Accounts

Overview

Clients facilitate digital asset access for their customers by enabling them to open accounts with Bakkt. Bakkt collects customer information to validate and support these accounts via API endpoints to submit and retrieve information, upload documents, make account updates, and more.

To open a customer account, clients populate the necessary objects and fields, then submit them as a payload to Bakkt's Create Account endpoint. Bakkt verifies the information asynchronously and delivers status updates through the client's configured webhook URL. Once opened, an account can be funded and used for digital asset transactions.

Bakkt supports two account types:

• Individual accounts — a single natural person is the account owner.
• Entity accounts — businesses, trusts, and custodial accounts. Entity accounts require KYB (Know Your Business) screening.

KYC Compliance

Bakkt adheres to federal regulations by implementing Know Your Customer (KYC) protocols for every customer. Bakkt's KYC process involves collecting information for Customer Identification (CID), Customer Due Diligence (CDD), and the Customer Identification Program (CIP), partnering with a vendor to verify customer details and perform sanction screenings.

Bakkt acknowledges that clients have diverse KYC processes and will request a meeting between compliance teams to mutually understand each other's protocols. Bakkt requests all previously collected KYC information, including uploaded documents — this facilitates verification of the customer's name, birth date, address, and tax ID. In compliance with regulatory requirements, Bakkt conducts its own KYC checks through its KYC vendor.

Customers flagged during KYC/OFAC screening may need to undergo a document verification process, which involves submitting an identifying document (such as a passport or driver's license) and completing a facial scan. Completing verification does not guarantee approval; this process is activated only by specific compliance criteria and is not required for all users.

Info: Bakkt facilitates the document verification process through a mobile web app, providing clients with a direct link from the verification vendor via a webhook event. The URL has a built-in time-to-live; if it expires, clients retrieve a new URL via the Retrieve KYC Document Verification Details API. Bakkt allows up to 3 expirations per account. Each URL is active for 72 hours.

Clients can pass the verification URL through their own application, or opt for direct SMS or email delivery to the customer. Regardless of delivery method, clients receive a webhook event when document verification begins.

Opening an Individual Account

Required Fields

To support transitioning clients, some higher-level objects are not labelled as 'required' even though their sub-fields are required and must be completed. This accommodates migration of customers with incomplete data: migrating accounts get a grace period to backfill data, while new accounts must supply all required sub-fields immediately.

For example, the Investment Profile object is not marked required, but it contains required sub-object fields.

Deprecated and Future Fields

Deprecated fields exist for backward compatibility with legacy clients but are no longer in use. New clients do not have to populate these fields. Future fields are reserved for upcoming changes. For example, in the 200 response of the Create Account endpoint, cipClearanceState is deprecated and mode is reserved for future use.

Workflow

1. Account Identification

• Account Type — individual or entity. For individual accounts, the PRIMARY_OWNER role must be selected in the Owners object.
• Client Account ID — a unique identifier for the customer's account within the client's system. Bakkt has its own internal account number, but all API calls and reports use the Client Account ID.

2. Collect Financial Information

The Investment Profile object evaluates a customer's trading suitability by collecting financial details to monitor trading patterns and detect illicit activities. This section is mandatory for all new accounts. It branches into two sub-objects:

• Account Goals — characterises the account and supports AML surveillance. Investment Objective is the only strictly required field, but additional fields help profile the customer.
• Customer Profile — collects financial background (e.g., annual income range, which is the only required field) to verify investments are matched to the customer's fiscal standing.

3. Collect Personal Information

The Owner object gathers information for each account owner. For individual accounts, the first (and typically only) owner is the PRIMARY_OWNER. When creating accounts with more than one owner, each must be assigned a unique clientOwnerId so Bakkt and the client can track ownership and acknowledgement of terms of service.

Owner contains several sub-objects:

• Identity — captures KYC data: full name, date of birth, tax ID type and number, email address. For U.S. customers, taxId and taxIdType are required (SSN, ITIN, or EIN); taxIdCountry defaults to USA. For international customers with national identifiers, provide the ID in taxId and set taxIdType to NATIONALID with the issuing country in taxIdCountry as a 3-letter ISO code (e.g., GBR). If a country does not support a national ID, the fields may be omitted — except for U.S. customers, where they are always required.
• Personal Address — residential address. Helps determine regional risk profile and trading permissions.
• Employment — employer name, position, and employer address (employer address is required for all new accounts).
• Phone Number — required despite not being labelled as such. Used during KYC screening.
• Mailing Address — alternate contact method for customers with a different mailing address than residential.
• Agreements — records the customer's electronic signature consenting to the digital asset user agreement. Required fields are the agreement name and version; eSignedDate and agreement body text are optional.

Note: The Verification Results and Disclosures objects, as well as the citizenship field in Identity, are in the process of being deprecated.

