1 of 14

Tiller - Verifications API

GETTING STARTED

Welcome!

Welcome to the Tiller Verifications API

What is the Tiller Verifications API

The Tiller Verifications API is a flexible, secure solution tailored to the complexities of modern compliance needs. Whether integrating it directly into your systems or using it as part of the Verify platform, this API empowers your business to:

Core Principles

The Tiller Verifications API is designed with developers in mind, offering:

RESTful Design: Simplify integration with predictable, resource-based URLs.
Customisable Workflows: Tailor verification processes to fit your specific business needs.
Scalable Infrastructure: Handle verifications for businesses of all sizes, from start-ups to large enterprises.
Real-Time Updates: Stay informed with webhook notifications for screening events.
Comprehensive Security: Ensure data privacy and integrity with encryption and strict authentication protocols.

Want to jump right in?

Get started today with our Quick Start Guide. Learn how to:

Sign up for an API credentials.
Authenticate your requests.
Perform your first Address Verification check.

Want to deep dive?

Dive a little deeper and start exploring our API reference to get an idea of everything that's possible with the API:

Quick Start Guide

This quick start guide will help you set up and execute your first verification request in just a few steps.

Good to know: While this guide is designed to get you up and running quickly, we recommend working closely with us to maximise the benefits of our services. Contact us at support@tillertech.com to connect with one of our experts.

Step 1: Get Your API Credentials

To use the Tiller Verifications API, you'll need some credentials. This is essential for authenticating your requests and ensuring secure access to the system. Here’s how to get started:

Contact your Tiller account manager to request your API credentials. -
- info@tillertech.com.
Safeguard your credentials; it is required for authorization. Treat it like a password—never share it or expose it publicly.

Step 2: Set Up Authentication

The Tiller Verifications API uses token-based authentication via the OAuth 2.0 protocol. You’ll need to obtain an access token to authenticate your requests. Here’s how to do it:

Authentication Endpoint

Parameters Required

grant_type: Always set to client_credentials.
scope: Use VerificationsAPI as the scope.
client_id: Your client ID, provided by Tiller.
client_secret: Your client secret, provided by Tiller.

Example request:

Example response:

Include the retrieved access token in the Authorization header of all subsequent API requests:

Step 3: Make Your First Request

This step walks you through performing an Address Verification Check using the Tiller Verifications API. Below, we explain the required payload, headers, and the structure of the request.

Endpoint:

Headers Required

Payload structure

We need some basic information in the request to be able to perform the check. The request is broken down into the following elements:

externalReferenceId - Your reference for this request.
options - These parameters change the behaviour of the request. Keep to the default values in the example payload below.
- runAsync - determines whether the verification request is processed synchronously (returns results immediately) or asynchronously (returns a correlation ID to retrieve results later).
- mock - We return mock data for testing purposes if True
checks - This controls which checks will be performed in this request and includes some parameters around how the check will be performed. Keep to the default values in the example payload below for address check.
profile - The personal information about the individual you are making a request about.

Example payload:

Making your first request:

Address Verification

Overview

The Address Verification service offered enables reliable international address verification as part of the KYC process. This service covers 53 countries and leverages trusted in-country data sources, such as government agencies, credit bureaus, and utility companies. By directly accessing these sources, the system ensures that verification results are accurate and up-to-date.

Check Type ID: 1

This is the check type used for Address Verification. It validates the individual’s address against trusted data sources, such as government registries and utility records.

Required Profile Information

To perform Address Verification, the following fields are required in the profile section of the request:

Personal Details:
- firstName (Required): The first name of the individual.
- lastName (Required): The last name of the individual.
- dateOfBirth (Optional): Improves match accuracy when included.
Address Details:
- currentAddress.structured (Preferred): A structured address format that includes:
  - flatApartmentSubBuilding (Optional)
  - BuildingNumber (Optional)
  - BuildingName (Optional)
  - RoadStreet (Optional)
  - townCity (Optional)
  - postZipCode (Required)
  - countryCode (Required): Must be a valid ISO 3166-1 alpha-2 code.
- currentAddress.unstructured (Fallback): If structured data is unavailable, unstructured data can be provided, though this decreases match accuracy.

How it works

Data Sources: Verification utilizes regulatory-quality data sources, including government registries, voter databases, and utility records. Mobile and marketing data sources are not used to ensure compliance with regulatory standards.
Match Process: Verify matches the provided address details with available data sources. A positive match confirms residency at the stated address.
Data Protection: Personal data is shared temporarily with data providers for matching purposes. Strict legal agreements ensure GDPR compliance and limit data usage.

International residential address verification uses a number of data providers with access to regional data source providers within the supported countries. Verify by Tiller uses data sources direct from government agencies, credit agencies, utility companies and landline telecommunication providers. Mobile telecommunication providers, marketing lists or other sources which do not meet regulatory standards are not used.

When verifying the address, Verify determines which in-country data sources are available and most likely to be able to obtain a match and get the provider to confirm if the credentials provided match their records. By matching directly to the original data source provider, we ensure the data is as up to date as possible. The number and degree of match is then used to confirm if the individual is a resident at their stated address.

Address sources

Tiller partners with a number of carefully selected agents who have access to specific in-country regulatory-quality data sources. Tiller’s Verify application will use one or more of the following data source types to verify the residential address of an individual:

Credit Agency Databases,
Government Databases (e.g., Voter, Social Security, Population/Citizenship Registries)
Utility Company Databases (e.g., Electricity, Water, Gas, Telephone (excluding Mobile)).

Most regulators make provision for the address to be verified against such data sources and Verifications includes which data source types were used in the verification results it provides back via its API.

It is necessary to support residential address checks to temporarily share name and address PII information with a data source provider for the match check to be performed. Tillers legal agreements with our providers strictly restricts the use and retention of the PII information shared. PII data is only permitted to be used for the purposes of confirming a name and address match and may not be retained or used for any other purposes. The providers are also contractually required to adhere to all provisions of GDPR.

Tillers systems and data are hosted within the EU/EEA, however, where an individual being checked is resident outside the EU it is necessary for Tiller to share that individuals PII data with the data source providers in that individual’s country of residence. Tillers legal agreements with our providers include the modernised 2021 EU SCC (Standard Contractual Clauses) that have been “pre-approved” by the European Commission, ensuring appropriate data protection safeguards covering international transfers of PII data.

The above data handling & verification model is that same as that used by our larger enterprise customers such has HSBC, who received a confirmation of ‘no objection’ from the JSFC (Jersey Financial Services Commission) when they submitted their outsourcing request to use Tillers services to them.

Background Checks

Overview

Background Checks currently include PEP (Politically Exposed Persons) & Sanctions, Watchlist, and Adverse Media Screening. These services help businesses assess compliance risks and identify individuals involved in activities that may pose financial or reputational risks.

Components

PEP & Sanctions Screening:
- Uses daily updated databases of PEPs and sanctioned individuals.
- Sources include HM Treasury, UN Security Council Committees, OFAC, and other government and international agencies.
- Identifies close associates of PEPs as part of the screening.
Watchlist Checks:
- Screen individuals against global watchlists maintained by international organisations.
Adverse Media Screening:
- Conducts extensive scans across 120,000+ media sources.
- Categorises media events by risk type (e.g., fraud, abuse) and lifecycle stage.
- Detects potential risks linked to individuals or entities.

Check Type ID: 2

This is the check type used for Background Check, which includes PEP & Sanctions, Watchlists, and Adverse Media screening. It helps identify individuals who pose financial, legal, or reputational risks.

Required Profile Information

To perform Background Checks, the following fields are required in the profile section of the request:

Personal Details:
- firstName (Required): The first name of the individual.
- lastName (Required): The last name of the individual.
- dateOfBirth (Required): Critical for accurate screening results.
- middleName (Optional): Improves the accuracy of matches.
- titleId (Optional): Helps differentiate individuals with similar names.
Additional Information:
- nationalityCountryCode (Optional): Enhances accuracy by considering the individual’s nationality.
- placeOfBirthTownCity (Optional): Provides additional context to improve match quality.

