GET
/
v1
/
applications
Get the current application
curl --request GET \
  --url https://api.next.orenda.finance/v1/applications \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://api.next.orenda.finance/v1/applications"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.next.orenda.finance/v1/applications', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.next.orenda.finance/v1/applications",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://api.next.orenda.finance/v1/applications"

req, _ := http.NewRequest("GET", url, nil)

req.Header.Add("Authorization", "Bearer <token>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://api.next.orenda.finance/v1/applications")
.header("Authorization", "Bearer <token>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.next.orenda.finance/v1/applications")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{
  "success": true,
  "data": {
    "application": {
      "applicationId": "app_5e8d2f1a",
      "customerId": "cust_3f9a2b7e",
      "isCompany": false,
      "workflowStage": "KYC_COLLECTED",
      "onboardingV3": true,
      "status": {
        "currentStep": "KYC_SUMSUB",
        "nextStep": "RISK",
        "requiredActions": [
          "complete-sumsub-kyc"
        ]
      },
      "primaryApplicant": {
        "firstName": "Ada",
        "lastName": "Lovelace",
        "email": "ada.lovelace@example.com"
      },
      "createdDateTime": "2026-06-18T10:32:00Z",
      "updatedAt": "2026-06-18T10:44:12Z"
    },
    "status": {
      "currentStep": "KYC_SUMSUB",
      "nextStep": "RISK",
      "requiredActions": [
        "complete-sumsub-kyc"
      ]
    }
  }
}
{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}
{
"success": false,
"code": "RESOURCE_NOT_FOUND",
"message": "Application not found"
}
{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}
Poll this endpoint (the reference app polls about once a second) and render the screen for status.currentStep. The application advances on its own as each step completes, so the value changes between polls. The overview lists what each step means and what to render, including risk compliance steps (RISK_COMPLIANCE_REVIEW, RISK_COMPLIANCE_REVIEW_RFI, RISK_COMPLIANCE_REJECTED). When currentStep is null, onboarding is done.

Authorizations

Authorization
string
header
required

The user's access_token from authentication. The program and environment (sandbox/prod) are read from the token.

Response

The current application and its status

success
boolean
Example:

true

data
object