This guide walks you through the configuration required in the Ditto ID Gateway Management Console to enable the transmission of KYC identity data to your backend system.
You will need to:
Enable the KYC challenge in the user activation flow.
Set the API endpoint configuration in the Module Config Management.
Optionally configure encryption or bearer token authentication .
Login to the Gateway Management Console .
Navigate to Authentication Management .
Edit the "First time activation" flow.
Add the challenge RELID-IDV-KYC before RELID-IDV-BiometricOptIn.
Save and restart the Blaze-Server .
✅
Navigate to Module Config Management and configure the following:
Component Name : IDV Server
Config Name : kyc.service.api.config
Config Value : JSON as shown below
JSON
{
"method": "POST",
"url": "https://127.0.0.1:9005/kyc",
"headers": [{
"headerName": "Content-Type",
"headerValue": "application/json"
}, {
"headerName": "apiversion",
"headerValue": "v2"
}
],
"requestEncryption": {
"enable": <true/false>,
"algorithm": "AES",
"key": "<Encryption AES Key>",
"ivParamSpec": "<Encryption IV Parameters>",
"cipherSpec": "<Encryption Cipher Spec>",
"blockSizeBytes": <Encryption Block size>
},
"responseDecryption": {
"enable": <true/false>,
"algorithm": "AES",
"key": "<Decryption AES Key>",
"ivParamSpec": "<Decryption IV Parameters>",
"cipherSpec": "<Decryption Cipher Spec>",
"blockSizeBytes": <Decryption Block size>
},
"requestBody": "",
"responseBody": {
"resultLocator": "result",
"referenceNumberLocator": "reference_number",
"userIdLocator": "user_id",
"primaryUserIdLocator": "",
"loginIdsLocator": "",
"statusCodeLocator": "",
"statusMessageLocator": "",
"forUserIdLocator": "",
"orchestrationUseCaseLocator": ""
},
"accessTokenEndpoint": {
"url": "https://127.0.0.1:9005/kyc-service-access-token-endpoint",
"headers": [{
"name": <Header name>,
"value": <Header value>
}
],
"method": <GET or POST>,
"postParameters": [{
"name": <Parameter name>,
"value": <Parameter value>
}
],
"bodyParameter": <raw data to be sent in body >
"accessTokenLocator": <access token locator>
}
}
Attribute Description methodHTTP method used for the KYC API call. Only POST is supported. urlURL endpoint of the enterprise's KYC API which receives the identity verification data. Must be HTTPS. headersArray of HTTP headers (name-value pairs) to include in the KYC request. May include custom headers or OAuth2 tokens.
Controls if the KYC request should be AES encrypted.
Field Description enableBoolean flag to enable request encryption. algorithmEncryption algorithm (AES only). keyAES encryption key. ivParamSpecInitialization Vector. Overrides blockSizeBytes if present. cipherSpecCipher mode and padding (e.g., AES/CBC/PKCS5Padding). blockSizeBytesBlock size to use if ivParamSpec is not provided.
Controls if the KYC API response should be decrypted.
Field Description enableBoolean flag to enable response decryption. algorithmDecryption algorithm (AES only). keyAES decryption key. ivParamSpecInitialization Vector for decryption. cipherSpecCipher mode and padding used during encryption. blockSizeBytesBlock size to use if IV not provided.
Field Description requestBodyCustom body format. Use "" to send default JSON. Use macro __REQUEST_BODY_PAYLOAD__ to wrap the KYC payload.
requestBody requestEncryption.enable Behavior ""false (default)Sends plain JSON ""trueSends Base64-encoded AES-encrypted JSON { "kyc_data": "__REQUEST_BODY_PAYLOAD__" }falseSends KYC data in a key { "kyc_data": "__REQUEST_BODY_PAYLOAD__" }trueSends AES-encrypted KYC data in a key
Describes how to extract values from the KYC API response.
Field Description resultLocatorJSON path for result (true/false). referenceNumberLocatorPath to reference number from KYC API. userIdLocatorPath to user ID from KYC API (mandatory). primaryUserIdLocatorOptional path for primary user ID. loginIdsLocatorOptional path for multiple login IDs. statusCodeLocatorOptional response code path. statusMessageLocatorOptional message string path. forUserIdLocatorOptional path for additional user ID context. orchestrationUseCaseLocatorOptional use case path.
Used to retrieve a dynamic OAuth2 Bearer token for Authorization header.
Field Description urlAccess token endpoint URL. headersArray of headers for token request. methodHTTP method (GET or POST). postParametersParameters for token POST request. bodyParameterRaw body content (alternative to postParameters). accessTokenLocatorJSON path to extract token from response.
ℹ️
Key Size Cipher Modes 128/192/256 bits with IV (16 bytes) AES/CFB/PKCS5Padding, AES/CBC/PKCS5Padding, AES/GCM/NoPadding, etc.128/192/256 bits with IV (32 bytes) AES/ECB/PKCS5Padding, AES/GCM/NoPadding, etc.
After updating the config, click Restart on the IDV Server component.
Test activation flow on the Ditto ID mobile app.
Monitor logs to ensure KYC API is triggered and response is parsed.