4. Create the Account

Submit the compiled payload to the Create Account endpoint:

curl --request POST \
  --url https://api.bakkt.com/apex-crypto/api/v2/accounts \
  --header 'Authorization: API-Key <YOUR_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{ "clientAccountId": "...", "accountType": "INDIVIDUAL", "investmentProfile": { ... }, "owners": [ ... ] }'

Clients immediately receive a confirmation payload. Bakkt reviews submissions asynchronously — even with a 200 response, clients must check their webhook URL for the final account status. A 422 means the call failed.

Opening an Entity Account

Opening a U.S. business account with Bakkt follows a process different from opening an individual account. Entities require a more comprehensive KYB (Know Your Business) process because the entity itself and its owners must be reviewed against Bakkt's compliance standards.

The Create Account endpoint is used for both individual and entity accounts. For entities, clients include the entity object in the account request with all required fields.

Warning: Bakkt's automated entity onboarding does not support entities owned by other entities. In that case, contact a Bakkt representative for the manual KYB process.

Entity Object Fields

Roles

When enrolling an entity, the first owner must be designated PRIMARY_OWNER, with all subsequent owners listed as BENEFICIAL_OWNER. All owners on an entity account must be individuals — owners cannot themselves be entities in the automated flow.

Available roles:

• AUTHORIZED_AGENT — granted authority to act on behalf of the entity or account holder.
• AUTHORIZED_MEMBER — designated member with specific permissions within an entity or organization.
• AUTHORIZED_OWNER — owner given explicit authority to make decisions and manage the account.
• BENEFICIAL_OWNER — a person who enjoys the benefits of ownership even though title is in another name.
• BENEFICIARY — an individual designated to receive benefits or assets.
• CUSTODIAN — a person or institution that manages and safeguards assets on behalf of another.
• EDUCATION_BENEFICIARY — receives educational benefits from an education savings account.
• EDUCATION_MANAGER — manages an education savings account.
• EXECUTOR — carries out the terms of a will.
• GUARDIAN_CONSERVATOR — manages the affairs of a minor or incapacitated person.
• INITIAL_DEPOSITOR — the individual who makes the first deposit into an account.
• INTERNAL_POWER_OF_ATTY — a person within an organization granted power of attorney.
• JOINT_OWNER — shares ownership of an account or asset with one or more persons.
• MINOR_OWNER — an owner who is legally underage; requires a guardian or custodian.
• POWER_OF_ATTY — given legal authority to act on behalf of another.
• PRIMARY_OWNER — main individual responsible for the account.
• SOLE_PROPRIETOR — owns and operates a business alone.
• TRADING_AUTHORITY — authorised to make trades and manage investments.
• TREASURER — oversees financial operations and management of an entity.
• TRUSTEE — holds and manages assets under a trust agreement.
• TRUSTED_CONTACT — contacted in case of concerns about the account holder.

KYB Screening

Bakkt partners with a preferred vendor to perform Know Your Business (KYB) checks to comply with the Bank Secrecy Act, AML regulations, and U.S. Treasury OFAC requirements.

Info: It is the client's responsibility to notify Bakkt of any changes to the beneficial ownership of the legal entity.

The KYB process has three steps:

1. Entity Account Registration — via the Create Account endpoint.
2. Upload Entity and Owner Documentation — see Uploading Documents.
3. Trigger the KYB Screen.

Required Documentation

Clients must upload all documentation for the business account and its respective owners:

• Certificate of Incorporation / Formation — proof that the business is legally registered. Typically includes company name, date of incorporation, business structure, and initial directors.
• Bylaws, Articles of Association, or Operating Agreements — foundational documents outlining internal rules:
  • Bylaws apply mainly to corporations (board roles, voting rights, meeting guidelines).
  • Articles of Association are often required in certain countries for incorporated entities.
  • Operating Agreements are used by LLCs to define ownership, management structure, and member responsibilities.
• Shareholder Registry — lists all shareholders and the number/class of shares held.
• Organization Structure Chart showing beneficial ownership.
• Beneficial Owner Documentation:
  • Copy of unexpired passport or driver's licence for all individuals with more than 25% interest.
  • Copy of unexpired passport or driver's licence for one individual with significant responsibility for managing the legal entity.
  • Certificate of Beneficial Owners form.

Triggering a KYB Screen

Once all documentation has been uploaded, the client signals readiness by calling:

curl --request POST \
  --url https://api.bakkt.com/apex-crypto/api/v2/accounts/triggerKYBScreening/{clientAccountId} \
  --header 'Authorization: API-Key <YOUR_API_KEY>'

Manual KYB

If a client is not eligible for programmatic KYB (for example, one of the owners is itself an entity), Bakkt requires a manual review. Clients should contact Bakkt Compliance or SRE via Slack and will receive a Customer Information Form collecting:

• Legal entity type (Corporate, Partnership, LLC, Limited Partnership, Trust).
• Business details — legal name, operating address, phone, email, tax ID, formation date, products/services, purpose of digital assets, anticipated transaction volume (monthly), regulatory registration details (if applicable), net worth, initial and ongoing source of funds, countries of operation.
• Authorized persons — Corporate Officers (for corporations), General Partners / Managing Members (for partnerships), Trustees (for trusts).
• Certified beneficial ownership — natural persons acting on behalf of the entity, individuals owning 25% or more equity, and individuals with significant management responsibility.
• Certification and signatures from authorised signors.

