Offsite Integration

In the offsite verification process, Shufti Pro's merchants are solely responsible for gathering all necessary information from the end user and then submitting it to Shufti Pro for verification.

Parameters & Description

Parameters	Description
advanced_search	Required: Yes Type: string Accepted Values: 0, 1 Default Value: 0 This parameter is used to enable enhanced KYB service for the client when the parameter value is set to "1".
company_registration_number	Required: Yes Type: string This parameter receives the company registration number to collect and verify the company information reports. Example: 12345678 Note: The registration number is not required if the company name is provided.
company_name	Required: No Type: string Minimum: 3 characters This parameter receives the company name to collect and verify the company information reports. Example: 'SHUFTI PRO LIMITED' Note: The company name is not required if the registration number is provided.
country_names	Required: Yes Type: array The option allows users to input the single country name in the form of an array for the search. Additionally, you can pass the state of the country to specify the search. Feel free to click on the following links to view supported countries and states Example: ['united_kingdom'], ['alabama']
search_type	Required: No Type: string Accepted Values: contains, start_with, fuzzy Default Value: Contains When using the "start_with" option, the API fetches a list of companies whose names start with the user-provided characters. In contrast, with the "contains" option, the search covers companies having the given keywords anywhere in their names. 'fuzzy' search expands to include less precise matches, broadening results by similarity rather than strict criteria.
search_by	Required: No Type: string This parameter contains the identifier used to search for a company. The identifier varies based on the company's registration country and includes country-specific options. Note: You can use the `search_by` and `search_word` keys when you want to use any other search identifiers apart from company_name and company_registration_number. Example: For Saudi Arabia, you can use "vat_number" in `search_by` and its value in `search_word`. For more details on supported identifiers, visit here.
search_word	Required: No Type: string This depends on the option selected in 'Search_by' parameter and includes the actual value of the search identifier provided by the user for searching the company record.

Request Payloads

tip

Please include the country along with either the company registration number or the company name in your request.

request-with-company_registration_number

//POST /status HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 
//replace "Basic" with "Bearer in case of Access Token"

{
  "reference": "1234567",
  "callback_url": "https://yourdomain.com/profile/sp-notify-callback",
  "country": "GB",
  "language": "EN",
  "kyb": {
    "advanced_search": "1",
    "company_registration_number": "12345678",
    "country_names": ["united_kingdom"],
    "search_type": "contains"
  }
}

let payload = {
    reference         : `SP_REQUEST_${Math.random()}`,
    callback_url      : "https://yourdomain.com/profile/sp-notify-callback",
    country           : "GB",
    language          : "EN"
}
//Use this key if you want to perform document verification with OCR
payload['kyb'] = {
  advanced_search              : "1",
  company_registration_number  : '12345',
  country_names                : ['united_kingdom'],
  search_type                  : 'contains'
}
//BASIC AUTH TOKEN
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR-CLIENT-ID:YOUR-SECRET-KEY"); //BASIC AUTH TOKEN
// if Access Token
//var token = "YOUR_ACCESS_TOKEN";
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/', 
{
  method : 'post',
  headers : {
    'Accept'        : 'application/json',
    'Content-Type'  : 'application/json',
    'Authorization' : 'Basic ' +token       // if access token then replace "Basic" with "Bearer"
  },
  body: JSON.stringify(payload)
})
.then(function(response) {
     return response.json();
}).then(function(data) {
    if (data.event && data.event === 'verification.accepted') {
          console.log(data);
        }
});

<?php
$url = 'https://api.shuftipro.com/';

//Your Shufti Pro account Client ID
$client_id  = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
//OR Access Token
//$access_token = 'YOUR-ACCESS-TOKEN';

$verification_request = [
    'reference'    => 'ref-'.rand(4,444).rand(4,444),
    'country'      => 'GB',
    'language'     => 'EN',
    'email'        => '[email protected]',
    'callback_url' =>  'https://yourdomain.com/profile/notifyCallback',
];

//Use this key if you want to perform kyb service
$verification_request['kyb'] =[
    'advanced_search'             => '1',
    'company_registration_number' => '123456',
    'country_names'               => ['united_kingdom'],
    'search_type'                 => 'contains'
];

