AutoCom Docs

Reseller Onboarding & KYC

Overview

New resellers join the network through a referral-based onboarding flow with optional KYC document verification. The flow is managed by two modules:

  • ResellerAdmin (super_admin) — generates referral codes, reviews KYC, approves applications
  • ResellerNetwork (reseller) — generates referral codes for sub-resellers via upline communication

Registration Flow

1. Generate Referral Code

Super Admin: Reseller Admin → Referral Codes → Generate Code

Reseller: My Network → Referrals → Generate Code (via ModuleBus upline request to super_admin)

Each code has:

  • target_parent_tenant_id — where the new reseller will be placed
  • target_role_slug — role to assign (retailer/distributor)
  • max_uses — usage limit (null = unlimited)
  • expires_at — expiration date
  • settings — default margin, custom module list

2. Applicant Registration (/join/{code})

Step 1: Basic Details

  • Name, email, phone, business name, password
  • POST /api/v1/reseller-register/apply

Step 2: KYC Documents (when kyc.required = true)

  • Government ID (Aadhaar, Voter ID, Driving License, Passport)
  • Selfie photo
  • POST /api/v1/reseller-register/{applicationId}/documents
  • Files stored in storage/kyc-documents/{applicationId}/

Step 3: Bank Details

  • Account holder, account number (encrypted), IFSC, bank name
  • POST /api/v1/reseller-register/{applicationId}/bank-details

Step 4: Confirmation

  • Polls GET /api/v1/reseller-register/{applicationId}/status
  • Shows per-document verification status

3. Admin Review

Admin opens Reseller Admin → Onboarding Queue → application detail:

  • View uploaded documents (inline preview/download)
  • Verify or reject each document individually
  • Verify bank details
  • Mark overall KYC as verified
  • Approve (provisions tenant) or Force Approve (auto-verifies + provisions)

4. Tenant Provisioning

On approval, ResellerOnboardingService::approveApplication():

  1. Creates tenant with random 8-char slug ID + human-readable domain alias
  2. Creates domain records (both random + business-name slug)
  3. Creates user account with email verification bypassed
  4. Links user to tenant as owner
  5. DatabaseMigrated event triggers auto-install of modules
  6. Mandatory products synced from parent catalog

Configuration

// config/reseller-admin.php
'kyc' => [
    'required' => env('RESELLER_KYC_REQUIRED', true),
    'required_documents' => ['government_id', 'selfie'],
    'optional_documents' => ['address_proof', 'bank_proof'],
    'max_file_size_mb' => 5,
    'allowed_mime_types' => ['image/jpeg', 'image/png', 'application/pdf'],
    'storage_disk' => 'local',
    'storage_path' => 'kyc-documents',
],

'onboarding' => [
    'auto_approve' => env('RESELLER_AUTO_APPROVE', true), // ignored when KYC required
    'auto_install_modules' => [
        'core', 'core-dashboard', 'orders', 'products', 'customers',
        'reseller-catalog', 'reseller-orders', 'reseller-finance', 'reseller-network',
    ],
],

Security

  • KYC blocks provisioning — tenant is NOT created until admin approves
  • Duplicate email applications are detected and return existing application ID
  • Account numbers are encrypted via Laravel's Crypt::encryptString()
  • Application ID serves as bearer token for public upload endpoints
  • force_verify_kyc: true allows admins to skip individual document review