See Request Structure for more information on structuring a request.

PEP & Sanctions / Watchlist Screening

PEP and Sanction screening uses an external data provider. They maintain a correlation database of PEP Tier 1, 2, 3 & PEP by association OECD categorises lists which are updated daily from various sources, such as official government websites or national assemblies of foreign offices, CIA World leaders lists, open source verified repositories and selected media websites.

For Sanction screening, the database is collated and updated daily from the following sources: UK HM Treasury, US Department of the Treasury - Office of Foreign Assets Control (OFAC), US Department of State - Bureau of International Security & Non-Proliferation Sanctions, UN Security Council Committees, EU Sanction records, US Defence Trade Controls and other international government and local authority resources.

Sanctions Sources

Please see below a list of sanctions sources that the individuals is checked

Sanctions Source List

Australia DFAT Sanctions List
Austria National Bank - Sanctions
Bangladesh Central Bank - Domestic Sanction List
Belgium - Federal Public Service National Financial Sanctions List
Canada - Freezing Assets of Corrupt Foreign Officials (Tunisia and Egypt) Regulations
Canada - Freezing Assets of Corrupt Foreign Officials (Ukraine) Regulations
Canada Criminal Code - Terrorist Organizations
Canada OSFI Entities List
Canada OSFI Individuals List
Canada OSFI UN Sanctions Act Resolution on Iran
Canada Special Economic Measures Act - Consolidated Sanctions List:
- Burma
- Iran
- Nicaragua
- Russia
- South Sudan
- Syria
- Ukraine
- Venezuela
- Zimbabwe
Dutch Foreign Ministry Individuals & Organizations with Frozen Funds
EU Consolidated List of Sanctioned Persons, Groups, & Entities
EU COUNCIL DECISION 2014/512/CFSP
France Directorate General of the Treasury - Terrorism
India - National Investigation Agency - Banned Terrorist Organizations
Interpol UNSC Special Notices - Entities
Interpol UNSC Special Notices - Individuals
Japan Finance Ministry Asset Freeze List
Japan Ministry of Economy, Trade, and Industry (METI) - WMD End User List
Latvia Financial Intelligence Service - Sanctions
Libya National Transitional Council Law 36
Malaysia Ministry of Home Affairs - Sanctions List
Netherlands - National Sanctions List for Terrorism
Official Journal of the European Union - EU International, Economic, Military Sanctions
Pakistan National Counter Terrorism Authority - Proscribed Organizations
Pakistan National Counter Terrorism Authority - Proscribed Persons
Qatari Linked Terrorist List
Singapore Terrorism (Suppression of Financing) Act List
South Korea Financial Intelligence Unit (KOFIU) - WMD End-User Controls List
Sri Lanka Government Gazette - List of Designated Persons, Groups and Entities
Switzerland State Secretariat for Economic Affairs (SECO) Sanctions List
UK HM Treasury Financial Sanctions Target List
UK HM Treasury Financial Sanctions - Ukraine Restrictive Measures
UK Home Office/Ofc for Security & CT Proscribed Terror Groups
Ukraine State Committee for Financial Monitoring - Terrorism List
Ukraine State Committee for Financial Monitoring - UN Sanctions Program
United Nations Security Council (UNSC) Consolidated Sanctions List:
- Resolution 751 (1992) I 1907 (2009) Somalia
- Resolution 1267/1989 Al-Qaida
- Resolution 1518 (2003) Iraq
- Resolution 1533 (2004) Democratic Republic of the Congo
- Resolution 1591 (2005) Sudan
- Resolution 1718 (2006) Democratic People's Republic of Korea
- Resolution 1970 (2011) Libya
- Resolution 1988 (2011) Taliban
- Resolution 2048 (2012) Guinea-Bissau
- Resolution 2127 (2013) Central African Republic
- Resolution 2140 (2014) Yemen
- Resolution 2206 (2015) South Sudan
- Resolution 2374 (2017) Mali
US Department of State - Bureau of Economic & Business Affairs - Cuba Restricted List
US Department of State - CAATSA Section 231(d) List
US Department of State Consolidated Non-proliferation Sanctions
Chemical and Biological Weapons Control and Warfare Elimination Act (CBW Act)
Executive Order 12938
US Department of State Foreign Terrorist Organisations
US Department of State Terrorist Exclusion List
US Treasury Department FinCEN Advisory Notice on Iran, North Korea
US Treasury Department FinCEN Section 311 Measures
US Treasury Department FinCEN OFAC Consolidated Non-SDN Sanctions List
US Treasury Department FinCEN OFAC Specially Designated nationals List
US Treasury Department FinCEN Designated Charities and Fronts for FTOs

PEP Sources and Types

The individual is checked against various global sources to assess whether they are potentially a politically exposed person. Each PEP type helps categorise the type of PEP (e.g. HOS - Head of State).

PEP Sources & Types

PEP Sources

CIA World Leaders
CIA World Factbook
Rulers articles and other databases continually monitored to additional information
Gov’t/Official websites covering all levels of PEPs
Other open sources. For example, those independent from the state control

PEP Types

HOS - Heads of state
CAB - Cabinet officials
INF - Senior officials overseeing key infrastructure sectors.
NIO - Senior officials overseeing non-infrastructure sectors.
MUN - Municipal level officials
REG - Regional officials
LEG - Senior legislative branch officials
AMB - Ambassadors and top diplomatic officials
MIL - Senior military officials
JUD - Senior judicial officials
POL - Political party officials
GCO - Top executives/officers in state-controlled enterprises
FAM - Family members
ASC - Close associates and advisors
ISO - International Sporting Officials

PEPs are categorised into tiers of risk. With Tier 1 being the highest potential risk, including heads of state and high ranking government positions.

PEP Tiers

Tier 1 - High Risk

Heads of state and government (including Royal families).
Members of government (ministers, deputies, state, and under-state secretaries) at national and sub-national levels in case of federal states (e.g., Florida in the US, Bavaria in Germany, Johor in Malaysia, Lagos in Nigeria, Goa in India etc) and provinces in China (e.g., Henan); President and College of Commissioner of the European Commission.
Members of Parliament or similar legislative bodies (at national and sub-national level in case of federal states – same as above); Members of the European Parliament.
Heads and top commanders of military and law enforcement and their deputies.
Heads and members of supreme courts, of constitutional courts or of other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional cases, similar for EU Court of Justice.
Heads and members of courts of auditors (including EU Court of Auditors) and of the boards of central banks (including the European Central Bank).
Top ranking officials of mainstream political parties (e.g., party leaders and members of governing bodies) and only the heads/deputy heads of minor political parties (without representation in parliament).

Tier 2 - Medium Risk

Members of legislative (e.g., aldermen, councillors) and executive (e.g., prefects) bodies at regional, provincial, cantonal, or equivalent levels (below the level of states in case of federal jurisdiction).
Judges, justices, magistrates, prosecutors, attorneys in courts with jurisdiction at regional, provincial or equivalent level.
Ambassadors, general consuls, high commissioners, permanent representatives, head of missions and their deputies, charge d’affairs.
Chairmen, secretary generals, directors, deputy directors and members of the board or equivalent function of international/regional organisations (e.g., UN, EU, World Bank, EBRD, OAS, Arab League, ASEAN, CARICOM etc).
Presidents/Chairperson and board members of State-Owned Enterprises (SOEs), businesses and organisations.
Senior officials of the military, judiciary, law enforcement agencies, central banks, and other state agencies, authorities and state bodies (e.g., high ranking civil servants, director generals, directors, heads of units, secretaries (permanent, principal, joint secretaries etc).
Heads and senior members of mainstream religious groups (e.g., archbishop, patriarch, cardinal, bishop, imam, rabbi).
Mayors of capital cities (e.g., London, New Delhi, Paris, New York, Rio de Janeiro) and Head of Cities which are directly appointed and answerable to the Chinese central government.

