Skip to main content

AML Without Identity - 5 Minutes Tutorial - API Integration

Prerequisites

The following information is required to be able to integrate with Authologic:

  • Developer portal credentials,
  • API Keys.

Developer Portal Credentials

The developer portal address and credentials were provided during onboarding.

Passwords And API Keys

During the onboarding you have received the API keys:

  • API key allowing communication with Authologic.
  • The key used to verify the data sent by Authologic by the callback mechanism.

Integration Overview

Authologic provides a simple and effective way to initialize the AML verification. The API process involves three key steps: initiating the verification through an external system, redirecting the user to the appropriate page, and receiving the verification results.

The entire process is called conversation. The following diagram represents the process logical flow:

  1. Start of the identity verification process. Your server calls the API method called: POST /api/conversations
  2. The response returns information about conversation identifier and status
  3. Authologic calls a callback on your server's side with the result of the verification
Please remember that in many cases gathering information requires additional time. When creating your system, it should be taken into account that the results of the verification process will be available to the user after some time, and thus it is desired to account for asynchronous communication.
We use the curl tool to show the API operation. If you have not dealt with it, you can find a short guide on it here(opens in new tab). Of course, there is nothing to prevent you from using the swagger tool directly, which you will find at the link: here, or any other tool, such as Postman or Insomnia.

Creating a Conversation

The Authologic API uses the Basic Auth based authentication described, among others, at here(opens in new tab). Username and API key should be used as data. By using the curl tool we use the -u option which is responsible for the use of Basic Auth.

In order to retrieve information about the user's presence on the AML lists, a conversation must be created. In this example we will use the aml product. When using the aml product it is necessary to specify which lists should be checked and provide the data that should be checked. However, in comparison to the AML process with identity check we will provide the user details in the request that creates the conversation and initializes the process. Example:

curl -X POST -u my_login "https://sandbox.authologic.com/api/conversations" \
-H "accept: application/vnd.authologic.v1.1+json" \
-H "Content-Type: application/vnd.authologic.v1.1+json" \
-d '{
    "userKey": "7dfb9ded-c38f-49ae-95e2-307283a0b1f6",
    "returnUrl": "https://id.sandbox.authologic.com/c/{conversationId}/thankYou",
    "callbackUrl": "your_callback_url_here",
    "query": {
        "aml": {
          "checks": ["PEP", "SANCTIONS", "ADVERSE_MEDIA", "SIP", "OTHER"],
          "user": {
            "firstName": "Maria",
            "lastName": "Sochacka",
            "birthDate": "1964-05-11",
            "nationality": "PL",
            "nationalId": "72111102379"
          }
        }
    }
}'

Of course, instead of my_login enter your login. You should be prompted for a password - at that point you should enter the API key (do not confuse it with the password to the customer panel).

In the example above, we have set conversation to check the following lists:

  • PEP - List of persons in politically exposed positions
  • SANCTIONS - List of individuals for whom sanctions have been implemented
  • SIP - List of individuals with high risk, typically involved in criminal activities or suspicious activity has been found in the past. May have been involved in court proceedings, had previous criminal allegations, or been involved in financial crimes such as money laundering and terrorist financing.
  • ADVERSE_MEDIA - List of publications related to a person
  • OTHER - List of RCAs and individuals categorized in AML lists different from PEP, SIP or SANCTIONS.

A conversation defined in this way, in response to a query about its status, immediately returns the result, without the need for interaction with the user. The result will also be sent using the callback mechanism.

Due to the necessity of checking data in many external databases, the response time may be longer. Therefore the data may not be immediately available at the time of creation. We strongly recommend using the callback mechanism to receive the AML results along with other requested conversation products.

Downloading Detailed Information

Having information on which lists the user was found on, it is possible to download a detailed report containing the collected information, e.g.:

curl -u my_login "https://sandbox.authologic.com/api/conversations/c12c1adc-3ff0-4d32-b95c-c593135c903e/aml/PEP" \
-H "accept: application/vnd.authologic.v1.1+json" \
-H "Content-Type: application/vnd.authologic.v1.1+json"

Parameterizing the call of the above method with the name of the AML list PEP, SANCTIONS, SIP, ADVERSE_MEDIA, OTHER, we get the first page of results for a given list.

The response structure varies depending on the selected AML list. A detailed description of the response structure can be found in the AML product details section.

Example Test Data

We have prepared test data sets on a sandbox environment.

In order to obtain differentiated results, in the field query.aml.user.lastName, one of the following names should be given:

  • Putin - PEP, SANCTIONS, SIP, ADVERSE_MEDIA, OTHER
  • Shoygu - SANCTIONS
  • Kwaśniewski - SIP
  • Biden - PEP
  • Trzaskowski - ADVERSE MEDIA
  • Kowalski - empty AML list
  • Acme - Results AML not available

If you enter a name that is not on the list, the data associated with the name Putin will appear in the results.

The above data sets are also valid when running the AML change monitoring functionality. Then, after 2 and 5 minutes after the first data, we simulate changes in the results of AML lists. The related callback notifications are also sent.

That's it. You managed to use API and get data.

What's Next

Combining Products

Combining multiple products together in a single request.

Testing

Learn how to test your integration.

Productionize

What to do before going to production.

WebSDK

Embedding the verification process within your website.

Embedding the verification process within your website is completely optional. Using redirection in your process if sufficient and more than enough to start working with Authologic. You can consider it when you would like the process to be a part of the web application.

Additional Information

Bank Transactions Data

Detailed description of the bank transactions data retrieval.

Account Information Retrieval

Description of the bank transactions account data information retrieval.

Statistics Retrieval

Detailed description of the bank transactions statistics retrieval.

Troubleshooting

Callbacks

Not being able to receive callbacks.

Errors

Verification failure reasons.

Statuses

Handling various conversation statuses.

FAQ

Frequently asked questions.

Deprecations

Deprecated features and options list.

Despite our sincere intentions, it is difficult to create perfect technical documentation. If you have an idea on how to improve this documentation, or you have trouble understanding any section, please email us at tech-support@authologic.com
Was this page helpful?
Powered by Authologic Nisaba