Skip to main content
The Vouchmark Widget is an embeddable verification flow that guides applicants through your configured KYB checks — CAC, TIN, bank, directors, AML screening and more — without them leaving your app. You configure a widget in the dashboard or via the Widget API, then integrate it client-side with one of our SDKs.

How it works

1

Create a widget

Configure which modules to run, set branding, flow order, risk thresholds, and allowed domains from the dashboard or API.
2

Install the SDK

Add the script tag (vanilla HTML) or install the React / React Native / Flutter package.
3

Open the widget

Call Vouchmark.open() (or render the component) when the applicant clicks your CTA. The widget handles the entire flow.
4

Handle results

Listen for onSuccess, onAbandon, and onError client-side. Verify the final decision server-side via webhooks.

Available SDKs

HTML / Vanilla JS

Drop a script tag and call Vouchmark.open(). Zero dependencies.

React

@vouchmark/widget-react — a single component with full TypeScript support.

React Native

@vouchmark/widget-react-native — native WebView wrapper with full-screen and modal presentation.

Flutter

vouchmark_widget — Dart package that renders the flow in a WebView with a JavaScript bridge.

Node.js (Server)

@vouchmark/node — create sessions, verify webhooks, and manage widgets server-side.

Widget modules

Every widget is composed of modules — individual checks you toggle on or off. The full catalog:
CategoryModules
Business identityBusiness profile, Industry classification
VerificationCAC, TIN, SCUML, Tax clearance, Business licence, Address, Bank account, Operational proof
People & ownershipDirectors KYC, Shareholders KYC, Beneficial ownership, Liveness check
DocumentsDocument vault
Screening & complianceAML screening, PEP screening, Sanctions screening, Adverse media
See Pricing for per-module costs.

Environments

Every widget runs in one of two widget environments:
EnvironmentPurposeBilling
sandboxTesting — mock results, no real lookupsFree
liveProduction — real verification lookupsCharged per module
When you integrate with an SDK, you pass three values that must all refer to the same environment:
ValueSandboxLive
environment prop"sandbox""live"
Publishable key (publicKey)test_pk_…live_pk_…
Widget ID (widgetId)Widget created with environment: "sandbox"Widget created with environment: "live"
Mixing environments fails. A test_pk_ key with environment: "live", or a live widget ID with environment: "sandbox", returns an error such as Environment mismatch or Widget is live; use a live API key and widget ID.

Where to find each value

  1. Publishable keyDeveloper settings in the dashboard. Sandbox keys start with test_pk_; live keys start with live_pk_.
  2. Widget IDOnboarding → Widgets. Each widget has an environment field; use an ID from the same environment as your key.
  3. environment prop — Set "sandbox" when using test_pk_…, and "live" when using live_pk_….

API and widget hosts

ServiceURL
API base URLhttps://api.vouchmark.com/v1
Widget embed hosthttps://widget.vouchmark.com
The same API base URL is used for staging and production. Sandbox vs live is determined by your credentials (test_pk_ / live_pk_, widget environment), not by a different hostname. SDKs load the widget from widget.vouchmark.com by default. That page bootstraps the session against api.vouchmark.com. Switch environments from the dashboard when creating widgets, or pass environment when opening the widget in your app.

Security

  • Domain allowlisting — restrict which origins can render the widget.
  • Signed requests — optionally require an HMAC signature on the session token so only your server can initiate flows.
  • IP allowlisting — lock down to specific server IPs for API-initiated sessions.

Events & webhooks

The widget emits lifecycle events that you can listen to client-side:
EventWhen
applicant.createdSession initialised
applicant.startedApplicant begins the first module
applicant.step_completedA module finishes
applicant.submittedAll modules done, awaiting decision
applicant.approvedPassed all thresholds
applicant.rejectedFailed risk thresholds
applicant.requires_reviewNeeds manual review
applicant.abandonedUser closed without finishing
Server-side webhook delivery is the source of truth. See Webhooks.