Skip to main content
kycert integrates with external systems to fit into your existing compliance workflow. The Integrations section covers OneDrive document sync for automated archival, API keys for programmatic access from your internal systems, and webhook endpoints for real-time event-driven automation.

Microsoft OneDrive

The OneDrive integration automatically archives customer compliance documents and bureau reports to your organization’s cloud storage every time a customer is approved — no manual downloads required.

What it does

When a customer’s KYC status changes to approved, kycert automatically uploads the following to your connected OneDrive:
  • The full bureau compliance report (PDF)
  • All customer-submitted documents
Files are organized in a structured folder hierarchy: 
/kycert/{slug}/{customer-name}/{date}/
This structure makes it straightforward to locate records during regulatory audits or internal reviews.

Connecting OneDrive

1

Open the integration

Go to Settings → Integrations → OneDrive and click Connect.
2

Sign in with Microsoft

Sign in with your Microsoft work account (a personal Microsoft account will not have the required OneDrive for Business permissions).
3

Authorize kycert

Grant kycert permission to write files to your OneDrive. kycert only writes to the /kycert/ folder — it does not read or modify any other files.
4

Confirm the connection

Once authorized, kycert confirms the connection and begins syncing on the next customer approval.

Monitoring sync activity

After connecting, every new customer approval triggers a background sync job. You can monitor the history of all sync attempts — including any errors — in Settings → Integrations → OneDrive → Activity.
OneDrive sync requires your brokerage plan to include the Integrations add-on. If you don’t see the OneDrive option in Settings, contact kycert support to enable it on your plan.

API Keys

kycert exposes a REST API that lets your internal systems trigger bureau runs, retrieve results, and download compliance reports programmatically. You create and manage API keys in Settings → Developer → API Keys. Each key can be scoped to limit what it can do:
ScopePermission
runs:writeTrigger new bureau KYC runs for a CPF or CNPJ
runs:readRead bureau run results and download report PDFs
Important: your API key is shown only once at creation. Copy it immediately and store it in a secrets manager (such as a vault or environment variable store). If you lose the key, you must revoke it and generate a new one. For the full API reference — authentication headers, request/response formats, rate limits, and error codes — see the API Authentication guide.

Webhooks

Webhooks let kycert push real-time notifications to your systems the moment key events occur, without your systems needing to poll for updates. Configure your webhook endpoints in Settings → Developer → Webhooks. For each endpoint you register, kycert sends a signed HTTP POST request containing a structured JSON payload. Examples of events that trigger webhook notifications:
  • customer.approved — a customer’s KYC status changed to approved
  • customer.rejected — a customer was rejected
  • bureau.run.completed — a bureau run finished (with result)
All webhook deliveries are signed with HMAC-SHA256 using your webhook_secret, so your server can verify that the request genuinely originated from kycert before processing it. For the complete event catalog, payload schemas, retry behavior, and the step-by-step signature verification guide, see the Webhooks reference.

Health check

Use the kycert health endpoint to monitor API availability from your own infrastructure or uptime tool: 
GET https://admin.kycert.com.br/healthz
A healthy response returns: 
{ "status": "ok" }
If the endpoint returns anything other than status: "ok", treat the service as degraded and check the kycert status page for incident updates.