No matching endpoints — try a different keyword.
KYC Right Source · Compliance API · Real-time Screening
FAST TRACK
Quick Start — from zero to first screening hit in 5 minutes
1
Confirm the service is up
Hit GET /kycrs/healthz — look for auth_required: false. While it's false you can integrate without a key.
2
Set the X-API-Key header
Send X-API-Key: <your-key> on every call — works today (open) and the moment auth is turned on.
3
Pick a dataset bundle
Standard onboarding is ["SAN","PEP","RRE","DD"]. Add POI or INS per your jurisdiction.
4
POST one search
Send name + datasets + optional addresses[{geography}] — you get a ranked matches[] with a 0–100 score.
5
Enrich on a hit
Take resourceId from any match and GET /kycrs-profile/{type}/{resourceId} for full evidence, aliases, addresses.
Copy & run — live in your terminal right now
curl -sS -X POST https://lexamlhelpapi.amlhlep.com/kycrs/search/individuals \
-H 'Content-Type: application/json' \
-H 'X-API-Key: your-key-here' \
-d '{"name":"Vladimir Putin","datasets":["SAN","PEP"],"threshold":85}'
Expected: matchCount > 0 with score = 100, datasets ["PEP-CURRENT","SAN-CURRENT"] and currentSanBodyIds including 2 (OFAC), 8 (UN), 16 (EU), 19 (HMT), 21 (SECO).
Endpoints
Reference
~250 ms
p50 latency
~800 ms
p95 latency
99.5 %
Uptime target
TLS 1.3
Wire crypto
X-API-Key
Header auth
REST · JSON
Wire format
Introduction
KYC Right Source API (Ver. 20 · June 2026) is a header-authenticated RESTful JSON API that connects your core banking, KYC onboarding, payment, or case-management system to the KYC Right Source platform — delivering real-time PEP, sanctions, RRE, POI, adverse-media and due-diligence screening through a single integration layer.
The API operates as a continuous compliance gateway: every onboarding event and every transaction submitted by your core system is screened against active sanctions registers (OFAC SDN, EU CFSP, UN, HMT, SECO, MAS, DFAT and more), PEP databases, and configurable adverse-media feeds. The engine combines a dense vector index, a sparse BM25 index, and a phonetic fallback — fused with reciprocal-rank-fusion (RRF) — so a single call covers exact, fuzzy, transliterated and phonetic matches in one round-trip.
Matches are returned synchronously with a 0–100 confidence score, the source datasets, current/former sanction body IDs, country signals and (for individuals) DOB & gender — enabling your system to auto-clear, escalate, or hold the underlying action before it commits. The API is wire-compatible with the legacy KYC6 contract: existing KYC6 clients can repoint their base URL and run unchanged.
Aligned with FATF, FINTRAC / PCMLTFA, OSFI, OFAC, EU AMLD6, FinCEN, HMT and equivalent GCC frameworks — every call is logged, attributable, and audit-ready.
The API operates as a continuous compliance gateway: every onboarding event and every transaction submitted by your core system is screened against active sanctions registers (OFAC SDN, EU CFSP, UN, HMT, SECO, MAS, DFAT and more), PEP databases, and configurable adverse-media feeds. The engine combines a dense vector index, a sparse BM25 index, and a phonetic fallback — fused with reciprocal-rank-fusion (RRF) — so a single call covers exact, fuzzy, transliterated and phonetic matches in one round-trip.
Matches are returned synchronously with a 0–100 confidence score, the source datasets, current/former sanction body IDs, country signals and (for individuals) DOB & gender — enabling your system to auto-clear, escalate, or hold the underlying action before it commits. The API is wire-compatible with the legacy KYC6 contract: existing KYC6 clients can repoint their base URL and run unchanged.
Aligned with FATF, FINTRAC / PCMLTFA, OSFI, OFAC, EU AMLD6, FinCEN, HMT and equivalent GCC frameworks — every call is logged, attributable, and audit-ready.
