Veridact API Reference

Programmatically run CDD, EDD, M&A due diligence screenings, and person background checks. Integrate Veridact's sanctions, PEP, adverse media, ICIJ offshore leaks, and FCRA-compliant person checks directly into your compliance workflows.

Enterprise only. API access is available on the Enterprise plan ($1,499/mo). Generate keys at Portal → API & Integrations.
15+
Databases screened
60/min
Rate limit per key
REST
JSON API
Base URL
https://veridact.solutions/api/v1/

Authentication

All v1 API requests require a Bearer token in the Authorization header. Keys start with vrd_ and are shown only once on creation. Store them in environment variables — never hardcode in source.

Authorization Bearer vrd_your_api_key_here 
# Set your API key as an environment variable
export VERIDACT_API_KEY="vrd_your_api_key_here"

# Use in every request
curl -H "Authorization: Bearer $VERIDACT_API_KEY" \
     https://veridact.solutions/api/v1/screenings
const VERIDACT_API_KEY = process.env.VERIDACT_API_KEY;

// Reusable helper with auth header
const veridact = async (path, options = {}) => {
  const res = await fetch(`https://veridact.solutions/api/v1${path}`, {
    ...options,
    headers: {
      'Authorization': `Bearer ${VERIDACT_API_KEY}`,
      'Content-Type': 'application/json',
      ...(options.headers || {})
    }
  });
  if (!res.ok) throw new Error(`HTTP ${res.status}: ${await res.text()}`);
  return res.json();
};
import os, requests

BASE_URL = "https://veridact.solutions/api/v1"
HEADERS = {
    "Authorization": f"Bearer {os.environ['VERIDACT_API_KEY']}",
    "Content-Type": "application/json"
}

# Reusable session
session = requests.Session()
session.headers.update(HEADERS)
Key rotation best practice: Rotate keys every 90 days. Create a new key, migrate your integration, then revoke the old key. Keys can be managed at Portal → API & Integrations.

Rate Limits

API requests are rate-limited per API key. Screening submissions also count against your plan's monthly quota. All rate limit state is returned in response headers.

Limit Value Scope
Request rate60 req/minPer API key
Monthly screeningsUnlimitedEnterprise plan
Max active keys10 keysPer account
Rate Limit Response Headers
Header Description Example
X-RateLimit-LimitMax requests per window60
X-RateLimit-RemainingRequests left in current window45
X-RateLimit-ResetUnix timestamp when window resets1748556420
Retry-AfterSeconds to wait (only on 429)12
429 Too Many Requests is returned when rate limit is exceeded. Check Retry-After and implement exponential backoff with jitter. Never retry immediately.

Error Handling

All errors return JSON with success: false and a human-readable message. The code field is a stable machine-readable error identifier.

Error Response Format
{
  "success": false,
  "message": "API key not found or has been revoked.",
  "code": "invalid_api_key"
}
Status Code Meaning
200OK
201Created — screening submitted
400invalid_requestMissing or invalid parameters
401invalid_api_keyMissing, invalid, or revoked API key
402quota_exceededMonthly screening quota exceeded
403plan_requiredFeature requires a higher plan tier
404not_foundResource not found or does not belong to your account
422validation_failedRequest body failed validation
429rate_limitedRate limit exceeded — see Retry-After header
500server_errorInternal error — retry with exponential backoff

Quick Start

Run your first CDD screening in under 2 minutes.

curl -X POST https://veridact.solutions/api/v1/screening/cdd \
  -H "Authorization: Bearer vrd_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "Sberbank",
    "entity_type": "company",
    "jurisdiction": "Russia"
  }'
const res = await fetch('https://veridact.solutions/api/v1/screening/cdd', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.VERIDACT_API_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    query: 'Sberbank',
    entity_type: 'company',
    jurisdiction: 'Russia'
  })
});
const { screening } = await res.json();
console.log(`Risk: ${screening.risk_level} (${screening.risk_score}/100)`);
201 Response
{
  "success": true,
  "screening": {
    "id": 2847,
    "search_query": "Sberbank",
    "entity_type": "company",
    "jurisdiction": "Russia",
    "risk_level": "high",
    "risk_score": 61,
    "status": "completed",
    "sanctions_hits": 1,
    "pep_hits": 0,
    "adverse_media_hits": 0,
    "offshore_leaks_hits": 0,
    "created_at": "2026-04-29T14:00:00.000Z"
  }
}

CDD Screening

Screen an individual or company against 15+ global databases including OFAC SDN, EU Sanctions, UN 1267/1988, BIS Entity List, PEP databases, adverse media, and ICIJ offshore leaks (Panama Papers, Paradise Papers, Pandora Papers, Offshore Leaks, Bahamas Leaks).