PEP Tier 3 - Low Risk

Advisers, heads of cabinet and similar roles of senior officials of the military, judiciary, law enforcement, central banks.
And other state agencies, authorities, and state bodies (designation/level to be determined depending on country ML/TF and corruption risks profile and administration structure).
Heads and board members / senior officials of Trade Unions. In case of Chambers of Commerce and Charities a risk- based approach is followed.
Presidents, secretary generals, directors, deputy directors and members of the board or equivalent function of international NGOs (e.g., Oxfam, Amnesty, Transparency International etc).
Middle ranking diplomats (minister-counsellors, councillors, 1st Secretaries and 2nd Secretaries).
Alternate/deputy members of parliament/senate (not currently occupying seat).
Mayors and members of local councils at municipal, town, village, or equivalent levels (i.e., below regional, provincial, cantonal, and other levels not captured elsewhere).
Senior civil servants at regional/provincial or equivalent levels; senior officials of administrative bodies at local levels (directors/secretaries of city governments).

PEPs by Association

Family members and personal and business associates of PEPs, typically individuals who are not PEPs in their own capacity but serve on a board of directors alongside PEPs. Based on FATF, Close Associates are considered to be: (known) (sexual) partners outside the family unit (e.g., girlfriends, boyfriends, mistresses); prominent members of the same political party, civil organisation, labour, or employee union as the PEP; business partners or associates, especially those that share (beneficial) ownership of legal entities with the PEP, or who are otherwise connected (e.g., through joint membership of a company board). In the case of personal relationships, the social, economic, and cultural context may also play a role in determining how close those relationships generally are (FATF Guidelines, 2013).

Should the individual have a potential match within the PEP & Sanctions sources they will be flagged up for review.

Adverse Media

The Adverse Media check offers a comprehensive screening against negative media sources to ascertain any potential risks associated with an individual. This feature conducts daily scans across a vast array of media outlets, including newspapers, magazines, TV/radio transcripts, and more, encompassing over 120,000 sources. With a formidable database established from screening over 2.5 billion media articles, it boasts an extensive collection of negative news, encompassing individuals ranging from terrorists and fraudsters to criminals and influencers.

The core of this feature lies in its ability to categorise Adverse Media Events based on their Risk Stage and Risk Type. The Risk Stage determines where an event is in its lifecycle, while the Risk Type provides insights into the nature of the event, such as abuse, arson, fraud, cybercrime, and more. These classifications work in tandem to decide if a particular Adverse Media Event should be included in the results, ensuring a thorough and precise assessment for every individual screened.

Adverse Media Stages

The Risk Stage describes where in its lifecycle an Adverse Media Event is. Risk Stages are used in conjunction with Risk Types to determine if the Adverse Media Event is to be included in the results.

Stage 1

Stage 2

Stage 3

Stage 4

Accuse

Arraign

Appeal

Acquit / Not Guilty

Allege

Arrest

Confession

Disciplinary

Conspire

Audit

Plea

Regulatory Action

Probe

Charged

Settlement or Suit

Arbitration

Suspected

Complaint Filed

Trial

Associated

Indict

Censure

Lien

Convict

Seizure

Deported

Dismissed

Expelled

Fine (<$10K, >$10K)

Govt Official

Revoked Registration

Sanction

Served Jail Time

Suspended

Risk types

The Risk Type describes the nature of the Adverse Media Event. Risk Types are used in conjunction with Risk Stage to determine if the Adverse Media Event is to be included in the results.

These include

Should the individual have a potential match within adverse media sources they will be flagged up for review.

Bank Check

Overview

The UK Bank Account Check is a specialised service designed to verify the ownership of a UK bank account by an individual. This verification process ensures that the bank account details provided by a customer match their personal information, enabling businesses to confirm account authenticity and ownership with high confidence.

Check Type ID: 3

This is the check type used to validate the ownership of a UK bank account. It ensures the provided bank account details match the personal information of the account holder.

Required Profile Information

To perform a UK Bank Account Check, the following fields are required in the profile section of the request:

Personal Details:
- firstName (Required): The first name of the individual.
- lastName (Required): The last name of the individual.
- dateOfBirth (Required): Validates the individual against the bank’s internal records.
Bank Account Details:
- bankDetails.accountNumber (Required): The 8-digit bank account number.
- bankDetails.sortCode (Required): The 6-digit bank sort code in the format XXXXXX.
- bankDetails.openedDate (Optional): The date the account was opened, for additional accuracy.

How It Works

Customer Data Submission:
- The customer provides their personal details (e.g., first name, last name, and date of birth) and bank account information (account number and sort code).
- This data is included in the profile section of the verification request payload.
Data Matching:
- The provided account details are matched against the bank’s internal records, ensuring that the account is registered to the named individual.
- This process confirms that the customer owns the supplied bank account.
Validation Process:
- The service validates the format and accuracy of the sort code and account number.
- If the bank account exists and matches the individual’s personal details, the check returns a "Pass" result.
- In cases of mismatched or incomplete data, the check provides specific failure details.

Reference

Request Structure

This guide details all the parameters required for a request to the Tiller Verifications API. The parameters are grouped into four sections: External Reference, Options, Checks, and Profile.

Introduction to the Request Structure

The Tiller Verifications API uses a well-defined request structure to ensure that all the required information is included to perform verification checks effectively. Each request is composed of several key sections. Understanding these sections is essential for building robust integrations and achieving reliable results.

The request is divided into the following components:

External Reference: This provides a unique identifier for tracking your request. It acts as a client-generated reference to link API responses to specific operations in your system.
Options: This section configures the behaviour of the request. Options such as asynchronous or synchronous processing and mock mode for testing.
Checks: This is the core of the verification request. It specifies what checks need to be performed. Multiple check types can be included in a single request, provided the necessary information for each check is supplied.
Profile: This section contains the personal and address details of the individual or entity being verified. Depending on the type of check, the profile must include specific fields such as names, date of birth, and addresses. Addresses can be provided in either structured or unstructured formats, though structured formats are recommended for higher match accuracy.

Example request payload with all checks types and attributes

{
    "externalReferenceId": "UniqueRequestID-123456", 
    "options": {
        "runAsync": false, // Synchronous processing
        "mock": true // Mock mode for testing purposes
    },
    "checks": [
        {
            "checkTypeId": 1, // Address Verification
            "externalCheckReferenceId": "AddressCheck-12345", 
            "maximumSources": 3, // Query up to 3 sources
            "CheckMethod": 1, // Sequential processing
            "matchesRequired": 1, // Minimum of 1 match required
        },
        {
            "checkTypeId": 2, // Screening (PEP & Sanctions, Adverse Media)
            "externalCheckReferenceId": "ScreeningCheck-67890", 
            "maximumSources": 3 // Query up to 3 sources
            "CheckMethod": 1, // Sequential processing
        },
        {
            "checkTypeId": 3, // UK Bank Account Check
            "externalCheckReferenceId": "BankCheck-98765",
            "maximumSources": 3, // Query up to 3 sources
            "CheckMethod": 1, // Sequential processing
        }
    ],
    "profile": {
        "titleId": 1, // Mr
        "genderTypeId": 1, // Male
        "firstName": "John",
        "middleName": "Charles",
        "lastName": "Doe",
        "dateOfBirth": "1980-06-12",
        "nationalityCountryCode": "GB", // United Kingdom
        "placeOfBirthTownCity": "London",
        "currentAddress": {
            "structured": {
                "flatApartmentSubBuilding": "10A",
                "BuildingNumber": "50",
                "BuildingName": "Example House",
                "RoadStreet": "Example Street",
                "townCity": "Exampleton",
                "postZipCode": "EX12AB",
                "countryCode": "GB",
                "dateFrom": "2020-01-03T00:00:00"
            }
        },
        "bankDetails": {
            "accountNumber": "12345678", 
            "sortCode": "12-34-56"
        }
    }
}

External Reference

The externalReferenceId parameter is used to uniquely identify a request.

