Account Holders (Individuals)

Learn how to create an account holder object for individual end-users.

Account holders and accounts have a 1:1 relationship. When an account holder is successfully created, an associated account is also created.

To create an account holder object for an individual end-user, a Know Your Customer (KYC) process is run to verify the identity of the individual. We support four types of workflows for KYC:

  • Basic KYC offers identity verification with an immediate accepted or rejected decision, and no remediation opportunity
  • Advanced KYC [beta] offers identity verification with a remediation path if the initially submitted information was not successfully verified - either by resubmitting corrected information or uploading a document
  • BYO KYC allows an API user to bypass the Lithic KYC process and create an individual account (available only to users with KYC processes pre-approved by Lithic)
  • KYC-Exempt allows certain programs to enroll users as KYC-exempt. This includes programs whose account holders do not require any KYC or KYB or programs that wish to supplement business account holder objects with representations of individual cardholders. You can use the KYC-exempt workflow to create account holders. KYC-exempt allows an API user to pass in a smaller set of PII to create an account holder (available only to users approved by Lithic on a program by program basis)

Create Individual Account Holders (Enterprise)

This endpoint runs the entered individual or business's information (i.e., account holder) through a Customer Identification Program (CIP), and creates an account holder object.

If Lithic's KYC or KYB (i.e., not BYO) workflow is used and the account holder is successfully verified or requires further verification, an associated account_token will be returned in the response, which can then be used to issue cards once the workflow indicates an ACCEPTED status. If a BYO KYC, BYO KYB, or KYC-exempt workflow is used, as long as the required inputs are passed in, an associated account_token will be returned in the responses, which can then be used to issue cards.

In certain cases, responses from this endpoint may indicate the workflow is under review or further action is needed to complete the account creation process. If using a workflow with asynchronous responses (Advanced KYC or Basic KYB), we recommend first setting up webhooks to be notified of events (see Create Webhook for KYC/KYB Status) relating to the outcomes of the workflows.

🚧

As a reminder, while using this endpoint is an important part of ensuring your card program is compliant with relevant government and banking regulations, you are responsible for all financial activity on api.lithic.com associated with your API key. This endpoint is intended to be used for KYC/KYB compliance purposes, and not as a comprehensive fraud solution.

POST https://api.lithic.com/v1/account_holders

Sample KYC Request

{
  "workflow": "KYC_BYO",
  "individual": {
    "address": {
      "address1": "123 Old Forest Way",
      "city": "Omaha",
      "country": "USA",
      "postal_code": "68022",
      "state": "NE"
    },
    "dob": "1991-03-08 08:00:00",
    "email": "[email protected]",
    "first_name": "Tom",
    "government_id": "111-23-141",
    "last_name": "Bombadil",
    "phone_number": "+12124007676"
  },
  "tos_timestamp": "2022-03-08 08:00:00",
  "kyc_passed_timestamp": "2022-03-08 08:00:00"
}
'

Sample KYC Response

{
  "account_token": "819993c6-2b89-4ebc-b5c4-d40ce637b640",
  "status": "ACCEPTED",
  "status_reasons": [],
  "token": "e7d26ae4-52f8-4a78-8eca-a1c078261f3f",
  "created": "2023-10-06T15:16:16.230770"
}

Fields used in all account creation calls:

idempotency-token (optional, header)Optional unique identifier of max length 36-characters to ensure idempotency in requests; this identifier will be checked to prevent repeated retries of the same request.
String. Permitted values: 1 to 36 characters.
workflow (required)Specifies the type of account creation workflow to run.
String. Permitted values:
- KYC_BASIC: Basic KYC
- KYC_ADVANCED: Advanced KYC [beta]
- KYC_BYO: Bring Your Own KYC
- KYB_BASIC: Basic KYB [beta]
- KYB_BYO: Bring Your Own KYB [beta]
- KYC_EXEMPT: KYC-Exempt
tos_timestamp (required)An RFC 3339 timestamp indicating when the account holder accepted the applicable legal agreements (e.g., cardholder terms) as agreed upon during API customer's implementation with Lithic.
String. Permitted values: RFC 3339 format (yyyy-MM-ddThh:mm:ssZ).

Additional fields for KYC workflows:

individual (object, required)Information on individual for whom the account is being opened and KYC is being run. See Individual Schema.
Object. Permitted values: Valid individual object.
kyc_passed_timestamp (required only if workflow is KYC_BYO)An RFC 3339 timestamp indicating when pre-approved KYC was completed on the individual with a pass result.
String. Permitted values: RFC 3339 format (yyyy-MM-ddThh:mm:ssZ).

