Compliance
/
Broadcast on-chain txId

Travel Rule Protocol (TRP) API (3.2.1)

Public TRP API for VASP-to-VASP Travel Rule data exchange.

Working with the documentation

This section describes the public endpoints of the Travel Rule Protocol (TRP) Registry API. These endpoints allow third-party systems and Virtual Asset Service Providers (VASPs) to discover, identify and register participants in the TRP network.

The API follows REST conventions and returns responses in JSON format. All requests should be made over HTTPS.

Introduction: How the TRP Public API Works

The TRP API enables VASPs to:

  • Authenticate using API keys
  • Generate unique Travel Addresses for beneficiaries
  • Initiate Travel Rule transfers
  • Exchange originator and beneficiary data securely
  • Receive callback notifications from TRP during the verification process

TRP follows global compliance standards (FATF, IVMS101) and ensures secure, encrypted communication between VASPs.

Every integration follows one simple flow:

  1. Request JWT token → authenticate your VASP
  2. Generate Travel Address → unique identifier for the beneficiary VASP
  3. Initiate Transfer → send IVMS101-compliant data
  4. Receive callback → TRP sends status updates to your backend

Authentication Overview

Before calling any protected endpoint, your system must generate a JWT access token using your API Key. This ensures:

  • Secure API access
  • Verified VASP identity
  • Ability to track API usage
  • Authorization for initiating Travel Rule transfers

The access token is short-lived (TTL ≈ 1 hour) for security reasons. Pass it as Authorization: Bearer <jwt> on every protected endpoint.

Conventions

  • All bodies are application/json unless explicitly stated.
  • Successful responses are wrapped in { "status": true, "data": ... }.
  • Errors are wrapped in { "status": false, "errors": [{ "code", "message" }] }.
  • Timestamps use ISO-8601 in UTC.
  • Country codes follow ISO-3166-1 alpha-2.
Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL

https://docs.travel-rule.com

KYCAID TRP Team

support@travel-rule.com

License

Proprietary

Languages
Servers
Production public API host

https://trp.travel-rule.com/

http://localhost:3000/

Identity

Public identity endpoints. These return non-sensitive VASP metadata (legal name, LEI, x509 public key) and server health. They do not require authentication.

Operations

Auth

Authentication endpoints. Use your API Key (issued in the TRP dashboard) to obtain a short-lived JWT that authorises every protected call.

Operations

Address

Travel Address endpoints. A Travel Address is an opaque, URL-safe encoding of a beneficiary VASP route. It is generated by the beneficiary VASP and shared with the originator VASP so that IVMS101 data can be routed back.

Operations

Transfer

High-level Travel Rule transfer operations from the originator VASP perspective. Transfers can flow two ways depending on what was provided at initiation:

  • OPEN_VASP — beneficiary VASP is reachable via Travel Address.
  • EMAIL — beneficiary VASP is unknown; we send an email so the recipient can self-attest.
Operations

Compliance

Inter-VASP compliance endpoints called when TRP routes data between participating VASPs. They are typically invoked by other VASPs / TRP itself, not by your front-end.

Operations

Receive inquiry from another VASP

Request

Inbound endpoint. Called by an originator VASP (via Travel Address routing) to ask whether our VASP holds the beneficiary identified by beneficiaryPublicId.

If the beneficiary exists, TRP:

  1. creates / approves a corresponding Transfer record,
  2. queues an INQUIRY_RESOLUTION callback to the caller-provided callback URL with the beneficiary wallet address.

Authentication is not required — request integrity is guaranteed by the originator's signed x-data-integrity header and by the inclusion of the encoded Travel Address.

Path
beneficiaryPublicIdstring(uuid)required

Public ID of the beneficiary applicant (UUID).

Headers
api-versionstring

TRP protocol version. Defaults to 3.2.1.

Example: 3.2.1
request-identifierstring(uuid)

UUID used to correlate the call with its asynchronous callback.

Bodyapplication/jsonrequired
assetstring[ 1 .. 20 ] charactersrequired
amountstring[ 1 .. 50 ] characters^\d+(\.\d+)?$required
IVMS101object(IVMS101Originator)required

Full IVMS101 originator envelope sent in callbacks. Mirrors the originatingVASP and originator fields used by the KYCAID TRP backend.

