/
Sumsub Travel Rule Provider

Sumsub Travel Rule Provider

CAS version 20251001 introduced SumSub as a Travel Rule provider.

Sumsub offers an all-in-one compliance platform that allows Virtual Asset Service Providers (VASPs) to securely exchange originator and beneficiary data to meet FATF Recommendation 16.

Sumsub supports multiple major Travel Rule messaging protocols, including TRP, GTR (Binance’s protocol), CODE, and Sygna.

Sumsub is offered in CAS for Identity Verification (KYC/KYB): https://generalbytes.atlassian.net/wiki/x/A4CQ9w

Overview

1. Expose a webhook endpoint on your CAS host (using CLI).

Instructions: https://generalbytes.atlassian.net/wiki/x/AYBeCwE

Do not proceed until you have created & successfully tested a working webhook endpoint.

2. Navigate to Sumsub.

You must proceed as an account administrator to have sufficient privileges.

In the next steps, you’ll acquire these parameters from your SumSub account:

  1. App Token,

  2. App Token Secret Key, and

  3. Webhook secret key.

3. Create (and configure) an API Token pair at Sumsub.

Navigate to: “Dev space” > “App tokens”

  • Click “Generate App Token”.

  • Allow all permissions.

    • The token must include the "Create applicants" permission (amongst others).

    • The "Create applicants" permission is not available to non-Admin accounts.

  • Save the CAS required parameters: App Token and App Token Secret Key.

4. Create (and configure) a webhook at Sumsub.

Navigate to: “Dev space” > “Webhooks” > “Webhook manager”

  • Click “Create webhook”. See: https://docs.sumsub.com/docs/webhooks

  • Set “Webhook types” to ALL,

    • unless you use Sumsub for TRAVEL RULE ONLY, then enable these (minimum):

      • applicantKytOnHold, applicantKytTxnApproved, applicantKytTxnRejected

  • Set HTTP Headers (required):

    • Key: Vasp-Did

    • Value: <VASP DID assigned by Sumsub>

  • Set the Signature Algorithm to: SHA512

  • Set the Target webhook to the working webhook endpoint determined in part 1 (above).

  • Copy and save the “Secret key” as the CAS required parameter: Webhook Secret Key.

  • Ensure the webhook status is ENABLED.

5. Configure CAS.

Add the Sumsub Travel Rule Provider.

  • Navigate to CAS: Travel Rule > Travel Rule Providers

Fill the required blanks with the data collected in the previous steps:

image-20260120-191440.png

  • Client ID: App Token (from Sumsub)

  • Client Secret: App Token Secret key (from App Token)

  • Private Key: Webhook Secret key

  • VASP DID: VASP DID assigned by Sumsub

    • See the Sumsub Dashboard under Transactions and travel rule → VASPs list

After saving the provider:

Reopen the Provider and click Test Configuration. It will verify that the configuration is valid.

6. Configure your BUY/SELL flows to comply as required.

Travel Rule: BUY

Travel Rule: SELL

 

 

Copyright © 2020-2026 General Bytes USA LLC