> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fyatu.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Initiate KYC

> Initiate full KYC verification for a cardholder. POST /cardholders/{id}/kyc. Requires cardholders:write scope.

## Overview

Cardholders are created with `kycStatus: WAIVED` by default, allowing them to issue cards immediately. This endpoint upgrades a cardholder to full KYC verification — transitioning them to `PENDING` and submitting their data to the verification provider asynchronously.

Use this when your compliance requirements demand verified identity before a cardholder can transact above certain limits, or when prompted by the card program's terms.

## When to Call This

* The cardholder's `kycStatus` is `WAIVED` or `PENDING` (not yet approved)
* You want to move the cardholder toward `APPROVED` status for higher transaction limits

## Request Body

All fields are optional. If you have already submitted `kycDocument` data during cardholder creation or a prior KYC attempt, you do not need to resend it.

| Field         | Type   | Required | Description                                                     |
| ------------- | ------ | -------- | --------------------------------------------------------------- |
| `kycDocument` | object | No       | Structured KYC data for the cardholder (ID info, address, etc.) |

The shape of `kycDocument` is flexible and passed through to the verification provider. Common fields:

| Field            | Type   | Description                                    |
| ---------------- | ------ | ---------------------------------------------- |
| `documentType`   | string | `PASSPORT`, `NATIONAL_ID`, or `DRIVER_LICENSE` |
| `documentNumber` | string | The document's identifier number               |
| `issuingCountry` | string | ISO 3166-1 alpha-2 country code                |
| `dateOfBirth`    | string | `YYYY-MM-DD` format                            |
| `address`        | object | `{ street, city, state, postalCode, country }` |

## Example

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST "https://api.fyatu.com/api/v3.20/cardholders/chl_01HXYZ1234ABCDEF5678/kyc" \
    -H "Authorization: Bearer $FYATU_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{
      "kycDocument": {
        "documentType":   "PASSPORT",
        "documentNumber": "AB123456",
        "issuingCountry": "US",
        "dateOfBirth":    "1990-06-15",
        "address": {
          "street":     "123 Main St",
          "city":       "New York",
          "state":      "NY",
          "postalCode": "10001",
          "country":    "US"
        }
      }
    }'
  ```

  ```javascript Node.js theme={null}
  const resp = await fetch(
    `https://api.fyatu.com/api/v3.20/cardholders/${cardholderId}/kyc`,
    {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${process.env.FYATU_API_KEY}`,
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        kycDocument: {
          documentType:   'PASSPORT',
          documentNumber: 'AB123456',
          issuingCountry: 'US',
          dateOfBirth:    '1990-06-15',
          address: {
            street:     '123 Main St',
            city:       'New York',
            state:      'NY',
            postalCode: '10001',
            country:    'US'
          }
        }
      })
    }
  );

  const body = await resp.json();
  console.log('KYC status:', body.data.kycStatus); // "PENDING"
  ```

  ```python Python theme={null}
  import os, requests

  resp = requests.post(
      f'https://api.fyatu.com/api/v3.20/cardholders/{cardholder_id}/kyc',
      headers={'Authorization': f'Bearer {os.environ["FYATU_API_KEY"]}'},
      json={
          'kycDocument': {
              'documentType':   'PASSPORT',
              'documentNumber': 'AB123456',
              'issuingCountry': 'US',
              'dateOfBirth':    '1990-06-15',
              'address': {
                  'street':     '123 Main St',
                  'city':       'New York',
                  'state':      'NY',
                  'postalCode': '10001',
                  'country':    'US'
              }
          }
      }
  )
  data = resp.json()['data']
  print('KYC status:', data['kycStatus'])  # PENDING
  ```
</CodeGroup>

## Success Response (201)

