For institutions · POPIA · FICA · RICA

Replace fragile KYC with cryptographic verification pings.

Banks, telcos, employers, and marketplaces integrate Civic Anchor to replace document-based identity checks with live cryptographic proof. Every ping is webhook-auditable, mTLS-secured, FICA-aligned, and immediately billable.

Request API access Become a community node →Read the docs

Spaza shop, NGO, councillor, stokvel, religious organisation, employer? Self-register in under 5 minutes — no contracts, no IT lift.

Triple-Approval flow

How a verification ping moves through the stack

The Triple-Approval flow (PRD W3) ensures every verification is user-consented, cryptographically auditable, and instantly reconciled.

Your system calls

POST /api/v1/challenges with DID or QR token

User consents

Subject receives push notification, taps Approve in PWA

We resolve

Aggregate RICA telco + FICA bank + P2P anchors

We sign and bill

HSM-signed response + webhook event

User earns credit

5–10% of fee rebated as Civic Credit

Integration options

Choose the protocol that fits your stack. All support audit-immutable logging and real-time webhook events.

REST API

Standard HTTP POST/GET with JSON payloads. OpenAPI/Swagger at /api/docs.

mTLS required
Webhook events
Swagger explorer

tRPC

End-to-end type-safe. For first-party integrations and internal dashboards.

TypeScript types
Zero payload overhead
Streaming subscriptions

Enterprise

Dedicated tenancy, SLA, and private instance. Contact sales for pricing.

Single-tenant
Custom SLA
On-premise option

Which identifier do you store?

Every Civic Anchor identity carries three identifiers. Only one of them is safe to use as a foreign key in your customer database — the rest are display labels or proofs.

Identifier Mutability Use as foreign key?

Identifier	Mutability	Use as foreign key?
DID `did:civicanchor:018e4f2c-…`	Immutable. Minted at first enrollment, signed by the partner node, persists for life.	Yes — canonical
Username `@thandi-plumber`	Mutable in principle. Validated against reserved names + ASCII confusable squats at claim time.	Display label only
Continuity hash HMAC-SHA256 of the live biometric template	Changes on re-enrollment. Proof of biometric continuity, not an identifier.	No — proof, not ID

DID

did:civicanchor:018e4f2c-…

Immutable. Minted at first enrollment, signed by the partner node, persists for life.

Yes — canonical

Username

@thandi-plumber

Mutable in principle. Validated against reserved names + ASCII confusable squats at claim time.

Display label only

Continuity hash

HMAC-SHA256 of the live biometric template

Changes on re-enrollment. Proof of biometric continuity, not an identifier.

No — proof, not ID

Recommended pattern: store the DID in your CRM, display the username for human readability, re-verify the DID on every transaction. The cryptographic chain disambiguates even if a user changes their handle or two usernames look visually similar.

Pricing

Per-use billing in South African Rand. Volume discounts at 50k, 500k, and 2M+ pings per month. Annual contracts: additional 6–12% off.

View full pricing in ZAR →

Bank verification + Civic Transit provisioning are contract-only. Reach partners@civicanchor.id.

Regulatory alignment

Every claim on this page maps to a regulatory framework we can defend in writing.

POPIA

Data minimisation · lawful basis · user consent (Act 4 of 2013). Operator agreement included.

FICA-KYC

Tier-1 onboarding eligible · ongoing CDD per Financial Intelligence Centre Act, 38 of 2001.

RICA-equivalent

SIM-registration aligned · live biometric continuity per ICASA framework.

mTLS

Mutual authentication · audit-immutable log · tamper-evident hash chain.

Ready to integrate?

Start with our sandbox environment. No credit card required. POPIA Operator agreement issued at onboarding.

Request access Read API docs