$auth = $client_id.":".$secret_key; // remove this in case of Access Token
$headers = ['Content-Type: application/json'];
// if using Access Token then add it into headers as mentioned below otherwise remove access token
// array_push($headers, 'Authorization: Bearer ' . $access_token); 
$post_data = json_encode($verification_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth); // remove $auth in case of Access Token
//Get Shufti Pro API Response
$response_data    = $response['body'];
//Get Shufti Pro Signature
$exploded = explode("\n", $response['headers']);
// Get Signature Key from Hearders
$sp_signature = null;
foreach ($exploded as $key => $value) {
  if (strpos($value, 'signature: ') !== false || strpos($value, 'Signature: ') !== false) {
    $sp_signature=trim(explode(':', $exploded[$key])[1]);
    break;
  }
}

// Calculating signature for verification

// Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
// $secret_key = hash('sha256', $secret_key)

// Calculated signature functionality cannot be implement in case of access token
$calculate_signature  = hash('sha256',$response_data.$secret_key);
$decoded_response = json_decode($response_data,true);
$event_name = $decoded_response['event'];

if(in_array($event_name, ['verification.accepted', 'verification.declined', 'request.received']) ){
    if($sp_signature == $calculate_signature){
        echo $event_name." :" . $response_data;
    }else{
        echo "Invalid signature :" . $response_data;
    }
}else{
    echo "Error :" . $response_data;
}

function send_curl($url, $post_data, $headers, $auth){ // remove $auth in case of Access Token
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_USERPWD, $auth); // remove this in case of Access Token
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // remove this in case of Access Token
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    $html_response = curl_exec($ch);
    $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
    $headers = substr($html_response, 0, $header_size);
    $body = substr($html_response, $header_size);
    curl_close($ch);
    return ['headers' => $headers,'body' => $body];     
}
?>

import requests, base64, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
# OR Access Token
# access_token = 'YOUR-ACCESS-TOKEN';

verification_request = {
    'reference'         :   'ref-{}{}'.format(randint(1000, 9999), randint(1000, 9999)),
    'country'           :   'GB', 
    'language'          :   'EN',
    'email'             :   '[email protected]',
    'callback_url'      :   'https://yourdomain.com/profile/notifyCallback'
}
# Use this key if you want to perform document verification with OCR
verification_request['kyb'] = {
    'advanced_search'             : '1',
    'company_registration_number' : '123456',
    'country_names'               : ['united_kingdom'],
    'search_type'                 : 'contains'
}

# Calling Shufti Pro request API using python  requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
# if access token 
# b64Val = access_token
# replace "Basic with "Bearer" in case of Access Token
response = requests.post(url, 
                headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
                data=json.dumps(verification_request))

# Calculating signature for verification

# Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
# secret_key = hashlib.sha256(secret_key.encode()).hexdigest()

# Calculated signature functionality cannot be implement in case of access token
calculated_signature = hashlib.sha256('{}{}'.format(response.content.decode(), secret_key).encode()).hexdigest()

# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')
# Convert json string to json object
json_response = json.loads(response.content)
# Get event returned
event_name = json_response['event']
print (json_response)
if event_name == 'verification.accepted':
    if sp_signature == calculated_signature:
        print ('Verification Response: {}'.format(response.content))
    else:
        print ('Invalid signature: {}'.format(response.content))

require 'uri'
require 'net/http'
require 'base64'
require 'json'

url = URI("https://api.shuftipro.com/")
# Your Shufti Pro account Client ID
CLIENT_ID   = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY  = "YOUR-SECRET-KEY"
# if access token
# ACCESS_TOKEN = "YOUR-ACCESS-TOKEN"

verification_request = { 
    reference:          "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
    callback_url:       "https://yourdomain.com/profile/notifyCallback",
    email:              "[email protected]",
    country:            "GB",
    language:           "EN"
}
# Use this key if you want to perform document verification with OCR
verification_request["kyb"] = {
  advanced_search            : "1",
  company_registration_number: "12345",
  country_names              : ["united_kingdom"],
  search_type                : "contains"
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
# if Access Token
# header_auth = ACCESS_TOKEN
request["Content-Type"]  = "application/json"
request["Authorization"] = "Basic #{header_auth}"   # replace "Basic" with "Bearer" in case of access token
request.body = verification_request.to_json
response = http.request(request)
response_headers =  response.instance_variable_get("@header")
response_data    = response.read_body

sp_signature     = !(response_headers['signature'].nil?) ? response_headers['signature'].join(',') : ""

# Calculating signature for verification

# Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
# SECRET_KEY = Digest::SHA256.hexdigest SECRET_KEY

# calculated signature functionality cannot be implement in case of access token
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY
if sp_signature == calculated_signature
  puts response_data
else
  puts "Invalid signature"
end

