Release Version 4.18.0 (March 27, 2024)

27. 03. 2024

What’s new

A new integration with OpenSanctions sanctions list provider was implemented. The ability to check user data via Sanctions Lists (automatically or on-demand by the Compliance manager) was added.

The integration uses the Consolidated list of sanctioned entities designated by different countries and international organizations. Bulk Downloads contain the full set of entities contained in one dataset. OpenSanctions provides updated files once a day at the same location.

How it works

After the User of the SDK platform provides User Profile data and uploads the documents within the front-end app (web or mobile) sanctions checks can be performed in two modes:

Сontinuous (e.g. one time per day, timer configured in the system level and can be changed)
On-demand by the Compliance manager

Continuous Sanctions List checks

The first time when the integration is launched NodeRed downloads all files with the Sanctions list from the OpenSanctions (Bulk download option) and uploads it to the S3 file storage.

Each time when the timer is processed NodeRed checks the size of the particular file on the OpenSanctions resource and compares it with an existing file in SDK S3 storage.

If the file size is changed (which means that file content was changed) NodeRed downloads the file from OpenSanctions again and uploads it to SDK S3 storage. If the file size was not changed the NodeRed skips the current file and checks another file (all files will be processed in the same way one by one).

Further NodeRed calls SDK API to obtain a list of all business users (Individual and Merchant) in the system and check it with persons listed in the Sanctions list files by the following parameters: First Name, Last Name, and Company Name (for Merchant only).

If a match (both, First and Last Name, and Company Name for Merchants) is detected NodeRed calls SDK API to create a note related to the user with the content of all matched records from the Sanctions list file. The Compliance manager will receive the notification about the Sanctions list matches detection.

On-demand Sanctions List checks

The Compliance Manager within the SDK system initiates checks for certain Users by the Sanctions List provided by the OpenSanctions. The SDK submits user data to Kafka`s topics (regarding the conditions). After the NodeRed system reads the topics, processes the data and checks matches with the Sanctions List file (the current file version, stored at the S3 will be used). If matches are detected the NodeRed calls SDK APIs to create a note related to the user

with match details in the response and to notify Compliance about the user listed in the Sanctions list. Compliance can review the notes and decide further user identification status.

Supported operations

The OpenSanctions integration service in the SDK platform supported the Consolidated Sanctions Bulk download option of the OpenSanctions service (Consolidated Sanctions documentation). The supported methods of this integration can be easily extended according to the business requirements after elicitation.

Manual for Compliance Manager to perform customer Sanctions List check through OpenSanctions via Back-office front-end:

Login into the system as Compliance Manager
Select “Users” and select user from the list
Choose the “Details” and “KYC” tab on the “User profile”
Review uploaded documents and approve them (“View documents” and “Approve documents” one by one)
When the document status is “Approved” for all uploaded documents choose the “Check via KYC Service” option
Select Provider “Open Sanctions“ and press “Check“
When the check result is received the notes about the user will be created and the Compliance manager will receive the notification about the Sanctions list match (notification will be sent to the Compliance email)
Review the notes about the user to see check result details (select “User profile”->“Details” ->“KYC”->“View all notes“->“View”)

See “API Changes” section of the release notes to know more about changes related to API

Corefy payout integration was implemented. The Business User was provided with the ability to withdraw from in-system account to payment card via Corefy Payment Gateway.

Withdrawals to cards can be initiated by token or payment card number. In the test environment, only Withdrawal by card token is available.

In case of withdrawal via payment card number PCI compliance is required for the platform. So we offered our clients to use tokens instead of card numbers – in that case, the main platform has not interfered with the sensitive account holder data and thus ensures data security and PCI compliance.

Manual for Customer to Withdraw from account through Corefy via UI

Choose a withdrawal wallet via a debit card
Specifies the way to withdraw from the account (select Corefy)
Select the account from which you want to withdraw
Select the payment service to withdraw though (only if different payment providers are available)
Specifies the amount to withdraw (after the amount is specified, the system calculates the commissions and displays the calculation result to the user)
Select a card (Card Token) to which you want to withdraw

If the card was tokenized previously and linked with your profile inside SDK.finance and Corefy systems, you will see it in the list box and will be able to select it during the Withdrawal operation. If the card was not tokenized previously – use the option “Add card“

Press the “Next” button

The user`s account will be withdrawn when the operation is processed on the provider side and the SDK.finance Core system receives the response from the provider.

See “API Changes” section of the release notes to know more about changes related to API

The ability for Business users to tokenize the card and link it with the user (organization) while Top up/Withdraw via Corefy Gateway performing was added.

Withdrawals to cards via Corefy can be initiated by token or payment card number. In the test environment, only Withdrawal by card token is available.

To initiate Withdrawal by card token the card must be tokenized on the Corefy side. When the user initiates card tokenization under the hood SDK.finance Core system triggers the integration and submits the request to the Corefy Payment Gateway. Corefy system redirects the user to the Provider side and opens an authorized hosted checkout form (to enter the details for the card that must be tokenized). On the Corefy side, the card will be tokenized and the card token will be stored. SDK System receives a card token and masked card number in the provider response. Card token is linked to the card and user (organization) on both, Corefy and SDK Systems. After successful tokenization, the user can use a card token instead of a card number to Withdraw via Corefy.

Manual for Customer to tokenize card on the Corefy via UI (during Withdrawal via Corefy operation)

While Withdrawal via Corefy performing press “Add card“
Enter the card details in the opened checkout form and “Process” (the hosted checkout form sends card details to the Provider and tokenizes it). The card token will be returned and linked to the card and your user (organization). After successful tokenization, you will be returned to the Withdrawal page to finalize the operation. New card token will be available on the “Card“ list box

Now you can select the card to which you want to withdraw.

If you use Corefy to Top up an account you also can tokenize a card that is used for Top-up (select option “Tokenize card“). After a successful Top-up operation, you will be able to use this token for further Withdrawal to the card via the Corefy.

See “API Changes” section of the release notes to know more about changes related to API

The integration for ID verification (with the ability to configure AML Screening) with the Sumsub KYC provider was implemented:

The compliance manager was provided with the ability to verify User ID documents via the Sumsub provider
The compliance manager was provided with the ability to change user status and notify a user about it according to the AML verification results

Manual for Compliance Manager to perform on-demand document verification through SumSub via SDK Back-office

If the integration with the KYC service provider is active, it can be the next flow for the Compliance Manager to perform User document verification through SumSub on-demand:

Login into the system as Compliance Manager
Select “Users” and select user from the list
Choose the “Details” and “KYC” tab on the “User profile”
See the list of uploaded documents and press “View details“ to review the document
Press the “Verify document via 3rd party“ option (the user profile data will be submitted to the SumSub provider via the NodeRed layer) Repeat with all required user documents one by one
When the provider response is received the User Document and Identification Statuses will be changed according to it (see user documents and identification statuses in the User Profile details, “KYC” tab)
Review the notes about the user to see provider response details (select “User profile”->“Details” ->“KYC”->“View all notes“->“View”)

Manual for Compliance Manager to change user profile status according to AML verification results via SDK Back-office

In case of receiving the RED flag while AML verification is performed, there can be the following scenario for the Compliance Manager:

Login into the system as Compliance Manager
Select “Users” and select user from the list
Choose “Details” and press “Block user“
Provide “Reason“ of action as AML (required for further user notification)
Provide “Description“ optionally
Press “Block user“

The user profile will be blocked and the user will receive a notification with an explanation and further instructions (“Notice of Account Termination Due to AML Compliance”).

In case of receiving the YELLOW flag while AML verification is performed, there can be the following scenario for the Compliance Manager:

Login into the system as Compliance Manager
Select “Users” and select user from the list
Choose “Details” and press “Freeze user“
Provide “Reason“ of action optionally
Provide “Description“ optionally
Press “Freeze user“. The user profile will be frozen
Open “KYC“ tab on the user profile
Press “Review required”
Specify which documents the user should provide for further checks
Switch on the toggle “Notify client“
Press “Update client status“

The user will receive a notification with an explanation and further instructions.

