Skip to main content
Customers are the foundation of every payment flow in Straddle—representing the individuals or businesses who send and receive money through your platform. When you create a customer, Straddle automatically triggers identity verification, fraud screening, and compliance checks in real-time, enabling instant onboarding while maintaining security.

What This Guide Covers

This comprehensive guide provides everything you need to implement customer management:
  • Customer lifecycle: From creation through verification to ongoing monitoring
  • Identity verification: How automated KYC/AML checks work behind the scenes
  • Review process: Understanding and decisioning customers flagged for review
  • Business customers: Special requirements for company verification
  • Best practices: Optimizing approval rates while preventing fraud

The Customer Object

Every customer in Straddle represents either an individual person or a business entity. The customer object contains identity information, verification status, and metadata that enables secure payment processing.

Core Fields

FieldTypeDescription
idstringUnique identifier for the customer, generated by Straddle
namestringFull name of the individual or business name
typestringType of customer: individual or business
emailstringCustomer’s email address
phonestringCustomer’s phone number in E.164 format (+1234567890)
external_idstringYour system’s unique identifier for this customer
statusstringCurrent verification status: pending, review, verified, rejected, inactive

Address Object

FieldTypeDescription
address.address1stringPrimary address line
address.address2stringSecondary address line (optional)
address.citystringCity name
address.statestringState code (2-letter abbreviation)
address.zipstringZIP code (5 or 9 digits)

Compliance Profile

FieldTypeDescriptionApplies To
compliance_profile.dobstringDate of birth (YYYY-MM-DD format)Individual
compliance_profile.ssnstringFull or last 4 digits of SSN (always masked in responses)Individual
compliance_profile.einstringEmployer Identification NumberBusiness
compliance_profile.legal_business_namestringLegal entity name as registeredBusiness
compliance_profile.websitestringCompany’s official website URLBusiness
compliance_profile.representativesarrayList of authorized representatives with ownership detailsBusiness

Additional Fields

FieldTypeDescription
device.ip_addressstringIP address captured during customer creation (used for fraud detection)
configobjectConfiguration options including sandbox testing outcomes
metadataobjectCustom key-value pairs for your reference
created_atdatetimeISO 8601 timestamp of creation
updated_atdatetimeISO 8601 timestamp of last update

Automatic Identity Verification

When you create a customer, Straddle automatically triggers a comprehensive verification pipeline that includes:
  • Fraud: Straddle employs a machine learning model trained with hundreds of predictors to detect the likelihood of identity fraud. Provides 98% instant risk decisions without the need for selfies.
  • Synthetic Identities: Purpose-built and trained with consortium data to tackle fake and randomized synthetic identity patterns. Produces highly accurate, real-time, actionable risk scores and reason codes, with 90% auto-capture in the riskiest 3% of users.
  • Email / Phone / Address Risk: Provides a risk score and correlation value for email addresses, phone numbers, and physical addresses. Risk scores use ML models trained on specific variables and layered with 800 million rows of known good and bad outcomes to predict the likelihood of fraud.
  • Device Risk (Coming Soon): Predicts risk associated with a device using data attributes such as IP, geolocation, device type, and device software. Device is the first application fraud solution that “binds” a device to the individual using it to counter application fraud and validate customer logins.

Know Your Customer (KYC) matches consumer-provided PII against the closest single identity on record or best-matched entity and returns a true or false value indicating the likelihood of a match. KYC is a legal requirement for financial institutions and financial services companies to establish a consumer’s identity and identify risk factors.

Straddle KYC is accurately auditable and fully compliant with Section 326 of the US Patriot Act, the Customer Identification Program (CIP), and FinCEN’s expanded Customer Due Diligence (CDD) program.

Include dob and ssn in the “Compliance Profile” of an API request when creating a customer to trigger KYC validation

Global Watchlist Screening with Monitoring identifies risk by matching person and non-person entities against sanctions and enforcement lists, as well as Politically Exposed Persons (PEP) and adverse media registries worldwide.

Features

  • Sanctions and Enforcements Screening: Screen consumers and businesses during onboarding to identify if they are sanctioned or flagged by enforcement authorities.
  • PEP Screening: Screen individuals against PEP lists to identify those who could pose a higher Anti-Money Laundering (AML) risk.
  • Adverse Media Screening: Protect your company’s reputation by identifying individuals associated with news items related to financial crimes.
  • Real-Time Monitoring: Continuously monitor existing customers in real time to determine if they appear on updated sanctions or PEP lists.

OFAC SDN and consolidated lists

US, Canada, and global lists

Enforcement lists

311 Special Measures

OIG exclusion lists

EPLS, HIDTA, HIFCA

Customer Status Lifecycle

Every customer progresses through a defined verification lifecycle:
StatusDescriptionNext Actions
pendingInitial state, verification in progressWait for automatic verification to complete
reviewManual review required (rare edge cases)Use /review endpoint to see details, then /decision to approve/reject
verifiedPassed all verification checksReady to process payments
rejectedFailed verification requirementsCannot process payments, may need new customer
inactiveDeactivated customer accountNo longer able to transact
Security: SSN values are always masked in API responses. Use the /unmasked endpoint only when absolutely necessary and ensure proper access controls.

