Skip to main content

AML Screening API - Detailed Documentation

The AML Screening API provides functionality for screening individuals against sanctions, politically exposed persons (PEP), and other risk lists.

API Playground:

You can try the check individual endpoint here.

Endpoints Overview

  1. Check Individual: Screen an individual against AML datasets (PEP, sanctions, and related lists).
  2. Ongoing Monitoring:
    • Register Individual
    • Register Entity
    • Remove Search Profile

Authentication

To access the Address Verification API, authentication is required. A Bearer Token must be included in every request.
  • Tokens are valid for 60 minutes and must be refreshed after expiration.
  • Refer to the Authentication for detailed steps on obtaining a token.
  • Include the token in the Authorization header as follows:
Authorization: Bearer YOUR_ACCESS_TOKEN

API Base URL

Production:

https://api-umbrella.io/api/services

Sandbox:

https://sandbox-umbrella-api.azurewebsites.net/api/services

1. Check Individual

Endpoint

POST /aml/checkIndividual

Description

Checks an individual against AML datasets (e.g. PEP and sanctions).
You supply a name, optional date of birth, and search constraints (datasets, countries, threshold, matching mode) and receive a detailed profile for the best match, when found.

Required Headers

HeaderValue
Content-Typeapplication/json
AuthorizationBearer yourAccessToken

Request Body Parameters

FieldTypeRequiredDescription
namestringYesThe full name of the person you are searching for. For best results use the format "lastnames, firstnames middlenames" (e.g. "Johnson, Boris"). Alternatively you can use "firstnames middlenames lastnames" if you do not know the precise last name.
dateOfBirthstringNoDate of birth in YYYY-MM-DD or YYYY format. Must be after 1900 and not in the future. Example: "1964-06-19".
countriesstringYesComma-separated list of two-letter ISO-3166 country codes affecting both address and nationality. Example: "NL,GB".
datasetsstringNoComma-separated list specifying which datasets will be searched. See Datasets below. Default: "PEP,SAN".
thresholdintegerNoMatch score threshold between 75 and 100. Only profiles with a score equal or above this value are returned. Default is 85. Example: 90.
matchingstringNoName-matching algorithm. Either "fuzzy" (recommended, default) or "strict". Fuzzy applies extensive fuzzy matching techniques to find likely matches; strict is more conservative and may miss matches if the exact name is not known.
The datasets parameter is a comma-separated string. Available options:
  • PEP – Politically Exposed Persons (all)
  • PEP-CURRENT – Only current PEPs
  • PEP-FORMER – Only former PEPs
  • PEP-LINKED – PEP by association / linked persons
  • SAN – Sanctioned (all)
  • SAN-CURRENT – Only current sanctions
  • SAN-FORMER – Only former sanctions
  • INS – Insolvency lists
  • RRE – Reputational Risk Exposure
  • DD – Disqualified Directors
  • POI – Profiles of Interest
  • REL – Regulatory Enforcement Lists
  • GRI – Gambling Risk Intelligence

Example Request

{
  "name": "Johnson, Boris",
  "dateOfBirth": "1964-06-19",
  "countries": "GB",
  "datasets": "PEP,SAN",
  "threshold": 90,
  "matching": "fuzzy"
}

Response Structure

The response returns a JSON object containing a single person profile (the best match) from the AML check.
FieldTypeDescription
dataobjectRoot object that wraps the person profile.
data.typestringResource type, for individuals this will be "persons".
data.idstringSystem-specific internal identifier of the person profile.
data.attributesobjectDetailed attributes describing the person, risk exposure, and linked entities.
data.linksobject or nullOptional hypermedia links if found.
FieldTypeDescription
firstNamestringGiven name of the person.
middleNamestringMiddle name(s) of the person, if available.
lastNamestringFamily name / surname of the person.
genderstringGender of the person, e.g. Male, Female, or Unknown.
datesOfBirthIsostring arrayList of known dates of birth in ISO YYYY-MM-DD format.
datesOfDeathIsostring arrayList of known dates of death in ISO format, if applicable.
nationalitiesIsoCodesstring arrayList of nationality country codes (ISO-3166-1 alpha-2), e.g. ["GB"].
isDeceasedbooleanIndicates whether the person is known to be deceased.
isDeletedbooleanIndicates whether the profile has been logically deleted in the back systems.
monitoringIdstringIdentifier used by IDCanopy for ongoing monitoring of this profile.
versionintegerInternal version of the profile in the monitoring system.
datasetsstring arrayDatasets that apply to this profile, e.g. ["PEP-LINKED","POI","SAN-CURRENT"].
addressesobject arrayList of known addresses for the person. See Address object.
aliasesobject arrayList of known aliases, name variations, and alternative spellings. See Alias object.
contactEntriesobject arrayContact information such as phone numbers, fax numbers, and email addresses. See Contact entry object.
notesobject arrayOptional free-form notes associated with the profile.
evidencesobject arrayList of evidence sources that support the profile (articles, websites, official documents). See Evidence object.
profileImagesstring arrayURLs to profile images associated with the person.
pepEntriesobject or arrayStructured data describing PEP status; may be empty {} if not applicable.
pepByAssociationEntriesobject arrayPEP-by-association information, linking this subject to other PEP profiles via shared evidence.
poiEntriesobject arrayProfiles of Interest information, including public roles and positions. See POI entry object.
sanEntriesobjectSanctions information. See Sanctions object.
relEntriesobject arrayRegulatory enforcement list entries (if present).
rreEntriesobject arrayReputational Risk Exposure entries (if present).
ddEntriesobject arrayDisqualified Director entries (if present).
griEntriesobject arrayOther risk / intelligence entries (if present).
identifiersobject arraySystem-specific identifiers and external reference IDs.
individualLinksobject arrayIndividuals linked directly to the subject (family members, associates, etc.). See Linked individual object.
businessLinksobject arrayBusinesses linked to the subject and their key people. See Linked business object.

