Quickstart for PassFort Connect

PassFort Connect powers your customer onboarding by automating data sourcing. It enables you to run due diligence checks with data providers from around the globe - all through a single API.

How does it work?

Connect has three core elements:

  1. Profiles: The individuals and companies applying for your products. Profiles are created and updated via the Connect API.
  2. Checks: The automated processes which are used to help decide whether a profile should have access to your product. They replace manual work that would otherwise be needed to get information from data providers (e.g. gather all company filings from a corporate registry) or be needed to perform actions using data providers (e.g. run an electronic identity check). Checks are run via the Connect API.
  3. Data providers: The third-party services used to run checks (e.g. Experian, Companies House, or Onfido). When you run a check, details from the profile are sent to the relevant data provider, which performs the check and returns the result. Data providers are enabled for your account by members of the PassFort team. To see which data providers are enabled, log into the PassFort Portal and go to Providers.

You can integrate the Connect API with your existing customer relationship management (CRM) systems and/or customer lifecycle management (CLM) systems.

Find out if you're using Connect

To confirm whether you're using the PassFort Connect product, log into the PassFort Portal. If you can see a tab for Developer Settings, you're using PassFort Connect.

If you can't see this tab, you're using the full PassFort product.

Get your API keys

You have two API keys: One for your demo account and one for your production account.

When you make a call to PassFort, you should send one of these API keys in the header of your request. Send the API key for the account you're using at the time.

Use your demo account to try out features and test whether your configuration is working as expected. With your live account, any profiles you create count toward your profiles under management and you'll be charged for any checks you run.

To access your API keys, follow these steps once for your demo account and once for your live account:

  1. Log into the Portal with your demo login details or your production login details.
  2. Go to Developer Settings > API Key.
  3. Your API key(s) for the account you logged into are displayed. By default, there's a Master API key displayed under [Your company name] Master API Key.
If you're integrating with multiple systems (e.g. a CRM and a transaction monitoring system), you should follow the steps to issue one new API key for every system. You should do this for your demo account and your live account.
If you're using whitelisting, only whitelisted IP addresses should have access to your master key.

Keeping your API keys a secret

The API key is how PassFort knows the request is coming from you - and not a malicious third party.

Your API keys are unique to your accounts, so when you get your API keys, you should keep them a secret.

If you need to access the PassFort Connect API from an insecure location (e.g. the browser), contact our Support team and we’ll help find a solution.

Make a test API call

To check that you can use your API keys successfully, try making a call with each key to see if you get responses without errors.

In the header of each request you make, include a parameter called apikey that has the value of the key you want to test.

For example: "apikey": "adc5788e3b7fecc161d2a36916750ee10480a8c75841bd"

This example is not a real API key, so it's not possible to use it to make calls.

To run your test, make the call to the following endpoint once per key. The call returns the name of your API key and your institution.

Request endpoint:

GET https://api.passfort.com/4.0/whoami

Sample response:

"auditee_name": "Forexo Ltd Master API Key",
"institution": {
"id": "6bba3592-d9de-1ee5-8e97-ba8d8d13c558",
"logo_url": null,
"name": "Forexo Ltd"
"user": null

If you received a response with the API key name as the value for auditee_name, the test worked.

If you received an error message, check that you're sending a valid API key in the header of your request, and try again.

Start building your integration

Dive right in and try creating a profile with the steps in this guide.

> Create profiles

Get the step-by-step instructions for running some of the most used checks in these guides for checks - and there are even more checks, which you can find listed in the Connect API reference linked below.

Use the Connect API reference to get a list of every call you can make, along with the required and optional fields you can send and receive.

Check out Configuring webhooks to get a list of the webhook events you can listen to and instructions to set them up.

If you're one of our feedback partners for the new draft policies feature, get instructions for using the Policy Builder.

The PassFort Connect API is a light-touch version of the full PassFort API. Any additional content you may see in the help centre that's not listed in the Connect API reference (e.g. applications, tasks, risk, forms, or managing profiles via the Portal) is not relevant to the Connect module. The Connect module also doesn't use permissions for the Portal - if you have a login for the Portal, you can access the developer setting and billing.
PassFort's false positive reduction service is not offered with the Connect module.
The other documentation on this site includes examples of requests. When making the requests, you should always send the apikey in the header with the value of your key.

How did we do?

Powered by HelpDocs (opens in a new tab)