Overview

The 2025-03-24 API version represents a significant evolution in the Kompliant API architecture, introducing a new authentication mechanism, standardized messaging format, and a comprehensive set of methods for managing entities within the compliance lifecycle.

Current Status: Released and Under Development - This API version is released but new methods and additional fields are continually being added to the API. While the API is still Under Development, all prior API versions (v1-3) will continue to be supported. Methods, parameters, and responses may be refined before the final release.

Structural Changes: This release transitions from a REST-based architecture to an HTTP RPC-style API with standardized request/response patterns and enhanced security protocols.

Changelog

Authentication System

The API has transitioned from Basic Auth to a signature-based authentication mechanism called "Kompliant Signature Version 1" (KSig1). This new system provides enhanced security options including request signing, timestamp verification, and nonce validation to mitigate replay and man-in-the-middle attacks.

Versioning Approach

Versioning has changed from endpoint-specific ordinal versioning (v1, v2, v3) to a date-based versioning system (YYYY-MM-DD) that applies to the entire API as a unit. Version selection is now handled via the X-API-Version header.

Messaging Format

All API methods now follow a standardized HTTP RPC pattern with consistent URLs in the form of https://api.kompliant.com/<method_family>.<method>. Even for read operations that would traditionally use GET requests, the API now standardizes on POST methods with JSON request bodies.

Response Structure

Responses now follow a consistent pattern with standardized metadata, clear error handling, and predictable data structures, making integration more straightforward across all methods.

Entity Management Methods

The following methods have been introduced for comprehensive entity lifecycle management:

Account Methods

• account.documentType.list

Bank Account Methods

• bankAccount.create
• bankAccount.delete
• bankAccount.get
• bankAccount.list
• bankAccount.update

Business Methods

• business.addBankAccount
• business.addOwner
• business.create
• business.delete
• business.get
• business.getBankAccount
• business.getOwner
• business.listBankAccounts
• business.listOwners
• business.removeBankAccount
• business.removeOwner
• business.salesInfo.create
• business.salesInfo.delete
• business.salesInfo.get
• business.salesInfo.update
• business.update
• business.updateBankAccount
• business.addLocation
• business.getLocation
• business.listLocations
• business.removeLocation

Document Methods

• document.create
• document.delete
• document.get
• document.getDownload
• document.list

Location Methods

• location.create
• location.get
• location.list
• location.update
• location.delete
• location.addBankAccount
• location.getBankAccount
• location.listBankAccounts
• location.removeBankAccount

Metadata Methods

• metadata.type.define
• metadata.create
• metadata.update
• metadata.get
• metadata.list
• metadata.links.add
• metadata.links.get
• metadata.links.remove

Person Methods

• person.create
• person.delete
• person.get
• person.list
• person.update
• person.issuedIdentifiers.create
• person.issuedIdentifiers.get
• person.issuedIdentifiers.list
• person.issuedIdentifiers.update
• person.issuedIdentifiers.delete

Subject Record Methods

• subjectRecord.create
• subjectRecord.get
• subjectRecord.list
• subjectRecord.delete

Workflow Methods

• workflow.canComplete
• workflow.complete
• workflow.create
• workflow.update
• workflow.delete
• workflow.get
• workflow.list
• workflow.requiredDocument.batchAdd
• workflow.requiredDocument.batchRequestDocuments
• workflow.requiredDocument.calculate
• workflow.requiredDocument.events.list
• workflow.requiredDocument.fulfillment.addComment
• workflow.requiredDocument.fulfillment.batchAdd
• workflow.requiredDocument.fulfillment.delete
• workflow.requiredDocument.fulfillment.list
• workflow.requiredDocument.fulfillment.update
• workflow.requiredDocument.list
• workflow.start
• workflow.defenseDocument.generate
• workflow.defenseDocument.list
• workflow.defenseDocument.getDownload
• workflow.applicationSummary.getDownload
• workflow.agreement.list
• workflow.agreement.getDownload
• workflow.pricing.calculate
• workflow.pricing.get

Webhook Methods

• webhook.key.activate
• wekhook.key.create
• webhook.key.get
• webhook.config.create
• webhook.config.list
• webhook.config.get
• webhook.config.delete
• webhook.config.update

Account Provisioning Methods

• mbtrust.create
• mbtrust.execute
• mbtrust.canExecute
• mbtrust.get
• propay.create
• propay.get
• propay.canExecute
• propay.execute

Breaking Changes

The following changes will require updates to existing integrations:

Authentication Mechanism: The move from Basic Auth to KSig1 signature-based authentication requires implementing new authentication code and credential management.

Request Format: All requests now use POST with JSON bodies, even for operations that previously used GET, PUT, or DELETE methods.

Versioning System: Applications that relied on endpoint-specific versioning will need to adopt the new date-based versioning approach via the X-API-Version header.

Response Structure: The standardized response structure may require adjustments to how your application parses and processes API responses.

Entity Relationships: The new relationship-based architecture between entities (Business owners, bank accounts, etc.) introduces a different conceptual model that may require rethinking how you manage data.

We recommend beginning migration planning early, as these changes will eventually replace the functionality in the v1-3 APIs. A detailed migration guide will be provided when the v1-3 APIs are officially deprecated.