What you receive
| Field | Notes |
|---|---|
id, external_id, type, full_name, email | Identity basics. |
kyc_status, kyc_started_at, kyc_completed_at | Verification state. |
identity.verified_legal_name | Only when verified. |
identity.verified_country | ISO 3166-1 alpha-3 only, never a full address. |
aml.status, aml.screened_at, aml.last_reviewed_at | AML outcome and timing. |
aml.flags.{pep, sanctions, adverse_media, terrorism} | Booleans — match found per category. |
added_via, created_at, updated_at | Metadata. |
What you never receive
These are withheld unconditionally:amlScreeningData— the raw Sumsub case blob, including hit names, source watchlists, and media titles.verifiedDateOfBirth— full date of birth.verifiedAddress— full street address.kycRejectionReason— free-text rejection reason (often contains sensitive moderator notes).kycVerificationModeratorNote/addressVerificationModeratorNote— internal moderator notes.sumsubApplicantId— the underlying Sumsub identifier.- Any document ids, image URLs, or file references.
Why
- Regulatory minimisation. Sharing only what a downstream integrator needs to act keeps our and your AML obligations clean.
- Breach blast radius. A leaked API key cannot exfiltrate document images or detailed AML hit data even if it has every scope.
- Vendor-neutrality. Integrators receive a stable shape — not raw vendor (Sumsub) payloads that can change without notice.