Onboarding Business Users
Overview
The following guide outlines best practices for creating and onboarding Business Users to Astra. If your payment flow involves a Business entity receiving or sending funds, then this guide is for you!
Personal vs. Business Users
There are two categories of Astra Users: Personal Users and Business Users. A Personal User does not represent a Business, and vice versa.
LLCs, Sole Proprietorships, S-Corps, C-Corps, etc all constitute Businesses.
For compliance reasons, a Business must register with Astra as a Business User. Onboarding a Business User as a Personal User can result in both User suspension and additional consequences for your integration with Astra. In addition, Personal Users will be blocked from connecting Business Debit Cards and Business Bank Accounts to their profile.
Review Period
Business User reviews generally take 24 hours. They may take up to 48 hours or longer if additional documentation is required from the Business. Business reviews are never instant, unlike Personal Users, as there is greater due diligence and compliance review required.
Onboarding | UserIntents vs. Business Profiles
All Personal Users need to onboard by way of a UserIntent. For verified Business Users, there are two onboarding options:
- Option A: Astra’s Business Onboarding Web Form
- Option B: Astra’s Business Profile Object
Option A: Astra’s Business Onboarding Web Form
Through Astra’s Business Onboarding Web Form, the Business User will be prompted to submit all the required fields to satisfy our Know-Your-Business (KYB) procedure.
The Business Onboarding Web Form is only for
verifiedBusiness Users. For onboardingreceive-onlyorunverifiedBusiness Users, a Business Profile is required. Please refer to Option B if onboardingreceive-onlyorunverifiedBusiness Users.
To onboard a Business User in this manner, use the following Astra’s Web SDK URL, with the appropriate query string parameters applied:
The above example is using our production Web SDK URL. Astra’s sandbox Web SDK URL is https://app-sandbox.astra.finance
businessmust be equal totrue
Through this flow, the Business User will be prompted to enter all the required information to satisfy the KYB request. Post submission, the User will be prompted to:
- Authenticate (mobile phone 2fa)
- Authorize (Agree to Astra’s Terms and Privacy Policy)
The outcome of this flow will be temporary authorization_code, that will need to be exchanged for a pair of tokens (access_token and refresh_token). Please read here for more information: https://docs.astra.finance/reference/post_v1-oauth-token
A Business User may be prompted to provide additional documentation to complete KYB. A Business User can still obtain tokens and simultaneously be in a
documentstate.
Option B: Astra’s Business Profile Object
Through Astra’s Business Profile object, your application owns the scope of designing the frontend and user experience for collecting the information to satisfy Astra’s KYB requirements.
Once a Business Profile has been submitted to Astra, you can instantiate Astra’s Web SDK to start the Business onboarding flow.
the
business_profile_idwill need to be included as a query string parameter in Astra’s Web SDK URL.
When you create a Business Profile, the information submitted to Astra will be pre-populated in the business onboarding forms in our SDK. If you do create a Business Profile beforehand, the business_profile_id will need to be included as a query string parameter in the Collect Authorization url. Here is an example:
Through this flow, the Business User will be prompted to confirm the information submitted by way of the Business Profile object. They’ll then be prompted to:
- Authenticate (mobile phone 2fa)
- Authorize (Agree to Astra’s Terms + Privacy)
The outcome of this flow will be temporary authorization_code, that will need to be exchanged for a pair of tokens (access_token and refresh_token). Please read here for more information: https://docs.astra.finance/reference/post_v1-oauth-token
Document Flow
Just as a Personal User may be prompted to upload additional documentation, so may a Business User. When a Business is prompted for additional documentation, the Business User will receive an email from Astra informing them of their status with a link to follow to upload additional documentation. This additional documentation may be related to the Business Controller (e.g. a driver’s license) or the Business Entity (e.g. an SS 4 Form). Business Users who are required to upload documents or submit additional information may not receive a status response for up to 48 hours. The status of the Business User during this period will remain as pending until they are either approved or rejected by Astra.
Pending Status
Whether additional documentation is required or not, the status of a Business User during the KYB review period will be pending. We recommend that you obtain the status of the Business User after you’ve obtained the Business User’s Tokens and convey this status accordingly.