See the “API Changes” section of the release notes to know more about changes related to API.

Сontact us to know more about integration with SumSub.

Performing transactions if the user is in “frozen” status was prohibited.

If the User has the freeze: true prohibit for a user to:

perform transfers from their wallets
receive transfers to their wallets
perform transfers between their wallets
perform Top up/Withdrawal to/from their wallets
perform currency exchange

All other actions are allowed, for example the following:

logged in
view Tx history
view profile
uploading required documents availability depends on the identification and document status

See “API Changes” section of the release notes to know more about changes related to API.

The ability to create a new Vendor (Custom or integrated provider) and link it with Gate was added

The ability to input (optionally) serial numbers for the wallet was added for the Business and Service users. See the “API Changes” section of the release notes to know more about changes related to API.

The new statuses IN_VERIFICATION and REVIEW_REQUIRED were added for the user document and the status transition was changed.

Improvements

Provider name in the Corefy integration was changed from “Paycore” to “Corefy”
The option for the user to see all available services to Top-up and Withdraw via Corefy Gateway was added
Performing in-system (transfer, bank top-up, etc.) operations, if commission rule is inactive, was forbidden
IBAN validation was added during bank account creation or update via API

The ability to see their own wallet balance after an operation is performed in the operation details was added for Business users. Also, the Service user with appropriate permission can see the wallet balance (all involved wallets) after the operation is performed in the operation details.

Balances are available only for operation in “Processed“ status.

There are two balances in the transaction details:

“Wallet balance” – the total balance of the wallet, including “Wallet hold balance“
“Wallet hold balance“ – balance on hold in case some operation is pending status and amount of the operation on hold until the operation will be processed

See the “API Changes” section of the release notes to know more about changes related to API.

Fixes

The issue with column names aligning in tables was fixed
The issue with document uploading in case document provided as the plain text was fixed
The field “description” was added to the responses for all operations in API POST /transactions/view
The issue with CSV button on Invoices tab for Individual was fixed
The issue with columns mapping for merchant invoice csv-report was fixed
OUT and SHARED directions were removed from the list of directions for Currency exchange operation
The issue with expired tokens was fixed. Expired token deleted from the storage
Multiple issues with Corefy tokenization were fixed:
- the coin was removed from the response of the POST {{host}}/gate/tokenization
- Users sees only their own tokens via POST {{host}}/gate/tokenization/view
- carded changed to card token in the request of the POST {{host}}/gate/transactions/:tx/submit
serial removed from the verification_token table
The Status Code when trying to obtain gate commission profiles without filtering was fixed. Successfully processed instead of 500 status code

