Contact

Blog

Case studies, strategies, and ideas shaping modern technology.

Case Studies

3rd Party Trading Exchange KYC Notification Process

3rd Party Trading Exchange KYC Notification Process

 

The Challenge

Handling Know Your Customer (KYC) notifications from a 3rd party trading exchange presented a unique challenge. The exchange’s KYC process operates asynchronously—after submitting customer verification data, a webhook notification is sent hours or even days later. These notifications needed to be:

  • Reliably received
  • Properly validated
  • Securely stored for processing

While Pub/Sub was the ideal choice for managing messages, there was a problem: the exchange’s shared key signature authentication wasn’t compatible with Pub/Sub’s built-in security. This created a gap that needed a secure and scalable solution.

 

The Solution

To bridge this authentication gap, we deployed a Cloud Run Function as an intermediary. Here’s how it works:

  • The function receives incoming KYC notifications.
  • It validates the shared key signature stored in Secret Manager.
  • Only verified messages are published to a Pub/Sub topic.
  • Downstream applications subscribe to this topic for asynchronous processing.

To ensure security, the Cloud Run Function was added to a VPC-SC perimeter on a private network and access to it was only allowed using VPC-SC ingress controls and a VPC Connector. All services, like Pub/Sub and Secret Manager were also tightly controlled with IAM policies that only allowed specific actions by the Function’s service account.

cloudd.png

 

The Result

The final solution delivers a secure, reliable, and scalable pipeline for handling KYC notifications.

  • Authentication & Access Control – The Cloud Run Function ensures only valid requests are processed, preventing unauthorised access.
  • Reliable Message Delivery – Pub/Sub guarantees that notifications are received and processed efficiently.
  • Scalability & Resilience – The solution is designed to handle increasing volumes of KYC messages while supporting failover and recovery.
  • Enhanced Security – IAM policies enforce fine-grained access control, and conditional access further strengthens data security.

By leveraging Google Cloud’s robust security and event-driven architecture, we have built a foundation that not only simplifies KYC processing today but also scales for future compliance needs.

Ready to Build a Secure KYC Solution?

If you're looking to streamline and secure your KYC process with a scalable cloud-based architecture, our team can help. Get in touch today to discuss how we can design a solution tailored to your business needs.