Parameter

Type

Required?

Description

externalReferenceId

string

Yes

A unique identifier for your request, provided by your system. This helps in tracking specific requests.

Example:

"externalReferenceId": "ABCDEFGHI123456789"

Options

The options parameter defines how the request is processed.

Parameter

Type

Required

Description

runAsync

boolean

Yes

Determines whether the request is processed asynchronously or synchronously.

- true: Returns a correlation ID; the results must be fetched in a subsequent request.

- false: Returns the results directly.

mock

boolean

When set to true, the request is processed in a simulated environment for testing purposes.

Example:

"options": {
    "runAsync": false,
    "mock": true
}

Checks

The checks array contains details about the verification checks to perform.

Available Check Types

The following checks are currently supported by the Verifications API:

Address Verification Verifies the subject’s address against trusted data sources.
Background Checks Performs PEP (Politically Exposed Persons) & Sanctions screening and Adverse Media checks.
UK Bank Account Check Verifies the subject's ownership of a UK bank account.

You can request one or more of these services in a single verifications request.

Check Type Fields

Check Field

Address Check

Screening

UK Bank Check

checkTypeId

1 (required)

2 (required)

3 (required)

externalCheckReferenceId

Required

maximumSources

Required (default: 3)

checkMethod

Required (default: 1)

matchesRequired

Required (default: 1)

N/A

checkTypeId: Identifies the type of verification being performed.

1 = Address Verification
2 = Screening (PEP & Sanctions/Adverse Media)
3 = UK Bank Account Check

externalCheckReferenceId: A unique client-provided identifier for the check, useful for tracking.

maximumSources: Specifies the maximum number of sources to query for the check. The default value is 3 for most checks.

CheckMethod: Determines how the check is performed.

1 = Sequentially (default)
2 = In parallel

matchesRequired: Specifies the minimum number of matches required for the check to pass. The default value is 1.

Example - one check in request:

"checks": [
    {
        "checkTypeId": 1,
        "externalCheckReferenceId": "Check-12345",
        "maximumSources": 3,
        "CheckMethod": 1,
        "matchesRequired": 1
    }
]

Example - multiple checks in request:

"checks": [
    {
        "checkTypeId": 1, // Address Verification
        "externalCheckReferenceId": "AddressCheck-12345",
        "maximumSources": 3, // Default value is 3
        "CheckMethod": 1, // Sequential check
        "matchesRequired": 1, // Default value is 1
    },
    {
        "checkTypeId": 2, // Screening
        "externalCheckReferenceId": "ScreeningCheck-67890"
        "maximumSources": 3, // Default value is 3
        "CheckMethod": 1, // Sequential check
    },
    {
        "checkTypeId": 3, // UK Bank Account Check
        "externalCheckReferenceId": "BankCheck-98765"
        "maximumSources": 3, // Default value is 3
        "CheckMethod": 1, // Sequential check
    }
]

Profile

The profile contains personal, address and bank details for the individual being verified.

Profile Requirements by Check Type

The table below outlines the specific profile fields required for each check type supported by the Tiller Verifications API. Each column specifies whether the field is required, optional, or not applicable (N/A) for the respective check type.

Profile Field

Address Check

Screening

UK Bank Check

titleID

Optional

firstName

Required

lastName

Required

middleName

Optional

dateOfBirth

Optional

Optional (preferred)

Required

currentAddress.structured

Required (preferred)

N/A

currentAddress.unstructured

Required (if structured address unavailable)

N/A

bankDetails.accountNumber

N/A

Required

bankDetails.sortCode

N/A

Required

titleId: Optional, but useful for added clarity, especially in Screening checks, but optional for all check types.
firstName / lastName: The subject's first and last names are required across all check types to identify the individual.
middleName: Including the middle name can enhance the accuracy of checks but is optional for all check types.
dateOfBirth: While optional for Address Verification and Screening, it is needed for UK Bank Account checks to ensure accurate matches.
currentAddress.structured: A structured address is preferred for Address Verification, as it improves the likelihood of a positive match.
currentAddress.unstructured: If structured data is unavailable, an unstructured address may be used for Address Verification, though it reduces accuracy.
bankDetails.accountNumber / bankDetails.sortCode: These fields are mandatory for UK Bank Account checks to validate the account details.

Profile parameters

Parameter

Type

Description

titleID

integer

- 1: Mr

- 2: Mrs

- 3: Ms

- 4: Miss

genderType

integer

The individual's gender.

- 1: Male

- 2: Female

firstName

string

The individual's first name.

middleName

string

The individual's middle name (if available).

lastName

string

The individual's last name.

dateOfBirth

string

The individual's date of birth in YYYY-MM-DD format.

Current Address

The currentAddress parameter provides the individual's current residence details.

Structured address fields

Field

Type

Required

Description

flatApartmentSubBuilding

string

Flat or apartment number (if applicable).

buildingNumber

string

Building number (if applicable).

buildingName

string

Name of the building (e.g., "Example House").

At least one of building number, building name , flat number or road street is required.

roadStreet

string

Street or road name (e.g., "Example Street").

district

string

Name of the town or city (e.g., "Exampleton").

townCity

string

District name (if applicable).

stateProvinceName

string

State or province name (e.g., "Exampleshire").

stateProvinceCode

string

State or province code (e.g., "FL" for US state Florida).

postZipCode

string

Postcode or ZIP code (e.g., "EX12AB").

countryCode

string

Yes

dateFrom

string

Date when the individual started living at this address (in YYYY-MM-DD format).

Example:

"profile": {
    "titleId": 1,  // Mr
    "genderTypeId": 1,  // Male
    "firstName": "John",
    "middleName": "Charles",
    "lastName": "Smith",
    "dateOfBirth": "1980-06-12",
    "currentAddress": {
        "structured": {
            "flatApartmentSubBuilding": "10A",
            "BuildingNumber": "50",
            "BuildingName": "Example House",
            "RoadStreet": "Example Street",
            "townCity": "Exampleton",
            "district": "Exampleshire",
            "stateProvinceName": "Example",
            "stateProvinceCode": "EG",
            "postZipCode": "EX12AB",
            "countryCode": "GB",
            "dateFrom": "2020-01-03"
        }
    }
}

Unstructured Address

If you are unable to map a client’s address to the structured format, you can provide an unstructured address in the request.

Note that using an unstructured address decreases the likelihood of achieving a positive match since it may lack the precision of a structured format. Unstructured addresses should only be used as a fall-back when structured details are unavailable.

Field

Type

Required?

address1

string

Yes

address2

string

address3

string

address4

string

address5

string

townCity

string

stateCounty

string

postZipCode

string

countryCode

string

Yes

dateFrom

string

Example

"currentAddress": {
    "unstructured": { 
        "address1": "10A",
        "address2": "50",
        "address3": "Example House",
        "address4": "Example Street",
        "address5": "",
        "townCity": "Exampleton",
        "stateCounty": "Exampleshire",
        "postZipCode": "EX12AB",
        "countryCode": "GB",
        "dateFrom": "2013-01-22",
        "dateTo": "2020-06-11"
    }
}

Bank Details

The bankDetails object in the profile section is required for performing a UK Bank Account Check (CheckTypeId: 3). It contains the necessary information to validate the ownership of a UK bank account against an individual.

Bank Account Fields

Field

Type

Required

accountNumber

string

Yes

The 8-digit bank account number.

sortCode

string

Yes

The 6-digit bank sort code in the format XXXXXX.

openedDate

string

Optional

The date the bank account was opened, provided in format (YYYY-MM-DD). Optional but recommended for added precision.

Example:

"bankDetails": {
    "accountNumber": "12345678",
    "sortCode": "12-34-56",
    "openedDate": "2015-03-10"
}

Key Best Practices

Accuracy and Completeness: Always include all required fields for the checks you are performing to maximize the chances of successful verification.
Structured Data: Use structured addresses and complete profile details wherever possible to achieve higher match rates.
Traceability: Leverage unique identifiers such as externalReferenceId and externalCheckReferenceId for efficient tracking and troubleshooting.
Security: Ensure all requests are securely transmitted with the required JWT authentication token.

