SableCheck Documentation

Screen counterparties against sanctions, PEP and adverse-media data — with full provenance on every match. One REST API, auditor-ready PDF reports, and continuous monitoring.

Get a free API key Open the API reference

Quickstart — first screening in four calls

You'll need an API key — the free tier (500 screenings/month, no card) is issued by email in under a minute from sablecheck.com.

1 · Submit a counterparty

# client_key makes this idempotent — re-posting the same key returns the same subject
curl -X POST https://api.sablecheck.com/subjects \
  -H "Authorization: Bearer $SABLECHECK_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Trading (Pvt) Ltd",
    "entity_type": "Company",
    "jurisdiction": "ZW",
    "identifiers": [{"scheme": "registration_number", "value": "4471/2019"}],
    "client_key": "your-internal-ref-001"
  }'
# → 201  {"id": "5540f0dc-…", "name": "Acme Trading (Pvt) Ltd", …}

entity_type is Company or Person. For people, submit the fullest legal name you have — matching is fuzzy and alias-aware, but garbage in, garbage out.

2 · Trigger a screening run

curl -X POST https://api.sablecheck.com/subjects/{subject_id}/screen \
  -H "Authorization: Bearer $SABLECHECK_KEY" \
  -H "Content-Type: application/json" \
  -d '{"actor": "jane.analyst"}'
# → 202  {"run_id": "f78631e7-…", "status": "running"}

Screening is asynchronous — the run fans out across every data source in parallel. Most runs finish in 10–60 seconds. actor is optional and lands in the audit trail.

3 · Read the result

curl https://api.sablecheck.com/runs/{run_id} \
  -H "Authorization: Bearer $SABLECHECK_KEY"

Poll until status is completed (or partial — see below). The response contains the aggregated risk_assessment and every per-source finding with full provenance.

4 · Download the report

curl -o report.pdf https://api.sablecheck.com/runs/{run_id}/report.pdf \
  -H "Authorization: Bearer $SABLECHECK_KEY"

An A4, auditor-ready PDF: verdict summary per category, matched findings with source · dataset · timestamp, and the run record. Hand it straight to your reviewer or regulator.

Authentication

Every endpoint except /health takes your key as a bearer token:

Authorization: Bearer cipk_your_key_here

Plans & rate limits

PlanMonthly screeningsBurst limitsMonitoring
Free — $05005/min · 100/day
Growth — $99/mo10,00060/minYour book
Scale — $249/moUnlimited120/min fair-useUnlimited + webhooks

Every plan gets the full product — all watchlists, fuzzy matching, PDF reports, the complete API. Paid tiers buy volume and monitoring.

Every authenticated request counts against your windows. When a window is exceeded you get 429 with a Retry-After header (seconds). The monthly quota resets on the 1st, UTC. Check your live usage any time with GET /me or at your account page.

How screening works

SableCheck scores and flags — it never decides. Any sanctions or PEP match sets human_review_flag: true. Matches are name-based candidates for your analyst to adjudicate; the accept/reject decision, and the record of it, stay with your institution.

Provenance & audit

Every finding carries its source, dataset_version and retrieved_at timestamp, plus the exact query sent and the raw response received. Nothing is asserted without evidence, and nothing is hard-deleted — screening history survives staff turnover and system migrations. When your auditor asks "what did you check, against what, and when?", the answer is one API call or the PDF.

Data coverage

CategorySourcesRefresh
SanctionsUS OFAC (SDN + Consolidated), UN Security Council, EU Consolidated, UK OFSI, Canada SEMA — from the primary publishersDaily
PEPsAll 54 African countries (Wikidata) + national/sub-national Nigerian PEP register (Chipper)Daily
Adverse mediaGlobal news-mention screening (GDELT)Live at screen time
ContextCorporate registries (GLEIF LEI), offshore-leaks reconciliation (ICIJ), FATF jurisdiction risk, DNFBP classificationLive / per plenary

100,000+ sanctioned entities and PEPs tracked. Source data is drawn from primary publishers — not resold aggregator feeds — which is what keeps enterprise-grade screening affordable.

Guide · PDF reports

GET /runs/{run_id}/report.pdf returns the branded report for any run, any plan. It contains:

Generate it lazily — the PDF renders from stored findings, so you can fetch it days later or repeatedly; each generation is itself audit-logged.

Guide · Continuous monitoring

Watchlists change daily; your counterparties don't re-onboard themselves. Monitoring re-screens enrolled subjects every day, right after the watchlist refresh, and alerts you only on material change:

# enrol at submission…
{"name": "Acme Trading (Pvt) Ltd", "entity_type": "Company", "monitor": true}
# …or toggle any time
curl -X POST https://api.sablecheck.com/subjects/{subject_id}/monitor \
  -H "Authorization: Bearer $SABLECHECK_KEY" \
  -H "Content-Type: application/json" \
  -d '{"enabled": true}'

Alerts arrive as an email digest. Webhook delivery is available on the Scale plan — contact us to configure your endpoint. Monitoring is included on Growth (your book) and Scale (unlimited).

Guide · Usage & upgrading

curl https://api.sablecheck.com/me -H "Authorization: Bearer $SABLECHECK_KEY"
# → {"plan": "Free", "month_usage": 212, "rate_limit_per_month": 500, …}

Watch month_usage approach your quota programmatically, or see it as a meter at sablecheck.com/account — where you can also request an upgrade in one click. Billing is currently invoice-based; upgrades are activated within one business day.

Errors

StatusMeaningWhat to do
401Missing or invalid API keyCheck the Authorization: Bearer header; rotate a lost key via hello@
404Subject or run doesn't existCheck the UUID; subjects are per-account
200 on POST /subjectsDuplicate client_keyNot an error — the existing subject is returned (idempotency)
422Validation failedThe response body names the offending field
429Rate limit or quotaRespect Retry-After (seconds). A monthly-quota 429 says "Monthly quota reached — upgrade your plan"
Build clients to treat partial runs as usable results (they are — every completed source's findings are present) and to back off on 429 rather than retrying immediately: counters increment even on denied requests.

Full API reference — every endpoint, schema and example →