Enclave Server API Utilization
A guide to the purpose of the Enclave Server API and the order of calls.
A guide to using the enclave server API when a user requests for withdrawal via a VASP.
A user requests withdrawal via a VASP. Above is a reference image to understand the purpose of API.
- For example, when a user requests withdrawal via a VASP application,
- a user must enter the amount, the beneficiary VASP, the beneficiary address, and the beneficiary name.
- Amount: How much virtual asset will be sent.
- Beneficiary VASP: The VASP to which virtual asset is sent. Choose one from the list of receivable VASPs.
- Beneficiary Address: The account number to which virtual asset is sent.
- Beneficiary Name: The name of the beneficiary receiving the virtual asset.
- For convenience, VerifyVASP provides a list of Beneficiary VASPs.
- By calling a
GET /vaspsAPI from a VASP’s backend, you can provide a list on a user’s screen.
- VASP can manage the list itself and provide the list to the users (However, the VaspID must be consistent with the Vasp defined in the VASP list).
- Click withdrawal.
- In the VASP backend, the verification process due to Travel Rule proceeds via VerifyVASP before the transaction of the actual withdrawal is sent to the blockchain.
- The risk level of an account number is verified by the two pieces of information a user inputs in the screen above - Amount and Beneficiary Address.
POST /pre-screening APIcan be used to verify.
- Check the risk level displayed in the rating field in the response of the Pre-Screening API above.
- According to the risk level, it is determined whether the withdrawal request transaction will be sent to the blockchain.
- Proceed with all verification processes on all of the information, including the information entered above such as Amount, Beneficiary VASP, Beneficiary Address, and Beneficiary Name.
- In order to comply with the travel rules, it is necessary to check whether the account is owned by the exchange in advance, rather than transmitting all data of the sender and recipient from the beginning.
- Use the
POST /v1/verifications/accountAPI to check if the wallet address is owned by the beneficiary VASP.
- If the amount exceeds the legal standard, the wallet address and the recipient's name are delivered together for verification.
- In this case, we do not perform KYC or Sanction Screening, but simply check if the account information owned by the exchange is correct.
- If the wallet address of the recipient VASP is correct, the user verification process is performed to comply with the travel rules below.
- You can check using
- According to the IVMS101 message protocol, information about the beneficiary and originator should be sent together.
- In the VASP backend, information about the originator should be offered in IVMS101 format.
- Additionally, you can perform sanction screening through the personal information of the beneficiary/originator received from the other VASP.
- Whether to proceed with the transaction must be determined after the result of the verification process.
- Although an ideal flow is yet to be decided, two options are plausible.
- Proceeding actual transaction after VASP backend checks the result value by itself.
- Display verification results to the users so that they can optionally proceed.
- Proceed with the actual transaction in the VASP backend.
- Report withdrawal results.
- In order for the VASP backend to finish the transaction, report (share) Transaction Hash to the beneficiary VASP.
- If you decided not to send transactions permanently because of an error, report (share) an error to the beneficiary VASP.
- If a beneficiary VASP did not receive the transaction process report for a certain amount of time, a beneficiary VASP can ask for the transaction process status to the originating VASP. Use
- View verification history.
- If you would like to view verification history proceeded during transactions via VASP in its backend,
GET /v1/verifications API.
- If you need a screen easily approachable from VASP, compose one using the verification inquiry API above, which is provided by enclave.
- If a VASP wants to proceed with multiple withdrawal requests as a single transaction to reduce fees, refer to the steps below.
- VASP backend performs a verification process on each of the withdrawal requests as above N times.
- Then a verificationUuid per withdrawal information is created.
- Report a txHash value, which is created by a single transaction transmission.
- Report the same txHash in a verificationUuid corresponding to each withdrawal information N times.
- VerifyVASP does not automatically process multiple withdrawal requests as a single transaction.