Additional fields for KYC-exempt workflow:

kyc_exemption_type (required)Specifies the type of KYC exemption under which this account holder is being created.
String. Permitted values:
- AUTHORIZED_USER: Authorized user account holder
- PREPAID_CARD_USER: Prepaid card user account holder
first_name (required)Individual's first name, as it appears on government-issued identity documents.
String.
last_name (required)Individual's last name, as it appears on government-issued identity documents.
String.
email (required)Email address.
String. Permitted values: Valid email address. For example, "[email protected]".
phone_number (required)Individual's phone number.
String. E.164 format without hyphens. For example, "+12124007676" for a US phone number.
address (object, optional)Individual's current address - PO boxes, UPS drops, and FedEx drops are not acceptable; APO/FPO are acceptable. Only USA addresses are currently supported. See Address Schema.
Object. Valid address object.
business_account_token (optional)Only applicable for customers enrolling both businesses and their associated end users using the KYC-Exempt workflow. Enrolled KYC-exempt individuals of type AUTHORIZED_USER should pass the account_token of the business the AUTHORIZED_USER is associated with in this field. Enrolled PREPAID_CARD_USERS should leave this field empty.

Individual Schema

first_name (required)Individual's first name, as it appears on government-issued identity documents.
String.
last_name (required)Individual's last name, as it appears on government-issued identity documents.
String.
dob (required)Date of birth.
String. (yyyy-MM-dd).
government_id (required)Government-issued identification number (required for identity verification and compliance with banking regulations). Social Security Numbers (SSN) and Individual Taxpayer Identification Numbers (ITIN) are currently supported, entered as full nine-digits, with or without hyphens.
String. Permitted values: Full nine-digits, with or without hyphens (###-##-#### or #########).
email (required)Email address.
String. Permitted values: Valid email address. For example, "[email protected]".
phone_number (required)Individual's phone number.
String. E.164 format without hyphens. For example, "+12124007676" for a US phone number.
address (object, required)Individual's current address - PO boxes, UPS drops, and FedEx drops are not acceptable; APO/FPO are acceptable. Only USA addresses are currently supported. See Address Schema.
Object. Valid address object.

Address Schema

address1 (required)Valid deliverable address (no PO boxes).
String.
address2 (optional)Unit or apartment number (if applicable).
String.
city (required)City name.
String.
state (required)Valid state code. Only USA state codes are currently supported.
String. Permitted values: Uppercase ISO 3166-2 two-character abbreviation for USA addresses. For example, "CA" for California.
postal_code (required)Valid postal code. Only USA ZIP codes are currently supported.
String. Permitted values: 5 or 10 characters. For US addresses, either five-digit zipcode or nine-digit "ZIP+4".
country (required)Country name. Only USA is currently supported.
String. Permitted values: Uppercase ISO 3166-1 alpha-3 three-character abbreviation. For example, USA.

Potential Outcomes by Workflow Type

WorkflowPotential status values returned via this endpoint
Basic KYC- ACCEPTED: account holder creation was successful and both account_holder_token and account_token are returned
- REJECTED: account holder creation was unsuccessful
Advanced KYC- ACCEPTED: account holder creation was successful and both account_holder_token and account_token are returned
- REJECTED: account holder creation was unsuccessful
- PENDING_RESUBMIT: one or more critical KYC fields may have been mis-entered and both account_holder_token and account_token are returned, but account is not yet in ACTIVE state; see Resubmit Information to proceed
- PENDING_DOCUMENT: government-issued document is required to verify identity and both account_holder_token and account_token are returned, but account is not yet in ACTIVE state; see Submit Document to proceed
BYO KYC- ACCEPTED: account holder creation was successful and both account_holder_token and account_token are returned
KYC-Exempt- ACCEPTED: account holder creation was successful

Update Individual Account Holder

API Reference: Update account holder information

PATCH https://api.lithic.com/v1/account_holders/{account_holder_token}

Sample Request

curl https://api.lithic.com/v1/account_holders/c8e9694e-625d-49cb-aca3-da82bf16d3de \
  -X PATCH \
  -H "Authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '
{
     "email": "[email protected]",
     "phone_number": "123456789",
     "business_account_token": "5e86d4eb-5114-433e-a812-a88293e62b69"
}
'

Sample Response

{
  "token": "c8e9694e-625d-49cb-aca3-da82bf16d3de",
  "email": "[email protected]",
  "phone_number": "123456789"
  "business_account_token": "5e86d4eb-5114-433e-a812-a88293e62b69"
}
account_holder_token (required, path parameter)Globally unique identifier for the account holder.
String. Permitted values: 36-digit version 4 UUID (including hyphens).
email (optional)Email address.
String. Permitted values: Valid email address. For example, "[email protected]".
phone_number (optional)Individual's phone number.
String. E.164 format without hyphens. For example, "+12124007676" for a US phone number.
business_account_token (optional)Only applicable for customers enrolling both businesses and their associated end users using the KYC-Exempt workflow. Enrolled KYC-exempt individuals of type AUTHORIZED_USER should pass the account_token of the business the AUTHORIZED_USER is associated with in this field. Enrolled PREPAID_CARD_USERS should leave this field empty.

