Skip to main content
[AU] KYC-Trusted General

This article describes how to create your KYC-Trusted Agreements and contacts via the API.

Updated over 4 months ago

Note: This article is relevant to merchants integrating with Zepto in Australia.

About KYC Trusted Customer Accounts

It is a strict requirement when setting up regular payments via a direct entry that a customer sights and agrees to a Direct Debit Request (DDR) and a Direct Debit Request Service Agreement (DDRSA). Similarly, there are also minimum identification requirements for the on-boarding process, referred to as ‘Know Your Customer', or KYC. 

Using the standard Zepto API integration, these DDR and DDRSA documents are embedded as links, and the KYC requirements are handled as part of the Instant Account Verification (IAV) process. We fully appreciate, however, that some of our partners have an existing onboarding process that collects the required KYC materials before passing this information through to establish regular direct debits via Zepto.

To cater for this, Zepto offers a KYC-Trusted status for partners that meet and can demonstrate the following requirements:

Furthermore, it is highly recommended that the following be in place:

  • A process to record & archive the acceptance of the DDR

  • Ensure a printed or non-changeable electronic copy of the DDR and DDRSA can be provided when required within 7 days

  • A refund and dispute policy

  • A process of identifying a customer and storing that data securely

Configuring & Testing KYC Trusted Status


Step 1 – Set up a Sandbox Account

The first step to configure your KYC status is to set up a sandbox account. This allows you to configure our platform using dummy information for testing purposes. 

Step 2 – Create an Agreement via the KYC Endpoint 

The following endpoint will allow you to achieve three actions simultaneously: 

  • Create a contact (authoriser)

  • Input the bank account details (BSB + Account Number)

  • Create the Agreement

Endpoint: POST /agreements/kyc

Payload Signature: 

{
  "authoriser":{
    "name":"John Doe",
    "email":"john@supplies.com",
    "bank_account":{
      "branch_code":"433444",
      "account_number":"3934342"
    },
    "metadata": {
      "some_data": "stored on the authoriser contact"
    }
  },
  "terms":{
    "per_payout":{
      "min_amount":null,
      "max_amount":null
    },
    "per_frequency":{
      "days":null,
      "max_amount":null
    }
  },
  "metadata":{
    "your_customer_uid": "6041475e-c5b4-4abe-a8e9-e2c3620a0a3e",
    "some_other_data": "stored on the agreement"
  }
}

The terms  fields are defined in our API docs or use null  for a no limits agreement.

Response:

{
  "data":{
    "ref":"A.ci",
    "initiator_id":"6a0a05c4-8ad9-495d-bcf9-66a7d0046909",
    "authoriser_id":"9fa1be8d-40fb-4bf6-9743-577a1d5a3775",
    "contact_id":"bea8107a-a5b5-4719-92ec-8389ad7aa619",
    "bank_account_id":"91dbef6d-b596-4387-a36c-5a8497822b97",
    "status":"accepted",
    "responded_at":"2018-04-30T04:43:52Z",
    "created_at":"2018-04-30T04:43:52Z",
    "terms":{
      "per_payout":{
        "max_amount":null,
        "min_amount":null
      },
      "per_frequency":{
        "days":null,
        "max_amount":null
      }
    },
    "metadata":{
      "your_customer_uid": "6041475e-c5b4-4abe-a8e9-e2c3620a0a3e",
      "some_other_data": "stored on the agreement"
    }
  }
}

Some important Notes: 

  1. This will only work once ‘KYC Trusted’ is activated on your sandbox account so please wait for confirmation by our support team before testing.

  2. The request is idempotent to safeguard against accidental duplication. For example, if you POST the same payload, it will return the currently live Agreement. 

  3. Once this KYC endpoint is set up, payments requests can be sent to the contact_id. Configuration details can be found at: docs.zeptopayments.com/reference/makeapaymentrequest

Updating Bank Account

Some of your customers, over time, will change their bank account and require you to update their account details within your integration. It is important that this is taken into account and planned in advance to ensure a smooth transition for both your customers and yourself.

If your application relies on metadata that you supply when creating an Agreement, a Bank Connection or the Agreement reference, your application will need to remove the Agreement that is in place with this customer, remove the existing Contact and then send a request to the KYC endpoint to create a new Contact and Agreement within Zepto. This ensures that the correct data is persisted in your application and everything is set up and referenced correctly.

If your application does not rely on any of the above-mentioned data, the process is simpler and you can simply take advantage of the Update a Contact endpoint.

This process is explained in more detail in this article.

Step 3 – Going Live 

Once sandbox testing is complete you simply need to register for a production account and the same approval process as per Step 1 will take place to activate the KYC endpoint.

Usage Checklist:

Zepto's DDRSA is linked to, or the content is included, within your application

Zepto's DDR is linked to, or the content is included, within your application

Did this answer your question?