Skip to main content
You’ll go from no accountyour first verified agent + ContraToken in under 5 minutes.

What you’ll need

  • An email address.
  • ~5 minutes.
  • (Optional) A USDC-funded wallet — if you want to test the agentic (x402) entrypoint.

Step 1 · Sign up + get an API key

# Register
curl -X POST https://auth.contra.id/v1/programmatic/register \
  -H "Content-Type: application/json" \
  -d '{"email": "you@yourco.com", "password": "MyStr0ng!Pass"}'

# Check your email for the 6-character OTP, then:
curl -X POST https://auth.contra.id/v1/programmatic/verify-email \
  -H "Content-Type: application/json" \
  -d '{"email": "you@yourco.com", "code": "A3K9F2"}'
# → response.application.api_key  ← your x-api-key
Save the api_key — every /v1/* call below sends it as x-api-key.

Step 2 · Pick a verification workflow

curl https://identity.contra.id/v1/workflows \
  -H "x-api-key: $CONTRA_KEY"
You’ll see the 5 built-in workflows:
workflow_idUse
standard_kycDocument Verification + AML
enhanced_kyc+ Biometric KYC + phone
institutional_kyc+ Address + email
aml_onlyAML screening only
kybBusiness Verification + AML
Or compose your own with POST /v1/workflows.

Step 3 · Create a session for your user

curl -X POST https://identity.contra.id/v1/sessions \
  -H "x-api-key: $CONTRA_KEY" -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "enhanced_kyc",
    "vendor_data": "user-abc-123",
    "callback": "https://yourapp.com/contra/webhook"
  }'
# → { "session_id": "...", "url": "https://verify.contra.id/...", "status": "pending" }
Send the user to url. They scan their ID, take a selfie, done.

Step 4 · Get the decision (+ ContraToken)

curl https://identity.contra.id/v1/sessions/$SESSION_ID/decision \
  -H "x-api-key: $CONTRA_KEY"
When the user is approved: 
{
  "session_id": "sess_b3f1c2a4",
  "status": "approved",
  "compliance_level": "enhanced",
  "contra_token": "eyJhbGciOiJIUzI1NiI...",
  "node_results": {
    "document_verification": { "status": "passed" },
    "biometric_kyc":         { "status": "passed" },
    "aml_screening":         { "status": "passed" }
  }
}
The ContraToken is a signed JWT carrying the compliance attestation. No PII inside.

Step 5 · Verify the token on any inbound agent request

import { contra } from '@contra/sdk'
app.use(contra.middleware())
app.post('/api/pay', (req, res) => {
  // req.agent → { complianceLevel, jurisdiction, humanBinding, riskScore }
  if (req.agent.complianceLevel < 'enhanced') return res.status(403).end()
  // proceed
})

Next

Workflows · concepts

Compose your own verification recipes — required vs optional nodes, thresholds, retries.

x402 + A2A

The agentic-native entrypoint — pay-per-call USDC, wallet-as-tenant, no signup.