Address object

FieldTypeDescription
addressTypestringType of address, e.g. "Place of birth", "Business", "Residential".
line1stringFirst line of the address (street address, building name, etc.).
line2stringSecond line of the address, if any (area, estate, etc.).
citystringCity or town.
postcodestringPostal / ZIP code, if available.
countystringCounty / region name, if available.
countyAbbreviationstringAbbreviation or code for the county / region, if available.
countryIsoCodestringTwo-letter ISO country code of the address.

Alias object

FieldTypeDescription
firstNamestringFirst or given name used in this alias.
middleNamestringMiddle name(s) used in this alias, if any.
lastNamestringSurname used in this alias.
typestringType of alias, e.g. "Name Spelling Variation", "Former name", etc.

Contact entry object

FieldTypeDescription
categorystringType of contact detail, e.g. "Telephone", "Fax", "Email".
valuestringContact value (phone number, fax number, email address).

Evidence object

FieldTypeDescription
evidenceIdstringSystem unique identifier for the evidence.
datasetsstring arrayDatasets for which this evidence is relevant (e.g. ["SAN-CURRENT"], ["POI","ID"]).
originalUrlstringURL of the original source (news article, official site, etc.).
assetUrlstringOptional URL to stored copies or documents (e.g. PDFs).
publicationDateIsostringPublication date in ISO format, if available.
captureDateIsostringDate when the evidence was captured/indexed.
summarystringShort description of what the source says about the subject.
titlestringTitle of the article or document, if provided.
credibilitystringAssessment of source credibility (High, Medium, etc.), where available.
languagestringLanguage code of the source content, if known (e.g. eng, rus).
isCopyrightedbooleanIndicates whether the source is copyrighted.

POI entry object

FieldTypeDescription
categorystringCategory of the profile of interest, e.g. "Other Public Figures" or "Senior Government Officials".
evidenceIdsstring arrayList of evidence IDs that support this POI classification.
positionsobject arrayList of positions associated with this POI entry.
Position object fields:
FieldTypeDescription
countryIsoCodestringISO-3166-1 alpha-2 code of the country in which the position is held.
dateFromIsostringStart date of the position in ISO format (may be year-only in some cases).
dateToIsostringEnd date of the position in ISO format, if applicable.
positionstringTitle of the role (e.g. `“Former Prime MinisterHer Majesty’s Government”`).
segmentstringSegment / classification of the position, e.g. "Executive Branch - Head and Members of Government and Deputies".

Sanctions object

The sanEntries object groups sanctions information by status. For example:
  • current – active sanctions
  • former – historical sanctions, if provided by the data source
Each entry in sanEntries.current (or former) has the following structure:
FieldTypeDescription
eventsobject arrayChronological events related to the sanction (added, updated, removed).
measuresstring arrayMeasures imposed, such as "Travel Ban", asset freezes, and other restrictions.
regimeobjectDetails of the sanction regime (issuing body and regime name).
sanctionIdstringSpecific identifier for the sanction, if present.
Sanction event fields:
FieldTypeDescription
dateIsostringEvent date in ISO format.
evidenceIdsstring arrayEvidence IDs supporting this sanction event.
typestringType of sanction event (e.g. "Added").
Sanction regime fields:
FieldTypeDescription
bodystringIssuing body or authority (e.g. "Government of the Russian Federation").
namestringName of the sanctions regime.
originstringCountry or organisation of origin.

