Quickstart
Create your first key and ingest a customer in under five minutes.
API reference
Every endpoint, every parameter, every response — with live “Try it”
code samples.
Zapier guide
Wire Instant Compliance into your no-code workflows.
Authentication
Issue, rotate, and revoke API keys and choose the right scopes.
What v1 does
- Create or update an individual customer in your Instant Compliance
organisation. The customer lands tagged
INTEGRATIONwithkyc_status = NOT_STARTED. No KYC is triggered, no credits are charged. - Read a customer back including a safe, integrator-friendly slice of its KYC and AML status fields.
- Poll for status changes using the
updated_sincefilter on the list endpoint — perfect for syncing results into your CRM.
What v1 does not do
These are coming in v2 and are intentionally out of scope today:- Trigger KYC checks via API. Starting a real KYC is the billable moment and stays a human action inside Instant Compliance (your back-office team completes the risk questions and clicks Start Verification in-app).
- Outbound webhooks. Subscribe to status changes by polling for now
— webhook delivery (
customer.kyc_completed,aml.review_completed) is on the roadmap. - Entity customers (companies, trusts, partnerships) and UBO graphs.
- EDD (Enhanced Due Diligence) source-of-funds / source-of-wealth.
Base URL
application/json. All timestamps are
ISO-8601 UTC. All identifiers are UUIDs unless otherwise noted.
Security defaults
- HTTPS only. Plaintext HTTP requests are rejected.
- Org-scoped keys. Every key belongs to exactly one organisation — cross-tenant data access is structurally impossible.
- Least-privilege scopes. Grant only the scopes your integration needs
(
customers:write,customers:read,aml:read). - Data minimisation. Responses never include raw AML hit data, full date of birth, full address, document references, or moderator notes. See Data minimisation for the full deny-list.