IVMS101.​originatorobject
IVMS101.​beneficiaryobject
IVMS101.​originatingVASPobject
IVMS101.​beneficiaryVASPobject
callbackstring^https?:\/\/.+$required
curl -i -X POST \
  'https://trp.travel-rule.com/transfers/inquiry/{beneficiaryPublicId}' \
  -H 'Content-Type: application/json' \
  -H 'api-version: 3.2.1' \
  -H 'request-identifier: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
  -d '{
    "asset": "BTC",
    "amount": "0.05",
    "IVMS101": {
      "originator": {
        "originatorPersons": [
          {
            "naturalPerson": {
              "name": {
                "nameIdentifier": [
                  {
                    "primaryIdentifier": "Marley",
                    "secondaryIdentifier": "Bob",
                    "nameIdentifierType": "LEGL"
                  }
                ]
              }
            }
          }
        ]
      },
      "originatingVASP": {
        "originatingVASP": {
          "legalPerson": {
            "name": {
              "nameIdentifier": [
                {
                  "legalPersonName": "Originator VASP Ltd",
                  "legalPersonNameIdentifierType": "LEGL"
                }
              ]
            },
            "nationalIdentification": {
              "nationalIdentifier": "529900T8BM49AURSDO55",
              "nationalIdentifierType": "LEIX"
            }
          }
        }
      }
    },
    "callback": "https://originator-vasp.com/trp/inquiry-resolution?q=0193abc4-…"
  }'

Responses

Inquiry accepted; an INQUIRY_RESOLUTION callback will follow.

Bodyapplication/json
statusbooleanrequired
Value true
dataobject
Response
application/json
{
  "status": true
}

Receive inquiry resolution

Request

Inbound endpoint. Called by the beneficiary VASP to respond to a previously issued INQUIRY callback.

The request locates the transfer by the q query parameter (transfer publicId), stores the approved wallet address against the beneficiary applicant, marks the transfer as APPROVED, and queues a TRANSFER_RESOLUTION callback to the originator VASP.

Query
qstring(uuid)required

Public ID of the transfer (UUID).

Bodyapplication/jsonrequired
approvedstring or objectrequired

Either a plain wallet address string, or a structured object with an address and an optional callback override.

One of:

Either a plain wallet address string, or a structured object with an address and an optional callback override.

<= 100 characters
string<= 100 characters

Either a plain wallet address string, or a structured object with an address and an optional callback override.

callbackstring^https?:\/\/.+$

Optional override for the next callback URL.

curl -i -X POST \
  'https://trp.travel-rule.com/transfers/inquiryResolution?q=497f6eca-6276-4993-bfeb-53cbbbba6f08' \
  -H 'Content-Type: application/json' \
  -d '{
    "approved": "bc1qbeneficiaryaddressxx",
    "callback": "https://originator-vasp.com/trp/transfer-resolution"
  }'

Responses

Resolution stored.

Bodyapplication/json
statusbooleanrequired
Value true
dataobject
Response
application/json
{
  "status": true,
  "data": {}
}

Broadcast on-chain txId

Request

Called by the originator VASP once the on-chain transaction has been broadcast. Stores txId on the transfer and forwards a TRANSFER_CONFIRMATION callback to the beneficiary's stored confirmation URL.

Security
BearerAuth
Query
qstring(uuid)required

Public ID of the transfer (UUID).

Bodyapplication/jsonrequired
txIdstring[ 1 .. 255 ] charactersrequired
curl -i -X POST \
  'https://trp.travel-rule.com/transfers/txId?q=497f6eca-6276-4993-bfeb-53cbbbba6f08' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "txId": "5b1c8f7d9a4e7c3b…"
  }'

Responses

TxId stored and confirmation queued.

Bodyapplication/json
statusbooleanrequired
Value true
dataobject
Response
application/json
{
  "status": true,
  "data": {}
}

Receive transfer confirmation

Request

Inbound endpoint that receives the final TRANSFER_CONFIRMATION callback. Persists the on-chain txId against the transfer.

Also used as the landing endpoint for self-hosted (EMAIL flow) beneficiaries when they click the confirmation link.

Query
qstring(uuid)required

Public ID of the transfer (UUID).

Bodyapplication/jsonrequired
txIdstring[ 1 .. 255 ] charactersrequired
curl -i -X POST \
  'https://trp.travel-rule.com/transfers/confirmation?q=497f6eca-6276-4993-bfeb-53cbbbba6f08' \
  -H 'Content-Type: application/json' \
  -d '{
    "txId": "5b1c8f7d9a4e7c3b…"
  }'

Responses

Confirmation stored.

Bodyapplication/json
statusbooleanrequired
Value true
dataobject
Response
application/json
{
  "status": true,
  "data": {}
}

Discovery

Look up other VASPs in the TRP registry by domain, LEI, name, email, or directory ID.

Operations

Callbacks

Webhooks