The Challenge
Handling Know Your Customer (KYC) notifications from a 3rd party trading exchange presented a unique challenge. The exchange’s KYC process operates asynchronously—after submitting customer verification data, a webhook notification is sent hours or even days later. These notifications needed to be:
- Reliably received
- Properly validated
- Securely stored for processing
While Pub/Sub was the ideal choice for managing messages, there was a problem: the exchange’s shared key signature authentication wasn’t compatible with Pub/Sub’s built-in security. This created a gap that needed a secure and scalable solution.
The Solution
To bridge this authentication gap, we deployed a Cloud Run Function as an intermediary. Here’s how it works:
- The function receives incoming KYC notifications.
- It validates the shared key signature stored in Secret Manager.
- Only verified messages are published to a Pub/Sub topic.
- Downstream applications subscribe to this topic for asynchronous processing.
To ensure security, the Cloud Run Function was added to a VPC-SC perimeter on a private network and access to it was only allowed using VPC-SC ingress controls and a VPC Connector. All services, like Pub/Sub and Secret Manager were also tightly controlled with IAM policies that only allowed specific actions by the Function’s service account.
The Result
The final solution delivers a secure, reliable, and scalable pipeline for handling KYC notifications.
- Authentication & Access Control – The Cloud Run Function ensures only valid requests are processed, preventing unauthorised access.
- Reliable Message Delivery – Pub/Sub guarantees that notifications are received and processed efficiently.
- Scalability & Resilience – The solution is designed to handle increasing volumes of KYC messages while supporting failover and recovery.
- Enhanced Security – IAM policies enforce fine-grained access control, and conditional access further strengthens data security.
By leveraging Google Cloud’s robust security and event-driven architecture, we have built a foundation that not only simplifies KYC processing today but also scales for future compliance needs.
Ready to Build a Secure KYC Solution?
If you're looking to streamline and secure your KYC process with a scalable cloud-based architecture, our team can help. Get in touch today to discuss how we can design a solution tailored to your business needs.