POST /api/v1/screening/cdd Submit CDD screening
Request Body
FieldTypeRequiredDescription
querystringRequiredEntity name to screen (min 2 chars)
entity_typestringOptionalindividual (default), company, or organization
jurisdictionstringOptionalCountry or jurisdiction (improves risk scoring accuracy)
 
curl -X POST https://veridact.solutions/api/v1/screening/cdd \
  -H "Authorization: Bearer $VERIDACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "Roman Abramovich",
    "entity_type": "individual",
    "jurisdiction": "Russia"
  }'
201 Response
{
  "success": true,
  "screening": {
    "id": 2848,
    "search_query": "Roman Abramovich",
    "entity_type": "individual",
    "jurisdiction": "Russia",
    "risk_level": "high",  // "low" | "medium" | "high" | "critical"
    "risk_score": 52,         // 0–100
    "status": "completed",
    "sanctions_hits": 0,
    "pep_hits": 0,
    "adverse_media_hits": 1,
    "offshore_leaks_hits": 3,
    "summary": "CDD screening completed...",
    "created_at": "2026-04-29T14:01:00.000Z"
  }
}
Risk Level Scale
low Score 0–19 — No significant flags    medium 20–44 — Monitor closely    high 45–69 — EDD required    critical 70–100 — Do not proceed

EDD Screening

Enhanced Due Diligence runs all CDD checks plus an AI-powered deep analysis covering beneficial ownership, source of wealth/funds, AML risk assessment, and compliance recommendations. Requires Professional or Enterprise plan.

POST /api/v1/screening/edd Submit EDD screening
Request Body
FieldTypeRequiredDescription
querystringRequiredEntity name to screen
entity_typestringOptionalindividual or company
jurisdictionstringOptionalCountry or jurisdiction
source_of_wealthstringOptionalDeclared source of wealth (improves AI analysis)
source_of_fundsstringOptionalDeclared source of transaction funds
purpose_of_relationshipstringOptionalBusiness relationship purpose
beneficial_ownershipstringOptionalKnown ownership structure details
pep_relationshipsstringOptionalDisclosed PEP connections
 
curl -X POST https://veridact.solutions/api/v1/screening/edd \
  -H "Authorization: Bearer $VERIDACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "Volkov Industries GmbH",
    "entity_type": "company",
    "jurisdiction": "Germany",
    "source_of_wealth": "Manufacturing and exports since 1998",
    "source_of_funds": "Corporate revenue from EU operations",
    "purpose_of_relationship": "Long-term supply agreement"
  }'
const { screening } = await veridact('/screening/edd', {
  method: 'POST',
  body: JSON.stringify({
    query: 'Volkov Industries GmbH',
    entity_type: 'company',
    jurisdiction: 'Germany',
    source_of_wealth: 'Manufacturing and exports since 1998'
  })
});
// screening.edd_analysis contains the AI deep-dive text
console.log(screening.edd_analysis);
edd_analysis is an AI-generated markdown report covering beneficial ownership, source of wealth/funds, AML risk, and a compliance recommendation.

M&A Due Diligence

AI-powered M&A due diligence for acquisition targets. Runs full CDD plus AI analysis across financial, legal, reputational, and integration risk domains. Enterprise plan only.

