User Lifecycle & Webhooks
This page describes how a user moves from creation to an active, transacting state — and the webhooks Fuze sends at each step. It covers the standard path, the Request-for-Information (RFI) flow, the differences between onboarding methods, and how to handle every state, including the edge cases.
The essentials
Three rules that cover almost everything
- A user becomes
ACTIVEonly when both are true: KYC passed (kyc=true) and Terms & Conditions accepted (tnc=true).- When you receive a
KYC_RFIwebhook, present therfiUrlfrom its payload to your customer. They complete it and the flow continues.- A
KYC_REJECTEDuser is terminal — thatorgUserIdcannot be recovered. To let the customer retry, onboard them again with a neworgUserId.
Terms & Conditions acceptance is a separate API call (POST /api/v1/ol/user/tnc/update), not a webhook. KYC can pass while T&C is still pending; the user stays in PENDING until both are done.
Two statuses you track
A user carries two independent values. Read them together.
| Field | Meaning | Values |
|---|---|---|
userStatus | Lifecycle state — can the user transact? | PENDING · ACTIVE · INACTIVE · DELETED |
kyc | Whether KYC verification has passed | true / false |
tnc (T&C accepted) is the third input that gates activation.
INACTIVEmeans two different thingsDistinguish them by the
kycflag:
userStatus=INACTIVEwithkyc=false→ Rejected. Terminal; onboard again with a neworgUserId.userStatus=INACTIVEwithkyc=true→ Frozen. Reversible; the user returns toACTIVEon anUNFREEZEwebhook.
Lifecycle
flowchart TD
S[Client calls POST /user/create] --> C[CREATE · userStatus PENDING]
C --> P[KYC_PENDING · verification started]
P -->|more information needed| R[KYC_RFI · rfiUrl issued]
R -->|customer resubmits| P
P -->|verification passes| K[KYC_COMPLETED · kyc=true]
R -->|verification passes| K
P -->|cannot verify| X[KYC_REJECTED · terminal]
R -->|cannot verify| X
K -->|terms accepted| A[UPDATE · userStatus ACTIVE]
A -->|compliance hold| F[userStatus INACTIVE · frozen]
F -->|UNFREEZE| A
A -->|periodic re-check| R2[KYC_RFI · post-activation]
R2 -->|cleared| A
A -->|offboard| D[DELETE · userStatus DELETED]
RFI is optional. A clean user goes straight from KYC_PENDING to KYC_COMPLETED — RFI only occurs when Fuze needs more information. In the API-driven onboarding method, you will additionally receive KYC_DOC_UPLOADED (once per document) and KYC_FORM_SUBMITTED between KYC_PENDING and KYC_COMPLETED; see Onboarding methods.
Onboarding methods
The webhooks you receive depend on how KYC is performed. The same lifecycle applies; only the document-level events differ, because a webhook is sent only for a step that actually occurs on your integration.
How this page is organisedThe event payloads are identical across all methods — only which events fire, and in what order, changes. Each method section below gives just that method's sequences and the events it never receives; see Webhook events for the event summary and the Webhooks page for full payloads. Find your method, read that section.
Which webhooks each method sends
| Webhook | Fuze-Hosted | KYC Reliance |
|---|---|---|
CREATE | ✅ | ✅ |
KYC_PENDING | ✅ | — |
KYC_DOC_UPLOADED | — | — |
KYC_FORM_SUBMITTED | — | — |
KYC_RFI | ✅ (if needed) | ✅ (rare) |
KYC_COMPLETED | ✅ | ✅ |
KYC_REJECTED | ✅ | ✅ |
UPDATE (→ ACTIVE) | ✅ | ✅ |
Fuze-Hosted
The customer completes verification on a Fuze-hosted page. You request a KYC link and present it; Fuze handles document capture internally. This is DomePe's V1 flow.
- You receive:
CREATE,KYC_PENDING,KYC_RFI(only if needed),KYC_COMPLETEDorKYC_REJECTED,UPDATE. - You never receive:
KYC_DOC_UPLOADED,KYC_FORM_SUBMITTED.
| Journey | Sequence |
|---|---|
| Approved | CREATE → KYC_PENDING → KYC_COMPLETED → UPDATE (ACTIVE) |
| Approved after RFI | CREATE → KYC_PENDING → KYC_RFI → KYC_COMPLETED → UPDATE (ACTIVE) |
| Rejected | CREATE → KYC_PENDING → [KYC_RFI →] KYC_REJECTED |
KYC Reliance
You have already verified the customer under your own approved process and assert this to Fuze via API. Fuze runs its own screening and completes onboarding. This is the most minimal flow.
