Skip to main content

Architecture & Data Flow

Overview

Zenoo is a verification orchestration hub. You submit entity data to a single API endpoint. Zenoo routes checks to the appropriate providers (screening databases, company registries, document verification, and others), normalizes the results into a unified format, evaluates risk, and returns a structured compliance report. One integration point. Multiple providers. Consistent results.
Your system communicates exclusively with Zenoo. Zenoo handles all provider and Salesforce interactions. You never need to integrate directly with screening databases, company registries, or document verification providers.

System Architecture

ComponentRole
Your SystemSubmits entity data, receives compliance results
Zenoo GatewayOrchestration hub — routes checks, normalizes results, serves API
ProvidersScreening databases, company registries, document verification, biometric liveness, phone verification
SalesforceBack-end enrichment — case management, risk scoring, AI research, UBO discovery, alert triage, audit trail

Processing Pipeline

When you submit entity data, Zenoo executes these stages:
1

Data ingestion

Your payload is validated and a case is created. If the external_reference already exists, the existing case is returned instead of creating a duplicate.
2

Screening

The entity and any associated individuals (directors, UBOs) are screened against WorldCheck databases for PEP status, sanctions matches, adverse media, and watchlist entries.
3

Registry verification

For companies, Zenoo queries official company registries to verify legal name, registration number, company status, registered address, directors, and shareholders.
4

Document verification

For Person Verification flows requiring user interaction, the individual captures identity documents and a selfie. Zenoo runs OCR, tamper detection, and biometric liveness checks.
5

Risk model evaluation

All check results feed into a risk scoring model that evaluates entity risk, geographic risk, industry risk, and screening risk. The output is a risk tier (Low, Medium, High) and a numeric score.
6

Alert generation

If screening returns hits, data mismatches are detected, or risk thresholds are exceeded, alerts are created for compliance review.
7

UBO discovery

For company verifications, beneficial owners are identified from registry data and screened individually.
8

AI research (optional)

Automated research on the entity using public data sources, producing a structured summary of background, industry presence, and risk indicators.

Processing Timeline

StageTypical Duration
API gateway routing< 1 second
WorldCheck screening3-10 seconds
Company registry lookup5-15 seconds
Document verification (after user submits)10-30 seconds
Risk model evaluation1-5 seconds
Alert generation< 1 second
UBO discoveryPart of registry lookup
AI research30-120 seconds
For fully automated flows (Company Verification, screening), expect 2-5 minutes end to end. Flows that require user interaction (Person Verification document capture) add human time on top. Once the user submits, server-side processing completes in 30-60 seconds.

Two Execution Models

Zenoo supports synchronous and asynchronous execution.
AspectSync (Model 1)Async (Model 2)
EndpointPOST /api/gateway/execute/{project_hash}/apiPOST /api/gateway/execute/{project_hash}/init
HeaderX-SYNC-TIMEOUT: 30000 (ms)None required
ResponseFull results (or partial + tokens on timeout)Tokens only (pull + start)
BlockingYes, up to timeoutNo
User interactionNot supportedSupported via start token
Best forScreening, Company, server-to-serverPerson with document capture, biometrics
Typical latency10-60 secondsInstant (tokens), results in 30s-5min
Quick rule: server-to-server checks use sync. User-facing journeys use async. See Sync vs Async for implementation details, code examples, and timeout recommendations.

Data Flow

The end-to-end flow from submission to results follows six steps:
  1. Submit entity data to the Zenoo Gateway via the API (/api for sync, /init for async).
  2. Zenoo initiates configured checks across providers — screening, registry, document verification — based on the flow configuration.
  3. Provider results stream back to Zenoo as each check completes.
  4. Zenoo normalizes results, applies the risk model, generates alerts for any hits or mismatches, and assembles the compliance report.
  5. (Optional) Salesforce case management enriches results with AI research, UBO discovery, risk assessment, and compliance review.
  6. Retrieve aggregated results via sync response body, pull token polling, or webhook delivery.

Result Delivery

Zenoo supports three methods for delivering verification results to your system.

Pull via Token (simplest)

Poll GET /sharable-payload/{pull_token} at intervals. Returns 204 while processing, 200 with full results when complete. Pull tokens remain valid for 30 days after results are available.

Webhook Push (real-time)

Zenoo POSTs the full compliance report to your webhook endpoint when processing finishes. Payloads are signed with HMAC-SHA256 for verification. Fastest delivery, but requires you to expose and maintain a webhook endpoint.
Use Ping + Pull for production deployments. Zenoo sends a lightweight notification to your webhook, then you fetch the full payload from the pull endpoint at your convenience. This combines real-time notification with small webhook payloads and on-demand data retrieval.
Zenoo sends a lightweight notification (status + pull token, no result data) to your webhook. You then fetch the full payload from the pull endpoint at your convenience. Combines real-time notification with small webhook payloads and on-demand data retrieval.
MethodComplexityLatencyBest For
Pull via TokenLowest10-30s (poll interval)POC, development, simple integrations
Webhook PushMediumNear-instantEvent-driven architectures
Ping + PullMediumNear-instant notificationProduction systems, high reliability
See Result Delivery for implementation details, polling strategies, and webhook signature verification.

Salesforce Enrichment Pipeline

When Salesforce case management is enabled, Zenoo automatically webhooks check results to Salesforce. The enrichment pipeline performs:
  1. Case creation — Creates an AML case (Onboarding, Review, or Perpetual) with the primary entity.
  2. Entity extraction — Creates case entities for each director, UBO, and shareholder from the submitted data and registry results.
  3. Risk model evaluation — Applies the configured risk model to determine risk tier and required verification checks.
  4. Auto-execute checks — Queues and executes API-based verification checks based on risk model requirements.
  5. AI research — Runs automated company and person intelligence gathering using public data sources.
  6. UBO discovery — Discovers beneficial ownership structure from registry data, supplements any UBOs provided in the original submission.
  7. Alert generation — Creates alerts for PEP hits, sanctions hits, adverse media, name mismatches, DOB mismatches, and other anomalies.
  8. Risk assessment — Evaluates multi-dimensional risk (entity-attribute, country, industry, screening) and assigns an overall risk tier.
  9. Audit trail — Records all compliance-relevant events with timestamps for regulatory reporting.
Enriched data flows back to Zenoo and is included in the compliance report served via the pull token or webhook.

What’s Next

Getting Started

Create your first verification in 5 minutes

Company Verification Quickstart

Run company verification checks with screening and registry lookup

Person Verification Quickstart

Run individual identity verification with document capture

Screening Quickstart

Screen entities against PEP, sanctions, and adverse media databases

Sync vs Async

Choose between synchronous and asynchronous execution models

Result Delivery

Configure how you receive verification results

Webhooks

Set up webhook endpoints for real-time event delivery