1Health
2Search
2Profile
6Datasets
Ver 20API
X-API-KeyHeader
RESTJSON
KYC6Compatible
Base URL — Search
https://lexamlhelpapi.amlhlep.com/kycrs/
Base URL — ProfileCheck
https://lexamlhelpapi.amlhlep.com/kycrs-profile/
Live OpenAPI / Swagger
https://lexamlhelpapi.amlhlep.com/kycrs/docs · https://lexamlhelpapi.amlhlep.com/kycrs-profile/docs
Authentication
Authentication is via the X-API-Key request header on every call:
X-API-Key: <your-key-here>
The endpoint is currently open (auth not enforced) so you can integrate end-to-end without waiting for a key. Your client code should still send the header — it works seamlessly the moment auth is turned on. Check the live state any time with:
curl -sS https://lexamlhelpapi.amlhlep.com/kycrs/healthz → auth_required: false
X-API-Key: <your-key-here>
The endpoint is currently open (auth not enforced) so you can integrate end-to-end without waiting for a key. Your client code should still send the header — it works seamlessly the moment auth is turned on. Check the live state any time with:
curl -sS https://lexamlhelpapi.amlhlep.com/kycrs/healthz → auth_required: false
Compliance Standards
FATF 40 Recommendations · FINTRAC / PCMLTFA (Canada) · OSFI · OFAC SDN · EU AMLD6 · FinCEN · HMT (UK) · SECO (CH) · DFAT (AU) · MAS (SG) · GCC-region equivalents.
Data residency: pin to CA · US · UK · EU · UAE · SG · AU (and 23 more) — see the deployment page for the full list.
Data residency: pin to CA · US · UK · EU · UAE · SG · AU (and 23 more) — see the deployment page for the full list.
Implementation Support
A dedicated team works alongside your engineers to integrate the KYC Right Source API into your core system — pair-coding, payload validation, and edge-case handling until production-ready.
Dedicated Implementation Window
10-Day · Hands-On
A dedicated integration team is allocated to your organisation for a focused 10 business-day window to ensure a smooth, hands-on integration of the KYC Right Source API with your core system. Pair-coding, payload validation, sanctions-list mapping, and edge-case handling — until production-ready.
Day 1 – 2
Discovery & Sandbox
Kick-off call, mapping of your KYC entities to KYCRS DTOs, X-API-Key issuance, sandbox base-URL provisioning, and Postman / Swagger collection walkthrough.
Day 3 – 4
Health Probe & Client Scaffolding
Guided implementation of GET /kycrs/healthz + X-API-Key header, secure key storage, and the recommended client architecture (services, retry, error handling, RRF result merging).
Day 5 – 7
Screening Pipeline
Hand-in-hand build of the screen / hits / profile flow — including configurable list selection, threshold tuning, and SNAP·AI confidence parsing.
Day 8 – 9
Case Manager & Webhooks
Wiring case decisions, escalation, audit trail and webhook callbacks. Review of monitoring toggles and ongoing-watch behaviour.
Day 10
UAT & Go-Live
Joint UAT of edge cases (PEP-L1, transliterated names, false-positive thresholds). Production cut-over + 30-day priority support channel.
Deliverables included: reference client SDK skeleton (.NET / Java / Python / Node), Postman collection, sequence diagrams, sanctions-list mapping spreadsheet, and a written code-review report with structural recommendations.
Health & Authentication
Authentication is via the X-API-Key header. The endpoint is currently open (no key required) but your client should send the header anyway, so it continues to work the moment auth is enforced. Use GET /healthz to confirm the live state at any time.
GET
/kycrs/healthz
Health check & auth-required probe
▼
Purpose
Returns a JSON object with the API version, search-engine readiness, and the current auth_required flag. Useful as a deployment liveness probe and to detect when X-API-Key enforcement is turned on.
Required headers
X-API-Key string · optional today, required when auth is enabled
cURL
curl -sS https://lexamlhelpapi.amlhlep.com/kycrs/healthz \
-H 'X-API-Key: your-key-here'
PowerShell
Invoke-RestMethod 'https://lexamlhelpapi.amlhlep.com/kycrs/healthz' `
-Headers @{ 'X-API-Key' = $env:KYCRS_API_KEY }
Response — 200 OK
{
"status": "ok",
"version": "20.0.0",
"auth_required": false,
"search_ready": true
}
Common statuses
| Code | Meaning |
|---|---|
| 200 | Service alive. Inspect auth_required and search_ready. |
| 401 | X-API-Key missing or wrong — only emitted when auth is enabled. |
| 503 | Search engine still warming (BM25 state not loaded). Retry after a few seconds. |
Search
Submit an entity for real-time screening against PEP, SAN, POI, RRE, DD and INS datasets. Two endpoints — one for natural persons, one for legal entities — both backed by a dense + sparse + RRF-fusion pipeline with phonetic and transliterated matching.