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

import javax.net.ssl.HttpsURLConnection;

public class Main {
    public static void main(String[] args) throws Exception {
        String url = "https://api.shuftipro.com/service/ocr_for_business/extraction";
        String CLIENT_ID = "CLIENT_ID";
        String SECRET_KEY = "SECRET_KEY";
        URL obj = new URL(url);
        HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();

        // Add request header
        con.setRequestMethod("POST");
        con.setRequestProperty("Content-Type", "application/json");
        String basicAuth = "Basic " + Base64.getEncoder().encodeToString((CLIENT_ID + ":" + SECRET_KEY).getBytes(StandardCharsets.UTF_8));    
        con.setRequestProperty("Authorization", basicAuth);

        String payload = "{\"reference\":\"1234567\",\"callback_url\":\"https://yourdomain.com/profile/sp-notify-callback\",\"country\":\"GB\",\"language\":\"EN\",\"kyb\":{\"advanced_search\": \"1\",\"company_registration_number\":\"12345678\",\"country_names\":[\"united_kingdom\"],\"search_type\":\"contains\"}}";


        // Send post request
        con.setDoOutput(true);
        DataOutputStream wr = new DataOutputStream(con.getOutputStream());
        wr.writeBytes(payload);
        wr.flush();
        wr.close();

        int responseCode = con.getResponseCode();
        System.out.println("\nSending 'POST' request to URL : " + url);
        System.out.println("Payload : " + payload);
        System.out.println("Response Code : " + responseCode);

        BufferedReader in = new BufferedReader(
                new InputStreamReader(con.getInputStream()));
        System.out.println(in.toString());
        String inputLine;
        StringBuffer response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();

        // Print the response
        System.out.println(response.toString());
    }
}

curl --location --request POST 'https://api.shuftipro.com/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==' \
--data-raw '{
    "reference"    : "1234567",
    "callback_url" : "https://yourdomain.com/profile/sp-notify-callback",
    "country"      : "GB",
    "language"     : "EN",
    "kyb" : {
        "advanced_search"                 : "1",
        "company_registration_number"     : "12345678",
        "country_names"                   : ["united_kingdom"],
        "search_type"                     : "contains" 
    }
}'

var client = new RestClient("https://api.shuftipro.com/");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==");
var body = @"{" + "\n" +
@"    ""reference""    : ""1234567""," + "\n" +
@"    ""callback_url"" : ""https://yourdomain.com/profile/sp-notify-callback""," + "\n" +
@"    ""country""      : ""GB""," + "\n" +
@"    ""language""     : ""EN""," + "\n" +
@"    ""kyb"" : {" + "\n" +
@"        ""advanced_search""     : ""1""," + "\n" +
@"        ""company_registration_number""     : ""12345678""," + "\n" +
@"        ""country_names""     : [""united_kingdom""]," + "\n" +
@"        ""search_type""     : ""contains""" + "\n" +
@"    }" + "\n" +
@"}";
request.AddParameter("application/json", body,  ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "https://api.shuftipro.com/"
  method := "POST"

  payload := strings.NewReader(`{
    "reference"    : "1234567",
    "callback_url" : "https://yourdomain.com/profile/sp-notify-callback",
    "country"      : "GB",
    "language"     : "EN",
    "kyb" : {
        "advanced_search"   : "1",
        "company_registration_number"     : "12345678",
        "country_names"     : ["united_kingdom"],
        "search_type"     : "contains"
    }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

request-with-company_name

//POST /status HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 
//replace "Basic" with "Bearer in case of Access Token"

{
  "reference": "1234567",
  "callback_url": "https://yourdomain.com/profile/sp-notify-callback",
  "country": "GB",
  "language": "EN",
  "kyb": {
    "advanced_search": "1",
    "company_name": "SHUFTI PRO LIMITED",
    "country_names": ["united_kingdom"],
    "search_type": "start_with"
  }
}

let payload = {
    reference         : `SP_REQUEST_${Math.random()}`,
    callback_url      : "https://yourdomain.com/profile/sp-notify-callback",
    country           : "GB",
    language          : "EN"
}
//Use this key if you want to perform document verification with OCR
payload['kyb'] = {
  'advanced_search': '1',
  'company_name'   : 'SHUFTI PRO LIMITED',
  'country_names'  : ['united_kingdom'],
  'search_type'    : 'start_with'
}
//BASIC AUTH TOKEN
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR-CLIENT-ID:YOUR-SECRET-KEY"); //BASIC AUTH TOKEN
// if Access Token
//var token = "YOUR_ACCESS_TOKEN";
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/', 
{
  method : 'post',
  headers : {
    'Accept'        : 'application/json',
    'Content-Type'  : 'application/json',
    'Authorization' : 'Basic ' +token       // if access token then replace "Basic" with "Bearer"
  },
  body: JSON.stringify(payload)
})
.then(function(response) {
     return response.json();
}).then(function(data) {
    if (data.event && data.event === 'verification.accepted') {
          console.log(data);
        }
});

