Verify an individual (eKYC)

Use POST /v5/forms with type: "individual" and subType: "none" to create a hosted eKYC flow — ID-document capture plus a liveness/biometrics check. The customer gets a formUrl you share with them; there's no data form for personal details.

Use the data form flow instead if you want the customer to enter their personal details, address, and identity documents on a hosted form.

Request fields

The eKYC flow needs almost nothing — just enough to identify the customer and confirm the verification country.

Name
userId
Type
string
Description
Optional. Your internal user identifier.
Name
onBehalfUid
Type
string
Description
Optional. The UID of an onBehalf account if submitting on behalf of another organisation.
Name
tags
Type
array
Description
Optional. Array of tag labels to attach to the verification for filtering and reporting. Use >>> (with surrounding spaces) to express hierarchy (e.g. tier-1 >>> gold). Up to 50 tags, each up to 500 characters. Labels referenced here are auto-registered into your tag registry on submission.
Name
country
Type
string
Description
ISO3 Country code. Currently documented: AUS, NZL. See Countries.
Name
type
Type
string
Description
Always "individual" for this flow.
Name
subType
Type
string
Description
Always "none" for this flow.
Name
email
Type
string
Description
Required. Used to identify the customer in the eKYC flow. The formUrl returned in the response is what you share with the customer; bronID does not email the link automatically.
Name
firstName
Type
string
Description
Optional. Pre-fills the customer's first name.
Name
lastName
Type
string
Description
Optional. Pre-fills the customer's last name.

Country-specific validations (driver-licence number formats, passport patterns, Medicare checksums) are applied automatically when the customer captures their identity document inside the eKYC flow. You don't pre-fill identity documents here. The flow is otherwise identical for AUS and NZL.

Example

The same minimal payload works for both countries — only country differs.

Australian customer; you have their name and email and want them to complete the rest themselves.

Request

POST

/v5/forms

curl https://dev.bronid.com/v5/forms \
  --user "XL7ULiU6B4QE9Y2iWFZnhtMDKFN2:api_sec_NJAtNcRtUrPlf7xYDrMNP9URI-ZfN314" \
  --header "Content-Type: application/json" \
  --data '{
      "userId": "user-ekyc-001",
      "country": "AUS",
      "type": "individual",
      "subType": "none",
      "firstName": "Jane",
      "lastName": "Citizen",
      "email": "jane@example.com",
      "tags": ["region:apac", "tier-1 >>> gold"]
  }'

Response

{
  "timestamp": "2026-05-08T04:34:37.668Z",
  "serviceUid": "XL7ULiU6B4QE9Y2iWFZnhtMDKFN2",
  "trace": "1LuRUfAcaskosWc07nARZ",
  "path": "/v5/forms",
  "pathParams": {},
  "statusCode": 200,
  "message": "ID form created successfully",
  "help": null,
  "status": "success",
  "data": {
    "id": "1LuRUfAcaskosWc07nARZ",
    "formUrl": "https://forms-preview.bronid.com/ekyc-start/1LuRUfAcaskosWc07nARZ",
    "name": "Jane Citizen",
    "help": null
  },
  "error": null
}

Form lifecycle

Create form. POST /v5/forms returns a formUrl.
Share the form. Email the link, redirect the user, or embed it in your app.
Customer completes the eKYC flow. They capture an ID document and complete the liveness/biometrics check.
Verification starts. bronID processes the eKYC submission.
Webhook notification. You receive status updates via Webhooks.

Form URLs are tied to a specific verification trace. Once submitted, the URL shows the submission status rather than allowing re-submission. Form URLs expire after 31 days in production, or 20 minutes in Preview. Restore an expired form with the Unlock form endpoint.

What's next?

Data-form alternative (collect details on a hosted form): Verify an individual (data form)
Restoring an expired form: Unlock form
Test outcomes for development: Test values
Verification lifecycle: Verification statuses