Getting Started

Authentication

All Dossiers API endpoints require authentication via a Bearer JWT API key.

Getting Your API Key

Log in to the Dossiers Dashboard
Navigate to the Developer Console
Click Create API Key
Select the products you want to enable for this key (Document Verification, AML Screening, or both)
Copy the generated key — it will only be shown once

Using Your API Key

Include the API key in the Authorization header of every request:

Code
curl -X POST https://api.dossiers.wiki/screening/request \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"fullName": "John Smith"}'

The key is a signed JWT. The API validates it on every request and checks that your organization has access to the product being called.

Product Permissions

Each API key has product-level permissions. If you try to call an endpoint for a product that is not enabled on your key, the API will return a 403 Forbidden response.

Product	Endpoints
Document Verification	`POST /document-processing`, `GET /document-processing/*`
AML Screening	`POST /screening/request`, `POST /high-risk/search`

You can create multiple API keys with different permission scopes — for example, one key for your document verification pipeline and another for your AML screening integration.

Key Management

From the Developer Console you can:

View active keys and their product permissions
Invalidate a key — immediately revokes access (cannot be undone)
Monitor usage — see credit consumption per key

When a key is created or invalidated, a webhook event is sent (system.apiKey.created or system.apiKey.invalidated) to any configured webhook destinations.

Error Responses

Status Code	Meaning
`401 Unauthorized`	Missing or malformed `Authorization` header, or the API key JWT is invalid/expired
`403 Forbidden`	The API key is valid but does not have permission to access the requested product

Security Best Practices

Store API keys in environment variables or a secrets manager — never commit them to source control
Use separate keys for development and production environments
Rotate keys periodically by creating a new key and invalidating the old one
Restrict each key to only the products it needs

Last modified on March 9, 2026

Introduction Document Verification

Using Your API Key

Include the API key in the Authorization header of every request:

Code

curl -X POST https://api.dossiers.wiki/screening/request \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"fullName": "John Smith"}'

The key is a signed JWT. The API validates it on every request and checks that your organization has access to the product being called.

Product Permissions

Each API key has product-level permissions. If you try to call an endpoint for a product that is not enabled on your key, the API will return a 403 Forbidden response.

Product

Endpoints

Document Verification

POST /document-processing, GET /document-processing/*

AML Screening

POST /screening/request, POST /high-risk/search

You can create multiple API keys with different permission scopes — for example, one key for your document verification pipeline and another for your AML screening integration.

Key Management

From the Developer Console you can:

View active keys and their product permissions

Invalidate a key — immediately revokes access (cannot be undone)

Monitor usage — see credit consumption per key

When a key is created or invalidated, a webhook event is sent (system.apiKey.created or system.apiKey.invalidated) to any configured webhook destinations.

Status Code

Meaning

401 Unauthorized

Missing or malformed Authorization header, or the API key JWT is invalid/expired

403 Forbidden

The API key is valid but does not have permission to access the requested product

Security Best Practices

Store API keys in environment variables or a secrets manager — never commit them to source control

Use separate keys for development and production environments

Rotate keys periodically by creating a new key and invalidating the old one

Restrict each key to only the products it needs

Last modified on March 9, 2026