How it works
Create a widget
Configure which modules to run, set branding, flow order, risk thresholds, and allowed domains from the dashboard or API.
Install the SDK
Add the script tag (vanilla HTML) or install the React / React Native / Flutter package.
Open the widget
Call
Vouchmark.open() (or render the component) when the applicant clicks your CTA. The widget handles the entire flow.Available SDKs
HTML / Vanilla JS
Drop a script tag and call
Vouchmark.open(). Zero dependencies.React
@vouchmark/widget-react — a single component with full TypeScript support.React Native
@vouchmark/widget-react-native — native WebView wrapper with full-screen and modal presentation.Flutter
vouchmark_widget — Dart package that renders the flow in a WebView with a JavaScript bridge.Node.js (Server)
@vouchmark/node — create sessions, verify webhooks, and manage widgets server-side.Widget modules
Every widget is composed of modules — individual checks you toggle on or off. The full catalog:| Category | Modules |
|---|---|
| Business identity | Business profile, Industry classification |
| Verification | CAC, TIN, SCUML, Tax clearance, Business licence, Address, Bank account, Operational proof |
| People & ownership | Directors KYC, Shareholders KYC, Beneficial ownership, Liveness check |
| Documents | Document vault |
| Screening & compliance | AML screening, PEP screening, Sanctions screening, Adverse media |
Environments
Every widget runs in one of two widget environments:| Environment | Purpose | Billing |
|---|---|---|
sandbox | Testing — mock results, no real lookups | Free |
live | Production — real verification lookups | Charged per module |
| Value | Sandbox | Live |
|---|---|---|
environment prop | "sandbox" | "live" |
Publishable key (publicKey) | test_pk_… | live_pk_… |
Widget ID (widgetId) | Widget created with environment: "sandbox" | Widget created with environment: "live" |
Where to find each value
- Publishable key — Developer settings in the dashboard. Sandbox keys start with
test_pk_; live keys start withlive_pk_. - Widget ID — Onboarding → Widgets. Each widget has an
environmentfield; use an ID from the same environment as your key. environmentprop — Set"sandbox"when usingtest_pk_…, and"live"when usinglive_pk_….
API and widget hosts
| Service | URL |
|---|---|
| API base URL | https://api.vouchmark.com/v1 |
| Widget embed host | https://widget.vouchmark.com |
test_pk_ / live_pk_, widget environment), not by a different hostname.
SDKs load the widget from widget.vouchmark.com by default. That page bootstraps the session against api.vouchmark.com.
Switch environments from the dashboard when creating widgets, or pass environment when opening the widget in your app.
Security
- Domain allowlisting — restrict which origins can render the widget.
- Signed requests — optionally require an HMAC signature on the session token so only your server can initiate flows.
- IP allowlisting — lock down to specific server IPs for API-initiated sessions.
Events & webhooks
The widget emits lifecycle events that you can listen to client-side:| Event | When |
|---|---|
applicant.created | Session initialised |
applicant.started | Applicant begins the first module |
applicant.step_completed | A module finishes |
applicant.submitted | All modules done, awaiting decision |
applicant.approved | Passed all thresholds |
applicant.rejected | Failed risk thresholds |
applicant.requires_review | Needs manual review |
applicant.abandoned | User closed without finishing |
