One authenticated API for biometric KYC, real-time AML sanctions screening, and business KYB intelligence — governed by xCrypt licensing and built for regulated industries.
From biometric liveness to OFAC sanctions — a single integration delivers the full compliance stack built for regulated industries.
Face liveness detection, MRZ passport scanning, and CIF data transfer. Returns structured identity payloads with optional face encodings and GPS location.
KYC · AUTHENTICATE · CIFScreen individuals against global sanctions (OFAC, UN, EU, UK), PEP databases, and adverse media. Structured decision output with severity scoring.
SANCTIONS · PEP · MEDIACorporate entity AML screening with registration number cross-reference. Combined full screening merges AML and adverse media risk intelligence for KYB workflows.
KYB · CORPORATE AML · MEDIAAll API calls are validated against your xCrypt license before screening runs. Tenant isolation, rate limiting, and audit trails come built-in.
Biometric identity verification, CIF data push and pull. All requests require Verilink ApiKey and LicKey headers, validated via xCrypt.
ApiKey and LicKey. Credentials are validated against xCrypt — expired or invalid keys return HTTP 403 immediately.
Triggers a biometric verification request sent to the user's VeriLink mobile app. The payload is JSON-encoded then Base64-encoded before sending. Returns a success status once the request is dispatched.
| Field | Type | Required | Description |
|---|---|---|---|
Company | string | Required | Your company name |
TrgEmail | string | Required | Target user email (must be VeriLinked) |
UserFullName | string | Required | FirstName_LastName (underscores) |
UniqueID | string | Required | Your unique identifier — no spaces |
ApiKey | string | Required | Your VeriLink API key |
LicKey | string | Required | Your VeriLink license key |
ReturnUrl | string | Optional | Your callback endpoint URL |
ReturnIdentifier | string | Optional | Company token (from dashboard) |
ImageUrl | string | Optional | URL to user image for matching |
Verify.Face | bool | Optional | Request face match |
Verify.Liveliness | bool | Optional | Request liveness check |
NeededInfo.IdNumber | bool | Optional | Return ID number in payload |
NeededInfo.Location | bool | Optional | Return GPS location |
$veriData = (object)[];
$veriData->Company = "YourCompany";
$veriData->TrgEmail = "user@example.com";
$veriData->UserFullName = "John_Michael_Doe";
$veriData->UniqueID = "ref-10042-kyc";
$veriData->ApiKey = YOUR_API_KEY;
$veriData->LicKey = YOUR_LICENSE_KEY;
$veriData->ReturnUrl = "https://yourdomain.com/verilink-callback";
$veriData->ReturnIdentifier = YOUR_COMPANY_TOKEN;
$veriData->Verify = (object)["Face" => true, "Liveliness" => true];
$veriData->NeededInfo = (object)["IdNumber" => true, "Location" => false];
$encodedData = base64_encode(json_encode($veriData));
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://app.verilink.online/authenticate",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => ["data" => $encodedData],
]);
$response = curl_exec($curl);
curl_close($curl);
$result = json_decode($response, true);const veriData = {
Company: "YourCompany",
TrgEmail: "user@example.com",
UserFullName: "John_Michael_Doe",
UniqueID: "ref-10042-kyc",
ApiKey: YOUR_API_KEY,
LicKey: YOUR_LICENSE_KEY,
ReturnUrl: "https://yourdomain.com/verilink-callback",
Verify: { Face: true, Liveliness: true },
NeededInfo: { IdNumber: true, Location: false }
};
const encoded = btoa(JSON.stringify(veriData));
const form = new FormData();
form.append("data", encoded);
const res = await fetch("https://app.verilink.online/authenticate", {
method: "POST",
body: form
});
const data = await res.json();
// { "success": true, "message": "Data received and sent to user." }# 1. Build + encode the JSON payload (bash)
PAYLOAD=$(echo '{"Company":"YourCompany","TrgEmail":"user@example.com",
"UserFullName":"John_Michael_Doe","UniqueID":"ref-10042-kyc",
"ApiKey":"YOUR_API_KEY","LicKey":"YOUR_LIC_KEY",
"Verify":{"Face":true,"Liveliness":true},
"NeededInfo":{"IdNumber":true,"Location":false}}' | base64 -w 0)
# 2. POST encoded data
curl -X POST https://app.verilink.online/authenticate \
-F "data=${PAYLOAD}"Push a Customer Information File (CIF) record to the VeriLink platform. Used to pre-populate identity data for downstream verification flows.