POST
/kycrs/search/individuals
Screen an individual
▼
Purpose
Searches the configured datasets for a natural person. Returns every candidate match above the score threshold along with source datasets, sanction-body IDs, country signal, recorded DOBs, gender, and a stable resourceId for /kycrs-profile/individuals/{resourceId} follow-up.
Required fields
| Field | Type | Description |
|---|---|---|
| name | string | Full name. Accepts "First Middle Last" or "Last, First Middle". |
| datasets | array<string> | Lists to search. See Dataset Codes. At least one required. |
Optional fields
| Field | Type | Default | Description |
|---|---|---|---|
| threshold | int 75–100 | 85 | Minimum match score (%) to return. |
| addresses | array<{geography, city?}> | — | ISO-2 / ISO-3 country + optional city. Country narrows the candidate set server-side. |
| countries | array<string> | — | Extra ISO country codes; merged with addresses[].geography. |
| dob | string (YYYY-MM-DD) | — | Date of birth filter. |
| dobMatching | "exact" / "sameYear" | sameYear | exact enforces full date; sameYear allows any DOB in the same year. |
| gender | "Male" / "Female" | — | Optional gender filter. |
| dobRequired | boolean | false | Drop candidates without a DOB. |
| countryRequired | boolean | false | Drop candidates without country data. |
| matching | "fuzzy" / "strict" | fuzzy | strict requires every token of the query to appear. |
| pepTiers | array<string> | — | e.g. ["TIER1","TIER2"] when filtering PEPs by tier. |
| sanBodyIdsInclude | array<int> | — | Restrict sanctions hits to these sanction bodies. |
| sanBodyIdsExclude | array<int> | — | Exclude these sanction bodies from hits. |
| transliterateName | boolean | true | Allow cross-script transliteration in the match. |
Minimal cURL
curl -sS -X POST https://lexamlhelpapi.amlhlep.com/kycrs/search/individuals \
-H 'Content-Type: application/json' \
-H 'X-API-Key: your-key-here' \
-d '{"name":"Vladimir Putin","datasets":["SAN","PEP"],"threshold":85}'
Full cURL — with country, DOB, gender
curl -sS -X POST https://lexamlhelpapi.amlhlep.com/kycrs/search/individuals \
-H 'Content-Type: application/json' \
-H 'X-API-Key: your-key-here' \
-d '{
"name": "Vladimir Putin",
"datasets": ["SAN", "PEP"],
"threshold": 85,
"addresses": [{ "geography": "RU", "city": "Moscow" }],
"dob": "1952-10-07",
"dobMatching": "sameYear",
"gender": "Male",
"matching": "fuzzy",
"transliterateName": true
}'
PowerShell — Invoke-RestMethod
$body = @{
name = 'Vladimir Putin'
datasets = @('SAN','PEP')
threshold = 85
addresses = @( @{ geography = 'RU'; city = 'Moscow' } )
dob = '1952-10-07'
dobMatching = 'sameYear'
gender = 'Male'
} | ConvertTo-Json -Depth 5
Invoke-RestMethod -Method Post `
-Uri 'https://lexamlhelpapi.amlhlep.com/kycrs/search/individuals' `
-ContentType 'application/json' `
-Headers @{ 'X-API-Key' = $env:KYCRS_API_KEY } `
-Body $body |
Select-Object -ExpandProperty results
Response — 200 OK
{
"results": {
"matchCount": 1,
"matches": [
{
"qrCode": "116301",
"resourceId": "bdaeabc844deab67d9c782d2d0a12c79bbd72b466d54296fd009b60b5f5b424c",
"score": 100,
"match": "Putin",
"name": "Vladimir Vladimirovich Putin",
"countries": ["RU"],
"addresses": [
{ "geography": "RU", "city": "Saint Petersburg" },
{ "geography": "RU", "city": "Moscow" }
],
"datasets": ["PEP-CURRENT", "SAN-CURRENT"],
"currentSanBodyIds": [2, 8, 16, 19, 21],
"formerSanBodyIds": [],
"version": 1775228229505,
"resourceUri": "/individuals/bdaeabc844deab67d9c782d2d0a12c79bbd72b466d54296fd009b60b5f5b424c",
"datesOfBirth": ["1952-10-07"],
"gender": "Male",
"profileImage": "https://…/profile.png"
}
]
}
}
POST
/kycrs/search/businesses
Screen a business
▼
Purpose
Searches the configured datasets for a legal entity (corporation, trust, foundation, NGO). Same hybrid pipeline as /search/individuals; the request shape is a subset — gender, dob, dobMatching, dobRequired and pepTiers are silently ignored if sent. Response shape is identical to individuals; datesOfBirth is always [] and gender is omitted.
