The Tiller Verifications API is divided into three main components: Authentication, Verifications, and Ongoing Monitoring.
Before using the API, clients must authenticate their requests. The authentication service ensures that all interactions with the API are authorized and secure.
AuthenticationThe Verifications component is the heart of the API, enabling businesses to perform a variety of checks. These include Address Verification, Background Checks (PEP & Sanctions, Watchlist, and Adverse Media), and UK Bank Account Checks.
VerificationsOngoing Monitoring enhances Background Checks by providing continuous updates on an individual’s PEP, sanctions, or adverse media status. This ensures businesses are alerted to compliance risks as soon as they arise.
Ongoing MonitoringAuthenticate: Begin by authenticating your API client and obtaining a bearer token. This token is required for all subsequent API calls.
Submit a Verification Request: Use the Verifications API to perform compliance checks on an individual. Configure checks and provide the necessary profile details.
Enable Monitoring (Optional): For continuous monitoring of PEP & Sanctions or Adverse Media, include enableOngoingMonitoring: true in your verification request.
Retrieve Results: Access results directly from the response (synchronous) or poll using the correlation ID (asynchronous).
Manage Monitoring Subscriptions: Use the Ongoing Monitoring endpoints to subscribe to notifications, retrieve results, or unsubscribe when no longer needed.
This API overview serves as your starting point for integrating the Tiller Verifications API into your workflows. For detailed technical documentation and examples, explore the linked sections or contact our support team at support@tillertech.com.
The Tiller Verifications API uses token-based authentication via the OAuth 2.0 protocol. To ensure secure communication and protect sensitive data, every request to the API requires a valid access token in the Authorization header.
To use the Tiller Verifications API, you'll need some credentials. This is essential for authenticating your requests and ensuring secure access to the system. Here’s how to get started:
Contact your Tiller account manager to request your API credentials. -
info@tillertech.com.
Safeguard your credentials; it is required for authorization. Treat it like a password—never share it or expose it publicly.
To authenticate your requests, you need to retrieve an access token by sending a POST request to the authentication /connect/token endpoint. The request should include the following form data:
grant_type
Yes
Specifies the OAuth 2.0 grant type. Use client_credentials.
client_id
Yes
Your client unique identifier provided by Tiller.
client_secret
Yes
Your secret key provided by Tiller.
scope
Yes
Use VerificationsAPI as the scope.
Obtain an authentication token using client credentials.
client_credentials{{scope}}{{client_id}}{{client_secret}}To use the access token with the Verifications service, include it in the Authorization header of your HTTP requests.
Token Renewal: Monitor the token’s expiry and implement logic to request a new one before making further API calls.
Secure Transmission: Always use HTTPS to prevent interception of the access token during transmission.
Scope Management: Use minimal scopes necessary for each request to enhance security.
By including the access token in your requests, you gain secure and authenticated access to the Verifications service, protecting sensitive information.
The Verifications API can a variety of checks for customer verification purposes. This section outlines the available check types, the required request structure, and the specific profile details needed for each type of check.
For more details on building a request please see Request Structure.
Endpoint:
POST /api/v1/verifications
Description: This endpoint is used to initiate a verification request. It processes and returns the results of the specified checks.
Key Features:
Supports synchronous (runAsync: false) and asynchronous (runAsync: true) processing.
When runAsync is false, the response includes the verification results.
When runAsync is true, a correlationId is returned, which must be used to fetch the results via the GET /api/v1/verifications/{correlationId} endpoint.
Usage: This endpoint allows users to perform one or more checks (e.g., Address Verification, Bankground Checks, Bank Account Check) in a single request. Ensure that the required information is provided for each check type. For more detail on building a request please see Request Structure.
Endpoint:
GET /api/v1/verifications/{correlationId}
Description:
Used to retrieve the results of a previously submitted verification request. This endpoint is primarily used when runAsync: true was specified in the initial request. But can be used when runAsync: false as well.
Key Features:
Can be polled to check the status of the verification process.
Returns the detailed results of each check once available.
Parameters:
correlationId (path): The unique identifier returned when the initial verification request was submitted.
Endpoint: GET /api/v1/verifications/references
Description: This endpoint provides reference data required for verifications. It includes details such as valid check types, status codes, titles, genders, and country codes.
Key Features:
Useful for retrieving a list of valid codes and identifiers required when making a verification request.
Helps to ensure requests are formatted correctly with the proper values.
The Ongoing Monitoring API allows you to manage and retrieve updates for continuous background checks. When ongoing monitoring is enabled during a verification request (enableOngoingMonitoring: true), the system monitors the individual on a daily basis to identify new PEP & Sanctions, Adverse Media, or Watchlist events. Alerts are sent to the subscribed return URL whenever there is a status change, and results can be retrieved using the relevant endpoints.
Endpoint:
GET /api/v1/ongoingmonitoring/{correlationId}
Description:
Retrieves the verification statuses and results for a specific ongoing monitoring record using the correlationId provided during the initial verification request.
Path parameters:
correlationId (string, required): The unique ID associated with the monitoring request.
Query Parameters:
fromDate (date-time, optional): Filter results starting from this date.
toDate (date-time, optional): Filter results up to this date.
Endpoint:
POST /api/v1/ongoingmonitoring/subscribe
Description:
Subscribes to the ongoing monitoring service by registering a return URL and API key. This URL will receive webhook notifications for updates in monitored results.
Endpoint:
POST /api/v1/ongoingmonitoring/unsubscribe
Description:
Unsubscribes the provided return URL from ongoing monitoring. After unsubscribing, you will no longer receive updates for monitored profiles.