WIDTH Identity Developer Documentation
WIDTH Identity provides a complete identity verification and compliance platform supporting KYC, KYB, transaction screening, and continuous monitoring workflows — accessible via REST APIs and drop-in SDKs for web, iOS, and Android.
Capabilities
The platform exposes four primary compliance workflows. Each is available via the REST API and most are available via the SDKs.
KYC
Identity verification: liveness, document OCR, NFC chip, sanctions and PEP screening.
KYB
Business verification: registry pull, UBO graph to 25%, director KYC, entity screening.
Transaction screening
Real-time scoring per transaction. Sub-100ms decisions. Sync or async.
Continuous monitoring
Event-driven re-screen on sanctions, address, behavioural change. Live risk rating.
Integration paths
Three primary integration methods. Use OpenAPI for full backend control, or the SDKs for a managed verification UX.
| Path | Best for | Workflows |
|---|---|---|
| OpenAPI (REST, server-to-server) | You already collect customer data and want full backend control over UX. | KYC, KYB, Transaction Screening, Continuous Monitoring |
| Mobile SDK (Android, iOS) | Turnkey verification experience in a mobile app with minimal code. | KYC, KYB |
| Web SDK | Drop-in modal or new-tab verification in a web app. | KYC, KYB, One-off liveness |
Environments
Two environments: staging for development and production for live traffic. All staging URLs end in -stg.
| Resource | Staging | Production |
|---|---|---|
| API Gateway | https://one-gateway-api-stg.width.com/gateway | https://one-gateway-api.width.com/gateway |
| Storage Service | https://one-gateway-api-stg.width.com/storage | https://one-gateway-api.width.com/storage |
| Platform Console | https://one-platform-stg.width.com | https://one-platform.width.com |
Credentials
Two credential types depending on integration path.
| Type | Used by | Fields |
|---|---|---|
OPENAPI | Server-to-server API | apiKey (prefixed ak_) + apiSecret (prefixed sk_) |
SDK | Web / Mobile SDK | appId + apiKey + per-session sdkToken |
How to obtain
- Log in to the One Platform Console → API & Integration.
- Click Generate to mint a key pair.
- Copy and store credentials securely. The
apiSecretis shown only once.
apiSecret in source code. Use environment variables or a secrets manager. If a secret leaks, rotate it immediately from the console.Quick start — signing a request
Every OpenAPI request is signed with HMAC-SHA256 over the request body. The signature is appended as the sign query parameter.
sign = HmacSHA256(apiSecret, requestBody)
Both the key and body use UTF-8 encoding. The result is a 64-character lowercase hex string.
import hmac, hashlib
sign = hmac.new(
api_secret.encode('utf-8'),
request_body.encode('utf-8'),
hashlib.sha256
).hexdigest()
const crypto = require('crypto');
const sign = crypto
.createHmac('sha256', apiSecret)
.update(requestBody, 'utf8')
.digest('hex');
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(apiSecret.getBytes("UTF-8"), "HmacSHA256"));
byte[] hash = mac.doFinal(requestBody.getBytes("UTF-8"));
String sign = HexFormat.of().formatHex(hash);
See the authentication reference for the full request envelope, including headers, query parameters, and a worked example.
Next: pick a workflow
OpenAPI reference
Auth, errors, idempotency, configuration, file upload — every REST primitive in one place.
Web SDK
Modal or new-tab verification in your web app. npm install @width/web-sdk.
Android SDK
Kotlin drop-in for Activity / Compose. API 24+ (Android 7.0).
iOS SDK
Swift Package for UIKit and SwiftUI. iOS 16.0+, Xcode 16+.
KYC guide
Full KYC workflow: register, start, poll, submit nodes (OCR, particular, liveness, OTP, forms).
Appendix
Glossary, execution statuses, event types, document types, changelog.