Overview of Implementation
Business Scenario
This API supports verification between regulated and non-regulated exchanges, providing both before-on-chain and after-on-chain verification capabilities.
*before-on-chain is aims to verify beneficiary and send originator info.
*after-on-chain is aims to verify originator info and send beneficairy info.
Key properties of the regularized verification solution:
This verification enables VASPs to initiate requests to confirm PII identity in the following scenarios:
-
(In case to receive assets from non-regulated exchanges)
As the assets receiver (Beneficiary), you can initiate verification with the assets sender (Originator) after receiving assets (after on-chain verification).
-
(In case to send assets to regulated/non-regulated exchanges)
As the assets sender (Originator), you can initiate verification with the assets receiver (Beneficiary) before sending assets (before on-chain verification).
PII is sent using Curve25519 encrypted payload as the standard. The receiving VASP (Verification Target) performs verification and provides results.
* Other supported algorithm please refer to: Secret Algorithm in GTR
The API invocation flow varies by role:
Regulated VASP (You initiate a Travel Rule)
All initiators should follow the standard process, then choose either Case 1 or Case 2. Once you select a case, the direction is determined and cannot be changed.
- Invoke VASP list API (Common API 1) to find the target VASP
- Invoke Address Labeling Detection (Initiator API 1) to check the actual VASP entity
Case 1: Regulated VASP (You initiate a travel rule) to Regulated VASP (Beneficiary)
This case assumes that you're the assets sender, and you want to check the user identity from the opposite (Assets Beneficiary), which means this is before on-chain.
- Invoke One Step Travel Rule API (Initiator API 1) to initiate a travel rule.
GTR will help you to do Address verification and PII Verification sequentially in the background, if address verification not pass, PII won't send out.
- (Start assets transaction, wait for on-chain from your side)
- Invoke Report TX ID (Originator API 2) to tell the opposite VASP the actual on-chain transaction ID. (*Even PII Verification failed, you still need to update tx id if you have initiate the blockchain transaction)
Case 2: Regulated VASP (You initiate a travel rule) to Non-Regulated VASP (Originator)
This case assumes that you're the receiver of the assets, and you want to check the user identity from the assets sender, which means this is after on-chain.
- Invoke One Step Travel Rule API (Initiator API 1) to initiate a travel rule.
GTR will help you to do TX ID verification and PII Verification sequentially in the background, if TX ID verification not pass, PII won't send out.
- (DONE)
For Receiver, Both Regulated VASP (Beneficiary) and Non-Regulated VASP (Originator)
Whether you are which case is above, you should implement all the callback API endpoints. It's simple to make a one callback url, and GTR will give the different callbackType with the data in the inner clause “data”. The implementation details please check in below sections.
- Address Verification (Receive address and check whether exists in your service)
- TX Verification (Receive txId and check whether exists in your service)
- PII Verification (Receive encrypted PII and decrypt, check the PII is match with the user in your service)
- Receive TX Notify (Receive txId after on chain)
- End of Flow Notify
- Address Routing Callback (*only if you have multiple local entity)
Implementation - Receiver
Deposit Process - Beneficiary
- [THEM] Initiate travel rule request
- [YOU] Received address verification
- [YOU] Received PII verification
- [THEM] Transfer assets on chain
- [YOU] Received TX ID Update
- [YOU] Received Cancel Update
Withdraw Process - Originator
- [YOU] Transfer assets on chain
- [THEM] Initiate travel rule request
- [YOU] Received TX ID Verification
- [THEM] Process deposit to user
Implementation - Initiator
Withdrawal Process - Originator
- [YOU] Let your user select dropdown
- [YOU] Initiate
Before on chaintravel rule by selectedvaspCode
Deposit Process
- [YOU] Received / Get blockchain scan notified
- [YOU] Wait for 1 minutes (Wait for get tx id notify)
- [YOU] Search the transaction id in your database to check if have received any PII records
- if exists => deposit (DONE)
- if not exists => initiate travel rule (keep see next 4.)
- [YOU] Pop questionnaire ask user where is the funds come from
i. if selected VASP in GTR, then initiate After on chain travel rule
ii. if not exists => save in local.
Perspective And Naming
Assets Transfer Perspective
| Name | Description |
|---|---|
| OriginatorVASP | Which exchange send the assets |
| BeneficiaryVASP | Which exchange receive assets |
| Originator | Who send the assets (Withdraw User) |
| Beneficiary | Who receive the assets(Deposit User) |
Travel Rule API Request Perspective
| Name | Description |
|---|---|
| InitiatorVASP | Which exchange initiate the travel rule API (usually be REST API Caller) |
| ReceiverVASP | Which exchange receive the travel rule Callback (usually be WebHook Server) |