Get Specific Account Holder

API Reference: Get account holder

GET https://api.lithic.com/v1/account_holders/{account_holder_token}

Sample Request

curl --request GET \
     --url https://api.lithic.com/v1/account_holders/8fff015e-2697-4617-8a29-e57c37e39719 \
     --header 'Authorization: YOUR_API_KEY' \
     --header 'accept: application/json'
account_holder_token (required, path parameter)Token associated with the account holder to be retrieved.
String. Permitted values: 36-digit version 4 UUID (including hyphens).

Sample Response

{
  "token": "c8e9694e-625d-49cb-aca3-da82bf16d3de",
  "email": "[email protected]",
  "phone_number": "123456789"
  "business_account_token": "5e86d4eb-5114-433e-a812-a88293e62b69"
}

Resubmit Information [beta]

This endpoint is used in cases where a KYC submission returned a PENDING_RESUBMIT result. This step must be completed in order to proceed with the KYC evaluation.

The required parameters for creating an individual account should be checked and resubmitted. Potential statuses returned from this endpoint are ACCEPTED, REJECTED PENDING_RESUBMIT, or PENDING_DOCUMENT.

Two resubmission attempts are permitted via this endpoint before a REJECTED status is returned and the account creation process is terminated.

POST https://api.lithic.com/v1/account_holders/{token}/resubmit

Sample Request

curl https://api.lithic.com/v1/account_holders/12345678-aa69-4cbc-a946-30d90181b621/resubmit \
  -X POST \
  -H "Authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '
{
   "individual": {
      "first_name": "Johnny",
      "last_name": "AppleSeed", 
      "dob":"1990-06-29",
      "phone_number":"+15555555555",
      "email":"[email protected]",
      "government_id":"000003333",
      "address": {
         "address1": "124 Main Street", 
         "postal_code": "10128",
         "city": "New York", 
         "state": "NY",
         "country": "USA"
      }
   },
   "tos_timestamp": "2022-01-13T00:00:00Z"
}
'

Sample Response

{
    "data": {
        "account_token": "8dc88f3e-21ea-4d17-9a1c-00cea1a76cf9",
        "status": "ACCEPTED",
        "status_reasons": [],
        "token": "12345678-aa69-4cbc-a946-30d90181b621"
    }
}
idempotency-token (optional, header)Optional unique identifier of max length 36-characters to ensure idempotency in requests; this identifier will be checked to prevent repeated retries of the same request.
String. Permitted values: 1 to 36 characters.
token (required, path parameter)Token associated with the account holder for which information is being resubmitted.
String. Permitted values: 36-digit version 4 UUID (including hyphens).
individual (object, required)Information on individual for whom the account is being opened and KYC is being re-run. See Individual Schema.
Object. Permitted values: Valid individual object.
tos_timestamp (required)An RFC 3339 timestamp indicating when Lithic's terms of service were accepted by the API customer.
String. Permitted values: RFC 3339 format (yyyy-MM-ddThh:mm:ssZ).

Submit Document [beta]

These instructions are used in cases where a KYC attempt has returned the result PENDING_DOCUMENT. Before initiating these steps, we recommend setting up webhooks to be notified of events (see Create Webhook for KYC/KYB Status) relating to the document submission process. There are three steps involved in submitting documentation for verification:

  1. Use the Initiate Document Upload endpoint to identify the type of supported document you will be uploading; this will return two URLs to which you will upload a front image and back image of the document
  2. Upload the two document images directly to the provided URLs
  3. Use the Get Document Upload Status at any time to check the status of the document upload or to retrieve the URLs needed to proceed with verification

Initiate Document Upload

This endpoint is used to identify which type of supported government-issued documentation you will upload for further verification. It will return two URLs - one for the front image and one for the back image - with the status of each shown in a PENDING state.

