5-minute Quickstart
Create an API key, run a screening request, and verify usage metering. No SDK required - just HTTP.
In your dashboard, go to Settings → API Keys and create a key. Copy it and store it as an environment variable - never embed in client-side code.
export MATCHAUDIT_API_KEY="sk_live_..."$env:MATCHAUDIT_API_KEY="sk_live_..."Before sending screening requests, confirm which sanctions lists your API workflow should use. This is a required implementation step because screening quality depends on the active source selection.
MatchAudit applies a global default source set automatically for new API users. If that default is not appropriate, update it first through PUT /api/v1/settings.
curl -sS https://your-domain.com/api/v1/settings \
-H "Authorization: Bearer $MATCHAUDIT_API_KEY" | jqcurl -sS -X PUT https://your-domain.com/api/v1/settings \
-H "Authorization: Bearer $MATCHAUDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"jurisdiction": "global",
"sources": ["un", "eu", "ofac", "uk", "seco"]
}' | jqImportant: If you do not configure custom settings, MatchAudit will still use the global default source set. In production, you should explicitly review and confirm those settings before relying on the API response.
Use POST /api/v1/screen with your API key in the Authorization header. The same request can include country, location, IP, or structured address context, so you can get a single screening answer that reflects both direct list hits and country-driven restrictions.
curl -sS -X POST https://your-domain.com/api/v1/screen \
-H "Authorization: Bearer $MATCHAUDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"names": ["Northshore Trading GmbH"],
"entityTypes": ["entity"],
"country": "Syria",
"jurisdiction": "US"
}' | jqconst res = await fetch("https://your-domain.com/api/v1/screen", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.MATCHAUDIT_API_KEY}`,
"Content-Type": "application/json"
},
body: JSON.stringify({
names: ["Northshore Trading GmbH"],
entityTypes: ["entity"],
country: "Syria",
jurisdiction: "US"
})
});
console.log(await res.json());import os, requests, json
resp = requests.post(
"https://your-domain.com/api/v1/screen",
headers={"Authorization": f"Bearer {os.getenv('MATCHAUDIT_API_KEY')}",
"Content-Type": "application/json"},
json={
"names": ["Northshore Trading GmbH"],
"entityTypes": ["entity"],
"country": "Syria",
"jurisdiction": "US"
}
)
print(json.dumps(resp.json(), indent=2)){
"results": [
{
"input": "Northshore Trading GmbH",
"isSanctioned": false,
"actionableHit": true,
"decision": { "status": "BLOCK" }
}
],
"policyMatches": [],
"scannedSources": ["un","eu","ofac","uk","seco"],
"unavailableSources": [],
"meta": {
"tookMs": 123,
"tenantId": "org_...",
"planKey": "pro",
"countryRisk": { "recommendation": "BLOCK", "resolvedCountryIso2": "SY" }
}
}Implementation note: results[].isSanctioned reflects direct name-list hits. When you supply country context, inspect results[].actionableHit, results[].decision.status, and meta.countryRisk to catch country-only blocks or review outcomes.
If your operating workflow already lives in Salesforce, send one Contact, Account, or Lead to POST /api/v1/integrations/salesforce/screen instead of building a separate compliance workflow from scratch.
This route uses the same API key model and source settings as the rest of the public API. The main difference is the response shape: it is optimized for CRM use and returns a screening status, top match summary, audit reference id, and evidence links ready to store on the Salesforce record.
curl -sS -X POST https://your-domain.com/api/v1/integrations/salesforce/screen \
-H "Authorization: Bearer $MATCHAUDIT_API_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: sf-contact-0038b00002AbCdE" \
-d '{
"recordType": "contact",
"recordId": "0038b00002AbCdE",
"fullName": "Aleksandr Sergei Petrov",
"companyName": "PetroLogix Trading Ltd",
"country": "Cyprus",
"dateOfBirth": "1982-03-12"
}' | jq1. screening.screeningStatus
2. screening.riskLevel
3. screening.summary
4. screening.auditReferenceId
5. screening.evidence.pdfUrl
6. screening.evidence.jsonUrlTip: Send country or billing country from Salesforce whenever possible. It lets MatchAudit evaluate country-risk in the same request instead of returning a name-only answer.
Check your current-month usage with GET /api/v1/usage/summary. This endpoint requires a credential. Recommended: server-only secret API_AUTH_SECRET (API key auth is also supported).
export API_AUTH_SECRET="wh-sec-..."curl -s 'https://your-domain.com/api/v1/usage/summary?tenantId=YOUR_ORG_ID' \
-H "Authorization: Bearer $API_AUTH_SECRET" | jqCommon responses include 401 unauthorized (missing or invalid key), 429 rate_limited (per-second),429 limit_exceeded (monthly cap), and 400 too_many_names (batch cap).
curl -X POST https://your-domain.com/api/v1/screen \
-H "Authorization: Bearer bad_key" -H "Content-Type: application/json" \
-d '{ "names": ["Test"], "entityTypes": ["individual"] }'Per-request limits are plan-based. See Pricing for current caps. Batch larger than your cap returns 400 too_many_names.
Note: Limits are plan-configured and may change. Keep client integrations flexible and avoid hard-coding caps.
If your trade team already works in SAP GTS, use POST /api/v1/integrations/sap-gts/sync when your middleware or scheduled export should create the same reviewable SAP GTS cases that analysts can inspect in the dashboard.
For production use, configure scheduled sync timing and automatic write-back in Integrations > SAP GTS. The sync endpoint handles the intake; the dashboard automation settings control when imports run and where reviewed decisions are sent.
If you are connecting through SAP CPI, save the connector as SAP CPI in the dashboard, store the default mapping profile for that export, and configure the SAP deep link so analysts can jump back into the native worklist.
curl -sS -X POST https://your-domain.com/api/v1/integrations/sap-gts/sync \
-H "Authorization: Bearer $MATCHAUDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"externalRunId": "sap-job-2026-03-11-001",
"sourceSystem": "sap-gts",
"rows": [
{
"Name": "Example GmbH",
"Country": "DE",
"Document No": "4711",
"Transaction ID": "TX-10001",
"SAP Result": "REVIEW"
}
]
}' | jq1. MatchAudit normalizes the SAP GTS rows.
2. The rows move through the same review workflow used by the dashboard SAP GTS upload page.
3. Recent sync runs appear in Integrations > SAP GTS.
4. Analysts can save draft decisions, finalize reviewed cases, lock final decisions, and export evidence.
5. Middleware can read back finalized decisions from GET /api/v1/integrations/sap-gts, or receive them automatically if write-back is enabled.