GRI entry object

FieldTypeDescription
titlestringThe title of the GRI report, e.g. "EDD Report - Executive Summary Report".
evidenceIdstringThe ID of supporting evidence.
summarystringThe description of the GRI report, e.g. "In-depth information about the subject based on an Enhanced Due Diligence investigation on source wealth, potential political exposure and reputational risk exposure".
keywordsstringKeywords associated with the report, e.g. "Source of Wealth".

REL entry object

FieldTypeDescription
categorystringThe category of the REL entry, e.g. "Law Enforcement". Enums are [Law Enforcement, Financial Regulator]
subcategorystringThe name of the list, e.g. " Police - Avon and Somerset Police - Wanted & In Court - United Kingdom".
eventsstring arrayThe events associated with the REL entry.
REL events fields:
FieldTypeDescription
typestringThe type of event associated with the list entry (e.g. "Arrest).
currencyCodestringFor specific event types, there can be associated financial penalties. This field indicates the international currency code, e.g. "USD"
amountintegerThe amount of the financial penalty, if applicable, e.g. "100000"
periodstring arrayIndicates the length of time of the penalty. The properties are [days: integer, months: integer, years: integer]
dateISOstringThe date of the event in ISO format (e.g. 2020-01-01 for 1st January 2020).
evidenceIDsstring arrayThe list of IDs of supporting evidences for the event.

RRE entry object

FieldTypeDescription
categorystringThe category of the RRE entry, e.g. "Law Enforcement".
subcategorystringThe name of the list, e.g. " Identity Theft".
eventsstring arrayThe events associated with the RRE entry.
RRE events fields:
FieldTypeDescription
typestringThe type of event associated with the list entry (e.g. "Court Proceedings in Progress: Remand).
dateISOstringThe date of the event in ISO format (e.g. 2020-01-01 for 1st January 2020).
evidenceIDsstring arrayThe list of IDs of supporting evidences for the event.

Linked individual object

Linked business object

Response Codes

CodeDescription
200A JSON object describing the best matching individual profile.
400Bad request due to missing or invalid parameters.
401API key is missing, invalid, or the caller is not authorized.
500An internal server error occurred while processing the request.

Example Response

Below is a trimmed example response showing the overall structure returned. The real payload can contain many more linked entities, evidences, and positions. 
{
  "data": {
    "type": "persons",
    "id": "NQZGEVkxHy1HZ1sOQB0dXQ4kRAh6SlJDU3cOWjJWC10CdmtwUHZDfmQmQgB3RlRxLG0DVRcXRA4AJFNcDQVVSWQBAlYJJxE=",
    "attributes": {
      "firstName": "Boris",
      "middleName": "",
      "lastName": "Johnson",
      "gender": "Male",
      "datesOfBirthIso": [
        "1964-06-19"
      ],
      "nationalitiesIsoCodes": [
        "GB"
      ],
      "datasets": [
        "PEP-LINKED",
        "POI",
        "SAN-CURRENT"
      ],
      "addresses": [
        {
          "addressType": "Place of birth",
          "city": "New York",
          "countryIsoCode": "US",
          "line1": "",
          "line2": "",
          "postcode": ""
        },
        {
          "addressType": "Business",
          "city": "London",
          "countryIsoCode": "GB",
          "line1": "10 Downing Street",
          "line2": "Westminster",
          "postcode": "SW1A 2AA"
        }
      ],
      "aliases": [
        {
          "firstName": "Alexander",
          "middleName": "Boris de Pfeffel",
          "lastName": "Johnson",
          "type": "Name Spelling Variation"
        }
      ],
      "contactEntries": [
        {
          "category": "Telephone",
          "value": "+44 1491612852"
        },
        {
          "category": "Email",
          "value": "johnsonb@parliament.uk"
        }
      ],
      "businessLinks": [
        {
          "name": "Transport for London Limited",
          "datasets": ["PEP-LINKED", "REL", "SOE-CURRENT"],
          "relationship": "Boris Johnson is a Former Chairperson of the Board of Directors of Transport for London Limited",
          "ownershipPercentage": 0,
          "monitoringId": "NQZGEVkxH34WYwhdEw=="
        }
      ],
      "sanEntries": {
        "current": [
          {
            "events": [
              {
                "dateIso": "2022-04-16",
                "evidenceIds": ["23937631"],
                "type": "Added"
              }
            ],
            "measures": ["Travel Ban"],
            "regime": {
              "body": "Government of the Russian Federation",
              "name": "Russia - Special economic measures against unfriendly actions of foreign countries and international organisations",
              "origin": "Russia"
            },
            "sanctionId": ""
          }
        ]
      },
      "poiEntries": [
        {
          "category": "Senior Government Officials",
          "positions": [
            {
              "countryIsoCode": "GB",
              "dateFromIso": "2019-07",
              "dateToIso": "2022-07",
              "position": "Former Prime Minister | Her Majesty's Government",
              "segment": "Executive Branch - Head and Members of Government and Deputies"
            }
          ]
        }
      ]
    },
    "links": null
  }
}

