Whether you're building a crypto exchange, a neobank, or a cross-border payments product, KYC is non-negotiable. What shouldn't be non-negotiable is spending weeks integrating it. Mallient is built for developers first, which means a clean API, an drop-in React component, and a verification flow that covers US compliance requirements out of the box.

This guide walks you through the full integration in two steps: creating a session on your backend and rendering the verification flow on your frontend.

Before You Start

You'll need two things from your Mallient dashboard:

  • Application ID: Created inside your dashboard under Applications. Each application maps to a product or environment (e.g., production vs. staging).

  • Primary Key: Found under API Keys in your dashboard. It starts with pk_live_... and is used to initialize the frontend component.

Keep your API keys out of your frontend code. Your secret key (sk_live_...) should only ever be used server-side.

Step 1: Create a Session Token (Backend)

Before you render the verification flow, your backend needs to create a session. This session is scoped to a single verification attempt and expires after a short window, which keeps things secure.

Make a POST request to the Mallient Sessions API with your Application ID in the request body, authenticated with your secret key:

bash

curl --location 'https://api-live.mallient.com/v1/sessions' \
--header 'Content-Type: application/json' \
--header 'Authorization: sk_live_YOUR_SECRET_KEY' \
--data '{
    "application_id": "YOUR_APPLICATION_ID"
}'

The response returns a short-lived session token:

json

{
    "session_token": "1TpnOVvomhPOntn-RBGaLsEaFgZ-Ps9BOu1-5ogSaUWS_dThc9Cx5P3-_qgxwAGrZhaHzihNctXP-7qDGQJWug",
    "expires_at": "2026-05-05T23:03:10.5748825Z"
}

Pass this session_token back to your frontend. A typical pattern is an API route or server action that your frontend calls when a user reaches the verification step in your onboarding flow.

Step 2: Render the Verification Flow (Frontend)

Install the Mallient React package:

bash

npm install @mallient/react

Then import the components you need:

typescript

import { KYCSessionProvider, KYCSession } from "@mallient/react";

Wrap your verification step with KYCSessionProvider, passing in your Primary Key and the session token returned from Step 1:

tsx

<KYCSessionProvider
  mallient="pk_live_YOUR_PRIMARY_KEY"
  session={sessionToken}
>
  <KYCSession />
</KYCSessionProvider>

That's it. KYCSession renders the full verification flow: document capture, liveness detection, and identity matching. No additional configuration required to get started.

What Happens During Verification

Once a user steps through the flow, Mallient handles:

  • Document capture and authenticity checks across 200+ countries and document types

  • On-device liveness detection certified to iBeta Level 2, meaning the biometric check runs locally without raw data leaving the user's device

  • Sanctions and watchlist screening against OFAC and other relevant lists

  • Risk scoring based on document, identity, and behavioral signals

Verification results are available in your Mallient dashboard and via webhook, so you can gate access in your app as soon as a result is ready.

US Compliance Coverage

Mallient's verification flow is designed to meet the KYC requirements that apply to US-based fintechs, crypto exchanges, and payment providers operating as Money Services Businesses under FinCEN's Bank Secrecy Act framework. That includes:

  • Identity verification against government-issued documents

  • Liveness detection to prevent spoofing and synthetic identity fraud

  • Sanctions screening against OFAC and other watchlists

  • Structured audit records for every verification, retained for your compliance team

You remain responsible for your overall AML program, but Mallient gives you the identity verification layer that sits at the foundation of it.

Next Steps

Once your basic integration is live, a few things worth exploring in your dashboard:

  • Webhooks: Get real-time notifications when a verification completes so you can automate access gating in your app

  • Ongoing Monitoring: Set up monitoring jobs to re-screen users against updated sanctions lists automatically

  • White-label customization: Match the verification flow to your brand so users never feel like they've left your product

Questions about your integration? Reach out directly or book a call and we'll walk through it with you.

Mallient is a developer-first identity verification API built for fintechs, crypto exchanges, and payment providers. Get started at mallient.com.

Keep Reading

© 2026 The Latest From Mallient.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv