CKYC API Flow

Overview

The CKYC API Flow provides real-time access to India's Central KYC registry maintained by CERSAI. Search for customer records, verify identity via OTP, and download comprehensive KYC data — for both individuals and legal entities.

Category Details

Parent Category: CKYC
APIs in this category: CKYC Search, CKYC Generate OTP, CKYC Download, CKYC Download Legal

Prerequisites

Before you begin, ensure you have the following:

Requirement	Description
FI Code	Financial Institution code issued by CERSAI
Private Key	Your organization's private key registered with the platform
JWT Token	Bearer token for API authentication
CERSAI Registration	Your organization must be a CERSAI-registered regulated entity (bank, NBFC, RIA, etc.)

Getting Started

Contact your account manager to obtain your FI code and register your private key. Once configured, you can start making API calls immediately in the sandbox environment.

API Workflows

Individual Flow

Search — Submit an identity document to check if the customer exists in CKYC. Returns a client_id.

Generate OTP — Send client_id + customer's registered mobile number. An OTP is sent via SMS. Returns a download_client_id.

Download — Submit download_client_id + OTP to retrieve the complete KYC package.

Heads Up

OTP submission is limited to 3 attempts per session. After 3 failed attempts, you must restart from the Generate OTP step.

Legal Entity Flow

Search — Submit the entity's identity document to get a client_id.

Download Legal — Submit client_id + an authentication factor (see table below) to retrieve the complete legal entity profile.

Supported Document Types

The Search API accepts the following identity document types:

Document Type	Value	Format / Example
PAN	`PAN`	10-character alphanumeric (e.g., `ABCDE1234F`)
Aadhaar	`AADHAAR`	12-digit number
Voter ID	`VOTER`	Alphanumeric (e.g., `ABC1234567`)
Driving License	`DRIVING_LICENSE`	State-specific format (e.g., `DL0420190012345`)
Passport	`PASSPORT`	8-character alphanumeric (e.g., `A1234567`)
CKYC Number	`CKYC_NUMBER`	14-digit number

INFO

document_type is optional on the Search API. If omitted, the request is treated as a PAN search.

Download Authentication Factors

For legal entity downloads, one of the following authentication factors is required:

Factor	Parameter	Format	Notes
Date of Incorporation	`dob`	`YYYY-MM-DD` or `DD-MM-YYYY`	Most commonly used
Pincode	`pincode`	6-digit numeric	Entity's registered pincode

INFO

Either dob or pincode must be provided — not both. For individual downloads, authentication is handled via OTP instead.

What You Get Back

Individual Download

Data Category	Details
Personal Details	Full name, DOB, gender, PAN, mobile, email, father's/mother's name
Addresses	Permanent and correspondence addresses with full components
Identity Documents	List of registered identity documents with verification status
Images	Photograph (JPEG) and identity document scans (JPEG/PDF), Base64 encoded
Related Persons	Family/related person details (if available)

Legal Entity Download

Data Category	Details
Entity Details	Full name, PAN, constitution type, date of incorporation, TIN/GST
Addresses	Registered and correspondence addresses
Related Persons	Directors, signatories, beneficial owners — with full personal details, DIN, photos
Identity Documents	Certificate of incorporation, registration certificates with verification status
Images	Entity documents, Base64 encoded
Record Counts	Update and download counts over last 5 years

Common Use Cases

Banking & Finance

Insurance & NBFCs

Fintech

Customer onboarding with pre-verified KYC data

Loan processing with verified borrower profiles

Corporate due diligence using legal entity KYC records

Periodic KYC reviews for existing customers

Integration Best Practices

Key Guidelines

Sequential flow — Always complete Search before OTP/Download. A failed search should not proceed to subsequent steps.

Error handling — Handle all error codes (400, 422, 500) gracefully. See individual endpoint docs for specific error responses.

Rate limits — Daily limits apply to OTP generation and downloads per customer.

Consent — Implement proper customer consent mechanisms before accessing their CKYC information.

Audit logging — Maintain logs of all searches and downloads for regulatory compliance.

Important Limitations

Only CERSAI-registered regulated entities can access these APIs

Your organization must have a valid FI code

Customer consent may be required before accessing their CKYC information

Downloaded data must be handled in compliance with data protection regulations (IT Act, PMLA, RBI guidelines)

API Flow

CKYC API Flow#

Overview#

Prerequisites#

API Workflows#

Individual Flow#

Legal Entity Flow#

Supported Document Types#

Download Authentication Factors#

What You Get Back#

Individual Download#

Legal Entity Download#

Common Use Cases#

Integration Best Practices#

CKYC API Flow

Overview

Prerequisites

API Workflows

Individual Flow

Legal Entity Flow

Supported Document Types

Download Authentication Factors

What You Get Back

Individual Download

Legal Entity Download

Common Use Cases

Integration Best Practices