> ## Documentation Index > Fetch the complete documentation index at: https://handbook.nyotaimara.com/llms.txt > Use this file to discover all available pages before exploring further. # Identity Verification: KYC for Users, KYB for Orgs > Understand how Nyota Imara verifies individual users with KYC and organizations with KYB, including required documents, statuses, and secure file access. Nyota Imara requires verified identities before granting access to sensitive platform features like payment processing and order management. There are two distinct verification tracks: **KYC** (Know Your Customer) for individual users, and **KYB** (Know Your Business) for organizations. Both follow the same status lifecycle and use the same secure, private document storage model. ## Why verification is required Verification exists to keep the platform safe and compliant for all Kenyan businesses. Features that involve moving money or fulfilling orders are gated behind verification status. Until an individual's KYC is `verified`, they cannot access payment-sensitive personal features. Until an organization's KYB is `verified`, billing and commerce endpoints are restricted for that organization. ## KYC — individual user verification KYC verifies the identity of a real person behind a Nyota Imara account. Submit the following three items in a single `POST /v1/kyc` request using `multipart/form-data`: | Field | Type | Description | | --------------- | ------ | ---------------------------------------- | | `idNumber` | string | Your government-issued ID number | | `idFront` | file | Photo of the front of your national ID | | `idBack` | file | Photo of the back of your national ID | | `passportPhoto` | file | A clear passport-style photo of yourself | ```bash theme={null} curl -X POST https://api.nyotaimara.com/v1/kyc \ -H "Authorization: Bearer " \ -F "idNumber=12345678" \ -F "idFront=@id_front.jpg" \ -F "idBack=@id_back.jpg" \ -F "passportPhoto=@passport_photo.jpg" ``` You cannot resubmit KYC while your status is `pending` or `verified`. If your submission is rejected, you may submit again with corrected documents. ## KYB — organization verification KYB verifies that your organization is a legitimately registered Kenyan business. Submit business details and supporting documents at `POST /v1/organizations/:id/kyb` using `multipart/form-data`. Required fields: | Field | Type | Description | | -------------------- | ------ | --------------------------------------------------------------------- | | `businessType` | string | Type of legal entity (e.g., `limited_company`, `sole_proprietorship`) | | `industry` | string | Your business sector (e.g., `logistics`, `retail`) | | `description` | string | Brief description of what your business does | | `registrationNumber` | string | Your official business registration number | In addition to these fields, upload your registration documents as file fields. The accepted file fields vary by `businessType` — for example, a limited company may need to upload a certificate of incorporation and a CR12, while a sole proprietorship may only need a business name registration certificate. ```bash theme={null} curl -X POST https://api.nyotaimara.com/v1/organizations/org_01HXYZ/kyb \ -H "Authorization: Bearer " \ -H "X-Organization-Id: org_01HXYZ" \ -F "businessType=limited_company" \ -F "industry=logistics" \ -F "description=Last-mile courier services across Nairobi" \ -F "registrationNumber=CPR/2019/012345" \ -F "certificateOfIncorporation=@cert_of_inc.pdf" \ -F "cr12=@cr12_document.pdf" ``` KYB accepts any file field name you send, so the document set is flexible. Upload as many fields as your business type requires. Multiple files per field are also supported. ## Verification statuses Both KYC and KYB share the same three-state lifecycle: Your submission has been received and is awaiting manual review by the Nyota Imara compliance team. No action is needed from you at this stage. Gated features remain restricted while review is in progress. Your identity or business has been confirmed. All features available to your tier are now unlocked. For KYC, this status is reflected on your user record. For KYB, `kybStatus` on the organization record changes to `verified`. Your submission did not pass review. The response will include a `rejectionReason` explaining what was wrong. Correct the issue and submit again. A fresh submission clears the previous rejection reason automatically. ## Document security All KYC and KYB documents are stored in a **private bucket** — they are never publicly accessible via a direct URL. When you retrieve your KYC or KYB record, Nyota Imara generates **time-limited presigned URLs** for each document on the fly. These URLs are valid for **15 minutes (900 seconds)** from the time of the request. After they expire, fetch the record again to get fresh URLs. ```json theme={null} // Example: GET /v1/kyc/me response { "status": "verified", "idNumber": "12345678", "documents": { "idFrontUrl": "https://cdn.nyotaimara.com/private-kyc/...?X-Amz-Expires=900&...", "idBackUrl": "https://cdn.nyotaimara.com/private-kyc/...?X-Amz-Expires=900&...", "passportPhotoUrl": "https://cdn.nyotaimara.com/private-kyc/...?X-Amz-Expires=900&..." }, "verifiedAt": "2025-03-14T08:22:00.000Z" } ``` Do not cache or store presigned document URLs. They expire after 15 minutes. Always re-fetch the KYC or KYB record to get a valid URL at the time you need it. ## Checking verification status Retrieve your own KYC status and documents at any time: ```bash theme={null} GET /v1/kyc/me Authorization: Bearer ``` Retrieve your organization's KYB status and documents: ```bash theme={null} GET /v1/organizations/:id/kyb Authorization: Bearer X-Organization-Id: :id ```