<?php
$url = 'https://api.shuftipro.com/';

//Your Shufti Pro account Client ID
$client_id  = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
//OR Access Token
//$access_token = 'YOUR-ACCESS-TOKEN';

$verification_request = [
    'reference'    => 'ref-'.rand(4,444).rand(4,444),
    'country'      => 'GB',
    'language'     => 'EN',
    'email'        => '[email protected]',
    'callback_url' =>  'https://yourdomain.com/profile/notifyCallback',
];

//Use this key if you want to perform kyb service
$verification_request['kyb'] =[
    'advanced_search' => '1',
    'company_name' => 'SHUFTI PRO LIMITED',
    'country_names'=>   ['united_kingdom'],
    'search_type'  =>   'start_with'
];

$auth = $client_id.":".$secret_key; // remove this in case of Access Token
$headers = ['Content-Type: application/json'];
// if using Access Token then add it into headers as mentioned below otherwise remove access token
// array_push($headers, 'Authorization: Bearer ' . $access_token); 
$post_data = json_encode($verification_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth); // remove $auth in case of Access Token
//Get Shufti Pro API Response
$response_data    = $response['body'];
//Get Shufti Pro Signature
$exploded = explode("\n", $response['headers']);
// Get Signature Key from Hearders
$sp_signature = null;
foreach ($exploded as $key => $value) {
  if (strpos($value, 'signature: ') !== false || strpos($value, 'Signature: ') !== false) {
    $sp_signature=trim(explode(':', $exploded[$key])[1]);
    break;
  }
}

// Calculating signature for verification

// Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
// $secret_key = hash('sha256', $secret_key)

// Calculated signature functionality cannot be implement in case of access token
$calculate_signature  = hash('sha256',$response_data.$secret_key);
$decoded_response = json_decode($response_data,true);
$event_name = $decoded_response['event'];

if(in_array($event_name, ['verification.accepted', 'verification.declined']) ){
    if($sp_signature == $calculate_signature){
        echo $event_name." :" . $response_data;
    }else{
        echo "Invalid signature :" . $response_data;
    }
}else{
    echo "Error :" . $response_data;
}

function send_curl($url, $post_data, $headers, $auth){ // remove $auth in case of Access Token
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_USERPWD, $auth); // remove this in case of Access Token
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // remove this in case of Access Token
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    $html_response = curl_exec($ch);
    $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
    $headers = substr($html_response, 0, $header_size);
    $body = substr($html_response, $header_size);
    curl_close($ch);
    return ['headers' => $headers,'body' => $body];     
}
?>

import requests, base64, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
# OR Access Token
# access_token = 'YOUR-ACCESS-TOKEN';

verification_request = {
    'reference'         :   'ref-{}{}'.format(randint(1000, 9999), randint(1000, 9999)),
    'country'           :   'GB', 
    'language'          :   'EN',
    'email'             :   '[email protected]',
    'callback_url'      :   'https://yourdomain.com/profile/notifyCallback'
}
# Use this key if you want to perform document verification with OCR
verification_request['kyb'] = {
    'advanced_search' : '1',
    'company_name'  : 'SHUFTI PRO LIMITED',
    'country_names' : ['united_kingdom'],
    'search_type'   : 'start_with'
}

# Calling Shufti Pro request API using python  requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
# if access token 
# b64Val = access_token
# replace "Basic with "Bearer" in case of Access Token
response = requests.post(url, 
                headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
                data=json.dumps(verification_request))

# Calculating signature for verification

# Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
# secret_key = hashlib.sha256(secret_key.encode()).hexdigest()

# Calculated signature functionality cannot be implement in case of access token
calculated_signature = hashlib.sha256('{}{}'.format(response.content.decode(), secret_key).encode()).hexdigest()

# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')
# Convert json string to json object
json_response = json.loads(response.content)
# Get event returned
event_name = json_response['event']
print (json_response)
if event_name == 'verification.accepted':
    if sp_signature == calculated_signature:
        print ('Verification Response: {}'.format(response.content))
    else:
        print ('Invalid signature: {}'.format(response.content))

require 'uri'
require 'net/http'
require 'base64'
require 'json'

url = URI("https://api.shuftipro.com/")
# Your Shufti Pro account Client ID
CLIENT_ID   = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY  = "YOUR-SECRET-KEY"
# if access token
# ACCESS_TOKEN = "YOUR-ACCESS-TOKEN"

verification_request = { 
    reference:          "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
    callback_url:       "https://yourdomain.com/profile/notifyCallback",
    email:              "[email protected]",
    country:            "GB",
    language:           "EN"
}
# Use this key if you want to perform document verification with OCR
verification_request["kyb"] = {
  advanced_search: '1',
  company_name: 'SHUFTI PRO LIMITED',
  country_names:   ['united_kingdom'],
  search_type:   'start_with'
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
# if Access Token
# header_auth = ACCESS_TOKEN
request["Content-Type"]  = "application/json"
request["Authorization"] = "Basic #{header_auth}"   # replace "Basic" with "Bearer" in case of access token
request.body = verification_request.to_json
response = http.request(request)
response_headers =  response.instance_variable_get("@header")
response_data    = response.read_body

sp_signature     = !(response_headers['signature'].nil?) ? response_headers['signature'].join(',') : ""

# Calculating signature for verification

# Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
# SECRET_KEY = Digest::SHA256.hexdigest SECRET_KEY

# calculated signature functionality cannot be implement in case of access token
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY

if sp_signature == calculated_signature
  puts response_data
else
  puts "Invalid signature"
end

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

import javax.net.ssl.HttpsURLConnection;

public class Main {
    public static void main(String[] args) throws Exception {
        String url = "https://api.shuftipro.com/";
        String CLIENT_ID = "CLIENT_ID";
        String SECRET_KEY = "SECRET_KEY";
        URL obj = new URL(url);
        HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();

        // Add request header
        con.setRequestMethod("POST");
        con.setRequestProperty("Content-Type", "application/json");
        String basicAuth = "Basic " + Base64.getEncoder().encodeToString((CLIENT_ID + ":" + SECRET_KEY).getBytes(StandardCharsets.UTF_8));    
        con.setRequestProperty("Authorization", basicAuth);

        String payload = "{\"reference\":\"1234567\",\"callback_url\":\"https://yourdomain.com/profile/sp-notify-callback\",\"country\":\"GB\",\"language\":\"EN\",\"kyb\":{\"advanced_search\": \"1\",\"company_name\":\"SHUFTI PRO LTD\",\"country_names\":[\"united_kingdom\"],\"search_type\":\"start_with\"}}";

        // Send post request
        con.setDoOutput(true);
        DataOutputStream wr = new DataOutputStream(con.getOutputStream());
        wr.writeBytes(payload);
        wr.flush();
        wr.close();

        int responseCode = con.getResponseCode();
        System.out.println("\nSending 'POST' request to URL : " + url);
        System.out.println("Payload : " + payload);
        System.out.println("Response Code : " + responseCode);

        BufferedReader in = new BufferedReader(
                new InputStreamReader(con.getInputStream()));
        System.out.println(in.toString());
        String inputLine;
        StringBuffer response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();

        // Print the response
        System.out.println(response.toString());
    }
}

curl --location --request POST 'https://api.shuftipro.com/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==' \
--data-raw '{
    "reference"    : "1234567",
    "callback_url" : "https://yourdomain.com/profile/sp-notify-callback",
    "country"      : "GB",
    "language"     : "EN",
    "kyb" : {
            "advanced_search"  : "1",
            "company_name"     : "SHUFTI PRO LIMITED",
            "country_names"    : ["united_kingdom"],
            "search_type"      : "start_with"
        }
}'

var client = new RestClient("https://api.shuftipro.com/");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==");
var body = @"{" + "\n" +
@"    ""reference""    : ""1234567""," + "\n" +
@"    ""callback_url"" : ""https://yourdomain.com/profile/sp-notify-callback""," + "\n" +
@"    ""country""      : ""GB""," + "\n" +
@"    ""language""     : ""EN""," + "\n" +
@"    ""kyb"" : {" + "\n" +
@"            ""advanced_search""     : ""1""" + "\n" +
@"            ""company_name""     : ""SHUFTI PRO LIMITED""" + "\n" +
@"            ""country_names""     : [""united_kingdom""]," + "\n" +
@"            ""search_type""     : ""start_with""" + "\n" +
@"        }" + "\n" +
@"}";
request.AddParameter("application/json", body,  ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "https://api.shuftipro.com/"
  method := "POST"

  payload := strings.NewReader(`{
    "reference"    : "1234567",
    "callback_url" : "https://yourdomain.com/profile/sp-notify-callback",
    "country"      : "GB",
    "language"     : "EN",
    "kyb" : {
            "advanced_search"  : "1",
            "company_name"     : "SHUFTI PRO LIMITED",
            "country_names"    : ["united_kingdom"],
            "search_type"      : "start_with"
        }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

request-with-search_by-and-search_word

//POST /status HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw== 
//replace "Basic" with "Bearer in case of Access Token"

{
  "reference": "1234567",
  "callback_url": "https://yourdomain.com/profile/sp-notify-callback",
  "country": "GB",
  "language": "EN",
  "kyb": {
    "advanced_search": 1,
    "search_by": "company_name",
    "search_word": "SHUFTI PRO LIMITED",
    "country_names":["united_kingdom"],
    "search_type": "contains"
}
}

let payload = {
    reference         : `SP_REQUEST_${Math.random()}`,
    callback_url      : "https://yourdomain.com/profile/sp-notify-callback",
    country           : "GB",
    language          : "EN"
}
//Use this key if you want to perform document verification with OCR
payload['kyb'] = {
  'advanced_search': '1',
  'search_by'      : 'company_name',
  'search_word'    : 'SHUFTI PRO LIMITED',
  'country_names'  : ['united_kingdom'],
  'search_type'    : 'start_with'
}
//BASIC AUTH TOKEN
//Use your Shufti Pro account client id and secret key
var token = btoa("YOUR-CLIENT-ID:YOUR-SECRET-KEY"); //BASIC AUTH TOKEN
// if Access Token
//var token = "YOUR_ACCESS_TOKEN";
//Dispatch request via fetch API or with whatever else which best suits for you
fetch('https://api.shuftipro.com/', 
{
  method : 'post',
  headers : {
    'Accept'        : 'application/json',
    'Content-Type'  : 'application/json',
    'Authorization' : 'Basic ' +token       // if access token then replace "Basic" with "Bearer"
  },
  body: JSON.stringify(payload)
})
.then(function(response) {
     return response.json();
}).then(function(data) {
    if (data.event && data.event === 'verification.accepted') {
          console.log(data);
        }
});

<?php
$url = 'https://api.shuftipro.com/';

//Your Shufti Pro account Client ID
$client_id  = 'YOUR-CLIENT-ID';
//Your Shufti Pro account Secret Key
$secret_key = 'YOUR-SECRET-KEY';
//OR Access Token
//$access_token = 'YOUR-ACCESS-TOKEN';

$verification_request = [
    'reference'    => 'ref-'.rand(4,444).rand(4,444),
    'country'      => 'GB',
    'language'     => 'EN',
    'email'        => '[email protected]',
    'callback_url' =>  'https://yourdomain.com/profile/notifyCallback',
];

//Use this key if you want to perform kyb service
$verification_request['kyb'] =[
    'advanced_search' => '1',
    'search_by' => 'company_name',
    'search_word' => 'SHUFTI PRO LIMITED',
    'country_names'=>   ['united_kingdom'],
    'search_type'  =>   'start_with'
];

$auth = $client_id.":".$secret_key; // remove this in case of Access Token
$headers = ['Content-Type: application/json'];
// if using Access Token then add it into headers as mentioned below otherwise remove access token
// array_push($headers, 'Authorization: Bearer ' . $access_token); 
$post_data = json_encode($verification_request);
//Calling Shufti Pro request API using curl
$response = send_curl($url, $post_data, $headers, $auth); // remove $auth in case of Access Token
//Get Shufti Pro API Response
$response_data    = $response['body'];
//Get Shufti Pro Signature
$exploded = explode("\n", $response['headers']);
// Get Signature Key from Hearders
$sp_signature = null;
foreach ($exploded as $key => $value) {
  if (strpos($value, 'signature: ') !== false || strpos($value, 'Signature: ') !== false) {
    $sp_signature=trim(explode(':', $exploded[$key])[1]);
    break;
  }
}

// Calculating signature for verification

// Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
// $secret_key = hash('sha256', $secret_key)

// Calculated signature functionality cannot be implement in case of access token
$calculate_signature  = hash('sha256',$response_data.$secret_key);
$decoded_response = json_decode($response_data,true);
$event_name = $decoded_response['event'];

if(in_array($event_name, ['verification.accepted', 'verification.declined']) ){
    if($sp_signature == $calculate_signature){
        echo $event_name." :" . $response_data;
    }else{
        echo "Invalid signature :" . $response_data;
    }
}else{
    echo "Error :" . $response_data;
}

function send_curl($url, $post_data, $headers, $auth){ // remove $auth in case of Access Token
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_USERPWD, $auth); // remove this in case of Access Token
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // remove this in case of Access Token
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    $html_response = curl_exec($ch);
    $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
    $headers = substr($html_response, 0, $header_size);
    $body = substr($html_response, $header_size);
    curl_close($ch);
    return ['headers' => $headers,'body' => $body];     
}
?>

import requests, base64, json, hashlib
from random import randint

'''
Python 2
--------
import urllib2

Python 3
--------
import urllib.request
urllib.request.urlopen(url).read()
'''
url = 'https://api.shuftipro.com/'
# Your Shufti Pro account Client ID
client_id  = 'YOUR-CLIENT-ID'
# Your Shufti Pro account Secret Key
secret_key = 'YOUR-SECRET-KEY'
# OR Access Token
# access_token = 'YOUR-ACCESS-TOKEN';

verification_request = {
    'reference'         :   'ref-{}{}'.format(randint(1000, 9999), randint(1000, 9999)),
    'country'           :   'GB', 
    'language'          :   'EN',
    'email'             :   '[email protected]',
    'callback_url'      :   'https://yourdomain.com/profile/notifyCallback'
}
# Use this key if you want to perform document verification with OCR
verification_request['kyb'] = {
    'advanced_search' : '1',
    'search_by'      : 'company_name',
    'search_word'    : 'SHUFTI PRO LIMITED',
    'country_names' : ['united_kingdom'],
    'search_type'   : 'start_with'
}

# Calling Shufti Pro request API using python  requests
auth = '{}:{}'.format(client_id, secret_key)
b64Val = base64.b64encode(auth.encode()).decode()
# if access token 
# b64Val = access_token
# replace "Basic with "Bearer" in case of Access Token
response = requests.post(url, 
                headers={"Authorization": "Basic %s" % b64Val, "Content-Type": "application/json"},
                data=json.dumps(verification_request))

# Calculating signature for verification

# Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
# secret_key = hashlib.sha256(secret_key.encode()).hexdigest()

# Calculated signature functionality cannot be implement in case of access token
calculated_signature = hashlib.sha256('{}{}'.format(response.content.decode(), secret_key).encode()).hexdigest()

# Get Shufti Pro Signature
sp_signature = response.headers.get('Signature','')
# Convert json string to json object
json_response = json.loads(response.content)
# Get event returned
event_name = json_response['event']
print (json_response)
if event_name == 'verification.accepted':
    if sp_signature == calculated_signature:
        print ('Verification Response: {}'.format(response.content))
    else:
        print ('Invalid signature: {}'.format(response.content))

require 'uri'
require 'net/http'
require 'base64'
require 'json'

url = URI("https://api.shuftipro.com/")
# Your Shufti Pro account Client ID
CLIENT_ID   = "YOUR-CLIENT-ID"
# Your Shufti Pro account Secret Key
SECRET_KEY  = "YOUR-SECRET-KEY"
# if access token
# ACCESS_TOKEN = "YOUR-ACCESS-TOKEN"

verification_request = { 
    reference:          "Ref-"+ (0...8).map { (65 + rand(26)).chr }.join,
    callback_url:       "https://yourdomain.com/profile/notifyCallback",
    email:              "[email protected]",
    country:            "GB",
    language:           "EN"
}
# Use this key if you want to perform document verification with OCR
verification_request["kyb"] = {
  advanced_search: '1',
  search_by: 'company_name',
  search_word: 'SHUFTI PRO LIMITED',
  country_names:   ['united_kingdom'],
  search_type:   'start_with'
}
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
header_auth = Base64.strict_encode64("#{CLIENT_ID}:#{SECRET_KEY}")
# if Access Token
# header_auth = ACCESS_TOKEN
request["Content-Type"]  = "application/json"
request["Authorization"] = "Basic #{header_auth}"   # replace "Basic" with "Bearer" in case of access token
request.body = verification_request.to_json
response = http.request(request)
response_headers =  response.instance_variable_get("@header")
response_data    = response.read_body

sp_signature     = !(response_headers['signature'].nil?) ? response_headers['signature'].join(',') : ""

