SDKs overview
Sumsub offers a suite of Software Development Kits (SDKs) designed to simplify the integration of its identity verification, Know Your Customer (KYC), and Anti-Money Laundering (AML) services into various applications. These SDKs are developed to provide pre-built user interfaces and abstract the underlying API complexities, allowing developers to embed compliance workflows directly into their mobile and web platforms. The primary goal of these SDKs is to reduce development time and effort while ensuring a compliant and user-friendly onboarding experience for end-users.
The SDKs are typically client-side components that handle the collection of user data, document uploads, liveness checks, and other verification steps. They communicate with the Sumsub backend API to process and verify the submitted information. This approach enables developers to maintain control over the user experience while offloading the intricate compliance logic to Sumsub's platform. For server-side integrations or custom workflows, Sumsub also provides a comprehensive REST API reference that supports multiple programming languages, including Python, Node.js, PHP, Ruby, Java, and C#.
Official SDKs by language
Sumsub maintains official SDKs for popular mobile and web development environments. These SDKs are actively supported and updated to reflect the latest features and security standards of the Sumsub platform. Each SDK is tailored to its respective platform's conventions and provides specific functionalities for capturing identity documents, performing biometric checks, and guiding users through the verification process.
The following table outlines the key official SDKs provided by Sumsub, their respective package names, typical installation commands, and their general maturity level as indicated by Sumsub's documentation:
| Language/Platform | Package/Module | Installation Command (Example) | Maturity |
|---|---|---|---|
| Android (Java/Kotlin) | com.sumsub.msdk |
implementation 'com.sumsub.msdk:msdk:latest.release' (Gradle) |
Stable |
| iOS (Swift/Objective-C) | SumsubMobileSDK |
pod 'SumsubMobileSDK' (CocoaPods) |
Stable |
| Web SDK (JavaScript) | @sumsub/websdk |
npm install @sumsub/websdk or yarn add @sumsub/websdk |
Stable |
| Flutter | sumsub_flutter_sdk |
flutter pub add sumsub_flutter_sdk |
Stable |
| React Native | react-native-sumsub-mobile-sdk |
npm install react-native-sumsub-mobile-sdk or yarn add react-native-sumsub-mobile-sdk |
Stable |
Developers can find detailed integration guides and API references for each of these SDKs within the Sumsub developer documentation.
Installation
Installation procedures for Sumsub SDKs vary based on the target platform and chosen development environment. Below are general steps and example commands for installing the most commonly used SDKs.
Android SDK
For Android applications, the SDK is typically integrated via Gradle. Add the Sumsub SDK dependency to your module's build.gradle file:
dependencies {
implementation 'com.sumsub.msdk:msdk:latest.release'
}
Ensure that your project's build.gradle file includes the Maven Central repository:
allprojects {
repositories {
google()
mavenCentral()
}
}
Further configuration, such as manifest declarations and theme adjustments, is detailed in the Sumsub Android SDK integration guide.
iOS SDK
iOS developers typically use CocoaPods for dependency management. Add the following to your Podfile:
pod 'SumsubMobileSDK'
Then, run pod install from your terminal in the project directory. For manual installation or Swift Package Manager instructions, refer to the Sumsub iOS SDK documentation.
Web SDK (JavaScript)
The Sumsub Web SDK can be installed via npm or yarn. It is designed for integration into web applications built with frameworks like React, Angular, or Vue.js, or even plain JavaScript projects.
npm install @sumsub/websdk
# or
yarn add @sumsub/websdk
After installation, the SDK can be imported and initialized in your JavaScript code. The Sumsub Web SDK guide provides examples for various web frameworks.
Flutter SDK
For Flutter projects, add the sumsub_flutter_sdk to your pubspec.yaml file:
dependencies:
flutter:
sdk: flutter
sumsub_flutter_sdk: ^latest.version
Then run flutter pub get. The Sumsub Flutter SDK documentation provides platform-specific setup details.
React Native SDK
Integrate the React Native SDK by installing it via npm or yarn:
npm install react-native-sumsub-mobile-sdk
# or
yarn add react-native-sumsub-mobile-sdk
Additional steps for linking native modules may be required depending on your React Native version. Consult the Sumsub React Native SDK guide for comprehensive instructions.
Quickstart example
A common pattern for integrating Sumsub SDKs involves generating an access token on your backend and then initializing the SDK on the client-side with this token. This example demonstrates a simplified quickstart for the Sumsub Web SDK, focusing on the client-side initialization after obtaining an access token from your server.
