> ## Documentation Index
> Fetch the complete documentation index at: https://docs.etherfuse.com/llms.txt
> Use this file to discover all available pages before exploring further.

# User Launch Flows

> Every in-app flow you can launch a user into: the scope and target each one uses, and what to know about each.

Some Etherfuse flows run **inside the app**, not over the API: the user completes them in their browser, in a real authenticated session. You send a user into one with a **launch**: sign a short-lived [user JWT](/guides/jwt-authentication#sign-a-user-jwt) carrying the flow's **`scope`**, then have the user's browser hand it to `/auth/launch` with the flow's **`target`**.

The launch *mechanism* is identical for every flow and is documented once in [JWT User Authentication](/guides/jwt-authentication#launch-the-user-into-the-app). Only the `scope` and `target` change between flows; the full list is below.

## Scopes

The **`scope`** claim is required on every partner JWT and names what the user may do. It is strictly enforced: the claim cannot be omitted, and any value other than a scope listed below is rejected with [`invalid_scope`](/guides/authentication-errors#invalid_scope). Ask only for the scope a user needs.

## Targets

The **`target`** is the app path the launch lands the user on. It must be one of the paths listed below, optionally with a query string (for example `?org=<org_id>`, used by Business KYB). Any other path, or an absolute URL, is rejected with [`invalid_target`](/guides/authentication-errors#invalid-target), so a launch can't be redirected off-site.

## Flows

| Flow                                                | `scope`        | `target`                      | What the user does                                                                                                                           |
| --------------------------------------------------- | -------------- | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
| [**Sign agreements**](#sign-agreements)             | `agreements`   | `/agreements`                 | Reviews and signs the three required agreements (electronic signature, terms and conditions, customer agreement).                            |
| [**Identity verification**](#identity-verification) | `verification` | `/idv?bank_account_id=<uuid>` | Per-bank verification for a non-compliant bank — a liveness face scan matched against the ID already on file. Append `&lang=es` for Spanish. |
| [**Business KYB**](#business-kyb)                   | `kyb`          | `/kyb`                        | Completes Know Your Business verification for a business.                                                                                    |

A launch's JWT needs the matching `scope`, and the `target` must be the matching path.

### Sign agreements

`scope: agreements` · `target: /agreements`

Signing the required agreements (electronic signature, terms and conditions, and customer agreement) is a **mandatory** step in customer onboarding. Etherfuse's [fully hosted KYC onboarding](/guides/onboarding) handles it for you; if you run KYC programmatically, this launch is how you complete the agreements step: send the customer into `/agreements` to review and sign them in a real session.

<Note>
  **Submit the customer's KYC identity first.** The customer agreement is generated from their identity (name, address, email), so submit it, for example via [POST /ramp/customer/\{id}/kyc](/api-reference/kyc/submit-kyc), or let them fill any missing fields on the signing page. See [Customer Onboarding (KYC)](/guides/onboarding). In **sandbox**, the customer is auto-approved once all three agreements are signed.
</Note>

### Identity verification

`scope: verification` · `target: /idv?bank_account_id=<uuid>`

This is a **per-bank** verification step — **not** part of org approval (KYC/KYB). Some bank accounts require additional compliance when they're registered; today that's Mexican (SPEI) bank accounts. The contract is simple: after you register a bank, check its `compliant` flag — if it comes back **`compliant: false`**, launch the customer here to verify **that** bank; if it's **`compliant: true`**, this step is unnecessary. Don't assume which banks need it — just react to `compliant`.

Pass the bank in the launch target: **`/idv?bank_account_id=<uuid>`** (required). The launched user must administer the org that owns the bank. The customer completes a liveness face scan, which nero matches against the ID they already submitted during KYC.

Append **`&lang=es`** to render the entire flow in Spanish (all UI text, face scan prompts, error messages, and status screens). Omit the parameter or pass `lang=en` for English. Example: `/idv?bank_account_id=<uuid>&lang=es`.

<Note>
  **The customer must have completed KYC first.** `/idv` reuses the ID document already on file and captures a **live** selfie to match against it; it does not collect the ID again. If no ID is on file, the page tells the customer to finish identity verification before continuing. This gates only the bank, not the organization: a `compliant: true` bank needs nothing, and the page reports "nothing to verify" if you launch it for one.
</Note>

<Warning>
  **Camera access.** The face scan needs the camera. If you embed the launch in an **iframe**, the iframe element must delegate camera access with a wildcard origin: `allow="camera *; microphone *"`. The bare form (`allow="camera"`) only grants the camera to the iframe's own `src` origin, but the scan SDK uses it from a nested frame, so without the `*` the browser blocks the camera and the scan never starts. A top-level tab or popup needs nothing extra.
</Warning>

### Business KYB

`scope: kyb` · `target: /kyb`

Use to send a user into Know Your Business verification. Append `?org=<org_id>` to the target to choose which organization to verify; without it, the app uses their current org or prompts them to create a business. See the [KYB guide](/guides/kyb) for the full walkthrough.