2. Ongoing Monitoring

You will be given a “Monitoring_Group_Id” that you will use to register an individual or business profile to. The registered profile will be screened on a regular basis as per the monitoring rules set in the monitoring group configuration,

2.1 Register Individual

Endpoint

POST /aml/ongoingMonitoring/registerIndividual

Status

This endpoint will allow you to register an individual profile for ongoing AML monitoring (periodic re-screening). you will need to provide the Monitoring_Group_Id that you received from IDCanopy, along with the individual’s name and date of birth and country information. The individual will then be screened on a regular basis as per the monitoring rules set in the monitoring group configuration

Required Headers

HeaderValue
Content-Typeapplication/json
AuthorizationBearer yourAccessToken

Request Body Parameters

FieldTypeRequiredDescription
Monitoring_Group_IdstringYesThe monitoring group ID you received from IDCanopy.
typestringYesResource type requested, for individuals this will be "subscriptions".
namestringYesThe full name of the person you are searching for. For best results use the format "lastnames, firstnames middlenames" (e.g. "Johnson, Boris"). Alternatively you can use "firstnames middlenames lastnames" if you do not know the precise last name.
dateOfBirthstringNoDate of birth in YYYY-MM-DD or YYYY format. Must be after 1900 and not in the future. Example: "1964-06-19".
countriesstringYesComma-separated list of two-letter ISO-3166 country codes affecting both address and nationality. Example: "NL,GB".
genderstringNoGender of the person. Example: "male" or "female".

Example Request

{
  "Monitoring_Group_Id": "01ARZ3NDEKTSV4RRFFQ69G5FAV",
  "type": "subscriptions",
  "data": {
      "name": "Jane Doe",
      "countries": [
        "US"
      ],
      "dateOfBirth": "1991-07-22",
      "gender": "female"
    }
}

Response Structure

The response returns a JSON object containing the subscription details for the registered individual..
FieldTypeDescription
subscriptionIdstringThe subscription ID of the registered individual.
typestringResource type, for individuals this will be "subscriptions".
attributesobjectDetailed attributes echoing the person’s information provided in the registration request (name, date of birth, gender, countries).

Example Response

{
  "data": {
    "subscriptionId": "93CVS1NDEKTSV4RRFFQ69F2FDC",
    "type": "subscriptions",
    "attributes": {
      "name": "Jane Doe",
      "countries": [
        "US"
      ],
      "dateOfBirth": "1991-07-22",
      "gender": "female"
    },
  }
}

2.2 Register Entity

Endpoint

POST /aml/ongoingMonitoring/registerEntity

Status

This endpoint will allow you to register a legal entity (company, organisation) for ongoing AML monitoring. you will need to provide the Monitoring_Group_Id that you received from IDCanopy, along with the company/organization’s name and country information. The company/organization will then be screened on a regular basis as per the monitoring rules set in the monitoring group configuration

Required Headers

HeaderValue
Content-Typeapplication/json
AuthorizationBearer yourAccessToken

Request Body Parameters

FieldTypeRequiredDescription
Monitoring_Group_IdstringYesThe monitoring group ID you received from IDCanopy.
typestringYesResource type requested, for companies/organizations this will be "subscriptions".
namestringYesThe full name of the company/organization you are searching for.
countriesstringYesComma-separated list of two-letter ISO-3166 country codes affecting both address and nationality. Example: "NL,GB".

Example Request

{
  "Monitoring_Group_Id": "02GRKT6NDEUUYSV4RRFFQ695V2TF",
  "type": "subscriptions",
  "name": "BMI Corporation",
  "countries": ["US","GB"]
}

Response Structure

The response returns a JSON object containing the subscription details for the registered company/organization.
FieldTypeDescription
subscriptionIdstringThe subscription ID of the registered company/organization.
typestringResource type, for companies/organizations this will be "subscriptions".
attributesobjectDetailed attributes echoing the company/organization’s information provided in the registration request (name, countries).