POST https://api.lithic.com/v1/account_holders/{token}/documents

Sample Request

curl https://api.lithic.com/v1/account_holders/12345678-aa69-4cbc-a946-30d90181b621/documents \
  -X POST \
  -H "Authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '
{
   "document_type": "drivers_license"
}
'

Sample Response

{
  "account_holder_token": "12345678-aa69-4cbc-a946-30d90181b621",
  "token": "bf47c70c-70eb-43ab-b278-4ff59a70bcc4",
  "document_type": "drivers_license",
  "required_document_uploads": [
    {
      "image_type": "front",
      "status": "PENDING",
      "status_reasons": [],
      "upload_url": "https://lithic-document-verification-uploads...",
      },
    {
      "image_type": "back",
      "status": "PENDING",
      "status_reasons": [],
      "upload_url": "https://lithic-document-verification-uploads...",
      }
  ]
}
account_holder_token (required, path parameter)Token associated with the account holder for which information is being submitted.
String. Permitted values: 36-digit version 4 UUID (including hyphens).
document_type (required)Type of documentation to be submitted for verification. The following types of documentation, issued by these government entities, are currently supported:
- commercial_license: Commercial driver’s license (United States only)
- drivers_license: Driver’s license (United States only)
- passport: Passport (Argentina, Australia, Bahrain, Belarus, Bermuda, Brazil, Cameroon, Canada, China, Colombia, CĂ´te d'Ivoire, Denmark, Finland, France, Germany, Ghana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iraq, Ireland, Israel, Italy, Jamaica, Japan, Korea, Republic of, Latvia, Macao, Malaysia, Malta, Mexico, Myanmar, Netherlands, New Zealand, Nigeria, Pakistan, Peru, Philippines, Poland, Russian Federation, Singapore, South Africa, Sri Lanka, Switzerland, Syrian Arab Republic, Thailand, Uganda, Ukraine, United Kingdom, United States, Vietnam)
- passport_card: Passport Card (United States only)
- visa: Visa (United States only)

Upload Document Images

Once front and back image of the individual's supported document are received, upload the images to the provided URLs with the below payload:

curl \
-X PUT \
--upload-file "/path/to/file" \
"https://lithic-document-verification-uploads..."

A few notes about uploading the document images:

  • Acceptable image types are JPG, JPEG, and PNG; other image types uploaded will return a FAILED document status with INVALID_FILE_TYPE as the status_reason (which you can see via the Get Document Upload Status endpoint)
  • Maximum file size allowed per upload is 15 MiB
  • Both URLs are linked to the account_token submitted through the Initiate Document Upload endpoint, and are unique to the image type (i.e., the front image must be uploaded to the URL tied to the front image; back image must be uploaded to the URL tied to the back image)
  • If document verification results in an ACCEPTED KYC status for the individual, the document images uploaded will be retained by Lithic for compliance records; if document verification results in KYC statuses of REJECTED or PENDING_DOCUMENT (i.e., document image needs to be submitted again), the document images uploaded will be deleted
  • If you need to retrieve the upload links at any point or obtain new links (they expire after 7 days), use the Get Document Upload Status endpoint

Get Document Upload Status

After uploading document images to the provided URLs, this endpoint can be used to check the status of the document upload. Note that this is a separate process from checking the status of the KYC evaluation overall (a document may be successfully uploaded but the KYC evaluation can still be rejected) - use the Check KYC/KYB Status endpoint for that purpose.

A status will be returned for each image (front and back), with these possible status values:

  • PENDING: Document image has not yet been received
  • UPLOADED: Document has been successfully uploaded but verification has not yet been run (typically because the second image has not yet been successfully uploaded)
  • COMPLETED: Verification has been run on the document
  • FAILED: Document image was not successfully uploaded - this may be due to an incorrect file format, or the uploaded image was blurry or contains glare (which will be reflected in status_reasons)

Once both images are in UPLOADED status, the document is run through KYC verification. This will generate either an ACCEPTED or REJECTED status for the KYC evaluation, which you can check via the Check KYC/KYB Status endpoint or be notified via webhook.

If a document upload fails, a new URL will be generated that can be retrieved via this endpoint. The response structure will be modified with an additional object under required_document_uploads with a status of PENDING. If no document upload is attempted within 7 days of the original link being generated, the link will be refreshed when this endpoint is called.

