Skip to main content
Search

16-PII Verify Failed (Natural Person / Post-Transaction)

  • Post-Transaction Approval - PII Verification failure for Natural Person originator.
  • This test case verifies a correct TXID but submits incorrect natural person PII data placed in the Originator field to targetVaspCode: gdummy.
  • In the received verification result, at least one item in verifyFields will have status 2 (mismatch).

Expected Request (VASP → GTR)

  • Method: POST
  • Base URL: https://uat-platform.globaltravelrule.com
  • Endpoint: /api/verify/v2/one_step
  • Authentication:
    • mTLS (Mutual Transport Layer Security) when sending the API
    • JWT Bearer Token or App Token authentication via Authorization header
  • Header:
    • Content-Type: application/json
    • Authorization: Bearer [JWT_TOKEN] or X-Authorization: [APP_TOKEN]
  • Body:
{
    "requestId": "[YOUR_REQUEST_ID]",
    "network": "[NETWORK_NAME]",
    "address": "[ORIGINATOR_ADDRESS]",
    "tag": "[TAG]",
    "txId": "[VALID_TX_ID]",
    "verifyDirection": 1,
    "targetVaspCode": "gdummy",
    "ticker": "[TICKER_NAME]",
    "amount": "[CRYPTO_TRANSFER_AMOUNT]",
    "fiatName": "USD",
    "fiatPrice": "[FIAT_RATIO_PRICE]",
    "sourceVaspCode": "",
    "expectVerifyFields": [
        "100026",
        "100025",
        "100045"
    ],
    "piiSecuredInfo": {
        "initiatorKeyInfo": {
            "publicKey": "[YOUR_PUBLIC_KEY]"
        },
        "piiSecretFormatType": "FULL_JSON_OBJECT_ENCRYPT",
        "piiSpecVersion": "ivms101-2020",
        "receiverKeyInfo": {
            "publicKey": "[THEIR_PUBLIC_KEY]"
        },
        "secretAlgorithm": "ed25519_curve25519",
        "securedPayload": "[PII_ENCRYPTED_PAYLOAD_WITH_INCORRECT_DATA]"
    }
}
set -e

export CURL_SSL_BACKEND="openssl"
randomRequestId="test-"$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c "12")"-"$(date '+%Y%m%d%H%M%S')

curl -v --silent --location --request POST 'https://uat-platform.globaltravelrule.com/api/verify/v2/one_step' \
    -k --cert ./certificate.pem --key ./privateKey.pem \
    --header 'Content-Type: application/json' \
    # Please use one of Authorization or X-Authorization
    --header 'Authorization: Bearer [JWT_TOKEN]' \
    --header 'X-Authorization: [APP_TOKEN]' \
    --data-raw "{
        \"requestId\": \"$randomRequestId\",
        \"network\": \"[NETWORK_NAME]\",
        \"address\": \"[ORIGINATOR_ADDRESS]\",
        \"tag\": \"[TAG]\",
        \"txId\": \"[VALID_TX_ID]\",
        \"verifyDirection\": 1,
        \"targetVaspCode\": \"gdummy\",
        \"ticker\": \"[TICKER_NAME]\",
        \"amount\": \"[CRYPTO_TRANSFER_AMOUNT]\",
        \"fiatName\": \"USD\",
        \"fiatPrice\": \"[FIAT_RATIO_PRICE]\",
        \"sourceVaspCode\": \"\",
        \"expectVerifyFields\": [
            \"100026\",
            \"100025\",
            \"100045\"
        ],
        \"piiSecuredInfo\": {
            \"initiatorKeyInfo\": {
                \"publicKey\": \"[YOUR_PUBLIC_KEY]\"
            },
            \"piiSecretFormatType\": \"FULL_JSON_OBJECT_ENCRYPT\",
            \"piiSpecVersion\": \"ivms101-2020\",
            \"receiverKeyInfo\": {
                \"publicKey\": \"[THEIR_PUBLIC_KEY]\"
            },
            \"secretAlgorithm\": \"ed25519_curve25519\",
            \"securedPayload\": \"[PII_ENCRYPTED_PAYLOAD_WITH_INCORRECT_DATA]\"
        }
    }"

Hint:

  • targetVaspCode is fixed as gdummy for testing verification results
  • verifyDirection is set to 1 for Post-Transaction Approval
  • txId is required and must be a valid blockchain transaction ID for Post-Transaction scenarios
  • address is the originator address (FROM address) in Post-Transaction scenarios
  • Important: PII information should be placed in the Originator field in the IVMS payload, not Beneficiary
  • expectVerifyFields must include correct Originator Natural Person verification field codes
  • 100026: Originator Natural Person Name
  • 100025: Originator Natural Person Date of Birth
  • 100045: Originator Natural Person National ID
  • Submit intentionally incorrect Natural Person PII data to trigger verification failures

Materials:

Expected Response (GTR → VASP)

When the PII verification fails, you will receive:

  • HTTP Status Code: 200
  • verifyStatus: 100000(success) or 200003(pii verification failed)
  • verifyStage: PII_VERIFICATION (indicates prior stage TRANSACTION_VERIFICATION has already passed)
  • At least one item in verifyFields has status 2 (mismatch).
  • In this example, even if verifyStatus is 100000, you can see that fields 100025 and 100045 have status 2 (mismatch), indicating PII verification failures.
  • ⚠️Important: verifyStatus may be either 100000(success) or 200003(pii verification failed). Do NOT rely solely on verifyStatus for decision-making. Make sure to check each verifyFields results and make your decisions based on your business/compliance requirements.
{
    "data": {
        "targetVaspCode": "gdummy",
        "requestId": "[YOUR_REQUEST_ID]",
        "verifyFields": [
            {
                "message": "matched",
                "status": 1,
                "type": "100026"
            },
            {
                "message": "date of birth mismatch",
                "status": 2,
                "type": "100025"
            },
            {
                "message": "national id mismatch",
                "status": 2,
                "type": "100045"
            }
        ],
        "piiSecuredInfo": {
            "initiatorKeyInfo": {
                "publicKey": "[YOUR_PUBLIC_KEY]"
            },
            "piiSecretFormatType": "FULL_JSON_OBJECT_ENCRYPT",
            "piiSpecVersion": "ivms101-2020",
            "receiverKeyInfo": {
                "publicKey": "[THEIR_PUBLIC_KEY]"
            },
            "secretAlgorithm": "ed25519_curve25519",
            "securedPayload": "[PII_FROM_ORIGINATOR]"
        }
    },
    "verifyMessage": "Verification Success" or "PII Verify Failed",
    "verifyStatus": 100000 or 200003,
    "verifyStage": "PII_VERIFICATION"
}