POST /api/v1/screening/ma Submit M&A screening
Request Body
FieldTypeRequiredDescription
target_namestringRequiredAcquisition target company name
target_jurisdictionstringOptionalTarget company jurisdiction
target_industrystringOptionalTarget industry (e.g. "FinTech", "Energy")
acquirer_namestringOptionalAcquiring entity name
deal_typestringOptionalacquisition, merger, joint_venture, restructuring
deal_valuestringOptionalDeal value (e.g. "$50M")
additional_contextstringOptionalAny additional context for the AI analysis
 
curl -X POST https://veridact.solutions/api/v1/screening/ma \
  -H "Authorization: Bearer $VERIDACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "target_name": "CloudSync Technologies Ltd",
    "target_jurisdiction": "United Kingdom",
    "target_industry": "SaaS / Cloud Infrastructure",
    "acquirer_name": "Acme Corp",
    "deal_type": "acquisition",
    "deal_value": "$120M"
  }'
const { screening } = await veridact('/screening/ma', {
  method: 'POST',
  body: JSON.stringify({
    target_name: 'CloudSync Technologies Ltd',
    target_jurisdiction: 'United Kingdom',
    target_industry: 'SaaS / Cloud Infrastructure',
    deal_type: 'acquisition',
    deal_value: '$120M'
  })
});
// screening.ma_analysis has the AI due diligence report

Get Screening

Retrieve a screening result by ID including full sanctions, PEP, adverse media, and offshore leaks details.

GET /api/v1/screening/:id Get screening by ID 
curl https://veridact.solutions/api/v1/screening/2848 \
  -H "Authorization: Bearer $VERIDACT_API_KEY"

Download PDF Report

Download a full 13-section PDF compliance report for a completed screening.

GET /api/v1/screening/:id/report Download PDF report

List Screenings

Retrieve a paginated list of all screenings. Filter by risk level, screening type, or search by entity name.

GET /api/v1/screenings List all screenings
Query Parameters
ParameterTypeDescription
pageintegerPage number (default: 1)
limitintegerResults per page (default: 20, max: 100)
risk_levelstringFilter: low, medium, high, critical
screening_typestringFilter: edd, ma (default: all)
searchstringSearch by entity name (partial match)
 
curl "https://veridact.solutions/api/v1/screenings?risk_level=high&limit=10" \
  -H "Authorization: Bearer $VERIDACT_API_KEY"
200 Response
{
  "success": true,
  "screenings": [ /* array of screening objects */ ],
  "pagination": {
    "page": 1,
    "limit": 10,
    "total": 47,
    "pages": 5
  }
}

Run Person Background Check NEW

FCRA-compliant person background checks across 20+ sources: criminal courts (federal + 10 states), sex offender registries (NSOPW), professional licenses (NPI, FINRA BrokerCheck, 10 profession boards), civil/bankruptcy records, adverse media, social/web presence, and ICIJ offshore leaks. Returns severity-coded findings with corroboration status.

FCRA Notice. Person checks are subject to the Fair Credit Reporting Act (FCRA). You must have a permissible purpose before running a check. The subject must consent where required. Do not use results for consumer credit, insurance, or tenant screening without FCRA-compliant consent.
POST /api/v1/person-checks Submit person background check
Request Body
FieldTypeRequiredDescription
full_namestringRequiredFull legal name of the subject
purposestringRequiredFCRA permissible purpose: employment, business_due_diligence, volunteer_screening, licensing
fcra_consentbooleanRequiredMust be true — confirms you have obtained required consent
date_of_birthstringOptionalISO date: YYYY-MM-DD (improves accuracy)
locationsstring[]OptionalStates/countries the subject has resided in (e.g. ["California", "New York"])
associated_domainstringOptionalBusiness domain associated with the subject (triggers WHOIS lookup)
 
curl -X POST https://veridact.solutions/api/v1/person-checks \
  -H "Authorization: Bearer $VERIDACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "full_name": "James R. Wilson",
    "purpose": "employment",
    "fcra_consent": true,
    "date_of_birth": "1982-04-15",
    "locations": ["California", "Texas"]
  }'
201 Response
{
  "success": true,
  "person_check": {
    "id": "VDC-A8F3C2B1-P",
    "full_name": "James R. Wilson",
    "purpose": "employment",
    "result": "clean",  // "clean" | "adverse_found" | "inconclusive"
    "confidence": "high",   // "high" | "medium" | "low"
    "status": "completed",
    "red_flag_count": 0,
    "warning_count": 0,
    "findings": [],  // array of finding objects with severity, category, corroboration
    "sources_checked": 22,
    "created_at": "2026-04-29T14:05:00.000Z"
  }
}

Get Person Check

Retrieve a person check result by its ID, including all findings with severity classification, source attribution, and corroboration status.