ApiKey and LicKey authentication headers in the request body.$cifData = [
"ApiKey" => YOUR_API_KEY,
"LicKey" => YOUR_LICENSE_KEY,
"FirstName" => "Jane",
"LastName" => "Doe",
"Email" => "jane@example.com",
"IdNumber" => "8501015800082",
"UniqueID" => "cif-jane-001"
];
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://app.verilink.online/cif/transfer",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode($cifData),
CURLOPT_HTTPHEADER => ["Content-Type: application/json"],
]);
$response = curl_exec($curl);
curl_close($curl);const res = await fetch("https://app.verilink.online/cif/transfer", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
ApiKey: YOUR_API_KEY,
LicKey: YOUR_LICENSE_KEY,
FirstName: "Jane",
LastName: "Doe",
Email: "jane@example.com",
IdNumber: "8501015800082",
UniqueID: "cif-jane-001"
})
});
const data = await res.json();curl -X POST https://app.verilink.online/cif/transfer \
-H "Content-Type: application/json" \
-d '{"ApiKey":"YOUR_KEY","LicKey":"YOUR_LIC",
"FirstName":"Jane","LastName":"Doe",
"Email":"jane@example.com",
"IdNumber":"8501015800082","UniqueID":"cif-jane-001"}'Retrieve a previously stored CIF record by its UniqueID. Returns the full structured identity payload that was generated during verification.
$params = http_build_query([
"UniqueID" => "cif-jane-001",
"ApiKey" => YOUR_API_KEY,
"LicKey" => YOUR_LICENSE_KEY,
]);
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://app.verilink.online/cif/retrieve?" . $params,
CURLOPT_RETURNTRANSFER => true,
]);
$response = curl_exec($curl);
curl_close($curl);
$cif = json_decode($response, true);const params = new URLSearchParams({
UniqueID: "cif-jane-001",
ApiKey: YOUR_API_KEY,
LicKey: YOUR_LICENSE_KEY
});
const res = await fetch(`https://app.verilink.online/cif/retrieve?${params}`);
const data = await res.json();curl "https://app.verilink.online/cif/retrieve\
?UniqueID=cif-jane-001&ApiKey=YOUR_KEY&LicKey=YOUR_LIC"Screen individuals against global sanctions databases, PEP registers, and adverse media sources. All AML endpoints return the same structured decision model.
ApiKey and LicKey as HTTP headers on all AML requests.
Screens an individual against AML watchlists only (sanctions + PEP). Excludes adverse media for faster, lower-cost screening.
| Field | Type | Required | Description |
|---|---|---|---|
reference | string | Required | Your client reference |
full_name | string | Required | Full legal name |
dob | string | Optional | Date of birth (YYYY-MM-DD) |
country | string | Optional | ISO 3166-1 alpha-2 country code |
$payload = json_encode([
"reference" => "client-00142",
"full_name" => "Vladimir Petrov",
"dob" => "1971-03-15",
"country" => "RU"
]);
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://aml.verilink.online/v1/person/aml",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"ApiKey: " . YOUR_API_KEY,
"LicKey: " . YOUR_LICENSE_KEY,
],
]);
$response = curl_exec($curl);
curl_close($curl);
$result = json_decode($response, true);const res = await fetch("https://aml.verilink.online/v1/person/aml", {
method: "POST",
headers: {
"Content-Type": "application/json",
"ApiKey": YOUR_API_KEY,
"LicKey": YOUR_LICENSE_KEY
},
body: JSON.stringify({
reference: "client-00142",
full_name: "Vladimir Petrov",
dob: "1971-03-15",
country: "RU"
})
});
const data = await res.json();curl -X POST https://aml.verilink.online/v1/person/aml \
-H "Content-Type: application/json" \
-H "ApiKey: YOUR_API_KEY" \
-H "LicKey: YOUR_LICENSE_KEY" \
-d '{"reference":"client-00142","full_name":"Vladimir Petrov",
"dob":"1971-03-15","country":"RU"}'Performs adverse media screening only for an individual. Useful when a subject has already cleared sanctions but you want ongoing media monitoring.
{
"reference": "media-00201",
"full_name": "John Smith",
"country": "ZA"
}Performs comprehensive person screening — combines AML sanctions/PEP screening with adverse media in a single request. Returns merged decision model.