Client-side (JavaScript/Web SDK)
First, ensure you have a backend endpoint that can generate a Sumsub access token. This typically involves making a server-to-server API call to Sumsub's API using your API keys, which should never be exposed on the client-side. The access token grants temporary client-side access to the Sumsub verification flow.
import sumsubWebSdk from '@sumsub/websdk';
// Assume accessToken is fetched from your backend
// Example: fetch('/api/sumsub-access-token')
const accessToken = 'YOUR_GENERATED_ACCESS_TOKEN';
const applicantEmail = '[email protected]';
const applicantPhone = '+1234567890';
const sumsubInstance = sumsubWebSdk.init({
accessToken: accessToken,
applicantEmail: applicantEmail,
applicantPhone: applicantPhone,
// Optional: other configuration parameters
// For example, to set custom messages or themes:
// customCss: 'https://example.com/custom.css',
// onMessage: (type, payload) => {
// console.log('Sumsub message:', type, payload);
// },
onReady: () => {
console.log('Sumsub Web SDK is ready.');
},
onError: (error) => {
console.error('Sumsub SDK error:', error);
},
onEvent: (event) => {
// Handle various events from the SDK
console.log('Sumsub event:', event.type, event.payload);
if (event.type === 'applicantReviewed') {
console.log('Applicant review status:', event.payload.reviewStatus);
// Trigger backend logic to check final verification status
}
}
});
// Mount the SDK to a specific DOM element
sumsubInstance.mount('#sumsub-root-element');
// The HTML structure would include a div with id="sumsub-root-element"
// <div id="sumsub-root-element"></div>
Backend-side (Node.js example for token generation)
This is a conceptual example of how you might generate an access token on your server using a Node.js environment. This requires your Sumsub App Token and Secret Key, which should be stored securely and never exposed client-side.
const axios = require('axios'); // Or any HTTP client
const crypto = require('crypto');
// Replace with your actual Sumsub credentials
const SUMSUB_APP_TOKEN = process.env.SUMSUB_APP_TOKEN;
const SUMSUB_SECRET_KEY = process.env.SUMSUB_SECRET_KEY;
const SUMSUB_BASE_URL = 'https://api.sumsub.com'; // Or your regional endpoint
async function generateSumsubAccessToken(externalUserId, levelName = 'basic-kyc-level') {
const path = `/resources/accessTokens?userId=${externalUserId}&levelName=${levelName}`;
const url = `${SUMSUB_BASE_URL}${path}`;
const timestamp = Math.floor(Date.now() / 1000);
const signature = crypto.createHmac('sha256', SUMSUB_SECRET_KEY)
.update(`${timestamp}GET${path}`)
.digest('hex');
try {
const response = await axios.get(url, {
headers: {
'X-App-Token': SUMSUB_APP_TOKEN,
'X-App-Access-Sig': signature,
'X-App-Access-Ts': timestamp,
'Accept': 'application/json'
}
});
return response.data.token;
} catch (error) {
console.error('Error generating Sumsub access token:', error.response ? error.response.data : error.message);
throw new Error('Failed to generate Sumsub access token');
}
}
// Example usage in an Express.js route:
// app.get('/api/sumsub-access-token', async (req, res) => {
// try {
// const userId = req.user.id; // Get user ID from authenticated session
// const accessToken = await generateSumsubAccessToken(userId);
// res.json({ accessToken });
// } catch (error) {
// res.status(500).send(error.message);
// }
// });
This backend example demonstrates the necessary steps to sign requests to Sumsub's API, a common security practice for API interactions as outlined in the IETF RFC 6750 for bearer token usage. The externalUserId should be a unique identifier from your system for the user undergoing verification.
Community libraries
While Sumsub provides a robust set of official SDKs, the developer community sometimes creates and maintains additional libraries or integrations for languages and frameworks not officially supported, or to offer alternative abstractions. These community-driven projects can be found on platforms like GitHub or package managers specific to programming languages (e.g., PyPI for Python, RubyGems for Ruby).
When considering community libraries, it is important to evaluate their maintenance status, security practices, and alignment with the official Sumsub API documentation. Community contributions can extend the reach of Sumsub's services to a broader ecosystem, but developers should exercise due diligence in reviewing their code and ensuring they meet project requirements, especially concerning sensitive data handling and compliance. For instance, a developer might create a Python wrapper for the Sumsub API to simplify server-side interactions beyond what the official SDKs offer, or integrate Sumsub with a specific web framework like Django or Ruby on Rails. While these can be beneficial, they are not officially supported by Sumsub and their reliability and security are the responsibility of the community maintainers and the integrating developer. Always refer to the official Sumsub documentation for the most accurate and up-to-date information regarding API specifications and best practices.