GET https://api.lithic.com/v1/account_holders/{account_holder_token}/documents/{token}

Sample Request

curl https://api.lithic.com/v1/account_holders/12345678-aa69-4cbc-a946-30d90181b621/documents/bf47c70c-70eb-43ab-b278-4ff59a70bcc4 \
  -X GET \
  -H "Authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \

Sample Response

{
  "account_holder_token": "12345678-aa69-4cbc-a946-30d90181b621",
  "token": "bf47c70c-70eb-43ab-b278-4ff59a70bcc4",
  "document_type": "drivers_license",
  "required_document_uploads": [
    {
      "image_type": "front",
      "status": "PENDING",
      "status_reasons": null,
      "upload_url": "https://lithic-document-verification-uploads..."
    },
    {
      "image_type": "back",
      "status": "COMPLETED",
      "status_reasons": null,
      "upload_url": null
    }
  ]
}
account_holder_token (required, path parameter)Token associated with the account holder for which document upload status is being retrieved.
String. Permitted values: 36-digit version 4 UUID (including hyphens).
token (required, path parameter)Token associated with the document for which an upload status is being retrieved.
String. Permitted values: 36-digit version 4 UUID (including hyphens).\

Create Webhook for KYC/KYB Status

You can create a webhook to be notified of updates to the status of any in-process KYC or KYB evaluation. We send three types of events related to accountholders via our Events platform: account_holder.created, account_holder.updated, and account_holder.verification. You can also see examples of these three events in Sandbox using Send Example Event Types.

Sample Webhooks:

{
  "account_token": "00000000-0000-0000-0000-000000000001",
  "created": "2023-09-26T16:41:40.530938",
  "event_type": "account_holder.created",
  "status": "ACCEPTED",
  "status_reasons": [],
  "token": "00000000-0000-0000-0000-000000000001"
}

{
  "business_account_token": null,
  "created": "2023-09-26T16:41:40.530938",
  "email": "[email protected]",
  "event_type": "account_holder.updated",
  "external_id": null,
  "first_name": "John",
  "last_name": "Appleseed",
  "phone_number": 15555555555,
  "token": "00000000-0000-0000-0000-000000000001"
}

{
  "account_token": "00000000-0000-0000-0000-000000000001",
  "created": "2023-09-26T16:41:40.530938",
  "event_type": "account_holder.verification",
  "status": "ACCEPTED",
  "status_reasons": [],
  "token": "00000000-0000-0000-0000-000000000001"
}

KYC Workflow Diagrams and Expected Response Times

Expected Response Times:

  • Steps 1 + 2 - Customer submits required PII and receives response containing status for the account holder: Up to 5 seconds

Expected Response Times:

  • Initial Call - Steps 1 + 2 - Customer makes initial call with required PII and receives response containing status for the account holder: Up to 5 seconds
  • Pending Resubmit - Steps 1 + 2 - Customer resubmits required PII and receives response containing status for the account holder: Up to 5 seconds
  • Pending Document - Steps 1 + 2 - Customer initiates document upload and receives upload links: Up to 2 seconds
  • Pending Document - Steps 3 + 4 - Customer uploads document images to provided links and receives webhook containing status for the account holder: Up to 35 seconds

Expected Response Times:

  • Steps 1 + 2 - Customer makes call with required PII and receives response containing status for the account holder: Up to 3 seconds
  • Steps 2 + 3 - Customer receives pending review status from the initial call, then subsequently receives a webhook containing final status for the account holder: Up to 48 business hours

Failure Reasons

KYC Failure Reasons

When a KYC evaluation fails, one or more of the following reasons will be returned in the response (contained in status_reasons).

ADDRESS_VERIFICATION_FAILUREThe address provided could not be verified.
AGE_THRESHOLD_FAILUREThe individual’s provided age did not fall within an acceptable age range. This can include a COPPA-related failure.
BLOCKLIST_ALERT_FAILUREThe individual appeared on one or more government watch lists.
COMPLETE_VERIFICATION_FAILUREThe individual’s identity could not be verified based on information available in searched records.
DOB_VERIFICATION_FAILUREThe date of birth provided could not be verified.
ID_VERIFICATION_FAILUREThe government-issued identification number provided could not be matched.
NAME_VERIFICATION_FAILUREThe name provided could not be verified.
OTHER_VERIFICATION_FAILUREThe individual was rejected for a reason other than one specified above. Contact Lithic support for more information.
RISK_THRESHOLD_FAILUREThe user was flagged for high risk of fraud.

Document Upload Failure Reasons

When a document upload fails, one or more of the following reasons will be returned in the response (contained in status_reasons).

FRONT_IMAGE_BLURRYFront image of document is blurry and cannot be processed.
FRONT_IMAGE_GLAREFront image of document contains glare and cannot be processed.
BACK_IMAGE_BLURRYBack image of document is blurry and cannot be processed.
BACK_IMAGE_GLAREBack image of document contains glare and cannot be processed.
INVALID_DOCUMENT_TYPEDocument uploaded is not supported. Refer to supported document types listed.
INVALID_DOCUMENT_UPLOADDocument upload failed for other or unknown reasons.

Simulating Account Holder Creation in Sandbox

See Simulating Account Holder Creation page for detail.