API Reference
Integrate ComplianceIQ's KYB, KYC, AML, and risk scoring capabilities into your product. All endpoints are REST-based, return JSON, and require Bearer token authentication.
Authentication
All API requests must include your secret API key in the Authorization header. Never expose your secret key in client-side code.
ciq_live_sk_...Use in production. Billed per verification.
ciq_test_sk_...Use in development. No charges incurred.
Authorization: Bearer YOUR_API_KEYREST Endpoints
All endpoints are prefixed with https://api.complianceiq.io. Responses use standard HTTP status codes and return JSON.
/v1/casesCreate a new compliance case for a business or individual.
/v1/cases/{id}Retrieve a compliance case by its unique identifier.
/v1/cases/{id}Update the status or metadata of an existing case.
/v1/casesList all compliance cases with optional filters and pagination.
/v1/kyb/verifyInitiate a KYB business verification workflow.
/v1/kyc/verifyStart a KYC identity verification for an individual.
/v1/aml/screenRun an AML screening against global watchlists.
/v1/cases/{id}Archive a compliance case (soft delete, data retained).
{
"id": "case_01HXYZ123ABC",
"type": "kyb",
"reference": "biz_acme_001",
"status": "pending",
"risk_level": "medium",
"created_at": "2025-05-13T23:35:00Z",
"entity": {
"name": "Acme Corp Ltd",
"registration_number": "12345678",
"country": "GB"
}
}SDK Examples
Official SDKs are available for Node.js, Python, and Go. Install via your package manager and start verifying in minutes.
Node.js
npm install @complianceiq/nodePython
pip install complianceiqGo
go get github.com/complianceiq/go-sdkcurl -X POST https://api.complianceiq.io/v1/cases \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"type": "kyb",
"reference": "biz_acme_001",
"entity": {
"name": "Acme Corp Ltd",
"registration_number": "12345678",
"country": "GB"
},
"risk_level": "medium"
}'Webhooks
Register a HTTPS endpoint to receive real-time event notifications. We sign every payload with an HMAC-SHA256 signature using your webhook secret.
Verify Signatures
Each request includes a X-ComplianceIQ-Signature header. Compare it against HMAC-SHA256(secret, raw_body) to confirm authenticity.
case.createdFired when a new compliance case is created.
case.status_changedFired when a case status transitions (e.g., pending → approved).
kyb.completedFired when a KYB verification workflow finishes.
kyc.completedFired when a KYC identity verification finishes.
aml.alert_raisedFired when an AML screening returns a match.
document.uploadedFired when a compliance document is uploaded to a case.
document.approvedFired when a document is approved by a compliance officer.
risk.score_updatedFired when the risk score for a case is recalculated.
{
"id": "evt_01HXYZ789ABC",
"type": "case.status_changed",
"created_at": "2025-05-13T23:35:00Z",
"data": {
"case_id": "case_01HXYZ123",
"reference": "biz_acme_001",
"previous_status": "pending",
"new_status": "approved",
"updated_by": "system",
"risk_level": "low"
},
"api_version": "2025-05-01"
}Error Codes
Rate Limits
Starter
100 req/min
Burst: 200 req/min
Growth
500 req/min
Burst: 1,000 req/min
Enterprise
Custom
Burst: Unlimited req/min
Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. When you hit the limit, the API returns 429 Too Many Requests — implement exponential backoff before retrying.
Ready to integrate?
Get your API key and start verifying businesses and individuals in under 10 minutes.