5-minute Quickstart

Your first screening with the v1 API

Create an API key, run a screening request, and verify usage metering. No SDK required—just HTTP.

Get an API key
In your dashboard, go to Settings → API Keys and create a key. Copy it and store it as an environment variable—never embed in client-side code.
macOS / Linux
```
export MATCHAUDIT_API_KEY="sk_live_..."
```
Windows (PowerShell)
```
$env:MATCHAUDIT_API_KEY="sk_live_..."
```

Make your first request

Use POST /api/v1/screen with your API key in the Authorization header. The example below screens a single name as an individual.

cURL Node (fetch)Python (requests)

curl -sS -X POST https://your-domain.com/api/v1/screen \
  -H "Authorization: Bearer $MATCHAUDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "names": ["Vladimir Putin"], "entityTypes": ["individual"] }' | jq

const res = await fetch("https://your-domain.com/api/v1/screen", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.MATCHAUDIT_API_KEY}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    names: ["Vladimir Putin"],
    entityTypes: ["individual"]
  })
});
console.log(await res.json());

import os, requests, json
resp = requests.post(
  "https://your-domain.com/api/v1/screen",
  headers={"Authorization": f"Bearer {os.getenv('MATCHAUDIT_API_KEY')}",
           "Content-Type": "application/json"},
  json={"names":["Vladimir Putin"], "entityTypes":["individual"]}
)
print(json.dumps(resp.json(), indent=2))

Sample 200 OK response▾

{
  "results": [/* matches */],
  "policyMatches": [],
  "scannedSources": ["OFAC","EU","UN","UK","CH","CA","AU"],
  "unavailableSources": [],
  "meta": { "tookMs": 123, "tenantId": "org_...", "planKey": "pro" }
}

Verify monthly usage
Check your current-month usage with GET /api/v1/usage/summary. This endpoint requires a server-only secret: API_AUTH_SECRET.
Set server secret
```
export API_AUTH_SECRET="wh-sec-..."
```
Query usage (cURL)
```
curl -s 'https://your-domain.com/api/v1/usage/summary?tenantId=YOUR_ORG_ID&planKey=pro' \
  -H "Authorization: Bearer $API_AUTH_SECRET" | jq
```
Handle errors & limits
Common responses include 401 unauthorized (missing or invalid key), 429 rate_limited (per-second),429 limit_exceeded (monthly cap), and 400 too_many_names (batch cap).
Simulate 401
```
curl -X POST https://your-domain.com/api/v1/screen \
  -H "Authorization: Bearer bad_key" -H "Content-Type: application/json" \
  -d '{ "names": ["Test"], "entityTypes": ["individual"] }'
```
Per-request cap
free: 50, pro: 200, business: 500, enterprise: 2000. Batch larger than your cap returns 400 too_many_names.

Continue to API Reference Review Authentication

Make your first request

Use POST /api/v1/screen with your API key in the Authorization header. The example below screens a single name as an individual.

cURL Node (fetch)Python (requests)

curl -sS -X POST https://your-domain.com/api/v1/screen \
  -H "Authorization: Bearer $MATCHAUDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "names": ["Vladimir Putin"], "entityTypes": ["individual"] }' | jq

const res = await fetch("https://your-domain.com/api/v1/screen", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.MATCHAUDIT_API_KEY}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    names: ["Vladimir Putin"],
    entityTypes: ["individual"]
  })
});
console.log(await res.json());

import os, requests, json
resp = requests.post(
  "https://your-domain.com/api/v1/screen",
  headers={"Authorization": f"Bearer {os.getenv('MATCHAUDIT_API_KEY')}",
           "Content-Type": "application/json"},
  json={"names":["Vladimir Putin"], "entityTypes":["individual"]}
)
print(json.dumps(resp.json(), indent=2))

Sample 200 OK response▾

{
  "results": [/* matches */],
  "policyMatches": [],
  "scannedSources": ["OFAC","EU","UN","UK","CH","CA","AU"],
  "unavailableSources": [],
  "meta": { "tookMs": 123, "tenantId": "org_...", "planKey": "pro" }
}

Verify monthly usage

Check your current-month usage with GET /api/v1/usage/summary. This endpoint requires a server-only secret: API_AUTH_SECRET.

Set server secret

export API_AUTH_SECRET="wh-sec-..."

Query usage (cURL)

curl -s 'https://your-domain.com/api/v1/usage/summary?tenantId=YOUR_ORG_ID&planKey=pro' \
  -H "Authorization: Bearer $API_AUTH_SECRET" | jq

Handle errors & limits

Common responses include 401 unauthorized (missing or invalid key), 429 rate_limited (per-second),429 limit_exceeded (monthly cap), and 400 too_many_names (batch cap).

Simulate 401

curl -X POST https://your-domain.com/api/v1/screen \
  -H "Authorization: Bearer bad_key" -H "Content-Type: application/json" \
  -d '{ "names": ["Test"], "entityTypes": ["individual"] }'

Per-request cap

free: 50, pro: 200, business: 500, enterprise: 2000. Batch larger than your cap returns 400 too_many_names.

Your first screening with the v1 API

Get an API key

Make your first request

Verify monthly usage

Handle errors & limits

Your first screening with the v1 API

Get an API key

Make your first request

Verify monthly usage

Handle errors & limits