Conversation
v2/v2-onboard.mdx
Outdated
| </Step> | ||
|
|
||
| <Step title="Get onboarding status of user"> | ||
| After user registration, use the access token to retrieve the user's current onboarding status. This API call will indicate the next required step in the onboarding process. At this point, users must accept the Terms of Service to proceed. |
There was a problem hiding this comment.
I think it's super important to list the possible states of this endpoint. The implementers will get context for this. They should use this endpoint right after the registration, and use it up until the end of the onboarding.
v2/v2-onboard.mdx
Outdated
| </Step> | ||
|
|
||
| <Step title="Retrieve Terms of Service"> | ||
| Fetch the current Terms of Service that users must agree to before continuing with the onboarding process. |
There was a problem hiding this comment.
Here for instance, I would start the section by saying something like. If /onboarding response is status: action_accept_tos then you need to xyz.
Also, just like I do in the UI, and like it's done in v1, it's in their interrest to couple this one with the previous step, with email submition. Then can display the ToS with links, ask users to accept them, before going to the OTP.
vanshika-srivastava
force-pushed
the
feat/v2-auth-module
branch
from
568ae47 to
7d2c290
Compare
Co-authored-by: Thibaut <33178835+Tbaut@users.noreply.github.com>
v2/v2-siwe-auth.mdx
Outdated
| <Tab title="Sandbox"> | ||
| ```bash | ||
| curl --request GET \ | ||
| --url https://gp-auth-module.sandbox.gnosispay.in/auth/siwe/{address} |
There was a problem hiding this comment.
this curl is wrong, we now have other required query params. see the spec.
| </Tab> | ||
| </Tabs> | ||
| <Info> | ||
| **Token Rotation**: Each refresh request invalidates the previous refresh token and issues a new one. Always store the new refresh token from the response for subsequent refresh requests. |
There was a problem hiding this comment.
I would add that it needs to be stored securely. Also I would add that this refresh token should only be used once. If it's used twice, the user will be automatically logged out. Preventing race condition is a must.
|
|
||
| To complete the verification process: | ||
| 1. Navigate to the provided `webSdkUrl` | ||
| 2. Use the [verification document templates](https://docs.sumsub.com/docs/verification-document-templates) for Proof of Identity (POI) and Proof of Address (POA) |
There was a problem hiding this comment.
we should certainly re-iterate here, that in sandbox, they can use fake documents
|
cc @vanshika-srivastava to have this live asap (since it's a breaking change after a breaking change) I've pushed directly to this branch the changes deployed a couple minutes ago to sandbox. This is linked to: |
… into feat/v2-auth-module
2 participants
No description provided.