search

camaraproject / KnowYourCustomer

Repository to describe, develop, document and test the KnowYourCustomer API family
Apache License 2.0
8 stars 8 forks source link

[KYC Match] Which fields are meant to be used for identification of the mobile phone user? #135

Closed trehman-gsma closed 1 week ago

trehman-gsma commented 1 month ago

Problem description Could you help to clarify which fields in the request body are meant to be used for identification purposes vs match purposes?

I had assumed that the access token or the phoneNumber field would be used to identify the mobile phone user (especially since phoneNumber does not have a corresponding match field in the response). However the following error implies that idDocument could also be used:

            IdDocumentRequired:
              value:
                status: 403
                code: KNOW_YOUR_CUSTOMER.ID_DOCUMENT_REQUIRED
                message: The idDocument is required to perform the properties validation

Possible evolution Additional documentation to clarify the fields in the request that can be used to identify the mobile user. Or restructuring the request body to have an identity parent object and a parent match object.

cc @MsOlaAjibola @mbailadorpollo @pablosanuy

fernandopradocabrillo commented 4 weeks ago

Hi @trehman-gsma Checking the API description, I think you are right and we should include a bit more information on how it is intended to work. Here in Spain, at least in Telefónica, we have a requirement to provide the idDocument along with the phoneNumber to be able to validate the rest of the properties. It is something that doesn't happen for example in Germany. So the idea is that, if your country requires the use of the idDocument as a "second level" authorization, and you don't provide it, the error is returned.

trehman-gsma commented 4 weeks ago

Thanks @fernandopradocabrillo! Please could you confirm if my understanding is correct: