Skip to main content
BETA — SUBJECT TO CHANGE. This API is in beta and may change without notice.
POST /v1/kyc/start is the primary endpoint for onboarding. You submit the participant’s identity data (optionally with a Socure Digital Intelligence session_token), and the response tells you which of the four outcomes applies.
Every action on this page is also available over gRPC with identical fields and semantics — see Using gRPC and the transport mapping. To reduce form friction, the optional Prefill Flow can pre-populate most of the identity fields before you submit.

Start verification

Request fields

Address object

Decision matrix

The response’s status object carries decision, status, subStatus, and externalId. Together with the presence of a docv object, the synchronous response indicates the path:
Treat decision / status / subStatus as informational, not control flow. These values are passed through from the verification provider and the provider may emit values beyond the set above. Key your logic off the docv presence for the synchronous step and off the webhook event_type / status (kyc.approved / kyc.rejected) for the terminal outcome.

Approval

The most common path. Note that approval is asynchronous even when the decision is instant: a successful POST /v1/kyc/start may return a non-terminal status while backend account provisioning completes in the background. participantId is often empty on this response — you learn the final values from the kyc.approved webhook and from a later GET /v1/kyc/status read.
You send snake_case, but REST responses come back in camelCase (protobuf JSON naming) — e.g. externalId, participantId. See Field naming.
Once provisioning completes, GET /v1/kyc/status (and the webhook) return the engine-neutral identifiers:
Automatic provisioning. On approval, Polymarket US automatically creates the participant’s trading identity and account — there is no separate account-creation step (see Onboard Participants). Because provisioning is asynchronous, wait for the webhook (or a populated participantId from status) before enabling trading rather than assuming the start response carries it.
Which field identifies the participant when you trade? Use participantId (the webhook calls the same value provisioned_participant) as the x-participant-id header — that is who the order is for, and the only provisioning identifier you need. Your externalId is your reference only and is never sent to identify the participant. See Using these identifiers to trade.

Document verification (DocV)

COMING SOON — DocV is not yet enabled. Today you will not receive a docv object: applications that can’t be verified instantly are routed to manual compliance review instead. The contract below is documented ahead of release so you can build the handling now — detect the path by docv presence and your integration will pick it up automatically when it ships.
When Socure can’t verify from the submitted data alone, the response includes a docv object. Detect it by the presence of a non-empty docv field (with decision: "REVIEW").
You can direct the participant three ways — a web URL, a QR code for desktop→mobile handoff, or the native Socure SDK. Document capture is fully handled by Socure’s UI; you don’t build capture logic yourself.
The SDK onSuccess callback (or completing the web upload) only means the participant submitted documents — not that they were approved. After submission, await the kyc.approved webhook or poll GET /v1/kyc/status.
After the participant completes DocV, Socure notifies Polymarket US, which provisions the account (on approval) and sends you the final-decision webhook.

Manual compliance review

If Socure can’t make a determination and no DocV path is available, the response is REVIEW/OPEN with no docv field. The Polymarket US compliance team reviews the case.
Tell the participant their application is under review (typically 1–2 business days) and await the webhook. Implement the polling fallback for resilience.

Rejection

No account is created. Rejection can also occur after DocV or after a manual review, in which case you receive a kyc.rejected webhook.

Check status

Poll the current status with the external_id you submitted. The response mirrors the start response, including participantId once provisioned.
Partner-relevant status.status values:
Values are passed through from the verification provider and may extend beyond this set. Use a populated participantId (and the webhook) as your signal that the participant is ready to trade — not a specific status string.

Error handling & polling

external_id is idempotent. Re-submitting POST /v1/kyc/start for a participant who already passed KYC returns 409 ALREADY_EXISTS. Handle it by fetching the existing status rather than treating it as an error.
Prefer webhooks over polling. As a fallback, poll GET /v1/kyc/status every 5–10 seconds for up to 5 minutes after DocV submission. For manual-review cases, poll on a longer cadence (e.g. every 30 minutes for up to 2 business days) and notify the participant asynchronously.

Using gRPC

The same actions are exposed by polymarket.us.kyc.v1.KYCAPI over gRPC (TLS, port 443), authenticated with authorization: Bearer <token> metadata. Fields, validation, the decision matrix, and the four outcomes are identical to the REST flow — only the transport differs. Proto stubs are supplied during onboarding.
Handle outcomes exactly as described above: key off docv presence for the synchronous step and the webhook for the terminal outcome. gRPC status codes map to the REST errors in the table above.

Outcome flowchart

Sandbox testing

In sandbox, Socure decides the outcome from the name and email you submit: Use these placeholder agreement values in sandbox (the onboarding team provides production values):

Next steps

Webhooks

Receive the async approval/rejection notifications.

Digital Intelligence

Lower your REVIEW rate with the session_token.