By following these guidelines, you can build robust integrations with the Tiller Verifications API, enabling efficient, secure, and accurate compliance and verification processes. If you need further assistance or guidance, please contact support@tillertech.com.

API Reference

The Tiller Verifications API is divided into three main components: Authentication, Verifications, and Ongoing Monitoring.

Authentication

Before using the API, clients must authenticate their requests. The authentication service ensures that all interactions with the API are authorized and secure.

Verificatons

The Verifications component is the heart of the API, enabling businesses to perform a variety of checks. These include Address Verification, Background Checks (PEP & Sanctions, Watchlist, and Adverse Media), and UK Bank Account Checks.

Ongoing Monitoring

Ongoing Monitoring enhances Background Checks by providing continuous updates on an individual’s PEP, sanctions, or adverse media status. This ensures businesses are alerted to compliance risks as soon as they arise.

How It Works

Authenticate: Begin by authenticating your API client and obtaining a bearer token. This token is required for all subsequent API calls.
Submit a Verification Request: Use the Verifications API to perform compliance checks on an individual. Configure checks and provide the necessary profile details.
Enable Monitoring (Optional): For continuous monitoring of PEP & Sanctions or Adverse Media, include enableOngoingMonitoring: true in your verification request.
Retrieve Results: Access results directly from the response (synchronous) or poll using the correlation ID (asynchronous).
Manage Monitoring Subscriptions: Use the Ongoing Monitoring endpoints to subscribe to notifications, retrieve results, or unsubscribe when no longer needed.

This API overview serves as your starting point for integrating the Tiller Verifications API into your workflows. For detailed technical documentation and examples, explore the linked sections or contact our support team at support@tillertech.com.

Authentication

The Tiller Verifications API uses token-based authentication via the OAuth 2.0 protocol. To ensure secure communication and protect sensitive data, every request to the API requires a valid access token in the Authorization header.

Prerequisities

To use the Tiller Verifications API, you'll need some credentials. This is essential for authenticating your requests and ensuring secure access to the system. Here’s how to get started:

Contact your Tiller account manager to request your API credentials. -
- info@tillertech.com.
Safeguard your credentials; it is required for authorization. Treat it like a password—never share it or expose it publicly.

Obtain an Access Token

To authenticate your requests, you need to retrieve an access token by sending a POST request to the authentication /connect/token endpoint. The request should include the following form data:

Parameter

Required

Description

grant_type

Yes

Specifies the OAuth 2.0 grant type. Use client_credentials.

client_id

Yes

Your client unique identifier provided by Tiller.

client_secret

Yes

Your secret key provided by Tiller.

scope

Yes

Use VerificationsAPI as the scope.

Example request

Example response

To use the access token with the Verifications service, include it in the Authorization header of your HTTP requests.

Best Practices for Using Access Tokens

Token Renewal: Monitor the token’s expiry and implement logic to request a new one before making further API calls.
Secure Transmission: Always use HTTPS to prevent interception of the access token during transmission.
Scope Management: Use minimal scopes necessary for each request to enhance security.

By including the access token in your requests, you gain secure and authenticated access to the Verifications service, protecting sensitive information.

Verifications

The Verifications API can a variety of checks for customer verification purposes. This section outlines the available check types, the required request structure, and the specific profile details needed for each type of check.

For more details on building a request please see Request Structure.

Making a Verifications Request

Endpoint:

POST /api/v1/verifications

Description: This endpoint is used to initiate a verification request. It processes and returns the results of the specified checks.

Key Features:

Supports synchronous (runAsync: false) and asynchronous (runAsync: true) processing.
When runAsync is false, the response includes the verification results.
When runAsync is true, a correlationId is returned, which must be used to fetch the results via the GET /api/v1/verifications/{correlationId} endpoint.

Usage: This endpoint allows users to perform one or more checks (e.g., Address Verification, Bankground Checks, Bank Account Check) in a single request. Ensure that the required information is provided for each check type. For more detail on building a request please see Request Structure.

Retrieving Check Results

Endpoint:

GET /api/v1/verifications/{correlationId}

Description: Used to retrieve the results of a previously submitted verification request. This endpoint is primarily used when runAsync: true was specified in the initial request. But can be used when runAsync: false as well.

Key Features:

Can be polled to check the status of the verification process.
Returns the detailed results of each check once available.

Parameters:

correlationId (path): The unique identifier returned when the initial verification request was submitted.

References

Endpoint: GET /api/v1/verifications/references

Description: This endpoint provides reference data required for verifications. It includes details such as valid check types, status codes, titles, genders, and country codes.

Key Features:

Useful for retrieving a list of valid codes and identifiers required when making a verification request.
Helps to ensure requests are formatted correctly with the proper values.

Ongoing Monitoring

Overview

The Ongoing Monitoring API allows you to manage and retrieve updates for continuous background checks. When ongoing monitoring is enabled during a verification request (enableOngoingMonitoring: true), the system monitors the individual on a daily basis to identify new PEP & Sanctions, Adverse Media, or Watchlist events. Alerts are sent to the subscribed return URL whenever there is a status change, and results can be retrieved using the relevant endpoints.

Retrieving monitoring results

Endpoint:

GET /api/v1/ongoingmonitoring/{correlationId}

Description:

Retrieves the verification statuses and results for a specific ongoing monitoring record using the correlationId provided during the initial verification request.

Path parameters:

correlationId (string, required): The unique ID associated with the monitoring request.

Query Parameters:

fromDate (date-time, optional): Filter results starting from this date.
toDate (date-time, optional): Filter results up to this date.

Subcribing to the Monitoring Service

Endpoint:

POST /api/v1/ongoingmonitoring/subscribe

Description:

Subscribes to the ongoing monitoring service by registering a return URL and API key. This URL will receive webhook notifications for updates in monitored results.

Unsubscribe from the Monitoring Service

Endpoint:

POST /api/v1/ongoingmonitoring/unsubscribe

Description:

Unsubscribes the provided return URL from ongoing monitoring. After unsubscribing, you will no longer receive updates for monitored profiles.

Error Handling

What error codes are there and how to handle errors.

Success and Error codes

Each API request will return a response. A successful request will typically return a 200 OK status code along with any requested data. Errors or issues with your request will return different status codes (e.g., 400 Bad Request, 401 Unauthorized) and an error message explaining what went wrong.

Success Codes

Comment

Code

Description

200

OK - The request has succeeded.

201

Created - The request has been fulfilled and has resulted in one or more new resources being created.

202

Accepted - The request has been accepted for processing, but the processing has not been completed.

204

No Content - The server successfully processed the request, but is not returning any content.

303

Redirect - Provides redirections to another resource.

Error codes

Code

Description

400

Bad Request - The server cannot process the request due to a client error (e.g., malformed request syntax).

401

Unauthorised - The request lacks valid authentication credentials for the target resource.

404

Not Found - The server can't find the requested resource.

408

Request timeout

500

Internal Server Error - The server encountered an unexpected condition that prevented it from fulfilling the request.

502

Bad gateway

504

Gateway timeout

Error Message Standard

Example:

{
    "ValidationErrors": {
        "Profile.FirstName": [
            "FirstName: field is required"
        ],
        "Profile.CurrentAddress.Structured.CountryCode": [
            "CountryCode: field is required"
        ]
    },
    "Type": null,
    "Title": "Request Validation Error",
    "Status": 400,
    "Detail": "One or more validation errors occurred. See ValidationErrors for details.",
    "Instance": "urn:tillertechverifications:badrequest:43f3e884-c791-4c39-a05d-351d8ed162b6",
    "Extensions": {}
}

Changelog and Versioning

The Verifications API is continuously evolving, with new features and updates being added to enhance functionality. This section provides information about our versioning policy and a changelog that details the historical and recent changes to the API.

