The Saber Enhanced Due Diligence (EDD) Web Widget enables merchants to seamlessly guide their users through the required enhanced due diligence verification process. After user registration and initial KYC, merchants can redirect users to the EDD Widget to complete additional verification steps required for higher transaction limits and advanced features.

EDD requirements vary by geography and the services utilised by the merchant. Saber Money configures these requirements for each merchant to ensure compliance and user experience fit.

Launching the EDD Web Widget

To open the EDD Widget:

1. Redirect User: After user completes initial KYC, redirect them to the Saber Money EDD Widget when enhanced verification is required
2. Pass Required Parameters: Ensure to pass the unique user ID and authentication parameters during URL generation
3. Configurations: Saber Team will set up EDD configurations for each merchant, including specific verification requirements based on the services utilised and the user's region

Note: The EDD Widget uses HMAC-based authentication for secure server-side implementations.

Authentication Method

The EDD Widget uses HMAC-based authentication:

• Secure, as your secret never leaves your server
• Requires signature generation on your backend
• Suitable for all web application implementations

Integration Steps

Prerequisite

Create the User: Ensure the user is initialised in the Saber system with proper phone, email, and has completed basic KYC verification.

Step 1: Generate the HMAC Signature

For each session, a unique signature needs to be generated every time:

// Variables (these should be securely stored on your server)
var clientId = 'YOUR_CLIENT_ID'; // Replace with your actual client ID  
var clientSecret = 'YOUR_CLIENT_SECRET'; // Replace with your actual client secret
var user_id = 'USER_ID'; // Replace with the user's ID from Saber system

// Step 1: Generate timestamp
var timestamp = Math.floor(Date.now() / 1000).toString();

// Step 2: Create the signature string
var sigString = clientId + timestamp + "sdk" + user_id;

// Step 3: Generate the HMAC-SHA256 signature
var signature = CryptoJS.HmacSHA256(sigString, clientSecret).toString().toUpperCase();

// The 'signature' can now be used to authenticate the EDD Widget request

Step 2: Generate Redirect URL

Once the signature is created for the user, the following query parameters are required:

Base URLs:

Example URLs:

With redirect URL (user will be redirected after completion):

https://edd.sandbox.saber.money?client_id=d951b040-ecb0-432b-ae3c-2ae7d2d19987&user_id=d951b040-ecb0-432b-ae3c-2ae7d1998&timestamp=1687276964&signature=CE1B5BD087BA408C2AFF01B00595007858DF496D3468CE3307CB1A7966DDC265&redirect_url=https://yourapp.com/success

Without a redirect URL (user will see a Saber status screen after completion):

https://edd.sandbox.saber.money?client_id=d951b040-ecb0-432b-ae3c-2ae7d2d19987&user_id=d951b040-ecb0-432b-ae3c-2ae7d1998&timestamp=1687276964&signature=CE1B5BD087BA408C2AFF01B00595007858DF496D3468CE3307CB1A7966DDC265

Step 3: Redirect User to the Widget

Once the URL is generated, redirect your user to the link. The user will see the EDD form interface.

Post-Completion Behaviour:

• With redirect_url: After successful EDD completion, the user will be automatically redirected to the specified URL after 10 seconds
• Without redirect_url: After completion, the user will remain in the widget and see the EDD status screen showing their verification status

Integration Options

Option 1: Direct Redirect

Redirect the user directly to the EDD Widget URL in the same browser tab.

window.location.href = eddWidgetUrl;

Option 2: Iframe Integration (Recommended)

Embed the EDD Widget as an iframe for a seamless user experience:

<iframe 
    src="https://edd.saber.money?client_id=YOUR_CLIENT_ID&user_id=USER_ID&timestamp=TIMESTAMP&signature=SIGNATURE"
    width="100%" 
    height="800px" 
    frameborder="0"
    style="border-radius: 8px;">
</iframe>

Note: For iframe integration, it's recommended to omit redirect_url so users see the status screen within the iframe rather than being redirected away from your application.

Option 3: WebView Integration (Mobile Apps)

For React Native or native mobile apps, use a WebView component:

import { WebView } from 'react-native-webview';

<WebView 
    source={{ uri: eddWidgetUrl }}
    style={{ flex: 1 }}
    onMessage={handleMessage}
/>

EDD Status Flow

The EDD Widget supports the following status states:

Security Considerations

URL Expiration

⚠️ Important: The URL validity is 10 minutes from the creation of the signature. Generate URLs just before redirecting users.

CORS and Origin Validation

The widget validates the origin of requests. Ensure your domain is whitelisted with Saber Money for iframe integration.

HTTPS Required

All integrations must use HTTPS in production environments.

Error Handling

Common Error Scenarios

1. Invalid Signature: Check timestamp and signature generation
2. Expired URL: Generate a fresh signature
3. User Not Found: Ensure user exists in Saber system
4. Insufficient Permissions: Verify user has completed basic KYC

Event Timing

• close: Fired when user clicks the close button or navigates away from the widget
• completed: Fired when user successfully submits all required EDD information
• error: Fired when validation fails, API errors occur, or other issues prevent EDD completion
• token_expired: Fired when the HMAC signature expires (10-minute validity window)

Event Handling Best Practices

1. Always Verify Origin: Check that events come from the correct Saber Money domain
2. Handle All Events: Implement handlers for all four event types to provide smooth user experience
3. Token Expiration: For token_expired, automatically generate a new signature and reload the widget
4. Error Recovery: For error events, provide clear messaging and retry options when appropriate
5. User Feedback: Show appropriate loading states, success messages, and error notifications
6. Graceful Closure: Handle close events by returning users to a logical point in your application flow