After Bakkt's compliance team has reviewed the verification results, Bakkt notifies the client of the decision. If approved, the account is enrolled; if rejected, Bakkt provides reasons and possible next steps.

Uploading Documents

The Digital Asset Documents API allows clients to upload and download documents associated with investors and entities for the account opening process.

Bakkt requires document uploads for clients that have previously collected documents, for non-U.S. accounts, or as needed per the KYC/KYB process. Clients can upload multiple documents per account and re-upload to update expired documents; old documents are retained for regulatory audits.

Supported Document Types

Upload Process

Post a request to the Upload Document and Metadata endpoint with the file in MIME type format, plus the JSON metadata payload.

curl --request POST \
  --url https://api.bakkt.com/apex-crypto/api/v2/documents \
  --header 'Authorization: API-Key <YOUR_API_KEY>' \
  --form '[email protected]' \
  --form 'request={
    "clientDocumentId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "account": "ABC123",
    "documentType": "PASSPORT",
    "documentSide": "FRONT",
    "clientOwnerId": "3fa87f64-5717-4562-b3fc-2c963f66afa6",
    "description": "customer passport",
    "documentExpiration": "2026-10-04T16:34:29.446Z",
    "issueCountry": "USA"
  };type=application/json'

Bakkt runs metadata validations and returns 200 on success or 404 on failure.

Key points:

• documentType is required and must be one of the supported values.
• issueCountry is a 3-letter ISO country code.
• For double-sided documents (e.g., driver's licence), upload each side separately with documentSide set to FRONT or BACK.
• Select the correct document type — this is critical for KYC auditability.

Uploading Documents for Entities

As a prerequisite for KYB screening:

• Documents about the business entity itself (e.g., ENTITY_DUE_DILIGENCE, CERTIFICATE_OF_INCORPORATION, CERTIFICATE_OF_BENEFICIAL_OWNERS) — upload without a clientOwnerId. Set documentSide to FRONT and provide issueCountry as a 3-letter ISO code.
• Documents specific to owners — include clientOwnerId matching the value supplied at account creation.

After all required documents are uploaded, call the KYB trigger endpoint described above.

Downloading Documents

curl --request GET \
  --url https://api.bakkt.com/apex-crypto/api/v2/documents/{clientDocumentId} \
  --header 'Authorization: API-Key <YOUR_API_KEY>'

Retrieve Document Metadata

curl --request GET \
  --url https://api.bakkt.com/apex-crypto/api/v2/documents/{clientDocumentId}/metadata \
  --header 'Authorization: API-Key <YOUR_API_KEY>'

Expected Response (200 OK):

{
  "createdAt": "2026-01-29T02:55:02.847Z",
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "request": {
    "clientDocumentId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "account": "ABC123",
    "documentType": "PASSPORT",
    "documentSide": "FRONT",
    "clientOwnerId": "3fa87f64-5717-4562-b3fc-2c963f66afa6",
    "description": "customer passport",
    "documentExpiration": "2026-10-04T16:34:29.446Z",
    "issueCountry": "USA"
  }
}

Updating Accounts

Customer accounts are updated via the same Create Account endpoint. Fields involving KYC are restricted and require a manual change through Bakkt's Operations/Compliance team.

When updating, provide the complete account dataset with the modified fields. Any changes to user agreements must be mutually acknowledged before executing an update.

Restricted from automated updates:

• Birth Date
• Country of Citizenship
• Tax ID
• Account Type
• Enrollments
• Bakkt Account ID
• Client Account ID

Allowed via automated update (Create Account POST endpoint):

• Phone numbers, addresses, and names

Retrieving Account Information

• Retrieve Account Status by Account ID — reports the account's trading status. If canTradeCrypto is false, trades and transfers are disabled. Even when true, clients must monitor webhook events for restrictions not visible in this response. Do not use cipClearanceState to determine KYC standing.
• Retrieve Account Payload by Account ID — returns complete account data and creation status.
• Retrieve KYC Document Verification Details — provide partnerId and partnerPartyRef (account ID):

  GET /partner/v1/partner/{partnerId}/party/{partnerPartyRef}/kyc/documentVerificationDetails

• Download Document / Retrieve Document Metadata — documented above.

Listening for Account Status Updates

Account status updates — creation, suspension, documentation requests — are delivered via webhooks. See the Webhooks guide for setup and event payloads.