Sanctions Screening API

What a sanctions screening API does

A sanctions screening API checks a person or entity name against official watchlists — OFAC SDN, UN Security Council, EU Consolidated, UK HM Treasury, PEP datasets, and more. It returns structured match results with confidence scores, source attribution, and decision rationale so your compliance team can review, escalate, or clear.

Unlike manual screening — where an operations team member searches a name on a government website — an API automates the entire process. You submit a name programmatically, the engine checks it against all configured lists simultaneously, and you receive a structured response in under 200 milliseconds. This makes real-time screening feasible during customer onboarding, transaction processing, and periodic re-checks.

Which sanctions lists you should screen against

There is no single global sanctions list. Different governments and international organizations maintain their own lists, each with different scope, coverage, and legal authority. Screening against only one list creates compliance gaps.

For a detailed comparison of these lists, read our OFAC vs UN vs EU sanctions lists guide. Most global fintechs screen against all four lists. The cost difference between one list and four is negligible with a modern API, and the risk of missing a match on an unchecked list is not worth the savings.

How the matching engine works

Effective sanctions screening requires more than exact string matching. Names are transliterated from non-Latin scripts, misspelled, abbreviated, and reordered. A production matching engine uses multiple techniques in a staged pipeline:

• Exact matching. Normalized string comparison against all known aliases. Fastest and most confident when it works.
• Fuzzy matching. Jaro-Winkler and Levenshtein distance catch typos, minor spelling variations, and partial matches.
• Phonetic matching. Double Metaphone generates pronunciation-based codes, catching transliterations like Qadhafi/Gaddafi.
• Token-based matching. Soft TF-IDF compares individual name tokens independently, handling name reordering and partial matches.

For a technical deep-dive, read our fuzzy matching guide.

Integration checklist

• Define which sanctions lists your policy requires (OFAC, UN, EU, UK, PEP, etc.)
• Choose integration path: REST API directly, or official SDK (Node.js, Python, Go, Rust)
• Implement API key storage using environment variables or a secrets manager
• Add retry logic with exponential backoff for 429 (rate limit) and 503 (service unavailable)
• Store the request_id and evidence_capsule_id from every screening response
• Log verdict, risk_score, and recommended_action for audit review
• Set up webhook endpoint for continuous monitoring alerts (Pro/Enterprise)
• Schedule quarterly benchmark review using your own test cases

Core endpoints

Handling matches: risk levels and decisions

Every screening returns a risk level based on match confidence. Your application should handle each level differently:

• Critical (90-100%). Block immediately. Freeze assets. Report to compliance within the hour. File a blocking report with OFAC within 10 business days.
• High (75-89%). Place on hold. Escalate to compliance analyst within 24 hours. Check DOB, nationality, and address against the sanctions entry.
• Medium (50-74%). Flag for review but do not block. Auto-approve for low-risk segments if volume is high. Review within 1-3 business days.
• Low or None (below 50%). Proceed with transaction. Log the result for audit. No manual review required.

For a complete guide to handling matches, read our OFAC API integration guide.

Related resources