Acquire an onboarding access token

Acquire an onboarding access token.

To invoke the web SDK, you must request a temporary onboarding access token for each KYC verification event. This should be done in advance of rendering the onboarding page. You can obtain an access token by requests to POST /participants/onboarding_token.

Generating an onboarding access token must be initiated on the server side. You must provide an <email> query parameter for the customer who will undergo KYC. This enables Zero Hash to uniquely identify participants and create a tie between our system and yours.

All API requests are authenticated using your signed API key. For detailed API usage, please refer to our online documentation.

Request body:

emailCustomer email address, requiredstring
phone_numberThe phone number of the participant, optionalstring

Additional fields in response:

tokenOnboarding access tokenstring

Possible responses:

  • Status code 200: The JWT generated successfully
  • Status code 400 Not found: Platform does not exist
  • Status code 403 Forbidden: Invalid request or platform is not configured by Zero Hash for this KYC track

Sample Request

const postOnboardingToken = () => {
  const body = {
    email: "[email protected]",
    phone_number: "33512345678"
  const timestamp = Math.round( / 1000)
  const payload = timestamp + 'POST' + '/participants/onboarding_token' + JSON.stringify(body)
  const decodedSecret = Buffer.from(apiSecret, 'base64')
  const hmac = crypto.createHmac('sha256', decodedSecret)
  const signedPayload = hmac.update(payload).digest('base64')

  const headers = {
    'X-SCX-API-KEY': 'public_key',
    'X-SCX-SIGNED': signedPayload,
    'X-SCX-TIMESTAMP': timestamp,
    'X-SCX-PASSPHRASE': 'passphrase'
  const options = {
    json: true

  return``, options)

Sample Response

  "message": {
      "email": "[email protected]",
      "token": "<JWT_TOKEN_RESPONSE>"