Skip to main content
Zenoo gives you two complementary APIs. Flow API orchestrates verification journeys across multiple providers. Case Management API gives you programmatic control over the compliance workspace where your team reviews results. Both are REST, both use JSON, both authenticate with X-API-KEY.

Choose your API

Flow API

Orchestrate KYC, KYB, and screening checks across providers through a single endpoint. Submit data, Zenoo runs the checks, you get consolidated results back.

Case Management API

Build on top of the compliance workspace — create cases, triage alerts, run risk assessments, and automate review workflows.

Flow API

The Flow API is how you run verification checks. Instead of integrating with each provider separately, you send data to Zenoo and get a single consolidated response — company registry data, PEP/sanctions screening, document verification, and biometrics all in one call. Base URL 
https://{instance}.prod.onboardapp.io/api/gateway/execute/{project_hash}

Endpoints

EndpointMethodUse case
/apiPOSTRun a company flow synchronously
/initPOSTStart a company flow asynchronously — returns a token pair
/kyc/apiPOSTRun a person flow synchronously
/kyc/initPOSTStart a person flow asynchronously — returns a token pair
/screening/apiPOSTRun PEP, sanctions, and adverse media screening
/sharable-payload/{pull_token}GETRetrieve results using a pull token

Two execution modes

Send data, wait for results. Best for server-to-server integrations where you can hold a connection open.
curl -X POST ".../api" \
  -H "X-API-KEY: your-api-key" \
  -H "X-SYNC-TIMEOUT: 30000" \
  -H "Content-Type: application/json" \
  -d '{"company_name": "Acme Ltd", "registration_number": "12345678", "country": "GB"}'
Returns the full compliance report directly. If checks don’t finish within the timeout, you get a 202 with a pull token to retrieve results later.

Quick example

curl -X POST "https://instance.prod.onboardapp.io/api/gateway/execute/{project_hash}/api" \
  -H "X-API-KEY: your-api-key" \
  -H "X-SYNC-TIMEOUT: 30000" \
  -H "Content-Type: application/json" \
  -d '{
    "company_name": "Acme Holdings Ltd",
    "registration_number": "12345678",
    "country": "GB"
  }'

{
  "verdict": "Refer",
  "risk_tier": "Medium",
  "company": {
    "name": "Acme Holdings Ltd",
    "registration_number": "12345678",
    "status": "Active",
    "jurisdiction": "GB",
    "directors": [
      { "name": "Jane Smith", "role": "Director", "appointed": "2019-03-15" }
    ]
  },
  "screening": {
    "total_hits": 2,
    "pep_matches": 1,
    "sanctions_matches": 0,
    "adverse_media_matches": 1
  },
  "risk_assessment": {
    "overall_tier": "Medium",
    "customer_risk": 45,
    "country_risk": 20,
    "product_risk": 35,
    "channel_risk": 10
  }
}

Case Management API

The Case Management API gives you programmatic access to the compliance workspace. Use it to automate review workflows, integrate with internal systems, or build custom compliance dashboards. Base URL 
https://api.zenoo.com/v1

Resources

Entities

6 endpoints — Create and manage the people and companies being verified. Each entity has checks, alerts, and documents attached.

Cases

18 endpoints — Full case lifecycle from creation to closure. Add entities, manage reviewers, track timelines, generate compliance reports.

Alerts

11 endpoints — Triage, resolve, escalate, and bulk-manage compliance alerts. Includes AI-powered research for screening matches.

Checks

3 endpoints — View check results, re-run failed checks, or waive requirements when appropriate.

Risk Assessments

3 endpoints — View 4-dimension risk scores, approve assessments, or override with justification.

Audit & Analytics

4 endpoints — Immutable audit logs and aggregated analytics for compliance reporting.

What you can build

  • Automated triage — Route new alerts to the right team based on category, risk tier, or entity type
  • Custom dashboards — Pull case and alert analytics into your BI tools
  • Bulk operations — Resolve, acknowledge, or assign hundreds of alerts in a single call
  • Workflow integration — Trigger actions in Slack, Jira, or internal tools when cases change status
  • Compliance reporting — Generate audit trails and SLA reports from the API
The Case Management API is documented with fully defined schemas in the OpenAPI spec. Use the sidebar to explore each resource.

Authentication

Every request requires your API key: 
X-API-KEY: your-api-key
Keys are project-scoped. Each project has separate Sandbox and Production keys. See Authentication for setup.

Rate limits

APILimitBurst
Flow sync (/api)100 req/min20
Flow async (/init)100 req/min20
Result polling (/sharable-payload)300 req/min50
Screening (/screening/api)200 req/min30
Case Management (/v1/*)500 req/min50
Rate limit headers are included in every response. See Rate Limits for retry strategies.

Need help?

Getting Started

Authentication, environments, and your first API call

Error Codes

Error codes, retry strategies, and troubleshooting