token_abc123",
"token_type": “Bearer”
}Updated about 13 hours ago