Required fields
| Field | Type | Description |
|---|---|---|
| name | string | Business name (legal or trading). |
| datasets | array<string> | Same codes as individuals (PEP, SAN, POI, RRE, DD, INS). |
Optional fields
| Field | Type | Default | Description |
|---|---|---|---|
| threshold | int 75–100 | 85 | Minimum match score (%). |
| addresses | array<{geography, city?}> | — | Country filter applied post-fetch against the business's addresses[].countryIsoCode. |
| countries | array<string> | — | Merged with addresses[].geography. |
| countryRequired | boolean | false | Drop candidates with no address-country data. |
| matching | "fuzzy" / "strict" | fuzzy | strict floors threshold to 90. |
| sanBodyIdsInclude / sanBodyIdsExclude | array<int> | — | Jurisdictional sanction filtering. |
| transliterateName | boolean | true | Cross-script transliteration. |
cURL
curl -sS -X POST https://lexamlhelpapi.amlhlep.com/kycrs/search/businesses \
-H 'Content-Type: application/json' \
-H 'X-API-Key: your-key-here' \
-d '{
"name": "Zurich Insurance Company Ltd",
"datasets": ["SAN", "PEP", "RRE"],
"threshold": 85,
"addresses": [{ "geography": "CH" }]
}'
PowerShell — Invoke-RestMethod
$body = @{
name = 'Zurich Insurance Company Ltd'
datasets = @('SAN','PEP','RRE')
threshold = 85
addresses = @( @{ geography = 'CH' } )
} | ConvertTo-Json -Depth 5
Invoke-RestMethod -Method Post `
-Uri 'https://lexamlhelpapi.amlhlep.com/kycrs/search/businesses' `
-ContentType 'application/json' `
-Headers @{ 'X-API-Key' = $env:KYCRS_API_KEY } `
-Body $body
Response — 200 OK
{
"results": {
"matchCount": 11,
"matches": [
{
"qrCode": "…",
"resourceId": "…",
"score": 100,
"match": "Zurich Insurance Company Ltd",
"name": "Zurich Insurance Company Ltd",
"countries": ["DE"],
"addresses": [{ "geography": "DE", "city": "Frankfurt" }],
"datasets": ["PEP-LINKED"],
"currentSanBodyIds": [],
"formerSanBodyIds": [],
"version": 1775228229505,
"resourceUri": "/businesses/…",
"datesOfBirth": []
}
]
}
}
ProfileCheck
Use the resourceId returned by a search to pull the complete enriched profile — every alias, address, identifier, sanction entry, PEP designation, related party and source evidence — in a single round-trip. Individuals and businesses live on separate paths.
GET
/kycrs-profile/individuals/{resourceId}
Full individual profile
▼
Purpose
Returns the complete Individual Profile for the given resourceId — the long hex identifier returned by /kycrs/search/individuals. Intentionally verbose: every supporting evidence object that backs each sanction / PEP / adverse-media entry is included so your case manager can render the audit trail without a second round-trip.