- You receive:
CREATE,KYC_COMPLETEDorKYC_REJECTED,UPDATE;KYC_RFIonly in the rare case Fuze's screening needs more. A briefKYC_PENDINGmay appear while Fuze screens. - You never receive:
KYC_DOC_UPLOADED,KYC_FORM_SUBMITTED.
| Journey | Sequence |
|---|---|
| Approved | CREATE → KYC_COMPLETED → UPDATE (ACTIVE) |
| Approved after RFI (rare) | CREATE → KYC_RFI → KYC_COMPLETED → UPDATE (ACTIVE) |
| Rejected (rare) | CREATE → [KYC_RFI →] KYC_REJECTED |
Possible webhooks from each state
What you can receive next, given where the user is. A blank means that transition does not occur.
| Current state | Possible next webhook → resulting state |
|---|---|
| PENDING (just created) | KYC_PENDING → verifying · KYC_COMPLETED → kyc passed · KYC_RFI → info needed · KYC_REJECTED → terminal · DELETE → deleted |
Verifying (KYC_PENDING) | KYC_RFI → info needed · KYC_COMPLETED → kyc passed · KYC_REJECTED → terminal · DELETE → deleted |
| RFI raised | KYC_COMPLETED → kyc passed · KYC_RFI → further info · KYC_REJECTED → terminal · DELETE → deleted |
| KYC passed, awaiting T&C | UPDATE → active (once tnc=true) · DELETE → deleted |
| ACTIVE | KYC_RFI → post-activation re-check · UNFREEZE/freeze → status change · UPDATE → profile change · DELETE → deleted |
Frozen (INACTIVE, kyc=true) | UNFREEZE → active · DELETE → deleted |
Rejected (INACTIVE, kyc=false) | Terminal — onboard again with a new orgUserId |
| Deleted | Terminal |
Post-activation sequences (all methods)
Once a user is ACTIVE, these apply regardless of onboarding method.
| Journey | Sequence |
|---|---|
| Re-check, then cleared | ACTIVE → KYC_RFI → KYC_COMPLETED → (ACTIVE) |
| Frozen, then restored | ACTIVE → (INACTIVE) → UNFREEZE → ACTIVE |
| Offboarded | ACTIVE → DELETE (DELETED) |
Handling edge cases
Responding to an RFIPresent the
rfiUrlto the customer. If Fuze needs something different afterwards, you will receive anotherKYC_RFI: a new request carries a new link; a resend of the same request carries the same link. There is no counter for you to maintain.
Rejection is terminal
KYC_REJECTEDis final for thatorgUserId. It may arrive after an RFI or directly — always handle it as terminal whenever it arrives, and do not assume an RFI will always precede it. To retry, onboard the customer again under a neworgUserId.
KYC passed but the user is notACTIVEThis means T&C has not been accepted yet. Confirm your
POST /api/v1/ol/user/tnc/updatecall succeeded. The user activates only whenkyc=trueandtnc=true.
Re-checks on active users (post-activation RFI)An already-
ACTIVEuser can receive aKYC_RFI— for example a periodic sanctions re-check or an expired document. Surface the link as usual; the user may be paused until it clears.
Design your handler as a state machine, not a fixed sequence: act on the webhook you receive given the user's current state. Webhooks may arrive more than once or slightly out of order (see Webhooks → delivery & retries), so make your processing idempotent.
Webhook events
User-entity events and when they fire. Full payloads use the standard event + data envelope and are documented on the Webhooks reference page — they are identical across onboarding methods.
| Event | Fires when | Key data fields |
|---|---|---|
CREATE | User is created | userStatus=PENDING, kyc=false, tnc=false |
KYC_PENDING | Verification started | userStatus=PENDING, kyc=false |
KYC_DOC_UPLOADED | A document is submitted (API-driven only) | docCategory, docSubCategory |
KYC_FORM_SUBMITTED | KYC form submitted (API-driven only) | userStatus=PENDING |
KYC_RFI | More information required | rfiUrl — present this to the customer |
KYC_COMPLETED | KYC passed | kyc=true (activates once tnc=true) |
KYC_REJECTED | KYC failed (terminal) | userStatus=INACTIVE, kyc=false |
UPDATE | Status change, e.g. activation | userStatus=ACTIVE, kyc=true, tnc=true |
UNFREEZE | Frozen user restored | userStatus=ACTIVE, kyc=true |
DELETE | User offboarded | userStatus=DELETED |