POST /v1/kyc/start is the primary endpoint for onboarding. You submit the participant’s identity data (optionally with a Socure Digital Intelligence session_token), and the response tells you which of the four outcomes applies.
Every action on this page is also available over gRPC with identical fields and semantics — see Using gRPC and the transport mapping. To reduce form friction, the optional Prefill Flow can pre-populate most of the identity fields before you submit.
Start verification
Request fields
Address object
Decision matrix
The response’sstatus object carries decision, status, subStatus, and externalId. Together with the presence of a docv object, the synchronous response indicates the path:
Approval
The most common path. Note that approval is asynchronous even when the decision is instant: a successfulPOST /v1/kyc/start may return a non-terminal status while backend account provisioning completes in the background. participantId is often empty on this response — you learn the final values from the kyc.approved webhook and from a later GET /v1/kyc/status read.
You send
snake_case, but REST responses come back in camelCase (protobuf JSON naming) — e.g. externalId, participantId. See Field naming.GET /v1/kyc/status (and the webhook) return the engine-neutral identifiers:
Automatic provisioning. On approval, Polymarket US automatically creates the participant’s trading identity and account — there is no separate account-creation step (see Onboard Participants). Because provisioning is asynchronous, wait for the webhook (or a populated
participantId from status) before enabling trading rather than assuming the start response carries it.Which field identifies the participant when you trade? Use
participantId (the webhook calls the same value provisioned_participant) as the x-participant-id header — that is who the order is for, and the only provisioning identifier you need. Your externalId is your reference only and is never sent to identify the participant. See Using these identifiers to trade.Document verification (DocV)
When Socure can’t verify from the submitted data alone, the response includes adocv object. Detect it by the presence of a non-empty docv field (with decision: "REVIEW").
You can direct the participant three ways — a web URL, a QR code for desktop→mobile handoff, or the native Socure SDK. Document capture is fully handled by Socure’s UI; you don’t build capture logic yourself.
After the participant completes DocV, Socure notifies Polymarket US, which provisions the account (on approval) and sends you the final-decision webhook.
Manual compliance review
If Socure can’t make a determination and no DocV path is available, the response isREVIEW/OPEN with no docv field. The Polymarket US compliance team reviews the case.
Rejection
kyc.rejected webhook.
Check status
Poll the current status with theexternal_id you submitted. The response mirrors the start response, including participantId once provisioned.
status.status values:
Values are passed through from the verification provider and may extend beyond this set. Use a populated
participantId (and the webhook) as your signal that the participant is ready to trade — not a specific status string.Error handling & polling
external_id is idempotent. Re-submitting POST /v1/kyc/start for a participant who already passed KYC returns 409 ALREADY_EXISTS. Handle it by fetching the existing status rather than treating it as an error.GET /v1/kyc/status every 5–10 seconds for up to 5 minutes after DocV submission. For manual-review cases, poll on a longer cadence (e.g. every 30 minutes for up to 2 business days) and notify the participant asynchronously.
Using gRPC
The same actions are exposed bypolymarket.us.kyc.v1.KYCAPI over gRPC (TLS, port 443), authenticated with authorization: Bearer <token> metadata. Fields, validation, the decision matrix, and the four outcomes are identical to the REST flow — only the transport differs. Proto stubs are supplied during onboarding.
docv presence for the synchronous step and the webhook for the terminal outcome. gRPC status codes map to the REST errors in the table above.
Outcome flowchart
Sandbox testing
In sandbox, Socure decides the outcome from the name and email you submit:
Use these placeholder agreement values in sandbox (the onboarding team provides production values):
Next steps
Webhooks
Receive the async approval/rejection notifications.
Digital Intelligence
Lower your REVIEW rate with the
session_token.