Vertically integrated RWA tokenization platform — SEC-registered transfer agent, broker-dealer, and ATS. Handles issuance, KYC/AML, cap-table, corporate actions, and secondary trading for tokenized securities (e.g. BlackRock BUIDL).
- 01regulated security token offerings
- 02SEC-registered transfer agency
- 03investor onboarding & KYC/AML
- 04cap table + corporate actions
- 05secondary trading via ATS
- # Securitize is a hosted platform; integrate via REST + Securitize iD OAuth
- pnpm add axios # or your HTTP client of choice
| Variable | Scope | Description |
|---|---|---|
| SECURITIZE_CLIENT_ID | Client | Securitize iD OAuth client ID for your issuer / dapp. Used in the OAuth authorise redirect. |
| SECURITIZE_CLIENT_SECRET | Server | Securitize iD OAuth client secret. Server-only — used to exchange the authorisation code for an access token. |
| SECURITIZE_ISSUER_ID | Server | Issuer identifier in your Securitize tenant; required on most Issuance / Transfer Agent API calls. |
| SECURITIZE_API_BASE | Server | API base URL — `https://api.securitize.io` for production or `https://api.sandbox.securitize.io` for sandbox. |
Integrate Securitize through three surfaces: (1) **Securitize iD** OAuth for KYC'd investor login — redirect to `${SECURITIZE_API_BASE}/oauth2/authorize?client_id=${SECURITIZE_CLIENT_ID}&scope=info%20details%20verification&response_type=code`, exchange the code at `/oauth2/token`, then `GET /oauth2/v1/users/me` to receive verification status, KYC tier, accreditation, and linked wallets. (2) **Issuance / Transfer Agent REST API** under `/v1/issuers/{issuerId}/...` for cap-table reads, investor KYC status, distributions, and transfer-restriction checks; authenticate with the issuer API key in `Authorization: Bearer`. (3) **DS Protocol smart contracts** (`DSToken` ERC-20 with onchain compliance service) — transfers route through `ComplianceService.validateTransfer(from, to, value)` which enforces investor counts, lockups, jurisdiction, and qualified-investor rules. Always check `/users/me` `verificationStatus === 'verified'` before allowing a wallet to subscribe.
- ⚑Securitize is not a self-serve SDK — you must contract with Securitize as the issuer/broker before getting production API credentials. Sandbox is gated by an onboarding call.
- ⚑DS Protocol tokens enforce holder-count caps (e.g. Reg D 506(c) 2,000-investor limit) onchain; transfers that would breach the cap revert with a compliance error code, not a generic ERC-20 failure — surface the code to users.
- ⚑Securitize iD KYC tiers differ (basic, accredited, qualified-purchaser, non-US). Your subscription flow must check the *exact* tier your offering requires, not just `verified === true`.
- ⚑Lockup periods (Reg D 6-12 months, Reg S 40 days) are encoded in the compliance service — secondary transfers attempted before unlock will fail; show the unlock date in the UI.
- ⚑Wallets must be linked to a Securitize iD before they can hold the token; an unlinked wallet receiving the token via direct mint will fail compliance and the mint reverts.
- ⚑Securitize operates as the SEC-registered transfer agent — issuers cannot unilaterally edit the cap table or force-transfer tokens; corporate actions go through Securitize's transfer-agent workflow.
- ⚑Production keys never come back from sandbox; you must request a separate set for live issuance and re-do the onboarding diligence.