What is Sumsub primarily used for?

Sumsub is primarily used for global identity verification, Anti-Money Laundering (AML) screening, and fraud prevention, particularly for businesses in regulated industries like fintech and crypto that require robust Know Your Customer (KYC) and Know Your Business (KYB) compliance.

Does Sumsub offer a free plan for developers?

Yes, Sumsub provides a 'Free Starter Plan' that allows developers to test core functionalities and integrate the API before committing to a paid subscription.

Which compliance standards does Sumsub adhere to?

Sumsub adheres to several key compliance standards, including GDPR, SOC 2 Type II, ISO 27001, and CCPA, to ensure data security and regulatory alignment.

What types of SDKs does Sumsub provide?

Sumsub offers a range of SDKs for various platforms, including Android, iOS, Web SDK (JavaScript), Flutter, and React Native, to facilitate integration into different application environments.

Can Sumsub verify identities globally?

Yes, Sumsub supports the verification of over 6,500 document types from more than 220 countries and territories, enabling global identity verification capabilities.

What is the difference between KYC and KYB in Sumsub?

KYC (Know Your Customer) refers to verifying individual users, typically involving ID documents and biometrics. KYB (Know Your Business) refers to verifying legal entities, including company registration, ownership structures, and beneficial owners.

How does Sumsub help with fraud prevention?

Sumsub helps with fraud prevention through various mechanisms, including liveness detection, document authenticity checks, behavioral analysis, and screening against fraud databases to identify and mitigate risks like identity theft and account takeover.

Sumsub — Identity Verification and AML Compliance Platform

Sumsub provides an identity verification and compliance platform designed for Know Your Customer (KYC), Know Your Business (KYB), and Anti-Money Laundering (AML) processes. It offers tools for fraud prevention, liveness detection, and age verification to help businesses meet regulatory requirements and secure onboarding workflows globally.

Overview

Sumsub offers a comprehensive platform for identity verification, anti-money laundering (AML) compliance, and fraud prevention. Established in 2015, the company provides a suite of tools designed to assist businesses, particularly in regulated sectors such as fintech and cryptocurrency, with their Know Your Customer (KYC) and Know Your Business (KYB) obligations. The platform is built to support global operations, providing solutions for verifying user identities across various jurisdictions while adhering to local and international regulations like GDPR and CCPA Sumsub compliance page.

The core functionality of Sumsub revolves around automating and streamlining the onboarding process. This includes verifying government-issued IDs, performing liveness detection to prevent impersonation, and conducting AML screening against watchlists and sanctions lists. The platform's API and SDKs enable developers to integrate these capabilities directly into their applications, supporting a range of platforms including web, iOS, Android, Flutter, and React Native. This allows for customized user flows and a consistent brand experience during the verification process.

Sumsub's offerings extend beyond basic identity checks to include advanced fraud prevention mechanisms. This encompasses analyzing behavioral patterns, detecting synthetic identities, and identifying document tampering. By combining these different layers of verification and fraud detection, Sumsub aims to reduce the risk associated with onboarding new users and businesses. The platform is particularly suited for organizations that require a high degree of regulatory compliance and robust security measures in their customer acquisition strategies. According to a report by Forrester, the market for identity verification solutions is experiencing growth due to increasing digital transactions and evolving regulatory landscapes, emphasizing the importance of comprehensive platforms like Sumsub Forrester report on Identity and Access Management.

Key features

KYC (Know Your Customer): Automated identity verification, including document checks, facial biometrics, and liveness detection for individual users.
KYB (Know Your Business): Verification of legal entities, including company registration, ultimate beneficial owner (UBO) identification, and corporate document checks.
AML (Anti-Money Laundering): Screening against global watchlists, sanctions lists, politically exposed persons (PEPs), and adverse media databases to detect financial crime risks.
Fraud Prevention: Tools to detect and prevent various types of fraud, such as identity theft, account takeover, and synthetic identity fraud, through behavioral analysis and risk scoring.
Liveness Detection: Utilizes AI-powered facial recognition to confirm the presence of a live person during photographic or video verification, mitigating spoofing attempts.
ID Verification: Supports verification of over 6,500 document types from 220+ countries and territories, ensuring global coverage Sumsub Identity Verification capabilities.
Age Verification: Specific solutions for confirming user age, critical for compliance in industries with age restrictions.
Case Management System: A dashboard for compliance teams to review, manage, and process verification applications, with customizable workflows and reporting.
Developer-Friendly APIs and SDKs: Extensive documentation and SDKs for rapid integration across web and mobile platforms, including Python, Node.js, and Java.

Pricing

Sumsub offers a tiered pricing structure, beginning with a free plan for initial exploration and testing, and moving to custom enterprise solutions for larger-scale operations.

