KYC Onboarding
What it does
Section titled “What it does”KYC (Know Your Customer) is the onboarding verification process for new users who register and want to become verified consultancy partners. Users submit their business documents; an admin reviews and either approves or rejects the submission.
1. User registers → kyc_status: NOT_SUBMITTED
2. User submits consultancy info (Step 1) └── POST /api/auth/kyc-submit-info └── Saves: location, consultancy name, address, phone, tel, email └── kyc_status remains NOT_SUBMITTED
3. User uploads KYC documents (Step 2) └── POST /api/auth/kyc-submit-files └── Uploads: registration_file (company registration), pan_file (PAN card) └── kyc_status → SUBMITTED
4. Admin reviews └── In dashboard: Users tab → KYC Review modal └── Admin can approve → role promoted to AGENT, kyc_status → APPROVED └── Admin can reject → kyc_status → NOT_SUBMITTED (user can resubmit)kyc_status values
Section titled “kyc_status values”| Status | Meaning |
|---|---|
NOT_SUBMITTED | User has not yet submitted KYC (or was rejected) |
SUBMITTED | Documents submitted, awaiting admin review |
APPROVED | KYC approved — user has been promoted to AGENT |
Data stored on users table
Section titled “Data stored on users table”KYC data is stored directly on the users table rather than a separate kyc_submissions table:
users.kyc_status TEXTusers.kyc_location TEXTusers.kyc_registration_file TEXT (file key)users.kyc_pan_file TEXT (file key)users.consultancy_name TEXTusers.consultancy_address TEXTusers.consultancy_phone TEXTusers.consultancy_tel TEXTusers.consultancy_email TEXTDesign note: Storing KYC data on the
userstable means there’s no history of previous submissions or rejections. If a user is rejected and resubmits, the old files are simply overwritten. If you need an audit trail (e.g., for compliance), KYC submissions should be in their own table with a foreign key tousers.
API endpoints
Section titled “API endpoints”| Method | Path | Auth | Description |
|---|---|---|---|
POST | /api/auth/kyc-submit-info | Token (USER) | Save consultancy info |
POST | /api/auth/kyc-submit-files | Token (USER) | Upload registration + PAN files |
PUT | /api/admin/users/:id/role | ADMIN | Approve (promote to AGENT) or reject |
POST | /api/admin/users/:id/kyc-reject | ADMIN | Reject and reset to NOT_SUBMITTED |
Frontend: KYC Onboarding component
Section titled “Frontend: KYC Onboarding component”Located at src/components/Dashboard/Onboarding/KycOnboarding.tsx.
This component is shown to USER-role accounts whose kyc_status is not APPROVED. It renders a two-step wizard:
- Consultancy information form
- Document upload form
Once submitted, the user sees a “pending review” message until admin approves.
Admin review
Section titled “Admin review”In the dashboard Users tab, admins see a list of all users with their KYC status. Clicking a user with SUBMITTED status opens the KycReviewModal, which shows:
- Consultancy name, address, phone, email
- Clickable links to registration and PAN files
- Approve button (promotes to AGENT and sets kyc_status to APPROVED)
- Reject button (resets kyc_status to NOT_SUBMITTED)
Validation
Section titled “Validation”Input sanitization in the info submission:
sanitizeString()applied to all text fields (strips<>'";\\, trims, limits to 255 chars)sanitizePhone()applied to phone fields (allows digits,+, spaces,-,())- Email validated with regex if provided
- Consultancy name, address, and mobile phone are required fields