```json theme={null}
{
  "success": true,
  "status": 201,
  "message": "KYC initiated",
  "data": {
    "cardholderId": "chl_01HXYZ1234ABCDEF5678",
    "firstName":    "John",
    "lastName":     "Smith",
    "email":        "john.smith@example.com",
    "phone":        "+12125551234",
    "status":       "ACTIVE",
    "kycStatus":    "PENDING",
    "totalCards":   1,
    "createdAt":    "2026-05-22T09:00:00Z",
    "updatedAt":    "2026-05-25T11:30:00Z"
  },
  "meta": {
    "requestId": "req_01HXY123456ABCDEF",
    "platform":  "Fyatu CaaS",
    "timestamp": "2026-05-25T11:30:00Z"
  }
}
```

## What Happens Next

The KYC submission is processed asynchronously:

1. The cardholder's `kycStatus` is set to `PENDING` immediately.
2. The submitted data is forwarded to the card provider for identity verification.
3. Once the provider responds, a webhook is dispatched:

```json theme={null}
{
  "event":      "CARDHOLDER_KYC_APPROVED",
  "eventId":    "evt_01HXY123456ABCDEF",
  "businessId": "BUS1A2B3C4D5E6F",
  "environment": "LIVE",
  "timestamp":  "2026-05-25T11:35:00Z",
  "data": {
    "cardholderId": "chl_01HXYZ1234ABCDEF5678",
    "kycStatus":    "APPROVED"
  }
}
```

<Note>
  Cardholders with `kycStatus: WAIVED` can already issue cards. KYC approval is only required if your program mandates it for higher transaction limits.
</Note>

## Error Codes

| Code                    | HTTP | Cause                                                     |
| ----------------------- | ---- | --------------------------------------------------------- |
| `CARDHOLDER_NOT_FOUND`  | 404  | Cardholder does not exist or belongs to another business  |
| `KYC_ALREADY_APPROVED`  | 409  | Cardholder's KYC is already `APPROVED` — no action needed |
| `CARDHOLDER_TERMINATED` | 422  | Cardholder has been terminated and cannot be updated      |
| `INSUFFICIENT_SCOPE`    | 403  | Key lacks `cardholders:write` scope                       |
| `INTERNAL_ERROR`        | 500  | Server error                                              |


## OpenAPI