Since review periods can vary, it’s recommended that you inform the Business User that their profile is currently under review and that they’ll be notified once the review is complete.
If your client is approved for KYB delegation, all Business Users will be approved and there will be no review period
We recommend listening and ingesting User Webhooks to obtain real-time updates regarding the Business User’s status. https://docs.astra.finance/reference/user-webhooks
For sandbox testing, using an EIN of
11-1111111will result in an automatically approved Business User. An EIN of22-2222222will result in an automatically rejected Business User
Onboard Businesses with a full API Integration
If your program is eligible for and leveraging Astra’s Authorization via API, follow the steps below to onboard your Business Users:
- Create a Business Profile
- Once created, call Astra’s POST Partner/Identity/Verification endpoint
-
The
business_profile_idmust be included in the payload of this request -
The outcome of this step is a short-lived, one-time use
session_token -
Please reference Astra’s Guide to Trusted Authentication to learn more
-
- Once you’ve obtained a
session_token, call Astra’s POST Partner/Identity/Token endpoint-
Please reference Astra’s Guide to API-Only Authorization to learn more
-
KYB Delegated, Receive-Only, and Unverified Business Users
For Clients who are approved for KYB Delegation, or are approved to onboard Business Users with kyc_type / kyb_type as receive-only or unverified, limited information is required of the Business User in order to onboard them to our platform. Below is an outline of the required information that needs to be collected by way of the Business Profile object for Business Users who are (1) KYB Delegated (2) Receive-Only or (3) Unverified:
Receive-Only / Unverified
- Business info:
- Business name
- DBA
- Business type
- Business address
- For Sole Prop businesses:
- Full name for Admin
- Email for Admin
- For other business types:
- Full name for Controller
- Full name for Admin
- Email for Admin
KYB Delegated
- Business info:
- Business name
- DBA
- Business type
- Business address
- For Sole Prop businesses:
- Full name for Admin
- Email for Admin
- Admin personal address
- For other business types:
- Full name and address for controller + UBOs
- Full name for Admin
- Email for Admin
Frequently Asked Question:
Does Astra offer KYB services?
- Yes, Astra provides KYB services. Depending on your integration and payment flow, your Business Users may be required to go through KYB in order for Astra to remain in compliance with our partner bank, vendors, and the law.
We already perform KYB on our Users. Do we need to send them through KYB with Astra?
- If your program already performs KYB on your Users, your program may be eligible for KYB Delegation. With KYB delegation, the scope and responsibilities of KYB are delegated to your client, and if approved, your Users wouldn’t need to go through a secondary KYB with Astra.
- The requirements for obtaining KYB delegation approval are strict and require extensive documentation to be obtained from your team, such as your full CIP. If you’d like to be considered for KYB Delegation, please contact your Astra Account Executive for further assistance.
How long does KYB take?
- Business User reviews generally take 24 hours.They may take up to 48 hours or longer if additional documentation is required from the Business. Business reviews are never instant, unlike Personal Users, as there is greater due diligence and compliance review required.
Can we onboard two Businesses that share the same phone number?
- Yes, Astra does not enforce phone-uniqueness for Business Users, but each Business will need to have their own Business Profile, and this needs to be included as a query string parameter when authenticating the Business.
How do I find a User’s Business Profile ID?
- The
business_profile_idis returned with the response body of eachPOST /v1/business_profilerequest.
How do I obtain the Business User’s user_id?
- Once you have an
access_tokenfor the Business User, the Business User’s User ID can be retrieved by making a call toGET /v1/user. - If your application is listening to
user_updatedwebhooks, you will also receive a webhook once the Business user status changes. The Business User’suser_idwill be shared with that webhook payload.
What phone number does the Business User Authenticate with?
- The Business User will be prompted to authenticate with the root level phone number provided in the business profile. Looking at the API documentation, this would be the phone field at the root level of the request JSON.
How do I change a phone number for a Business User?
- To update a Business User’s phone number, you can locate their profile in your Astra Dashboard, and update their phone number from there. Next to their phone number, you’ll see an option to “Update Phone”.
- Alternatively, you may use Astra’s Request User Phone Number Update endpoint.
Updated 15 days ago