API Changes
Endpoint	Updated
PATCH /v1/users/{userId}	Fields were added the request body to manage user statuses: { "paramType": "active", "paramValue": false, "reason": "AML", "description": "Some description"} To activativate: { "paramType": "ACTIVE", "paramValue": true} To deactivate: { "paramType": "ACTIVE", "paramValue": false} To freeze: { "paramType": "FROZEN", "paramValue": true, "reason": "AML", "description": "Some description"} To unfreeze: { "paramType": "FROZEN", "paramValue": false, "reason": "AML", "description": "Some description"} Possible values for reason: AML \| FRAUD \| OTHER
PATCH /v1/profiles/{userId}?notify=false	Was added parameters to request: · optional query param notify. Default value false. Use parameter to request from a user additional required documents via email notification · field requiredDocuments to provide the list of required documents for further KYC procedure { "status": "review_required", "requiredDocuments": "tax_id, passport"}
POST /gate/transactions/{tx}/submit POST /gate/transactions/{tx}/prepare	In the following endpoints body request was changed. Field ‘fields’ was changed from array of objects with name/value to map. new body structure: { "optionName": "someOptionName", "fields": { "someKey": "someStringValue", "anotherKey": true, ... }}
POST /gate-providers/custom changed to POST /gate-providers	Endpoint URL was changed to POST /gate-providers. Parameter name was changed to vendorName in the request and response body. Request body: { "vendorName": "someVendorName", "debtAllowed": true}
PATCH /gate-providers/{gateProviderId}	Parameter name was changed to vendorName in the request and response body. Request body: { "vendorName": "someVendorName", "debtAllowed": true}
POST /v1/coins POST /v1/coins/organization/{organizationId}	A new optional field customSerial was added to the request body. customSerial - the wallet serial number that the user can specify during creation. If specified - a new wallet will be created with that serial number. If not specified - the wallet serial will be generated by the System.
Endpoint	Added
POST /users/sanctions/view	New API to get user data required for KYC and sanctions list checks was added with filter and pagination. Permission required: "USER_VIEWER","USER_MANAGER" Supported filter by: · firstName · lastName · companyName · roles Request body: { "pageNumber": 0, "pageSize": 10, "filter": { "firstName": "John", "lastName": "Snow", "companyName": "Starks&Co", "roles": [ "individual" ] }} Response body: { "pageNumber": 0, "pageSize": 10, "totalPages": 1, "totalRecords": 10, "records": [ { "id": "cca1fe9b-4e08-450c-840a-49dcefd7b126", "firstName": "Tony", "lastName": "Stark", "companyName": "Winterfell", "role": "individual" } ]}
POST /notification/sanctions	New API to notify Compliance manager about user listed in the Sanctions list was added. Permission required: EMAIL_NOTIFICATION Request body: { "id": "someUserId", "firstName": "John", "lastName": "Snow"} Notification Subject: Sanctions list match detected To: Compliance manager email Message: “Sanctions list match detected for user [firsName lastName] with user ID [userId]. Compliance manager review required. Sincerely, [applicationName] support - [supportEmail]”
POST /gate/tokenization	New API endpoint to tokenize a payment card was added. From the box tokenization option is available via Corefy Payment Gateway integration. Business user can tokenize payment card during Top up via Corefy, or as a separate step. Received from he Corefy card token is linked to the card and user profile on both, Corefy and SDK Systems. Business user can use this token instead of card number while Top up/Withdrawal via Corefy operations. Permission required: "CARD_VERIFICATION_EXECUTOR" (by default available for roles merchant and individual) Request body: { "coin": "146390734248", "method": { "gateProviderId": "PaycoreTopUp", "way": "CARD" }, "fields": [ { "name": "service", "value": "payment_card_usd_hpp" }, { "name": "testMode", "value": true } ]}' Response body: { "transaction": { "id": "2334ab92-f42c-496b-883e-3a9c678c737c", "orderId": 6, "type": "VERIFY", "status": "PENDING", "coin": { "serial": "146390734248", "name": "Test USD coin", "amount": 10000.0000, "availableAmount": 10000.0000, "futureAmount": 0.0000, "heldAmount": 0.0000, "creditLimit": 0.0000, "currency": { "id": "5c76e288-dbb2-45ea-9e9e-0579cec75f7d", "sn": "USD", "code": "USD", "symbol": "$" }, "active": true, "type": "client", "main": true, "accounting": false, "smartCards": [] }, "sourceAmount": 1.0000, "amountToSend": 1.0000, "processId": "2263a1f9-1dcb-483b-8360-a413ae747df1", "payerData": { "service": "payment_card_usd_hpp", "testMode": true, "locale": "en" } }, "form": { "url": "https://checkout.speedpayment.net/hpp/cgi_lzlZTEs4v9dhNKRu", "method": "GET", "parameters": { "cpi": "cpi_IUC5iwH99tMMTqtC" } }}
