Onboarder

API Documentation

Integration Guide

Integrate Onboarder using standard OAuth 2.0 authorization code flow with PKCE.

OAuth 2.0 Authorization Code Flow

Standard OAuth 2.0 flow with PKCE security. Works with any programming language or framework.

Works with Python, PHP, Ruby, Go, Java, Node.js, and any language
PKCE security for enhanced protection
Hosted verification UI - no forms to build
Automatic biometric enrollment and verification
Sandbox and production environments

Integration Steps

1

Create Platform & Verification Flow

Sign up for Onboarder, create your platform, and configure a verification flow with your requirements.

  • • Get your client_id and client_secret
  • • Choose verification policy mode (NO_VERIFICATION, OPTIONAL_VERIFICATION, or REQUIRE_ANY_IDENTITY)
  • • Define required fields and verification types
  • • Copy your flow_id
2

Redirect User to OAuth Authorization

Generate PKCE parameters and redirect users to Onboarder's authorization endpoint.

// Generate PKCE code verifier and challenge
const codeVerifier = generateRandomString(43);
const codeChallenge = await sha256Base64Url(codeVerifier);


// Build authorization URL
const authUrl = new URL('https://api.onboarder.com/api/v1/oauth/authorize');
authUrl.searchParams.append('client_id', 'YOUR_CLIENT_ID');
authUrl.searchParams.append('flow_id', 'YOUR_FLOW_ID');
authUrl.searchParams.append('redirect_uri', 'https://yourapp.com/callback');
authUrl.searchParams.append('response_type', 'code');
authUrl.searchParams.append('state', randomStateValue);
authUrl.searchParams.append('code_challenge', codeChallenge);
authUrl.searchParams.append('code_challenge_method', 'S256');


// Store code_verifier for later
saveToSession('code_verifier', codeVerifier);


// Redirect user
window.location.href = authUrl.toString();
3

User Completes Verification on Onboarder

User is now on Onboarder's hosted pages where they:

  • • Sign up or log in
  • • Complete required verifications (email, phone, documents, biometrics)
  • • Review and grant consent to your app
4

Handle Callback & Exchange Code for Token

User returns to your redirect_uri with an authorization code. Exchange it for an access token.

// Backend code - NEVER expose client_secret in frontend!
const response = await fetch('https://api.onboarder.com/api/v1/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    grant_type: 'authorization_code',
    code: authorizationCode,
    client_id: process.env.CLIENT_ID,
    client_secret: process.env.CLIENT_SECRET,
    redirect_uri: 'https://yourapp.com/callback',
    code_verifier: codeVerifier // Retrieved from session
  })
});


const { access_token, refresh_token } = await response.json();
5

Get Verified User Data

Use the access token to fetch the user's verified information.

const userResponse = await fetch('https://api.onboarder.com/api/v1/oauth/userinfo', {
  headers: { 'Authorization': `Bearer ${access_token}` }
});


const userData = await userResponse.json();
// Contains: email, phone, name, biometricIdentityId, verifications, etc.

What You Get

Hosted Verification UI

No verification forms to build. Onboarder handles signup, login, email/phone OTP, document upload, biometric enrollment, and consent screens.

Biometric Identity System

Face and voice enrollment with unique identity IDs (OBD-XXXXXX). Use for transaction authorization and ongoing authentication.

Flexible Verification Policies

Choose from NO_VERIFICATION (instant access), OPTIONAL_VERIFICATION (grace period), or REQUIRE_ANY_IDENTITY (KYC compliance).

Real-time Webhooks

Receive notifications when verifications complete, biometric enrollment finishes, or transactions are authorized.

Ready to integrate?

Quickstart Guide →OAuth API ReferenceHow It Works

Previous

Quickstart

Next

OAuth API Reference