GET /api/v1/person-checks/:id Get person check by ID

List Person Checks

Retrieve a paginated list of all person background checks for your account.

GET /api/v1/person-checks List all person checks
Query Parameters
ParameterTypeDescription
pageintegerPage number (default: 1)
limitintegerResults per page (default: 20, max: 100)
resultstringFilter: clean, adverse_found, inconclusive

Webhooks

Receive real-time HTTP notifications when screenings and person checks complete. Configure a webhook URL when generating an API key at Portal → API & Integrations.

WEBHOOK POST {your_webhook_url}
Event Types
EventTrigger
cdd.completedCDD screening finished
edd.completedEDD screening finished
ma.completedM&A screening finished
person_check.completedPerson background check finished
Webhook Payload
{
  "event": "cdd.completed",
  "screening_id": 2848,
  "screening": {
    "id": 2848,
    "search_query": "Roman Abramovich",
    "risk_level": "high",
    "risk_score": 52,
    "status": "completed",
    "created_at": "2026-04-29T14:01:00.000Z"
  },
  "timestamp": "2026-04-29T14:01:00.123Z",
  "signature": "sha256=3c7b9e2a..."  // HMAC-SHA256 signature
}
Webhook Headers
HeaderValue
X-Veridact-EventEvent type (e.g. cdd.completed)
X-Veridact-SignatureHMAC-SHA256 signature (format: sha256=hex_digest)
X-Veridact-TimestampUnix timestamp of delivery attempt
Retry behavior: Failed deliveries (non-2xx or timeout) are retried 3 times with exponential backoff: 30s, 5 min, 30 min. After 3 failures the event is dropped. Always respond with a 2xx immediately and process asynchronously.

Webhook Signature Verification

Every webhook payload is signed using HMAC-SHA256. Always verify the signature before processing to prevent spoofed payloads. Your webhook secret is shown once when you configure the webhook URL.

Security requirement. Do not process webhook payloads without verifying the signature. Respond with 400 Bad Request if verification fails.
VERIFICATION HMAC-SHA256
Replay attack prevention (optional but recommended): Check that the X-Veridact-Timestamp header is within ±5 minutes of your server's current time. Reject events outside this window. Store processed event IDs to deduplicate retries.

OpenAPI Specification

The complete API is described as an OpenAPI 3.0 specification. Use it to auto-generate client SDKs in any language, import into Postman, or integrate with API gateways.

Download openapi.json
GET /api/v1/openapi.json OpenAPI 3.0 specification

No authentication required to access the spec. Use with any OpenAPI toolchain:

Changelog

Version history and release notes for the Veridact API.

April 2026
v1.2 — Person Background Checks Latest
Added POST /api/v1/person-checks, GET /api/v1/person-checks/:id, GET /api/v1/person-checks endpoints
7-phase parallel orchestration across 20+ sources: NSOPW, NPI, FINRA BrokerCheck, CourtListener, 10 state criminal courts, PACER, professional license boards, ICIJ, social/media
FCRA-compliant consent handling with purpose validation
Severity-coded findings: info, warning, red_flag with cross-source corroboration
Added person_check.completed webhook event
OpenAPI spec now available at /api/v1/openapi.json
March 2026
v1.1 — ICIJ Offshore Leaks
Added ICIJ Reconciliation API (810,000+ entities: Panama Papers, Pandora Papers, Paradise Papers, Offshore Leaks, Bahamas Leaks)
Added offshore_leaks_hits field to all screening responses
Offshore risk scoring integrated into risk_score calculation (+8 to +25 points based on investigation type)
Webhook payloads now include signature field and X-Veridact-Signature header
February 2026
v1.0 — General Availability
Initial release: POST /api/v1/screening/cdd, POST /api/v1/screening/edd, POST /api/v1/screening/ma
Screening against OFAC SDN, EU Consolidated, UN 1267/1988, BIS Entity List, PEP databases, adverse media
PDF report download: GET /api/v1/screening/:id/report
Paginated list endpoint with risk level and type filters
Webhook notifications for screening completion
60 req/min per API key rate limiting
Veridact API v1.2  ·  Enterprise plan required  ·  Manage keys  ·  openapi.json
Questions? support@veridact.solutions  ·  ← Back to Veridact