POST /gate/tokenization/view	New API endpoint to view the list of available card tokens and associated masked card numbers that are linked to user profile was added. API returns not expired tokens (token exp date by default - is the card exp date) Permission required: "CARD_VERIFICATION_EXECUTOR" (by default available for roles merchant and individual) Request body: { "pageNumber": 0, "pageSize": 10} Response body: { "pageNumber": 0, "pageSize": 10, "totalPages": 1, "totalRecords": 2, "records": [ { "id": "8989189a-52a6-4700-ab83-473108b4b148", "mask": "512381****0000", "expiredAt": "2027-03-01", "token": "2q9sNqbDTY7sXITvaN9nb29xk7PpDukw", "gateProviderId": "PaycoreWithdrawal", "currencyIsoCode": "USD" }, { "id": "e4029517-c7e1-4d09-8096-9056d75bd9e1", "mask": "512381****0000", "expiredAt": "2027-03-01", "token": "2q9sNqbDTY7sXITvaN9nb29xk7PpDukw", "gateProviderId": "PaycoreTopUp", "currencyIsoCode": "USD" } ]}
POST /profile-documents/{profileDocumentId}/users/{userId}/verify?providerKey=sumsub	New permission to send user document to 3rd-party provider verification was added. Permissison required: PROFILE_DOCUMENTS_MANAGER providerKey - the name of KYC provider though which documents should be verified
PATCH /profile-documents/{profileDocumentId}/users/{userId}	New API to change user identification document status as Compliance Manager was added. Permission required: PROFILE_DOCUMENTS_MANAGER Available transitions from status IN_VERIFICATION to statuses: REVIEW_REQUIRED,APPROVED,DECLINED Request body: { "status": "REVIEW_REQUIRED"} Response body: { "document": { "id": "d2de9b10-ac04-4591-9dba-197f963eac72", "file": { "id": "6a4ca668-7f17-4e1f-9bff-c89510a10e3a", "ownerId": "3bfe89e1-6c92-4bf1-9cef-a717e4b55b0f", "mediaType": "image/jpeg", "name": "a37a1819-0ff8-458b-bc07-8461018e3ba5.jpeg", "url": "https://local.sdk.finance:8443/api/v1/media-files/6a4ca668-7f17-4e1f-9bff-c89510a10e3a", "size": 122522, "used": true, "createdAt": "2024-02-22T12:20:39.878Z", "tag": "passport" }, "type": "passport", "label": "Internal passport", "status": "REVIEW_REQUIRED", "updatedAt": "2024-02-22T12:21:20.516Z" }}
PATCH {{host}}/profile-documents/{profileDocumentId}	New API to change user identification document status as Owner was added. Permission required: PROFILE_DOCUMENTS_OWNER Available transitions from status PENDING to statuses: IN_VERIFICATION Request body: { "status": "IN_VERIFICATION"} Response body: response body:{ "document": { "id": "8d83ee4c-7f40-4f54-a477-e80b0cf48f4b", "file": { "id": "50783006-af1e-47d9-91f7-56933288a4b0", "ownerId": "3bfe89e1-6c92-4bf1-9cef-a717e4b55b0f", "mediaType": "image/jpeg", "name": "c5c602c9-90f7-4df9-b729-4acaf3972a60.jpeg", "url": "https://local.sdk.finance:8443/api/v1/media-files/50783006-af1e-47d9-91f7-56933288a4b0", "size": 41352, "used": true, "createdAt": "2024-02-22T12:23:21.048Z", "tag": "tax_id" }, "type": "tax_id", "label": "Tax ID", "status": "IN_VERIFICATION", "updatedAt": "2024-02-22T12:23:38.137Z" }}
GET /kyc-providers	New API to view list of available KYC providers was added. In the response you will get the list of available integrations to pass KYC check. Permission required: PROFILE_DOCUMENTS_MANAGER or ORGANIZATION_STATUS_MANAGER or PROFILE_DOCUMENTS_OWNER Response body: { "records": [ "sumsub", "openSanctions", "complyAdvantage" ]}
GET /v1/transactions/{transactionId} POST /v1/transactions/view response	Fileds amount and heldAmount was added to process.clientCoin node in the API response body. amount - total balance of the wallet, include heldAmount heldAmount - balance on hold in case some operation in pending status and amount of the operation on hold until operation will be processed
PATCH /gate-providers/{gateProviderId}/link	New API to link Gate with Gate provider was added. Required permission: Request body: { "gateId": "some-gate-id"} Response body:
GET /gate/view	New API to get list of Gate was added. Request body: { "gates": [ { "id": "some-gate-id", "name": "gateName", "custom": true }, { "id": "another-gate-id", "name": "gateName", "custom": false } ]}