Liquidity Docs

Simplici Broker API

Go compliance backend — KYC, onboarding, funds, eSign, RBAC

The Simplici Broker (simplici-io/broker) is a Go backend service providing compliance and onboarding APIs for the admin dashboard. It extends the base broker-dealer framework from liquidityio/broker with a full compliance layer.

Architecture

Admin Dashboard (Next.js 16)
  → /compliance/* API calls
    → Broker (Go, :8090)
      → pkg/compliance/ (KYC, onboarding, funds, eSign, RBAC)
      → pkg/provider/  (Alpaca, IBKR, BitGo, etc.)
      → pkg/admin/     (JWT auth, bcrypt passwords)

Single Go binary (brokerd). No microservices — one process handles everything.

Authentication

All /compliance/* endpoints (except /auth/login and /auth/verify) require a valid admin JWT.

Login

curl -X POST https://broker.next.liquidity.io/compliance/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"username":"admin","password":"<password>"}'

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_at": "2026-03-28T00:00:00Z"
}

Using the Token

Include Authorization: Bearer <token> on all subsequent requests.

Roles

RoleReadWriteDelete
super_adminAllAllAll
adminAllAllNo
reviewerAllNoNo

Rate Limiting

Login endpoint: 5 attempts per minute per IP. Returns 429 Too Many Requests after 5 failures.

Endpoints

Dashboard

MethodPathDescription
GET/compliance/dashboardAggregate stats (sessions, KYC, funds, transactions)
GET/compliance/healthzHealth check (no auth required)

KYC / Identity Verification

MethodPathDescription
POST/compliance/kyc/verifySubmit identity verification
GET/compliance/kyc/:idGet verification status

Onboarding Pipelines

MethodPathDescription
GET/compliance/pipelinesList all pipelines
POST/compliance/pipelinesCreate pipeline (write)
GET/compliance/pipelines/:idGet pipeline by ID
PATCH/compliance/pipelines/:idUpdate pipeline (write)
DELETE/compliance/pipelines/:idDelete pipeline (delete)

Sessions

MethodPathDescription
GET/compliance/sessionsList all sessions
POST/compliance/sessionsCreate session (write)
GET/compliance/sessions/:idGet session by ID
PATCH/compliance/sessions/:idUpdate session (write)
GET/compliance/sessions/:id/stepsGet session steps

Funds

MethodPathDescription
GET/compliance/fundsList all funds
POST/compliance/fundsCreate fund (write)
GET/compliance/funds/:idGet fund by ID
PATCH/compliance/funds/:idUpdate fund (write)
DELETE/compliance/funds/:idDelete fund (delete)
GET/compliance/funds/:id/investorsList fund investors

eSign

MethodPathDescription
GET/compliance/esign/envelopesList envelopes
POST/compliance/esign/envelopesCreate envelope (write)
GET/compliance/esign/envelopes/:idGet envelope by ID
POST/compliance/esign/envelopes/:id/signSign envelope (write)
GET/compliance/esign/templatesList templates
POST/compliance/esign/templatesCreate template (write)
GET/compliance/envelopes/inboxInbox (received)
GET/compliance/envelopes/sentSent envelopes
GET/compliance/esign-dashboardeSign aggregate stats

Users & Roles

MethodPathDescription
GET/compliance/usersList users
POST/compliance/usersCreate user (write)
GET/compliance/rolesList roles
POST/compliance/rolesCreate role (write)
GET/compliance/roles/:idGet role by ID
PATCH/compliance/roles/:idUpdate role (write)
DELETE/compliance/roles/:idDelete role (delete)
GET/compliance/modulesList permission modules

Transactions & Reports

MethodPathDescription
GET/compliance/transactionsList transactions
GET/compliance/reportsList available reports

Settings & Billing

MethodPathDescription
GET/compliance/settingsGet platform settings
PUT/compliance/settingsUpdate settings (write)
GET/compliance/credentialsList API keys
POST/compliance/credentialsCreate API key (write)
DELETE/compliance/credentials/:idRevoke API key (delete)
GET/compliance/billingGet billing info

Security

FeatureImplementation
Passwordsbcrypt cost 12 (never plaintext)
JWTHMAC-SHA256, 7-day expiry
CORSExplicit origin allowlist (localhost:3100, *.liquidity.io)
Body size1MB max via MaxBytesReader
Rate limit5 login attempts/min/IP
SecretsKMS-managed in production (ADMIN_SECRET via Vault)
Error messagesGeneric (no internal details leaked)
RBACModule × Action permission matrix

Local Development

cd broker

# Run with dev defaults (admin/admin)
ADMIN_SECRET=dev-secret BROKER_ENV=development go run ./cmd/brokerd/

# With PostgreSQL
DATABASE_URL=postgres://user:pass@localhost:5432/broker \
  ADMIN_SECRET=dev-secret \
  go run ./cmd/brokerd/

Provider Interface

The broker supports 15+ trading providers via optional Go interfaces:

ProviderAssetsCapabilities
AlpacaEquities, cryptoFull (orders, positions, accounts, market data, events)
IBKREquities, options, futures, forexFull (orders, positions, market data)
BitGoCrypto custodyWallets, transfers, custody
CoinbaseCryptoTrading, wallets
KrakenCryptoTrading, market data
And 10 more...VariousSee pkg/provider/

Providers register at startup based on environment variables. The compliance layer works independently of trading providers.

Simplici Admin Dashboard

White-label admin dashboard for compliance, onboarding, and fund management

Equity Table

Cap table management, stakeholder tracking, and corporate actions

On this page

ArchitectureAuthenticationLoginUsing the TokenRolesRate LimitingEndpointsDashboardKYC / Identity VerificationOnboarding PipelinesSessionsFundseSignUsers & RolesTransactions & ReportsSettings & BillingSecurityLocal DevelopmentProvider Interface