Identity
/
Build manifest

Travel Rule Protocol (TRP) API (3.2.1)

Public TRP API for VASP-to-VASP Travel Rule data exchange.

Working with the documentation

This section describes the public endpoints of the Travel Rule Protocol (TRP) Registry API. These endpoints allow third-party systems and Virtual Asset Service Providers (VASPs) to discover, identify and register participants in the TRP network.

The API follows REST conventions and returns responses in JSON format. All requests should be made over HTTPS.

Introduction: How the TRP Public API Works

The TRP API enables VASPs to:

  • Authenticate using API keys
  • Generate unique Travel Addresses for beneficiaries
  • Initiate Travel Rule transfers
  • Exchange originator and beneficiary data securely
  • Receive callback notifications from TRP during the verification process

TRP follows global compliance standards (FATF, IVMS101) and ensures secure, encrypted communication between VASPs.

Every integration follows one simple flow:

  1. Request JWT token → authenticate your VASP
  2. Generate Travel Address → unique identifier for the beneficiary VASP
  3. Initiate Transfer → send IVMS101-compliant data
  4. Receive callback → TRP sends status updates to your backend

Authentication Overview

Before calling any protected endpoint, your system must generate a JWT access token using your API Key. This ensures:

  • Secure API access
  • Verified VASP identity
  • Ability to track API usage
  • Authorization for initiating Travel Rule transfers

The access token is short-lived (TTL ≈ 1 hour) for security reasons. Pass it as Authorization: Bearer <jwt> on every protected endpoint.

Conventions

  • All bodies are application/json unless explicitly stated.
  • Successful responses are wrapped in { "status": true, "data": ... }.
  • Errors are wrapped in { "status": false, "errors": [{ "code", "message" }] }.
  • Timestamps use ISO-8601 in UTC.
  • Country codes follow ISO-3166-1 alpha-2.
Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL

https://docs.travel-rule.com

KYCAID TRP Team

support@travel-rule.com

License

Proprietary

Languages
Servers
Production public API host

https://trp.travel-rule.com/

http://localhost:3000/

Identity

Public identity endpoints. These return non-sensitive VASP metadata (legal name, LEI, x509 public key) and server health. They do not require authentication.

Operations

Public VASP identity

Request

Returns public identity attributes of the VASP that owns the requested hostname. Used by counterparties to verify our legal name, LEI and signing key.

curl -i -X GET \
  https://trp.travel-rule.com/identity

Responses

VASP identity payload.

Bodyapplication/json
namestring
leistring
x509string

PEM-encoded x509 public key.

Response
application/json
{
  "name": "KYCAID TRP",
  "lei": "529900T8BM49AURSDO55",
  "x509": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqh…\n-----END PUBLIC KEY-----\n"
}

Health check

Request

Liveness probe. Returns the running build version and the server timestamp.

curl -i -X GET \
  https://trp.travel-rule.com/health

Responses

Service is up.

Bodyapplication/json
statusboolean
Value true
dataobject
Response
application/json
{
  "status": true,
  "data": {
    "version": "26.4.0",
    "timestamp": "2026-05-11T08:00:00.000Z"
  }
}

Build manifest

Request

Returns the contents of version.json if present (CI build manifest); otherwise an empty object.

curl -i -X GET \
  https://trp.travel-rule.com/version.json

Responses

Build manifest.

Bodyapplication/json
property name*anyadditional property
Response
application/json
{}

Auth

Authentication endpoints. Use your API Key (issued in the TRP dashboard) to obtain a short-lived JWT that authorises every protected call.

Operations

Address

Travel Address endpoints. A Travel Address is an opaque, URL-safe encoding of a beneficiary VASP route. It is generated by the beneficiary VASP and shared with the originator VASP so that IVMS101 data can be routed back.

Operations

Transfer

High-level Travel Rule transfer operations from the originator VASP perspective. Transfers can flow two ways depending on what was provided at initiation:

  • OPEN_VASP — beneficiary VASP is reachable via Travel Address.
  • EMAIL — beneficiary VASP is unknown; we send an email so the recipient can self-attest.
Operations

Compliance

Inter-VASP compliance endpoints called when TRP routes data between participating VASPs. They are typically invoked by other VASPs / TRP itself, not by your front-end.

Operations

Discovery

Look up other VASPs in the TRP registry by domain, LEI, name, email, or directory ID.

Operations

Callbacks

Webhooks