Versioning Policy

Our API versioning is designed to ensure backward compatibility and minimise disruptions to your integration.

Version Format: We use a simple versioning, vX, where X is the major version.

verifications-api.tiller-verify.com/api/{version}/

Major Versions: Changes in the major version indicate significant updates that may not be backwards compatible. These changes could include modifications to existing endpoint functionality or removing endpoints. This will alter the API base URL.
Minor Changes: Minor version updates involve backward-compatible additions or enhancements, such as adding or extending new endpoints. These will not change the base URL.

Background Checks

Overview

Components

PEP & Sanctions Screening:
- Uses daily updated databases of PEPs and sanctioned individuals.
- Sources include HM Treasury, UN Security Council Committees, OFAC, and other government and international agencies.
- Identifies close associates of PEPs as part of the screening.
Watchlist Checks:
- Screen individuals against global watchlists maintained by international organisations.
Adverse Media Screening:
- Conducts extensive scans across 120,000+ media sources.
- Categorises media events by risk type (e.g., fraud, abuse) and lifecycle stage.
- Detects potential risks linked to individuals or entities.

Check Type ID: 2

Required Profile Information

To perform Background Checks, the following fields are required in the profile section of the request:

Personal Details:
- firstName (Required): The first name of the individual.
- lastName (Required): The last name of the individual.
- dateOfBirth (Required): Critical for accurate screening results.
- middleName (Optional): Improves the accuracy of matches.
- titleId (Optional): Helps differentiate individuals with similar names.
Additional Information:
- nationalityCountryCode (Optional): Enhances accuracy by considering the individual’s nationality.
- placeOfBirthTownCity (Optional): Provides additional context to improve match quality.

See Request Structure for more information on structuring a request.

PEP & Sanctions / Watchlist Screening

Sanctions Sources

Please see below a list of sanctions sources that the individuals is checked

Sanctions Source List

Australia DFAT Sanctions List
Austria National Bank - Sanctions
Bangladesh Central Bank - Domestic Sanction List
Belgium - Federal Public Service National Financial Sanctions List
Canada - Freezing Assets of Corrupt Foreign Officials (Tunisia and Egypt) Regulations
Canada - Freezing Assets of Corrupt Foreign Officials (Ukraine) Regulations
Canada Criminal Code - Terrorist Organizations
Canada OSFI Entities List
Canada OSFI Individuals List
Canada OSFI UN Sanctions Act Resolution on Iran
Canada Special Economic Measures Act - Consolidated Sanctions List:
- Burma
- Iran
- Nicaragua
- Russia
- South Sudan
- Syria
- Ukraine
- Venezuela
- Zimbabwe
Dutch Foreign Ministry Individuals & Organizations with Frozen Funds
EU Consolidated List of Sanctioned Persons, Groups, & Entities
EU COUNCIL DECISION 2014/512/CFSP
France Directorate General of the Treasury - Terrorism
India - National Investigation Agency - Banned Terrorist Organizations
Interpol UNSC Special Notices - Entities
Interpol UNSC Special Notices - Individuals
Japan Finance Ministry Asset Freeze List
Japan Ministry of Economy, Trade, and Industry (METI) - WMD End User List
Latvia Financial Intelligence Service - Sanctions
Libya National Transitional Council Law 36
Malaysia Ministry of Home Affairs - Sanctions List
Netherlands - National Sanctions List for Terrorism
Official Journal of the European Union - EU International, Economic, Military Sanctions
Pakistan National Counter Terrorism Authority - Proscribed Organizations
Pakistan National Counter Terrorism Authority - Proscribed Persons
Qatari Linked Terrorist List
Singapore Terrorism (Suppression of Financing) Act List
South Korea Financial Intelligence Unit (KOFIU) - WMD End-User Controls List
Sri Lanka Government Gazette - List of Designated Persons, Groups and Entities
Switzerland State Secretariat for Economic Affairs (SECO) Sanctions List
UK HM Treasury Financial Sanctions Target List
UK HM Treasury Financial Sanctions - Ukraine Restrictive Measures
UK Home Office/Ofc for Security & CT Proscribed Terror Groups
Ukraine State Committee for Financial Monitoring - Terrorism List
Ukraine State Committee for Financial Monitoring - UN Sanctions Program
United Nations Security Council (UNSC) Consolidated Sanctions List:
- Resolution 751 (1992) I 1907 (2009) Somalia
- Resolution 1267/1989 Al-Qaida
- Resolution 1518 (2003) Iraq
- Resolution 1533 (2004) Democratic Republic of the Congo
- Resolution 1591 (2005) Sudan
- Resolution 1718 (2006) Democratic People's Republic of Korea
- Resolution 1970 (2011) Libya
- Resolution 1988 (2011) Taliban
- Resolution 2048 (2012) Guinea-Bissau
- Resolution 2127 (2013) Central African Republic
- Resolution 2140 (2014) Yemen
- Resolution 2206 (2015) South Sudan
- Resolution 2374 (2017) Mali
US Department of State - Bureau of Economic & Business Affairs - Cuba Restricted List
US Department of State - CAATSA Section 231(d) List
US Department of State Consolidated Non-proliferation Sanctions
Chemical and Biological Weapons Control and Warfare Elimination Act (CBW Act)
Executive Order 12938
US Department of State Foreign Terrorist Organisations
US Department of State Terrorist Exclusion List
US Treasury Department FinCEN Advisory Notice on Iran, North Korea
US Treasury Department FinCEN Section 311 Measures
US Treasury Department FinCEN OFAC Consolidated Non-SDN Sanctions List
US Treasury Department FinCEN OFAC Specially Designated nationals List
US Treasury Department FinCEN Designated Charities and Fronts for FTOs

PEP Sources and Types

PEP Sources & Types

PEP Sources

CIA World Leaders
CIA World Factbook
Rulers articles and other databases continually monitored to additional information
Gov’t/Official websites covering all levels of PEPs
Other open sources. For example, those independent from the state control

PEP Types

HOS - Heads of state
CAB - Cabinet officials
INF - Senior officials overseeing key infrastructure sectors.
NIO - Senior officials overseeing non-infrastructure sectors.
MUN - Municipal level officials
REG - Regional officials
LEG - Senior legislative branch officials
AMB - Ambassadors and top diplomatic officials
MIL - Senior military officials
JUD - Senior judicial officials
POL - Political party officials
GCO - Top executives/officers in state-controlled enterprises
FAM - Family members
ASC - Close associates and advisors
ISO - International Sporting Officials

PEPs are categorised into tiers of risk. With Tier 1 being the highest potential risk, including heads of state and high ranking government positions.

PEP Tiers

Tier 1 - High Risk

Heads of state and government (including Royal families).
Members of government (ministers, deputies, state, and under-state secretaries) at national and sub-national levels in case of federal states (e.g., Florida in the US, Bavaria in Germany, Johor in Malaysia, Lagos in Nigeria, Goa in India etc) and provinces in China (e.g., Henan); President and College of Commissioner of the European Commission.
Members of Parliament or similar legislative bodies (at national and sub-national level in case of federal states – same as above); Members of the European Parliament.
Heads and top commanders of military and law enforcement and their deputies.
Heads and members of supreme courts, of constitutional courts or of other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional cases, similar for EU Court of Justice.
Heads and members of courts of auditors (including EU Court of Auditors) and of the boards of central banks (including the European Central Bank).
Top ranking officials of mainstream political parties (e.g., party leaders and members of governing bodies) and only the heads/deputy heads of minor political parties (without representation in parliament).

