Skip to main content
PATCH
/
customers
/
{id}
Update a customer
curl --request PATCH \
  --url https://app.instantcompliance.ai/api/v1/customers/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "fullName": "<string>",
  "email": "jsmith@example.com",
  "phone": "<string>",
  "risk": {
    "isNewCustomer": true,
    "isDesignatedService": true,
    "handlesCashOrCrypto": true
  }
}
'
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "external_id": "crm-7741",
  "type": "INDIVIDUAL",
  "full_name": "Jane Doe",
  "email": "jane@example.com",
  "kyc_status": "VERIFIED",
  "kyc_started_at": "2026-06-23T01:00:00Z",
  "kyc_completed_at": "2026-06-23T01:12:00Z",
  "identity": {
    "verified_legal_name": "JANE DOE",
    "verified_country": "AUS"
  },
  "aml": {
    "status": "CLEAR",
    "screened_at": "2026-06-23T01:12:00Z",
    "last_reviewed_at": null,
    "flags": {
      "pep": false,
      "sanctions": false,
      "adverse_media": false,
      "terrorism": false
    }
  },
  "added_via": "INTEGRATION",
  "created_at": "2026-06-22T22:14:00Z",
  "updated_at": "2026-06-23T01:12:05Z"
}
Partial update of a customer record you have ingested. Use this to sync CRM edits across (e.g. the customer changed their phone number).

What you can update

FieldEditable after VERIFIED?
fullNameNo — identity fields freeze on verification.
emailNo — identity fields freeze on verification.
phoneYes
risk.*Yes
Attempting to change fullName or email after kyc_status becomes VERIFIED returns 422 validation_failed. This is by design — once the document-verified identity is captured, it must not silently drift.

Idempotency

Like POST, supports Idempotency-Key for safe retries.

What you cannot update

The API will not let you change:
  • type (re-ingest with the correct type instead)
  • external_id (treated as immutable once set)
  • Any KYC / AML status field (those move via the verification flow, not the integration API)

Authorizations

Authorization
string
header
required

Bearer API key issued from Settings → Developers in your Instant Compliance organisation. Format: ic_live_….

Headers

Idempotency-Key
string

Caller-supplied unique key for safe retries. Repeat the same key within 24 hours and we replay the original response instead of repeating the side effect. Reusing the key with a different request body returns 409 idempotency_conflict.

Maximum string length: 255

Path Parameters

id
string
required

Customer identifier. Accepts either Instant Compliance's UUID (550e8400-…) or your own external_id.

Body

application/json
fullName
string
Required string length: 1 - 255
email
string<email>
Maximum string length: 255
phone
string | null
Maximum string length: 32
risk
object

Optional risk pre-answers. Your back-office team will complete the full risk assessment in-app before triggering KYC; these values seed it.

Response

Updated customer record.

id
string<uuid>
required

Instant Compliance customer UUID.

type
enum<string>
required

v1 only ingests individuals. Entity types ship in v2.

Available options:
INDIVIDUAL,
SOLE_TRADER
full_name
string
required
kyc_status
enum<string>
required
Available options:
NOT_STARTED,
PENDING,
IN_PROGRESS,
VERIFIED,
FAILED,
NOT_REQUIRED,
AWAITING_RESUBMISSION
aml
object
required
added_via
enum<string>
required

How the record entered Instant Compliance.

Available options:
ADMIN_MANUAL,
AI_EXTRACTED,
CONTACT_PORTAL,
BULK_IMPORT,
INTEGRATION,
SYSTEM
created_at
string<date-time>
required
updated_at
string<date-time>
required
external_id
string | null
email
string<email> | null
kyc_started_at
string<date-time> | null
kyc_completed_at
string<date-time> | null
identity
object

Populated only when kyc_status = VERIFIED. Deliberately minimal — full date of birth and full address are never exposed.