Path parameters
resourceId string · required · hex from search response
cURL
RID=f91bc10dca7b20c842b18e43badf42423d83759f291fd7aa97e8b85a3bd51f25
curl -sS "https://lexamlhelpapi.amlhlep.com/kycrs-profile/individuals/$RID" \
-H 'X-API-Key: your-key-here'
PowerShell
$rid = 'f91bc10dca7b20c842b18e43badf42423d83759f291fd7aa97e8b85a3bd51f25'
$profile = Invoke-RestMethod -Method Get `
-Uri "https://lexamlhelpapi.amlhlep.com/kycrs-profile/individuals/$rid" `
-Headers @{ 'X-API-Key' = $env:KYCRS_API_KEY }
"name : $($profile.firstName) $($profile.middleName) $($profile.lastName)"
"qrCode : $($profile.qrCode)"
"version : $($profile.version)"
"datasets : $($profile.datasets -join ', ')"
"aliases : $($profile.aliases.Count)"
"addresses : $($profile.addresses.Count)"
Response — abbreviated
{
"qrCode": "116301",
"version": 1775228229505,
"resourceUri": "/individuals/bdaeabc8...",
"resourceId": "bdaeabc844deab67d9c782d2d0a12c79bbd72b466d54296fd009b60b5f5b424c",
"firstName": "Vladimir",
"middleName": "Vladimirovich",
"lastName": "Putin",
"gender": "Male",
"isDeceased": false,
"datesOfBirthIso": ["1952-10-07"],
"datesOfDeathIso": [],
"nationalitiesIsoCodes": ["RU"],
"datasets": ["PEP-CURRENT", "SAN-CURRENT"],
"aliases": [
{ "aliass": "В. В. Путин", "type": "AKA", "firstName": "В.", "lastName": "Путин" }
],
"addresses": [
{ "addressType": "WORK", "city": "Moscow", "countryIsoCode": "RU" }
],
"identifiers": [ /* national IDs, passport numbers */ ],
"evidences": [ /* source citations */ ],
"sanEntries": { /* SAN list designations */ },
"pepEntries": { /* PEP designations + offices held */ },
"pepByAssociationEntries": [],
"relEntries": [], "rreEntries": [], "poiEntries": [],
"insEntries": [], "ddEntries": [], "griEntries": [],
"individualLinks": [], "businessLinks": [],
"soeEntry": null,
"profileImages": []
}
GET
/kycrs-profile/businesses/{resourceId}
Full business profile
▼
Purpose
Same as the individual ProfileCheck but for a legal entity. Use the resourceId returned by /kycrs/search/businesses.
cURL
RID=<business-resource-id>
curl -sS "https://lexamlhelpapi.amlhlep.com/kycrs-profile/businesses/$RID" \
-H 'X-API-Key: your-key-here'
End-to-end flow — search → profile (PowerShell)
# 1. Screen the name
$req = @{ name='National Bank'; datasets=@('SAN','PEP','RRE'); threshold=85 } |
ConvertTo-Json -Depth 5
$hits = (Invoke-RestMethod -Method Post `
-Uri 'https://lexamlhelpapi.amlhlep.com/kycrs/search/businesses' `
-ContentType 'application/json' `
-Headers @{ 'X-API-Key' = $env:KYCRS_API_KEY } `
-Body $req).results.matches
# 2. Pull the full profile for the top hit
if ($hits.Count -gt 0) {
$top = $hits[0]
" matched: score=$($top.score) $($top.name)"
$profile = Invoke-RestMethod `
-Uri "https://lexamlhelpapi.amlhlep.com/kycrs-profile/businesses/$($top.resourceId)" `
-Headers @{ 'X-API-Key' = $env:KYCRS_API_KEY }
" aliases: $($profile.aliases.Count) addresses: $($profile.addresses.Count)"
}
Dataset Codes
Pass either the broad family code or any specific variant in the datasets array. Broad codes auto-expand server-side. Mix and match freely — e.g. ["PEP","SAN-CURRENT","POI"].
| Family | Expands to | Meaning |
|---|---|---|
| PEP | PEP-CURRENT, PEP-FORMER | Politically Exposed Persons — current office and former designations. |
| SAN | SAN-CURRENT, SAN-FORMER | Sanction list entries — currently designated and historically delisted. |
| POI | POI | Persons / entities of interest from law-enforcement, regulatory and intelligence sources. |
| RRE | RRE | Regulator-Reportable Entries — disciplinary, debarment and enforcement findings. |
| DD | DD | Due-Diligence intelligence: bankruptcy, insolvency, civil litigation, corporate filings. |
| INS | INS | Insolvency and disqualified directors registers. |
Best practice
For an end-to-end onboarding check, pass ["SAN","PEP","RRE","DD"] — that's the standard CFT bundle. Add POI if your jurisdiction requires it, and INS when screening directors.
