Sumsub KYC/AML API

Comprehensive KYC/AML verification platform offering ID document verification, liveness detection, AML screening, and business (KYB) verification via REST API and SDKs, popular with crypto exchanges and lending platforms.

Evaluated Mar 06, 2026 (0d ago) vcurrent

Homepage ↗ Repo ↗ Security kyc aml identity-verification compliance crypto fintech rest-api sdk business-verification sanctions

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

100

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

SOC2 Type II, ISO27001, and GDPR compliant. HMAC request signing adds integrity layer beyond API key. Processes biometric and document data. Data residency options for EU. FATF guidance alignment for AML screening. No per-key scoping remains a gap.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You're building a regulated crypto, lending, or fintech product and need a single vendor covering ID verification, AML screening, and business verification with a developer-friendly API and reasonable pricing transparency.

Avoid When

You need a fully white-labeled experience with complete UI control, or your verification needs are primarily US-centric where Plaid offers a more integrated financial data approach.

Use Cases

• KYC onboarding for crypto exchanges — verify users with ID + liveness before allowing trading
• AML screening against global sanctions lists, PEP databases, and adverse media
• Business verification (KYB) for B2B platforms requiring entity due diligence
• Automated re-verification workflows for ongoing monitoring
• Risk-tiered verification flows that escalate checks based on transaction volume or risk signals

Not For

• Pure data-source identity checks without document capture (use Trulioo for that)
• Instant programmatic checks without user interaction — document verification requires user participation
• Very small teams without budget for enterprise KYC tooling

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

SDK

Yes

Webhooks

Yes

Authentication

Methods: api_key hmac_signature

OAuth: No Scopes: No

App token + secret key for server-to-server calls. Request signing via HMAC-SHA256 digest included in Authorization header. Access tokens generated per-applicant for SDK initialization. No per-key scoping — single app token carries full account access.

Pricing

Model: usage-based

Free tier: No

Requires CC: Yes

Sandbox available for free development. Production pricing negotiated but Sumsub is more open about pricing structure than Jumio or Trulioo. Pricing varies by verification type (ID only vs ID + AML vs KYB).

Agent Metadata

Pagination

cursor

Idempotent

Partial

Retry Guidance

Documented

Known Gotchas

⚠ Verification is async — agents must implement webhook handler to receive review results; polling is discouraged
⚠ HMAC request signing is mandatory and easy to miscalculate — signature covers method + timestamp + URL path + body
⚠ Applicant status machine has multiple states (pending, queued, completed, onHold) — agents need state machine logic, not just binary pass/fail
⚠ AML monitoring requires separate subscription after initial KYC — not automatic
⚠ Re-verification triggers when document expires — agents must handle reinitiation workflows
⚠ Business verification (KYB) requires substantially more data fields than individual KYC — separate flow, not just a flag

Alternatives

jumio-api trulioo-api plaid-identity-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Sumsub KYC/AML API.

$99

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.