Skip to main content
Nyota Imara requires verified identities before granting access to sensitive platform features like payment processing and order management. There are two distinct verification tracks: KYC (Know Your Customer) for individual users, and KYB (Know Your Business) for organizations. Both follow the same status lifecycle and use the same secure, private document storage model.

Why verification is required

Verification exists to keep the platform safe and compliant for all Kenyan businesses. Features that involve moving money or fulfilling orders are gated behind verification status. Until an individual’s KYC is verified, they cannot access payment-sensitive personal features. Until an organization’s KYB is verified, billing and commerce endpoints are restricted for that organization.

KYC — individual user verification

KYC verifies the identity of a real person behind a Nyota Imara account. Submit the following three items in a single POST /v1/kyc request using multipart/form-data:
FieldTypeDescription
idNumberstringYour government-issued ID number
idFrontfilePhoto of the front of your national ID
idBackfilePhoto of the back of your national ID
passportPhotofileA clear passport-style photo of yourself
curl -X POST https://api.nyotaimara.com/v1/kyc \
  -H "Authorization: Bearer <token>" \
  -F "idNumber=12345678" \
  -F "idFront=@id_front.jpg" \
  -F "idBack=@id_back.jpg" \
  -F "passportPhoto=@passport_photo.jpg"
You cannot resubmit KYC while your status is pending or verified. If your submission is rejected, you may submit again with corrected documents.

KYB — organization verification

KYB verifies that your organization is a legitimately registered Kenyan business. Submit business details and supporting documents at POST /v1/organizations/:id/kyb using multipart/form-data. Required fields:
FieldTypeDescription
businessTypestringType of legal entity (e.g., limited_company, sole_proprietorship)
industrystringYour business sector (e.g., logistics, retail)
descriptionstringBrief description of what your business does
registrationNumberstringYour official business registration number
In addition to these fields, upload your registration documents as file fields. The accepted file fields vary by businessType — for example, a limited company may need to upload a certificate of incorporation and a CR12, while a sole proprietorship may only need a business name registration certificate. 
curl -X POST https://api.nyotaimara.com/v1/organizations/org_01HXYZ/kyb \
  -H "Authorization: Bearer <token>" \
  -H "X-Organization-Id: org_01HXYZ" \
  -F "businessType=limited_company" \
  -F "industry=logistics" \
  -F "description=Last-mile courier services across Nairobi" \
  -F "registrationNumber=CPR/2019/012345" \
  -F "certificateOfIncorporation=@cert_of_inc.pdf" \
  -F "cr12=@cr12_document.pdf"
KYB accepts any file field name you send, so the document set is flexible. Upload as many fields as your business type requires. Multiple files per field are also supported.

Verification statuses

Both KYC and KYB share the same three-state lifecycle:
Your submission has been received and is awaiting manual review by the Nyota Imara compliance team. No action is needed from you at this stage. Gated features remain restricted while review is in progress.
Your identity or business has been confirmed. All features available to your tier are now unlocked. For KYC, this status is reflected on your user record. For KYB, kybStatus on the organization record changes to verified.
Your submission did not pass review. The response will include a rejectionReason explaining what was wrong. Correct the issue and submit again. A fresh submission clears the previous rejection reason automatically.

Document security

All KYC and KYB documents are stored in a private bucket — they are never publicly accessible via a direct URL. When you retrieve your KYC or KYB record, Nyota Imara generates time-limited presigned URLs for each document on the fly. These URLs are valid for 15 minutes (900 seconds) from the time of the request. After they expire, fetch the record again to get fresh URLs. 
// Example: GET /v1/kyc/me response
{
  "status": "verified",
  "idNumber": "12345678",
  "documents": {
    "idFrontUrl": "https://cdn.nyotaimara.com/private-kyc/...?X-Amz-Expires=900&...",
    "idBackUrl": "https://cdn.nyotaimara.com/private-kyc/...?X-Amz-Expires=900&...",
    "passportPhotoUrl": "https://cdn.nyotaimara.com/private-kyc/...?X-Amz-Expires=900&..."
  },
  "verifiedAt": "2025-03-14T08:22:00.000Z"
}
Do not cache or store presigned document URLs. They expire after 15 minutes. Always re-fetch the KYC or KYB record to get a valid URL at the time you need it.

Checking verification status

Retrieve your own KYC status and documents at any time: 
GET /v1/kyc/me
Authorization: Bearer <token>
Retrieve your organization’s KYB status and documents: 
GET /v1/organizations/:id/kyb
Authorization: Bearer <token>
X-Organization-Id: :id