Service Architecture

VerifyHQ orchestrates multiple internal services to deliver comprehensive identity verification. This page describes how the major components interact.

High-Level Architecture

When you call any VerifyHQ API endpoint, the request flows through the API Gateway, which routes it to the appropriate verification service. Each service is independent but shares common infrastructure for queueing, storage, and event delivery.

Request Flow

Your App

API Client / SDK

API Gateway

Auth, Rate Limit, Routing

Verification Service

Identity / Document / etc.

NTM Engine

AI Models & OCR

Risk Manager

Scoring & Decisions

Event Bus

Kafka / Webhooks

Your Webhook

Callback URL

Core Services

API Gateway

The entry point for all API requests. Handles authentication (API key validation), rate limiting, request logging, and routing to downstream services. Supports idempotency keys for safe retries.

NTM Engine (Neural Trust Model)

The AI backbone of VerifyHQ. NTM handles document OCR extraction, liveness detection scoring, face matching, and document authenticity assessment. It processes images through multiple specialized models and returns structured confidence scores.

NTM Capabilities

Document text extraction (OCR) across 2,000+ African document types, anti-spoofing detection, face similarity scoring, document tamper detection, and age estimation.

Risk Manager

Aggregates signals from all verification services (identity, AML, device, IP) into a unified risk score. Uses configurable rules and ML models to make accept/reject/review decisions. Supports custom risk thresholds per client.

The Risk Manager receives events from each verification step and maintains a real-time risk profile for each user. It powers the Cognitive KYC endpoint which provides holistic risk assessment.

Event Bus

All verification state changes are published to the internal event bus (Kafka-backed). Events are consumed by:

Webhook delivery service — delivers signed events to your configured endpoints
Risk Manager — updates real-time risk profiles
Analytics pipeline — powers dashboard metrics and reporting
Watchlist monitoring — triggers re-screening when list updates arrive

Verification Services

Identity Service

Orchestrates multi-step KYC (document + liveness + face match)

Document Service

AI document extraction and authenticity verification via NTM

Liveness Service

Challenge-based photo verification and anti-spoofing

Phone/Email Service

OTP generation, delivery (SMS/email), and verification

Address Service

Proof-of-address document processing and validation

AML Service

Sanctions, PEP, and adverse media screening

Watchlist Service

Continuous monitoring with daily re-screening

Business Service

KYB — registry lookup, directors, UBO screening

Device/IP Service

Fingerprinting, geolocation, and fraud signal detection

Biometric Service

Face encoding, deduplication, and 1:N matching

Mobile Money Service

Account holder name lookup across African providers

Cognitive KYC

Unified AI risk assessment combining all signals

Data Flow & Storage

All verification data is encrypted at rest (AES-256) and in transit (TLS 1.3). Biometric data is stored as irreversible mathematical vectors. PII is isolated in a dedicated encrypted data store with row-level access control.

Document images are retained for the configured retention period (default: 90 days) and then permanently deleted. Verification results and audit logs are retained for 7 years to meet regulatory requirements.

Self-Hosted Deployment

Enterprise customers can deploy the full VerifyHQ stack within their own infrastructure. The self-hosted package includes all core services, NTM models, and the Risk Manager. Contact sales@verifyhq.com for details.