Sanction Body IDs
Use these integer IDs in sanBodyIdsInclude / sanBodyIdsExclude to filter sanctions hits by jurisdiction. A full list (200+ bodies) is available via the OpenAPI doc.
| Body | ID | Jurisdiction |
|---|---|---|
| OFAC (US Treasury) | 2 | United States |
| UN Security Council | 8 | Global |
| EU Consolidated List | 16 | European Union |
| UK HM Treasury (OFSI) | 19 | United Kingdom |
| Switzerland SECO | 21 | Switzerland |
| Australia DFAT | 25 | Australia |
| Canada — SEMA / Freezing Assets | 36, 44 | Canada |
| Japan METI | 49 | Japan |
| Singapore MAS | 59 | Singapore |
| Hong Kong | 67 | Hong Kong |
| New Zealand | 80 | New Zealand |
Example — UAE bank, restrict to UAE-relevant jurisdictions
{
"name": "Vladimir Putin",
"datasets": ["SAN"],
"threshold": 85,
"sanBodyIdsInclude": [2, 8, 16, 19, 25, 59]
}
HTTP Status Codes
All endpoints use standard HTTP status codes. Error responses carry a detail field with a human-readable explanation.
| Code | Meaning | Recommended client action |
|---|---|---|
| 200 | Success — see results.matches[]. matchCount may be 0. | Process the response. No matches is a valid clear. |
| 400 | Invalid request — see the detail field. Validation errors include the JSON path of the bad field. | Fix the payload. Do not retry as-is. |
| 401 | Missing or wrong X-API-Key — only when auth is enabled. | Refresh / re-issue your API key. |
| 429 | Rate-limited (concurrency burst). | Back off; the limiter is per-key. |
| 503 | Search engine warming up (BM25 state not yet loaded). | Retry after a few seconds with light back-off. |
| 5xx | Transient upstream error. | Retry with exponential back-off (3 attempts is usually enough). |
Error body shape
{ "detail": "human-readable explanation" }
Best practices
Cache results in your client when repeatedly screening the same (name, datasets, threshold, country) tuple.
Tune threshold before going live: 90 = very strict, 75 = aggressive recall, 85 = balanced default.
Send addresses[].geography whenever you have country context — narrows the candidate set server-side.
Log resourceId of every accepted match for your audit trail; the upstream resourceUri lets you fetch the canonical profile later.
Retry on 503 with short back-off (warm-up). On 5xx / transient errors, 3 retries with exponential back-off is sufficient.
Tune threshold before going live: 90 = very strict, 75 = aggressive recall, 85 = balanced default.
Send addresses[].geography whenever you have country context — narrows the candidate set server-side.
Log resourceId of every accepted match for your audit trail; the upstream resourceUri lets you fetch the canonical profile later.
Retry on 503 with short back-off (warm-up). On 5xx / transient errors, 3 retries with exponential back-off is sufficient.
Schema Reference
Field-level reference for every DTO exchanged by the API. Names mirror the live OpenAPI spec at /kycrs/docs.
| Field | Type | Required | Description |
|---|---|---|---|
| SearchIndividualsRequest — Body for POST /kycrs/search/individuals | |||
| name | string | Yes | Full name to screen. Accepts "First Middle Last" or "Last, First Middle". |
| datasets | array<string> | Yes | Dataset codes (see Dataset Codes section). At least one required. |
| threshold | int (75–100) | Optional · default 85 | Minimum match score (%) to return. |
| addresses | array<Address> | Optional | Country (ISO-2/3) + optional city per row. Narrows candidate set server-side. |
| countries | array<string> | Optional | Extra ISO country codes; merged with addresses[].geography. |
| dob | string (YYYY-MM-DD) | Optional | Date of birth filter. |
| dobMatching | "exact" / "sameYear" | Optional · default sameYear | exact = full date; sameYear = any DOB same year. |
| gender | "Male" / "Female" | Optional | Gender filter. |
| dobRequired | boolean | Optional · default false | Drop candidates without a DOB. |
| countryRequired | boolean | Optional · default false | Drop candidates without country data. |
| matching | "fuzzy" / "strict" | Optional · default fuzzy | strict requires every query token to appear. |
| pepTiers | array<string> | Optional | e.g. ["TIER1","TIER2"]. |
| sanBodyIdsInclude | array<int> | Optional | Restrict sanctions hits to these sanction bodies. |
| sanBodyIdsExclude | array<int> | Optional | Exclude these sanction bodies. |
| transliterateName | boolean | Optional · default true | Allow cross-script transliteration in the match. |
| SearchBusinessesRequest — Body for POST /kycrs/search/businesses | |||
| name | string | Yes | Business name (legal or trading). |
| datasets | array<string> | Yes | Dataset codes. |
