Skip to main content
Search

09-PII Verify Failed (Legal Person / Pre-Transaction)

  • Pre-Transaction Approval - PII Verification failure for Legal Person beneficiary.
  • This test case submits a correct wallet address but with incorrect legal person PII data to targetVaspCode: gdummy.
  • In the received verification result, at least one item in verifyFields will have status 2 (mismatch).

Expected Request (VASP → GTR)

  • Method: POST
  • Base URL: https://uat-platform.globaltravelrule.com
  • Endpoint: /api/verify/v2/one_step
  • Authentication:
    • mTLS (Mutual Transport Layer Security) when sending the API
    • JWT Bearer Token or App Token authentication via Authorization header
  • Header:
    • Content-Type: application/json
    • Authorization: Bearer [JWT_TOKEN] or X-Authorization: [APP_TOKEN]
  • Body:
{
    "requestId": "[YOUR_REQUEST_ID]",
    "network": "[NETWORK_NAME]",
    "address": "[BENEFICIARY_ADDRESS]",
    "tag": "[TAG]",
    "txId": null,
    "verifyDirection": 2,
    "targetVaspCode": "gdummy",
    "ticker": "[TICKER_NAME]",
    "amount": "[CRYPTO_TRANSFER_AMOUNT]",
    "fiatName": "USD",
    "fiatPrice": "[FIAT_RATIO_PRICE]",
    "sourceVaspCode": "",
    "expectVerifyFields": [
        "111001",
        "111022",
        "111003"
    ],
    "piiSecuredInfo": {
        "initiatorKeyInfo": {
            "publicKey": "[YOUR_PUBLIC_KEY]"
        },
        "piiSecretFormatType": "FULL_JSON_OBJECT_ENCRYPT",
        "piiSpecVersion": "ivms101-2020",
        "receiverKeyInfo": {
            "publicKey": "[THEIR_PUBLIC_KEY]"
        },
        "secretAlgorithm": "ed25519_curve25519",
        "securedPayload": "[PII_ENCRYPTED_PAYLOAD_WITH_INCORRECT_DATA]"
    }
}
set -e

export CURL_SSL_BACKEND="openssl"
randomRequestId="test-"$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c "12")"-"$(date '+%Y%m%d%H%M%S')

curl -v --silent --location --request POST 'https://uat-platform.globaltravelrule.com/api/verify/v2/one_step' \
    -k --cert ./certificate.pem --key ./privateKey.pem \
    --header 'Content-Type: application/json' \
    # Please use one of Authorization or X-Authorization
    --header 'Authorization: Bearer [JWT_TOKEN]' \
    --header 'X-Authorization: [APP_TOKEN]' \
    --data-raw "{
        \"requestId\": \"$randomRequestId\",
        \"network\": \"[NETWORK_NAME]\",
        \"address\": \"[BENEFICIARY_ADDRESS]\",
        \"tag\": \"[TAG]\",
        \"txId\": null,
        \"verifyDirection\": 2,
        \"targetVaspCode\": \"gdummy\",
        \"ticker\": \"[TICKER_NAME]\",
        \"amount\": \"[CRYPTO_TRANSFER_AMOUNT]\",
        \"fiatName\": \"USD\",
        \"fiatPrice\": \"[FIAT_RATIO_PRICE]\",
        \"sourceVaspCode\": \"\",
        \"expectVerifyFields\": [
            \"111001\",
            \"111022\",
            \"111003\"
        ],
        \"piiSecuredInfo\": {
            \"initiatorKeyInfo\": {
                \"publicKey\": \"[YOUR_PUBLIC_KEY]\"
            },
            \"piiSecretFormatType\": \"FULL_JSON_OBJECT_ENCRYPT\",
            \"piiSpecVersion\": \"ivms101-2020\",
            \"receiverKeyInfo\": {
                \"publicKey\": \"[THEIR_PUBLIC_KEY]\"
            },
            \"secretAlgorithm\": \"ed25519_curve25519\",
            \"securedPayload\": \"[PII_ENCRYPTED_PAYLOAD_WITH_INCORRECT_DATA]\"
        }
    }"

Hint:

  • targetVaspCode is fixed as gdummy for testing verification results
  • verifyDirection is set to 2 for Pre-Transaction Approval
  • txId is null for Pre-Transaction scenario
  • expectVerifyFields must include correct Legal Person verification field codes
  • 111001: Beneficiary Legal Person Name
  • 111022: Beneficiary Legal Person Country of Registration
  • 111003: Beneficiary Legal Person National Identifier ID
  • Submit intentionally incorrect Legal Person PII data to trigger verification failures

Materials:

Expected Response (GTR → VASP)

When the PII verification fails, the system returns:

  • HTTP Status Code: 200
  • verifyStatus: 100000(success) or 200003(pii verification failed)
  • At least one item in verifyFields has status 2 (mismatch).
  • In this example, even if verifyStatus is 100000, you can see that fields 111022 and 111003 have status 2 (mismatch), indicating PII verification failures.
  • ⚠️Important: verifyStatus may be either 100000(success) or 200003(pii verification failed). Do NOT rely solely on verifyStatus for decision-making. Make sure to check each verifyFields results and make your decisions based on your business/compliance requirements.
{
    "data": {
        "targetVaspCode": "gdummy",
        "requestId": "[YOUR_REQUEST_ID]",
        "verifyFields": [
            {
                "message": "matched",
                "status": 1,
                "type": "111001"
            },
            {
                "message": "country of registration mismatch",
                "status": 2,
                "type": "111022"
            },
            {
                "message": "national identifier mismatch",
                "status": 2,
                "type": "111003"
            }
        ],
        "piiSecuredInfo": {
            "initiatorKeyInfo": {
                "publicKey": "[YOUR_PUBLIC_KEY]"
            },
            "piiSecretFormatType": "FULL_JSON_OBJECT_ENCRYPT",
            "piiSpecVersion": "ivms101-2020",
            "receiverKeyInfo": {
                "publicKey": "[THEIR_PUBLIC_KEY]"
            },
            "secretAlgorithm": "ed25519_curve25519",
            "securedPayload": "[PII_FROM_BENEFICIARY]"
        }
    },
    "verifyMessage": "Verification Success" or "PII Verify Failed",
    "verifyStatus": 100000 or 200003,
    "verifyStage": "PII_VERIFICATION"
}