API quickstart: your first programmatic screen

API keys are provisioned via our sales team — contact sales@amlregister.com or request through /contact. Keys are scoped (read-only vs read-write), IP-allow-listable, and rate-limited per plan.

Store the key in an environment variable, never in source control. Our SDKs look for the AMLREGISTER_API_KEY environment variable by default.

Send a POST to /v1/screen with a JSON body containing the address. The response includes the report ID, risk level, total score, and full category breakdown.

curl -X POST https://api.amlregister.com/v1/screen -H "Authorization: Bearer $AMLREGISTER_KEY" -H "Content-Type: application/json" -d '{"address":"0x..."}'

The Pro tier is rate-limited at 10 requests per second sustained, 50 per second burst. Enterprise is unlimited within a reasonable fair-use policy.

HTTP 429 responses include a Retry-After header. Implement exponential backoff in your client — our SDKs do this automatically.

2xx indicates success. 400 means a malformed request (check your payload). 401 means invalid key. 403 means the key is out of scope (e.g. trying to POST with a read-only key). 429 means rate-limited. 5xx means a server error; retry with backoff.

Our SDKs throw typed exceptions for each error class. You generally want to handle 4xx explicitly and let the SDK's built-in retry handle 5xx.

For batch workloads, use the bulk endpoint and configure a webhook URL. We'll POST results to your endpoint when the batch completes. Webhooks are signed with HMAC-SHA256 for authenticity.