Plan Name	Key Features	Pricing Model	Best For
Free Starter Plan	Basic identity verification, access to core API features, limited transactions.	Free	Developers, startups, testing and evaluation.
Business Plan	Advanced KYC/AML, fraud prevention, custom workflows, dedicated support.	Custom pricing	Growing businesses, regulated industries, higher transaction volumes.
Enterprise Plan	Full suite of features, highest level of customization, dedicated account management, enhanced compliance tools.	Custom pricing	Large enterprises, high-volume operations, complex regulatory requirements.

For detailed pricing information and to request a custom quote, refer to the official Sumsub pricing page (as of 2026-05-06).

Common integrations

Web Integration: Utilize the JavaScript Web SDK for embedding verification flows directly into web applications Sumsub Web SDK documentation.
Mobile App Integration: Integrate with native Android and iOS SDKs for seamless mobile onboarding experiences Sumsub Mobile SDKs overview.
Cross-Platform Frameworks: SDKs are available for Flutter and React Native to support cross-platform development.
Backend Systems: Integrate the Sumsub API with various backend languages such as Python, Node.js, PHP, Ruby, Java, and C# for server-side operations and data management Sumsub API Reference.

Alternatives

Onfido: Offers AI-powered identity verification and biometric authentication, focusing on document and facial biometrics.
Jumio: Provides identity verification, AML screening, and liveness detection solutions for digital onboarding.
Trulioo: A global identity verification platform offering real-time verification of individuals and businesses using a vast network of data sources.

Getting started

To begin integrating with Sumsub, developers can use the provided API and SDKs. The following Python example demonstrates how to create an applicant and generate an access token for the Web SDK, which can then be used to initiate the verification flow.

import requests
import hashlib
import hmac
import time
import json

# Replace with your actual Sumsub App Token and Secret Key
APP_TOKEN = "YOUR_APP_TOKEN"
SECRET_KEY = "YOUR_SECRET_KEY".encode('utf-8')

BASE_URL = "https://api.sumsub.com"

def generate_signature(method, url, body, ts):
    # Create a signature for the request
    # https://docs.sumsub.com/docs/how-to-implement-a-secure-request-to-webhook-or-api
    data = str(ts) + method.upper() + url
    if body:
        data += json.dumps(body, separators=(',', ':'))
    
    hashed = hmac.new(SECRET_KEY, data.encode('utf-8'), hashlib.sha256)
    return hashed.hexdigest()

def create_applicant_and_get_token(external_user_id):
    url = "/resources/applicants?levelName=basic-kyc-level"
    method = "POST"
    ts = int(time.time())
    
    body = {
        "externalUserId": external_user_id
    }
    
    signature = generate_signature(method, url, body, ts)
    
    headers = {
        "Accept": "application/json",
        "Content-Type": "application/json",
        "X-App-Token": APP_TOKEN,
        "X-App-Access-Sig": signature,
        "X-App-Access-Ts": str(ts)
    }
    
    response = requests.post(BASE_URL + url, headers=headers, json=body)
    response.raise_for_status() # Raise an exception for HTTP errors
    
    applicant_data = response.json()
    applicant_id = applicant_data["id"]
    print(f"Applicant created with ID: {applicant_id}")
    
    # Now get an access token for the Web SDK
    token_url = f"/resources/applicants/{applicant_id}/accessTokens?ttlInSecs=600"
    token_method = "POST"
    token_ts = int(time.time())
    
    token_signature = generate_signature(token_method, token_url, None, token_ts)
    
    token_headers = {
        "Accept": "application/json",
        "X-App-Token": APP_TOKEN,
        "X-App-Access-Sig": token_signature,
        "X-App-Access-Ts": str(token_ts)
    }
    
    token_response = requests.post(BASE_URL + token_url, headers=token_headers)
    token_response.raise_for_status()
    
    token_data = token_response.json()
    access_token = token_data["token"]
    print(f"Access Token: {access_token}")
    
    return access_token

if __name__ == "__main__":
    # Example usage
    user_id = "user-12345-abcde"
    try:
        sdk_access_token = create_applicant_and_get_token(user_id)
        print(f"You can use this token to initialize the Sumsub Web SDK for external user ID: {user_id}")
    except requests.exceptions.HTTPError as e:
        print(f"HTTP Error: {e.response.status_code} - {e.response.text}")
    except Exception as e:
        print(f"An error occurred: {e}")

This Python script first defines a function to generate the necessary HMAC-SHA256 signature for secure API requests, as required by Sumsub. It then proceeds to create a new applicant in the Sumsub system using a unique externalUserId and subsequently requests an access token for that applicant. This token is essential for initializing client-side SDKs, such as the Web SDK, which will handle the user-facing verification process. Developers should replace YOUR_APP_TOKEN and YOUR_SECRET_KEY with their actual credentials obtained from the Sumsub dashboard Sumsub API authentication guide.

Sumsub

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

Frequently asked questions

Reviews

Discussion

Written by

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

Related

Frequently asked questions

Reviews

Discussion

Written by