Tier 2 - Medium Risk

Members of legislative (e.g., aldermen, councillors) and executive (e.g., prefects) bodies at regional, provincial, cantonal, or equivalent levels (below the level of states in case of federal jurisdiction).
Judges, justices, magistrates, prosecutors, attorneys in courts with jurisdiction at regional, provincial or equivalent level.
Ambassadors, general consuls, high commissioners, permanent representatives, head of missions and their deputies, charge d’affairs.
Chairmen, secretary generals, directors, deputy directors and members of the board or equivalent function of international/regional organisations (e.g., UN, EU, World Bank, EBRD, OAS, Arab League, ASEAN, CARICOM etc).
Presidents/Chairperson and board members of State-Owned Enterprises (SOEs), businesses and organisations.
Senior officials of the military, judiciary, law enforcement agencies, central banks, and other state agencies, authorities and state bodies (e.g., high ranking civil servants, director generals, directors, heads of units, secretaries (permanent, principal, joint secretaries etc).
Heads and senior members of mainstream religious groups (e.g., archbishop, patriarch, cardinal, bishop, imam, rabbi).
Mayors of capital cities (e.g., London, New Delhi, Paris, New York, Rio de Janeiro) and Head of Cities which are directly appointed and answerable to the Chinese central government.

PEP Tier 3 - Low Risk

Advisers, heads of cabinet and similar roles of senior officials of the military, judiciary, law enforcement, central banks.
And other state agencies, authorities, and state bodies (designation/level to be determined depending on country ML/TF and corruption risks profile and administration structure).
Heads and board members / senior officials of Trade Unions. In case of Chambers of Commerce and Charities a risk- based approach is followed.
Presidents, secretary generals, directors, deputy directors and members of the board or equivalent function of international NGOs (e.g., Oxfam, Amnesty, Transparency International etc).
Middle ranking diplomats (minister-counsellors, councillors, 1st Secretaries and 2nd Secretaries).
Alternate/deputy members of parliament/senate (not currently occupying seat).
Mayors and members of local councils at municipal, town, village, or equivalent levels (i.e., below regional, provincial, cantonal, and other levels not captured elsewhere).
Senior civil servants at regional/provincial or equivalent levels; senior officials of administrative bodies at local levels (directors/secretaries of city governments).

PEPs by Association

Should the individual have a potential match within the PEP & Sanctions sources they will be flagged up for review.

Adverse Media

Adverse Media Stages

Stage 1

Stage 2

Stage 3

Stage 4

Accuse

Arraign

Appeal

Acquit / Not Guilty

Allege

Arrest

Confession

Disciplinary

Conspire

Audit

Plea

Regulatory Action

Probe

Charged

Settlement or Suit

Arbitration

Suspected

Complaint Filed

Trial

Associated

Indict

Censure

Lien

Convict

Seizure

Deported

Dismissed

Expelled

Fine (<$10K, >$10K)

Govt Official

Revoked Registration

Sanction

Served Jail Time

Suspended

Risk types

The Risk Type describes the nature of the Adverse Media Event. Risk Types are used in conjunction with Risk Stage to determine if the Adverse Media Event is to be included in the results.

These include

Critical - Risk Stages 1, 2, 3 & 4
Valuable - Risk Stages 2, 3 & 4
Investigate - Risk Stages 3 & 4
Probative - Risk Stages 4

Critical Types

BRB - Bribery, Graft, Kickbacks, Political Corruption
BUS - Business Crimes (Antitrust, Bankruptcy, Price Fixing)
DEN - Denied Entity
FOF - Former OFAC List
FOS - Former Sanctions List
FRD - Fraud, Scams, Swindles
IRC - Iran Connect
MLA - Money Laundering
ORG - Organized Crime, Criminal Association, Racketeering
PEP - Person Political REG - Regulatory Action
SEC - SEC Violations (Insider Trading, Securities Fraud)
SNX - Sanctions Connect
TER - Terrorist Related
WLT - Watch List

Valuable Types

CFT - Counterfeiting, Forgery
CYB - Computer Related, Cyber Crime
DTF - Trafficking or Distribution of Drug
FAR - Foreign Agent Registration Act
FUG - Fugitive, Escape
GAM - Illegal Gambling
HUM - Human Rights, Genocide, War Crimes
IMP - Identity Theft, Impersonation
KID - Kidnapping, Abduction, Held Against Will
LMD - Legal Marijuana Dispensary
LNS - Loan Sharking, Usury, Predatory Lending
MOR - Mortgage Related MSB - Money Services Business
MUR - Murder, Manslaughter (Committed, Planned or Attempted)
OBS - Obscenity Related, Child Pornography
PRJ - Perjury, Obstruction of Justice, False Filings, False Statements
RES - Real Estate Actions
SEX - Sex Offenses (Rape, Sodomy, Sexual Abuse, Paedophilia)
SMG - Smuggling (Does not include Drugs, Money, People or Guns
SPY - Spying (Treason, Espionage)
TAX - Tax Related Offenses
TFT - Theft (Larceny, Misappropriation, Embezzlement, Extortion)
TRF - People Trafficking, Organ Trafficking

Investigate Types

ARS - Arson
AST - Assault, Battery
BUR - Burglary
CON - Conspiracy (no specific crime named)
DPS - Possession of Drugs or Drug Paraphernalia
FOR - Forfeiture IGN - Possession or Sale of Guns, Weapons and Explosives
PSP - Possession of Stolen Property
ROB - Robbery (Stealing by Threat, Use of Force)

Probative

ABU - Abuse (Domestic, Elder, Child)
CPR - Copyright Infringement (Intellectual Property, Electronic Piracy
ENV - Environmental Crimes (Poaching, Illegal Logging, Animal Cruelty)
IPR - Illegal Prostitution
MIS - Misconduct
NSC - Nonspecific Crimes

Should the individual have a potential match within adverse media sources they will be flagged up for review.

Request Structure

Introduction to the Request Structure

The request is divided into the following components:

External Reference: This provides a unique identifier for tracking your request. It acts as a client-generated reference to link API responses to specific operations in your system.
Options: This section configures the behaviour of the request. Options such as asynchronous or synchronous processing and mock mode for testing.
Checks: This is the core of the verification request. It specifies what checks need to be performed. Multiple check types can be included in a single request, provided the necessary information for each check is supplied.
Profile: This section contains the personal and address details of the individual or entity being verified. Depending on the type of check, the profile must include specific fields such as names, date of birth, and addresses. Addresses can be provided in either structured or unstructured formats, though structured formats are recommended for higher match accuracy.

Example request payload with all checks types and attributes

{
    "externalReferenceId": "UniqueRequestID-123456", 
    "options": {
        "runAsync": false, // Synchronous processing
        "mock": true // Mock mode for testing purposes
    },
    "checks": [
        {
            "checkTypeId": 1, // Address Verification
            "externalCheckReferenceId": "AddressCheck-12345", 
            "maximumSources": 3, // Query up to 3 sources
            "CheckMethod": 1, // Sequential processing
            "matchesRequired": 1, // Minimum of 1 match required
        },
        {
            "checkTypeId": 2, // Screening (PEP & Sanctions, Adverse Media)
            "externalCheckReferenceId": "ScreeningCheck-67890", 
            "maximumSources": 3 // Query up to 3 sources
            "CheckMethod": 1, // Sequential processing
        },
        {
            "checkTypeId": 3, // UK Bank Account Check
            "externalCheckReferenceId": "BankCheck-98765",
            "maximumSources": 3, // Query up to 3 sources
            "CheckMethod": 1, // Sequential processing
        }
    ],
    "profile": {
        "titleId": 1, // Mr
        "genderTypeId": 1, // Male
        "firstName": "John",
        "middleName": "Charles",
        "lastName": "Doe",
        "dateOfBirth": "1980-06-12",
        "nationalityCountryCode": "GB", // United Kingdom
        "placeOfBirthTownCity": "London",
        "currentAddress": {
            "structured": {
                "flatApartmentSubBuilding": "10A",
                "BuildingNumber": "50",
                "BuildingName": "Example House",
                "RoadStreet": "Example Street",
                "townCity": "Exampleton",
                "postZipCode": "EX12AB",
                "countryCode": "GB",
                "dateFrom": "2020-01-03T00:00:00"
            }
        },
        "bankDetails": {
            "accountNumber": "12345678", 
            "sortCode": "12-34-56"
        }
    }
}

External Reference

The externalReferenceId parameter is used to uniquely identify a request.