# Calculating signature for verification

# Clients registered with Shufti Pro after March 15, 2023, must use secret key as follows
# SECRET_KEY = Digest::SHA256.hexdigest SECRET_KEY

# calculated signature functionality cannot be implement in case of access token
calculated_signature = Digest::SHA256.hexdigest response_data + SECRET_KEY

if sp_signature == calculated_signature
  puts response_data
else
  puts "Invalid signature"
end

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

import javax.net.ssl.HttpsURLConnection;

public class Main {
    public static void main(String[] args) throws Exception {
        String url = "https://api.shuftipro.com/";
        String CLIENT_ID = "CLIENT_ID";
        String SECRET_KEY = "SECRET_KEY";
        URL obj = new URL(url);
        HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();

        // Add request header
        con.setRequestMethod("POST");
        con.setRequestProperty("Content-Type", "application/json");
        String basicAuth = "Basic " + Base64.getEncoder().encodeToString((CLIENT_ID + ":" + SECRET_KEY).getBytes(StandardCharsets.UTF_8));    
        con.setRequestProperty("Authorization", basicAuth);

        String payload = "{\"reference\":\"1234567\",\"callback_url\":\"https://yourdomain.com/profile/sp-notify-callback\",\"country\":\"GB\",\"language\":\"EN\",\"kyb\":{\"advanced_search\": \"1\",\"search_by\":\"company_name",\"search_word\":\"SHUFTI PRO LIMITED",\"country_names\":[\"united_kingdom\"],\"search_type\":\"start_with\"}}";

        // Send post request
        con.setDoOutput(true);
        DataOutputStream wr = new DataOutputStream(con.getOutputStream());
        wr.writeBytes(payload);
        wr.flush();
        wr.close();

        int responseCode = con.getResponseCode();
        System.out.println("\nSending 'POST' request to URL : " + url);
        System.out.println("Payload : " + payload);
        System.out.println("Response Code : " + responseCode);

        BufferedReader in = new BufferedReader(
                new InputStreamReader(con.getInputStream()));
        System.out.println(in.toString());
        String inputLine;
        StringBuffer response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();

        // Print the response
        System.out.println(response.toString());
    }
}

curl --location --request POST 'https://api.shuftipro.com/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==' \
--data-raw '{
    "reference"    : "1234567",
    "callback_url" : "https://yourdomain.com/profile/sp-notify-callback",
    "country"      : "GB",
    "language"     : "EN",
    "kyb" : {
            "advanced_search"  : "1",
            "search_by": 'company_name',
            "search_word": 'SHUFTI PRO LIMITED',
            "country_names"    : ["united_kingdom"],
            "search_type"      : "start_with"
        }
}'

var client = new RestClient("https://api.shuftipro.com/");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==");
var body = @"{" + "\n" +
@"    ""reference""    : ""1234567""," + "\n" +
@"    ""callback_url"" : ""https://yourdomain.com/profile/sp-notify-callback""," + "\n" +
@"    ""country""      : ""GB""," + "\n" +
@"    ""language""     : ""EN""," + "\n" +
@"    ""kyb"" : {" + "\n" +
@"            ""advanced_search""     : ""1""" + "\n" +
@"            ""search_by""     : ""company_name""" + "\n" +
@"            ""search_word""     : ""SHUFTI PRO LIMITED""" + "\n" +
@"            ""country_names""     : [""united_kingdom""]," + "\n" +
@"            ""search_type""     : ""start_with""" + "\n" +
@"        }" + "\n" +
@"}";
request.AddParameter("application/json", body,  ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "https://api.shuftipro.com/"
  method := "POST"

  payload := strings.NewReader(`{
    "reference"    : "1234567",
    "callback_url" : "https://yourdomain.com/profile/sp-notify-callback",
    "country"      : "GB",
    "language"     : "EN",
    "kyb" : {
            "advanced_search"  : "1",
            "company_name"     : "SHUFTI PRO LIMITED",
            "search_by"        : "company_name",
            "search_word"      : "SHUFTI PRO LIMITED",
            "country_names"    : ["united_kingdom"],
            "search_type"      : "start_with"
        }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

info

In an Enhanced KYB verification request, the results screen will not be displayed irrespective of the 'show_result' parameter's setting 0 or 1.

Parameters & Description​

Request Payloads​

Parameters & Description

Request Payloads