> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zenoo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting Started

> Zenoo is a verification orchestration platform that connects your system to identity, screening, and company registry providers through a single API.

Zenoo is a verification orchestration platform. It connects your system to identity, screening, and company registry providers through a single API. You send data, Zenoo runs the checks, and you get structured compliance results back.

**What Zenoo does:**

* **Company Verification** -- Company registry verification, director and UBO screening, corporate structure analysis
* **Person Verification** -- Document verification, biometric liveness, face matching, database checks
* **AML Screening** -- PEP, sanctions, adverse media, and watchlist screening via WorldCheck

You submit entity data over a REST API. Zenoo routes it to the appropriate providers, normalizes the results, scores risk, and returns a compliance report. No direct provider integrations required on your end.

## Architecture

```mermaid theme={null}
flowchart LR
    subgraph YS["Your System"]
        A1["Submit entity\ndata via API"]
        A2["Receive\ncompliance report"]
    end
    subgraph ZG["Zenoo Gateway"]
        G["Gateway"]
        G --> WC["WorldCheck Screening\nPEP / Sanctions / Adverse Media"]
        G --> CR["Company Registries\nCompany status / Directors / UBOs"]
        G --> DV["Document Verification\nOCR / Tamper / Biometric liveness"]
        G --> RM["Risk Model Evaluation\n4-dimension scoring"]
        G --> AG["Alert Generation\nPEP / Sanctions / Mismatches"]
        G --> AI["AI Research (optional)\nCompany/person analysis"]
    end
    A1 --> G
    ZG -->|"Normalized compliance report"| A2
```

## Processing pipeline

When you submit entity data, Zenoo runs through these stages:

<Steps>
  <Step title="Data ingestion">
    Your payload is validated and a case is created. If you included an `external_reference` that already exists, the existing case is returned instead.
  </Step>

  <Step title="Screening">
    The entity (and any associated individuals like directors or UBOs) is screened against WorldCheck databases for PEP status, sanctions list matches, adverse media, and watchlist entries.
  </Step>

  <Step title="Registry verification">
    For companies, Zenoo queries official company registries to verify legal name, registration number, company status, registered address, directors, and shareholders.
  </Step>

  <Step title="Document verification">
    For Person Verification flows that require user interaction, the individual captures identity documents and a selfie. Zenoo runs OCR, tamper detection, and biometric liveness checks.
  </Step>

  <Step title="Risk model evaluation">
    All check results feed into a risk scoring model that evaluates entity risk, geographic risk, industry risk, and screening risk. The output is a risk tier (Low, Medium, High) and a numeric score.
  </Step>

  <Step title="Alert generation">
    If screening returns hits, data mismatches are detected, or risk thresholds are exceeded, alerts are created for compliance review.
  </Step>

  <Step title="UBO discovery">
    For company verifications, Zenoo identifies beneficial owners from registry data and screens them individually.
  </Step>

  <Step title="AI research (optional)">
    Automated research on the entity using public data sources. Produces a structured summary of the entity's background, industry presence, and risk indicators.
  </Step>
</Steps>

## Processing timeline

| Stage                              | Typical duration                   |
| ---------------------------------- | ---------------------------------- |
| API gateway routing                | \< 1 second                        |
| WorldCheck screening               | 3-10 seconds                       |
| Company registry lookup            | 5-15 seconds                       |
| Document verification              | 10-30 seconds (after user submits) |
| Biometric liveness                 | 5-15 seconds (after user submits)  |
| Risk model evaluation              | 1-5 seconds                        |
| Case creation and alert generation | 5-15 seconds                       |
| Auto-execute queued checks         | 10-30 seconds                      |
| AI research                        | 30-120 seconds                     |

<Info>
  For fully automated flows (Company Verification, screening), expect **2-5 minutes** end to end. Flows that require user interaction (Person Verification document capture) add human time on top. Once the user submits, server-side processing completes in 30-60 seconds.
</Info>

## Two execution models

Zenoo supports synchronous and asynchronous execution.

<Tabs>
  <Tab title="Synchronous">
    **Endpoint:** `POST /api` with `X-SYNC-TIMEOUT`

    Your request blocks until checks complete or the timeout is reached. Results are returned directly in the HTTP response. Best for server-to-server flows like screening and Company Verification.

    ```
    POST /api/gateway/execute/{project_hash}/api
    Header: X-SYNC-TIMEOUT: 30000
    ```
  </Tab>

  <Tab title="Asynchronous">
    **Endpoint:** `POST /init`

    The API returns immediately with tokens. You retrieve results later by polling or via webhook. Required for flows where a user must interact with verification UI (document capture, biometric liveness).

    ```
    POST /api/gateway/execute/{project_hash}/init
    ```
  </Tab>
</Tabs>

Most integrations use both: sync for automated Company Verification and screening, async for interactive Person Verification flows.

## Quick links

<Info>
  * **Base URL (production):** `https://instance.prod.onboardapp.io`
  * **Base URL (staging):** `https://instance.staging.onboardapp.io`
  * **Auth header:** `X-API-KEY: your-api-key`
  * **Gateway pattern:** `POST /api/gateway/execute/{project_hash}/{action}`
</Info>

## What's next

<Columns cols={2}>
  <Card title="Authentication" icon="key" href="/getting-started/authentication">
    API keys, webhook signatures, security practices
  </Card>

  <Card title="Environments" icon="server" href="/getting-started/environments">
    Base URLs, endpoint reference, environment separation
  </Card>

  <Card title="First API Call" icon="play" href="/getting-started/first-api-call">
    Working curl/Node.js/Python examples you can run in 2 minutes
  </Card>

  <Card title="Security Best Practices" icon="shield-halved" href="/getting-started/security-best-practices">
    Secure your integration against common vulnerabilities
  </Card>
</Columns>