Parameter

Type

Required?

Description

externalReferenceId

string

Yes

A unique identifier for your request, provided by your system. This helps in tracking specific requests.

Example:

"externalReferenceId": "ABCDEFGHI123456789"

Options

The options parameter defines how the request is processed.

Parameter

Type

Required

Description

runAsync

boolean

Yes

Determines whether the request is processed asynchronously or synchronously.

- true: Returns a correlation ID; the results must be fetched in a subsequent request.

- false: Returns the results directly.

mock

boolean

When set to true, the request is processed in a simulated environment for testing purposes.

Example:

"options": {
    "runAsync": false,
    "mock": true
}

Checks

The checks array contains details about the verification checks to perform.

Available Check Types

The following checks are currently supported by the Verifications API:

Address Verification Verifies the subject’s address against trusted data sources.
Background Checks Performs PEP (Politically Exposed Persons) & Sanctions screening and Adverse Media checks.
UK Bank Account Check Verifies the subject's ownership of a UK bank account.

You can request one or more of these services in a single verifications request.

Check Type Fields

Check Field

Address Check

Screening

UK Bank Check

checkTypeId

1 (required)

2 (required)

3 (required)

externalCheckReferenceId

Required

maximumSources

Required (default: 3)

checkMethod

Required (default: 1)

matchesRequired

Required (default: 1)

N/A

checkTypeId: Identifies the type of verification being performed.

1 = Address Verification
2 = Screening (PEP & Sanctions/Adverse Media)
3 = UK Bank Account Check

externalCheckReferenceId: A unique client-provided identifier for the check, useful for tracking.

maximumSources: Specifies the maximum number of sources to query for the check. The default value is 3 for most checks.

CheckMethod: Determines how the check is performed.

1 = Sequentially (default)
2 = In parallel

matchesRequired: Specifies the minimum number of matches required for the check to pass. The default value is 1.

Example - one check in request:

"checks": [
    {
        "checkTypeId": 1,
        "externalCheckReferenceId": "Check-12345",
        "maximumSources": 3,
        "CheckMethod": 1,
        "matchesRequired": 1
    }
]

Example - multiple checks in request:

"checks": [
    {
        "checkTypeId": 1, // Address Verification
        "externalCheckReferenceId": "AddressCheck-12345",
        "maximumSources": 3, // Default value is 3
        "CheckMethod": 1, // Sequential check
        "matchesRequired": 1, // Default value is 1
    },
    {
        "checkTypeId": 2, // Screening
        "externalCheckReferenceId": "ScreeningCheck-67890"
        "maximumSources": 3, // Default value is 3
        "CheckMethod": 1, // Sequential check
    },
    {
        "checkTypeId": 3, // UK Bank Account Check
        "externalCheckReferenceId": "BankCheck-98765"
        "maximumSources": 3, // Default value is 3
        "CheckMethod": 1, // Sequential check
    }
]

Profile

The profile contains personal, address and bank details for the individual being verified.

Profile Requirements by Check Type

Profile Field

Address Check

Screening

UK Bank Check

titleID

Optional

firstName

Required

lastName

Required

middleName

Optional

dateOfBirth

Optional

Optional (preferred)

Required

currentAddress.structured

Required (preferred)

N/A

currentAddress.unstructured

Required (if structured address unavailable)

N/A

bankDetails.accountNumber

N/A

Required

bankDetails.sortCode

N/A

Required

titleId: Optional, but useful for added clarity, especially in Screening checks, but optional for all check types.
firstName / lastName: The subject's first and last names are required across all check types to identify the individual.
middleName: Including the middle name can enhance the accuracy of checks but is optional for all check types.
dateOfBirth: While optional for Address Verification and Screening, it is needed for UK Bank Account checks to ensure accurate matches.
currentAddress.structured: A structured address is preferred for Address Verification, as it improves the likelihood of a positive match.
currentAddress.unstructured: If structured data is unavailable, an unstructured address may be used for Address Verification, though it reduces accuracy.
bankDetails.accountNumber / bankDetails.sortCode: These fields are mandatory for UK Bank Account checks to validate the account details.

Profile parameters

Parameter

Type

Description

titleID

integer

The individual's title. See for full details.

- 1: Mr

- 2: Mrs

- 3: Ms

- 4: Miss

genderType

integer

The individual's gender.

- 1: Male

- 2: Female

firstName

string

The individual's first name.

middleName

string

The individual's middle name (if available).

lastName

string

The individual's last name.

dateOfBirth

string

The individual's date of birth in YYYY-MM-DD format.

Current Address

The currentAddress parameter provides the individual's current residence details.

Structured address fields

Field

Type

Required

Description

flatApartmentSubBuilding

string

Flat or apartment number (if applicable).

buildingNumber

string

Building number (if applicable).

buildingName

string

Name of the building (e.g., "Example House").

At least one of building number, building name , flat number or road street is required.

roadStreet

string

Street or road name (e.g., "Example Street").

district

string

Name of the town or city (e.g., "Exampleton").

townCity

string

District name (if applicable).

stateProvinceName

string

State or province name (e.g., "Exampleshire").

stateProvinceCode

string

State or province code (e.g., "FL" for US state Florida).

postZipCode

string

Postcode or ZIP code (e.g., "EX12AB").

countryCode

string

Yes

ISO 3166-1 alpha-2 country code (e.g., "GB" for the United Kingdom). See for more details.

dateFrom

string

Date when the individual started living at this address (in YYYY-MM-DD format).

Example:

"profile": {
    "titleId": 1,  // Mr
    "genderTypeId": 1,  // Male
    "firstName": "John",
    "middleName": "Charles",
    "lastName": "Smith",
    "dateOfBirth": "1980-06-12",
    "currentAddress": {
        "structured": {
            "flatApartmentSubBuilding": "10A",
            "BuildingNumber": "50",
            "BuildingName": "Example House",
            "RoadStreet": "Example Street",
            "townCity": "Exampleton",
            "district": "Exampleshire",
            "stateProvinceName": "Example",
            "stateProvinceCode": "EG",
            "postZipCode": "EX12AB",
            "countryCode": "GB",
            "dateFrom": "2020-01-03"
        }
    }
}

Unstructured Address

If you are unable to map a client’s address to the structured format, you can provide an unstructured address in the request.

Field

Type

Required?

address1

string

Yes

address2

string

address3

string

address4

string

address5

string

townCity

string

stateCounty

string

postZipCode

string

countryCode

string

Yes

dateFrom

string

Example

"currentAddress": {
    "unstructured": { 
        "address1": "10A",
        "address2": "50",
        "address3": "Example House",
        "address4": "Example Street",
        "address5": "",
        "townCity": "Exampleton",
        "stateCounty": "Exampleshire",
        "postZipCode": "EX12AB",
        "countryCode": "GB",
        "dateFrom": "2013-01-22",
        "dateTo": "2020-06-11"
    }
}

Bank Details

Bank Account Fields

Field

Type

Required

accountNumber

string

Yes

The 8-digit bank account number.

sortCode

string

Yes

The 6-digit bank sort code in the format XXXXXX.

openedDate

string

Optional

The date the bank account was opened, provided in format (YYYY-MM-DD). Optional but recommended for added precision.

Example:

"bankDetails": {
    "accountNumber": "12345678",
    "sortCode": "12-34-56",
    "openedDate": "2015-03-10"
}

Key Best Practices

Accuracy and Completeness: Always include all required fields for the checks you are performing to maximize the chances of successful verification.
Structured Data: Use structured addresses and complete profile details wherever possible to achieve higher match rates.
Traceability: Leverage unique identifiers such as externalReferenceId and externalCheckReferenceId for efficient tracking and troubleshooting.
Security: Ensure all requests are securely transmitted with the required JWT authentication token.