Example Response

{
  "data": {
    "subscriptionId": "1KLRTYHGHD8UUJBOJMHSLKJH3",
    "type": "subscriptions",
    "attributes": {
      "name": "BMI Corporation",
      "countries": [
        "US",
        "GB"
      ],
    },
  }
}

2.3 Remove Search Profile

Endpoint

POST /aml/ongoingMonitoring/removeSearchProfile

Status

This endpoint will allow you to remove an existing monitoring profile from ongoing AML monitoring for either an individual or a company/organization. To delete a monitoring profile, you will need to provide the Monitoring_Group_Id that you received from IDCanopy, along with the subscriptionId of the profile you want to remove.

Required Headers

HeaderValue
Content-Typeapplication/json
AuthorizationBearer yourAccessToken

Request Body Parameters

FieldTypeRequiredDescription
Monitoring_Group_IdstringYesThe monitoring group ID you received from IDCanopy.
subscriptionIdstringYesThe subscription ID of the monitoring profile you want to remove.
entityTypestringYesResource type requested, for companies/organizations this will be "Business", for individuals this will be "Person".

Example Request

{
  "Monitoring_Group_Id": "01ARZ3NDEKTSV4RRFFQ69G5FAV",
  "subscriptionId": "93CVS1NDEKTSV4RRFFQ69F2FDC",
  "entityType": "Person"
}

2.4 Query Monitoring Results

Endpoint

GET /aml/ongoingMonitoring/getMonitoringResults/{Monitoring_Group_Id}/person/{subscriptionId} for individuals or
GET /aml/ongoingMonitoring/getMonitoringResults/{Monitoring_Group_Id}/entity/{subscriptionId} for companies/organizations

Status

You can query the monitoring results via the endpoints above for either an individual or a company/organization that you have registered for ongoing monitoring.

Required Headers

HeaderValue
Content-Typeapplication/json
AuthorizationBearer yourAccessToken

Response Structure

The response returns a JSON object containing the monitoring results for the specified subscription ID, including any matches found during the ongoing monitoring process.
FieldTypeDescription
dataobjectRoot object that wraps the alert profile.
data.typestringThe alert type, e.g. "reviews", "alerts".
data.idstringSystem-specific internal identifier of the monitoring incident or alert.
data.attributesobjectDetailed attributes describing the alert.
linksobject or nullOptional hypermedia links if found.
FieldTypeDescription
currentStatusstringCurrent status of the match.
versionintegerThe version number can be used to detect when a profile has changed.
personIDstringThe profile Id can be used to retrieve the full profile of the person
scoreintegerConfidence score of the profile match, ranging from 50 to 100.
matchstringThe name on the profile that has been matched in the search, e.g.: Jane Doe.
namestringThe primary name of the person in the profile.
countries string arrayList of countries from the addresses and nationalities of the profile, e.g. ["GB"].
datesOfBirthstring arrayList of dates of birth in either YYYY-MM-DD or YYYY ISO format. E.g. [ "1994", "1994-08-22" ]
gender stringIndicates the gender of the person in the profileif known, e.g. "Male", "Female".
profileImagestringMain profile image URL for the person.
datasetsstring arrayDatasets that apply to this profile, e.g. ["PEP-LINKED","POI","SAN-CURRENT"] refer to here.
pepTier stringThe PEP tier of the person in the profile, e.g. "PEP Tier 1", "PEP Tier 2".
The currentStatus field indicates the current status of the match found during ongoing monitoring. Possible values include:
  • open – indicates that the alert requires review
  • true-positive – Indicates that the alert is closed and that the profile was matched correctly
  • false-positive – Indicates that the alert is closed and that the profile was matched incorrectly
  • discarded – Indicates that the profile in the alert no longer matches the subscription due to the changes in the profile, subscription, or the follow list.

Example Response

{
  "data": {
    "type": "reviews",
    "id": "NQZGEVkxH3oUZAFaFRA=",
    "attributes": {
      "currentStatus": "open",
      "version": 1673422459727,
      "personID": "NQZGEVkxHy1HZ1sOQB0dXQ4kRAh6SlJDU3cOWjJWC10CdmtwUHZDfmQmQgB3teRxLG0DVRcXRA4AJFNcDQVVSWQBAlYJJxE=",
      "score": 95,
      "match": "Jane Doe",
      "name": "Jane Marie Doe",
      "countries": [
        "US"
      ],
      "datesOfBirth": [
        "1991-07-22"
      ],
      "gender": "female",
      "profileImage": "https://example.com/profile.jpg",
      "datasets": [
        "PEP-CURRENT",
        "SAN-CURRENT"
      ],
      "pepTier": "PEP Tier 1"
    },
    "links": null
  }
}