````yaml v3.20/openapi.json POST /cardholders/{id}/kyc
openapi: 3.1.0
info:
  title: FYATU CaaS API v3.20
  description: >-
    FYATU Cards-as-a-Service API â€” API key authentication, Cardholder
    lifecycle, Card issuance, Transactions, Webhooks, and Programs.
  version: 3.20.0
  contact:
    name: FYATU Support
    url: https://fyatu.com
    email: support@fyatu.com
servers:
  - url: https://api.fyatu.com/api/v3.20
    description: >-
      FYATU CaaS API â€” the environment (LIVE or SANDBOX) is determined by the
      API key, not the URL
security:
  - BearerAuth: []
tags:
  - name: Meta
    description: Liveness, account info, and supported event types
  - name: Account
    description: Account-level balance and funding status
  - name: Programs
    description: Read card program configuration
  - name: Cardholders
    description: Create and manage cardholder profiles
  - name: Cards
    description: Issue, fund, freeze, and terminate virtual cards
  - name: Transactions
    description: Read-only card transaction history
  - name: Webhooks
    description: Manage webhook endpoints for real-time event delivery
  - name: Products
    description: Read card product configurations
paths:
  /cardholders/{id}/kyc:
    post:
      tags:
        - Cardholders
      summary: Initiate KYC
      description: >-
        Initiate full KYC verification for a cardholder. Transitions kycStatus
        to PENDING and submits data to the verification provider asynchronously.
        Cardholders are created WAIVED by default â€” call this only when full
        KYC approval is required.
      operationId: initiateCardholderKYC
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
          description: Cardholder ID
          example: chl_01HXYZ1234ABCDEF5678
      requestBody:
        required: false
        content:
          application/json:
            schema:
              type: object
              properties:
                kycDocument:
                  type: object
                  description: >-
                    Structured KYC data forwarded to the verification provider.
                    All sub-fields are optional.
                  properties:
                    documentType:
                      type: string
                      enum:
                        - PASSPORT
                        - NATIONAL_ID
                        - DRIVER_LICENSE
                      description: Type of identity document
                    documentNumber:
                      type: string
                      description: Document identifier number
                    issuingCountry:
                      type: string
                      description: ISO 3166-1 alpha-2 country code
                      example: US
                    dateOfBirth:
                      type: string
                      format: date
                      description: Date of birth in YYYY-MM-DD format
                      example: '1990-06-15'
                    address:
                      type: object
                      properties:
                        street:
                          type: string
                        city:
                          type: string
                        state:
                          type: string
                        postalCode:
                          type: string
                        country:
                          type: string
                          description: ISO 3166-1 alpha-2
            example:
              kycDocument:
                documentType: PASSPORT
                documentNumber: AB123456
                issuingCountry: US
                dateOfBirth: '1990-06-15'
                address:
                  street: 123 Main St
                  city: New York
                  state: NY
                  postalCode: '10001'
                  country: US
      responses:
        '201':
          description: KYC initiated â€” cardholder kycStatus is now PENDING
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CardholderResponse'
              example:
                success: true
                status: 201
                message: KYC initiated
                data:
                  cardholderId: chl_01HXYZ1234ABCDEF5678
                  firstName: John
                  lastName: Smith
                  email: john.smith@example.com
                  status: ACTIVE
                  kycStatus: PENDING
                  totalCards: 1
                  createdAt: '2026-05-22T09:00:00Z'
                  updatedAt: '2026-05-25T11:30:00Z'
                meta:
                  requestId: req_01HXY123456ABCDEF
                  platform: Fyatu CaaS
                  timestamp: '2026-05-25T11:30:00Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '409':
          description: KYC already approved
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                success: false
                status: 409
                message: Cardholder KYC is already approved
                error:
                  code: KYC_ALREADY_APPROVED
                  detail: Cardholder KYC is already approved
                meta:
                  requestId: req_01HXY123456ABCDEF
                  platform: Fyatu CaaS
                  timestamp: '2026-05-25T11:30:00Z'
        '422':
          description: Cardholder is terminated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                success: false
                status: 422
                message: Cardholder is terminated
                error:
                  code: CARDHOLDER_TERMINATED
                  detail: Cardholder is terminated and cannot be updated
                meta:
                  requestId: req_01HXY123456ABCDEF
                  platform: Fyatu CaaS
                  timestamp: '2026-05-25T11:30:00Z'
        '429':
          $ref: '#/components/responses/RateLimitExceeded'
        '500':
          $ref: '#/components/responses/InternalError'
components:
  schemas:
    CardholderResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        status:
          type: integer
          example: 200
        message:
          type: string
          example: Cardholder retrieved
        data:
          $ref: '#/components/schemas/Cardholder'
        meta:
          $ref: '#/components/schemas/Meta'
    Error:
      type: object
      properties:
        success:
          type: boolean
          example: false
        status:
          type: integer
          example: 422
        message:
          type: string
          example: Human readable message
        error:
          $ref: '#/components/schemas/ErrorBody'
        meta:
          $ref: '#/components/schemas/Meta'
    Cardholder:
      type: object
      properties:
        cardholderId:
          type: string
          example: chl_01HXYZ1234ABCDEF5678
        firstName:
          type: string
          example: John
        lastName:
          type: string
          example: Smith
        email:
          type: string
          format: email
          example: john.smith@example.com
        phone:
          type: string
          nullable: true
          example: '+12025551234'
        dateOfBirth:
          type: string
          format: date
          example: '1990-05-15'
        nationality:
          type: string
          description: ISO 3166-1 alpha-2
          example: US
        address:
          $ref: '#/components/schemas/Address'
        kycDocument:
          $ref: '#/components/schemas/KycDocument'
          nullable: true
        externalId:
          type: string
          nullable: true
          example: usr_123456
        metadata:
          type: object
          nullable: true
          example:
            plan: premium
        status:
          type: string
          enum:
            - ACTIVE
            - SUSPENDED
            - TERMINATED
          example: ACTIVE
        kycStatus:
          type: string
          enum:
            - PENDING
            - APPROVED
            - REJECTED
          example: APPROVED
        kycVerifiedAt:
          type: string
          format: date-time
          nullable: true
          example: '2026-05-10T14:23:00Z'
        kycRejectionReason:
          type: string
          nullable: true
          description: Only present when kycStatus is REJECTED
          example: null
        totalCards:
          type: integer
          example: 2
        suspendedAt:
          type: string
          format: date-time
          nullable: true
          example: null
        terminatedAt:
          type: string
          format: date-time
          nullable: true
          description: Only present when status is TERMINATED
          example: null
        createdAt:
          type: string
          format: date-time
          example: '2026-05-01T09:00:00Z'
        updatedAt:
          type: string
          format: date-time
          example: '2026-05-10T14:23:00Z'
    Meta:
      type: object
      properties:
        requestId:
          type: string
          example: req_a1b2c3d4e5f6a7b8c9d0e1f2
        platform:
          type: string
          example: Fyatu CaaS
        timestamp:
          type: string
          format: date-time
          example: '2026-05-22T15:00:00Z'
    ErrorBody:
      type: object
      properties:
        code:
          type: string
          example: VALIDATION_ERROR
        detail:
          type: string
          example: dateOfBirth must be in YYYY-MM-DD format
    Address:
      type: object
      properties:
        address:
          type: string
          example: 123 Main Street, Apt 4B
        city:
          type: string
          example: Newark
        state:
          type: string
          nullable: true
          example: Delaware
        postalCode:
          type: string
          nullable: true
          example: '19701'
        country:
          type: string
          description: ISO 3166-1 alpha-2
          example: US
      required:
        - address
        - city
        - country
    KycDocument:
      type: object
      description: >-
        Identity document details for KYC verification. Optional on create;
        patchable via PATCH. Not locked after KYC approval.
      properties:
        documentType:
          type: string
          enum:
            - PASSPORT
            - NATIONAL_ID
            - DRIVERS_LICENSE
            - RESIDENCE_PERMIT
          example: PASSPORT
        documentNumber:
          type: string
          example: AB123456
        issuingCountry:
          type: string
          description: ISO 3166-1 alpha-2
          example: US
        frontUrl:
          type: string
          format: uri
          example: https://storage.example.com/doc-front.jpg
        backUrl:
          type: string
          format: uri
          nullable: true
          description: Not required for passports
          example: null
        selfieUrl:
          type: string
          format: uri
          example: https://storage.example.com/selfie.jpg
  responses:
    Unauthorized:
      description: Missing or invalid API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          examples:
            missing:
              summary: API key missing
              value:
                success: false
                status: 401
                message: API key is required
                error:
                  code: AUTH_TOKEN_MISSING
                  detail: API key is required
                meta:
                  requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
                  platform: Fyatu CaaS
                  timestamp: '2026-05-22T15:00:00Z'
            invalid:
              summary: API key invalid
              value:
                success: false
                status: 401
                message: Invalid API key
                error:
                  code: AUTH_TOKEN_INVALID
                  detail: Invalid API key
                meta:
                  requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
                  platform: Fyatu CaaS
                  timestamp: '2026-05-22T15:00:00Z'
    Forbidden:
      description: Scope denied or business suspended
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 403
            message: Scope denied
            error:
              code: INSUFFICIENT_SCOPE
              detail: This endpoint requires the cards:write scope
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
    NotFound:
      description: Resource not found or does not belong to your business
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    RateLimitExceeded:
      description: Rate limit exceeded
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 429
            message: Rate limit exceeded
            error:
              code: RATE_LIMIT_EXCEEDED
              detail: Too many requests
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
    InternalError:
      description: Unexpected server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 500
            message: Internal error
            error:
              code: INTERNAL_ERROR
              detail: An unexpected error occurred
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: >-
        API key from the FYATU CaaS portal. Pass as `Authorization: Bearer
        <key>`.

````