| threshold | int (75–100) | Optional · default 85 | Minimum match score (%). strict matching floors threshold to 90. |
| addresses | array<Address> | Optional | Country filter applied post-fetch. |
| countries / countryRequired / matching / sanBodyIdsInclude / sanBodyIdsExclude / transliterateName | — | — | Same semantics as the individuals request. |
| Note: gender, dob, dobMatching, dobRequired, pepTiers are silently ignored for businesses. | |||
| Address — Request & response shape | |||
| geography | string | Yes | ISO-2 or ISO-3 country code. |
| city | string | Optional | City name (used in request to narrow; included in response when known). |
| SearchResponse — Both /search/individuals and /search/businesses | |||
| results.matchCount | int | Yes | Number of returned matches. |
| results.matches | array<Match> | Yes | List of candidate matches above threshold. |
| Match — A single candidate inside results.matches[] | |||
| qrCode | string | Yes | Short numeric profile code (stable across calls). |
| resourceId | string | Yes | Long hex resource identifier (stable). Pass to /kycrs-profile/{type}/{resourceId}. |
| score | int (0–100) | Yes | Match confidence percentage. |
| match | string | Yes | The query token(s) that matched. |
| name | string | Yes | Full canonical name on file. |
| countries | array<string> | Yes | ISO country codes for the profile. |
| addresses | array<Address> | Yes | Country + optional city. |
| datasets | array<string> | Yes | Lists this profile appears on. |
| currentSanBodyIds | array<int> | Yes | Current sanction-body IDs (e.g. OFAC=2, UN=8, EU=16). |
| formerSanBodyIds | array<int> | Yes | Historic sanction-body IDs. |
| version | long (epoch-ms) | Yes | Profile version. Increases when the profile is updated. |
| resourceUri | string | Yes | Canonical resource URI on the upstream platform. |
| datesOfBirth | array<string> | Yes | ISO dates of birth. Always [] for businesses. |
| gender | "Male" / "Female" / null | Individuals only | Omitted on business matches. |
| profileImage | string · null | Optional | URL to an upstream profile image, where available. |
| Profile — Full enriched object from GET /kycrs-profile/{type}/{resourceId} | |||
| qrCode / version / resourceUri / resourceId | string / string | Nullable | Profile identity headers. |
| name / description | string | Nullable | Primary name & description. |
| isDeleted / deletionReason | string / object | Nullable | Soft-delete flag and reason payload. |
| firstName / middleName / lastName | string | Nullable | Parsed name parts. |
| gender / isDeceased | string | Nullable | Demographics. |
| datesOfBirthIso / datesOfDeathIso | array<string> | Nullable | ISO-8601 dates. |
| nationalitiesIsoCodes | array<string> | Nullable | ISO-3166 country codes. |
| aliases | array<Alias> | Nullable | AKA / alternate names. |
| addresses | array<Address> | Nullable | Known addresses. |
| profileImages | array<string> | Nullable | Image URIs. |
| notes / contactEntries | array<Note / ContactEntry> | Nullable | Notes & contact details. |
| businessTypes / activities | array<string> | Nullable | Industry tags & activities. |
| identifiers | array<Identifier> | Nullable | National IDs, passport numbers, etc. |
| evidences | array<Evidence> | Nullable | Source citations supporting each entry. |
| datasets | array<string> | Nullable | Datasets that contain this profile. |
| sanEntries | object (SanEntries) | Nullable | Sanctions list entries. |
| pepEntries | object (PepEntries) | Nullable | PEP designations. |
| pepByAssociationEntries | array<PepByAssociationEntry> | Nullable | Indirect-PEP associations (RCAs). |
| relEntries / rreEntries / poiEntries / insEntries / griEntries | array<…> | Nullable | Related parties, regulator-reportable entries, persons-of-interest, insolvency, GRI entries. |
| individualLinks / businessLinks | array<…Link> | Nullable | Cross-references to other profiles. |
| ddEntries | array<DdEntry> | Nullable | Due-diligence entries. |
| soeEntry | object (SoeEntry) | Nullable | State-Owned-Enterprise designation, where applicable. |
| Address | |||
| addressType | string | Nullable | Address category (e.g. HOME, BUSINESS). |
| line1 / line2 | string | Nullable | Street lines. |
| postcode / city | string | Nullable | Postal code & city. |
| county / countyAbbrev | string | Nullable | County / state. |
| countryIsoCode | string | Nullable | ISO-3166 country code. |
| Alias | |||
| aliass | string | Nullable | Full alias name as it appears in source. |
| type | string | Nullable | Alias type (AKA, FKA, transliteration, etc.). |
| firstName / middleName / lastName | string | Nullable | Parsed alias name parts. |