$payload = json_encode([
"reference" => "full-00301",
"full_name" => "Jane Kimani",
"dob" => "1985-07-20",
"country" => "KE"
]);
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://aml.verilink.online/v1/person/full",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"ApiKey: " . YOUR_API_KEY,
"LicKey: " . YOUR_LICENSE_KEY,
],
]);
$response = curl_exec($curl);
curl_close($curl);const res = await fetch("https://aml.verilink.online/v1/person/full", {
method: "POST",
headers: {
"Content-Type": "application/json",
"ApiKey": YOUR_API_KEY,
"LicKey": YOUR_LICENSE_KEY
},
body: JSON.stringify({
reference: "full-00301",
full_name: "Jane Kimani",
dob: "1985-07-20",
country: "KE"
})
});
const data = await res.json();curl -X POST https://aml.verilink.online/v1/person/full \
-H "Content-Type: application/json" \
-H "ApiKey: YOUR_API_KEY" \
-H "LicKey: YOUR_LICENSE_KEY" \
-d '{"reference":"full-00301","full_name":"Jane Kimani",
"dob":"1985-07-20","country":"KE"}'Screen business entities against sanctions lists and adverse media. Supports registration number cross-referencing for enhanced confidence scoring.
Screens a business entity against AML sanctions lists. Registration number is optional but improves match precision.
{
"reference": "biz-001",
"company_name": "Rosneft",
"registration_number": "123456",
"country": "RU"
}Performs adverse media screening only for a business or organisation. Returns media-sourced risk signals independent of sanctions data.
{
"reference": "biz-002",
"company_name": "Rosneft",
"country": "RU"
}Performs full business screening — combines AML sanctions with adverse media. The recommended endpoint for KYB compliance workflows.
$payload = json_encode([
"reference" => "biz-003",
"company_name" => "Acme Holdings Ltd",
"registration_number" => "2019/455821/07",
"country" => "ZA"
]);
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://aml.verilink.online/v1/business/full",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"ApiKey: " . YOUR_API_KEY,
"LicKey: " . YOUR_LICENSE_KEY,
],
]);
$response = curl_exec($curl);
curl_close($curl);const res = await fetch("https://aml.verilink.online/v1/business/full", {
method: "POST",
headers: {
"Content-Type": "application/json",
"ApiKey": YOUR_API_KEY,
"LicKey": YOUR_LICENSE_KEY
},
body: JSON.stringify({
reference: "biz-003",
company_name: "Acme Holdings Ltd",
registration_number: "2019/455821/07",
country: "ZA"
})
});
const data = await res.json();curl -X POST https://aml.verilink.online/v1/business/full \
-H "Content-Type: application/json" \
-H "ApiKey: YOUR_API_KEY" \
-H "LicKey: YOUR_LICENSE_KEY" \
-d '{"reference":"biz-003","company_name":"Acme Holdings Ltd",
"registration_number":"2019/455821/07","country":"ZA"}'Every AML endpoint returns the same structured decision model. Machine-readable and built for audit logging from day one.
{
"success": true,
"request_id": "aml_ba45c3c02952d2b5",
"reference": "client-00142",
"request_type": "person", // person | business
"screening_mode": "full", // aml | media | full
"tenant": {
"tenant_id": "your_company",
"tenant_name": "Your Company Name"
},
"decision": "possible_match", // clear | review | possible_match | high_risk
"severity": "high", // low | medium | high
"summary": {
"aml_hits": 3,
"media_hits": 2,
"top_score": 1.0
},
"meta": {
"version": "v1",
"generated_at": "2026-04-09T12:00:00+00:00"
}
}
{
"success": false,
"request_id": "aml_40ceabb19a344e73",
"error": {
"code": "FORBIDDEN",
"message": "License verification failed",
"details": { "xcrypt_status": "invalid" }
},
"meta": { "version": "v1" }
}
| Code | Description | Resolution |
|---|---|---|
| 10 | Unique ID already exists | Choose a different UniqueID |
| 14 | Invalid license or API key | Check dashboard credentials |
| 401 | Company not found or inactive | Contact VeriLink support |
| 403 | License expired or suspended | Renew via xCrypt dashboard |
| HTTP | Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Missing authentication header |
| 403 | FORBIDDEN | Invalid key, expired license, or endpoint not permitted |
| 403 | TENANT_DISABLED | Identity or linked license is inactive |
| 422 | INVALID_PAYLOAD | Missing or invalid required fields |
| 429 | RATE_LIMIT | 60 req/min exceeded — retry after header included |
| 502 | AUTH_UPSTREAM_ERROR | xCrypt verification failed or returned invalid response |
| 500 | INTERNAL_ERROR | Unexpected server error |
Every AML screening request returns a machine-readable decision tier with severity scoring, hit counts, and confidence score — built for automated compliance workflows.
Access the VeriLink API through an xCrypt-governed license. Built for financial institutions, legal firms, and regulated platforms.