Creating a Customer

To create a customer, you’ll use the POST /v1/customers endpoint. Here’s an example of how to create a customer using the Straddle API: 
curl -X POST https://api.straddle.com/v1/customers \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Doe",
    "type": "individual",
    "email": "[email protected]",
    "phone": "+1234567890",
    "address": {
      "address1": "123 Main St",
      "city": "Anytown",
      "state": "CA",
      "zip": "12345",
      "type": "residential"
    },
    "compliance_profile": {
      "dob": "1990-01-01",
      "ssn": "123-45-6789"
    },
    "external_id": "cust_123",
    "metadata": {
      "user_id": "user_123"
    }
  }'
This request creates a new customer with the provided information. The response will include a unique id for the customer, which you’ll use for future operations.
Ensure that you handle sensitive information like SSNs securely and in compliance with relevant regulations.

Retrieving Customer Information

To retrieve information about a customer, use the GET /v1/customers/{id} endpoint: 
curl https://api.straddle.com/v1/customers/{id} \
  -H "Authorization: Bearer YOUR_API_KEY"

Updating Customer Information

You can update a customer’s information using the PUT /v1/customers/{id} endpoint: 
curl -X PUT https://api.straddle.com/v1/customers/{id} \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Smith",
    "email": "[email protected]"
  }'
Updating certain fields may trigger a re-verification process, which could change the customer’s status.

Listing Customers

To retrieve a list of customers, use the GET /v1/customers endpoint. This endpoint supports pagination and various filter options: 
curl "https://api.straddle.com/v1/customers?page_number=1&page_size=10&sort_by=created_at&sort_order=desc" \
  -H "Authorization: Bearer YOUR_API_KEY"
You can filter customers by various parameters such as status, type, created_from, created_to, and more. Refer to the API reference for a complete list of available filters.

Handling Review Status

When customers require manual review (status = review), use two endpoints to handle the review process:

1. Get Review Details

Retrieve detailed verification results using GET /v1/customers/{id}/review: 
curl https://api.straddle.com/v1/customers/{id}/review \
  -H "Authorization: Bearer YOUR_API_KEY"
The review response includes:
  • identity_details: Complete identity verification results including KYC, watchlist, reputation scores
  • customer_details: Current customer information
  • messages: Specific issues or requirements
  • network_alerts: Any consortium fraud signals

2. Make a Decision

After reviewing the details, make a decision using PATCH /v1/customers/{id}/review: 
curl -X PATCH https://api.straddle.com/v1/customers/{id}/review \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "status": "verified"  // or "rejected"
  }'

Accessing Sensitive Data

Compliance Alert: Access to unmasked data requires special permissions and generates audit logs. Only use when absolutely necessary for regulatory compliance or customer support.

Retrieve Unmasked Data

Use GET /v1/customers/{id}/unmasked to access full sensitive information: 
curl https://api.straddle.com/v1/customers/{id}/unmasked \
  -H "Authorization: Bearer YOUR_API_KEY"
The unmasked endpoint returns:
  • Full SSN (not just last 4 digits)
  • Complete compliance profile data
  • All sensitive fields in plaintext

Best Practices

Optimize Approval Rates

  • Include full address (address1, city, state, zip)
  • Provide accurate phone numbers in E.164 format
  • Use legal names matching government IDs
  • Include SSN for immediate KYC verification

Handle Reviews Properly

  • Use /review endpoint to understand issues
  • Make timely decisions with /review PATCH
  • Document decision rationale for compliance
  • Monitor review rates to identify patterns

Maintain Security

  • Never log or store unmasked SSN data
  • Use /unmasked endpoint sparingly
  • Implement audit logging for sensitive access
  • Rotate API keys regularly

Use Webhooks

  • Set up customer status change notifications
  • React to review status immediately
  • Track verification success rates
  • Monitor for unusual patterns

Understanding Verification Results

The /review endpoint provides detailed verification results including:
  • KYC Results: Identity match confidence and specific field matches
  • Reputation Scores: Email, phone, and address risk assessments
  • Watchlist Results: Any sanctions, PEP, or adverse media hits
  • Network Alerts: Consortium fraud signals and patterns
  • Messages: Specific verification issues with reason codes
For complete reason code reference, see Reason Codes Guide.

Testing in Sandbox

Use the config.sandbox_outcome field to test different verification scenarios: 
{
  "name": "Test User",
  "type": "individual",
  "config": {
    "sandbox_outcome": "verified"  // or "review", "rejected"
  }
  // ... other fields
}

Business Customers

Business customers require additional fields in the compliance profile:
  • ein: Employer Identification Number
  • legal_business_name: Official registered name
  • website: Company website
  • representatives: Array of authorized signers with ownership percentages
See Business Identity Guide for complete requirements.

Next Steps

API Reference

Complete endpoint documentation for customers

Business Identity

Special requirements for business verification

Reason Codes

Understanding verification messages and codes

Webhook Events

Set up real-time customer status notifications