188 Enforcement Actions in the U.S. over past 30 days

-

SEC enforcements Increased 15% over the past 30 days

-

SEC issued enforcements: $304,504,552.51 over the past 30 days

-

257 Final Rules go into effect in the next 30 days

-

76 Mortgage Lending docs published in the last 7 days

-

3957 docs with 8216 extracted obligations from the last 7 days

-

new Proposed and Final Rules were published in the past 7 days

-

8571 new docs in pro.compliance.ai within the last 7 days

-

Download the Q3 Enforcement eBook now!

-

Join us Feb 4th at Comply 2021

-
NAVIGATION

Compliance.ai Platform API OAuth 2.0 User Guide

Compliance.ai offers support for OAuth 2.0 Authentication for all of our API methods in the Compliance.ai developer API platform.

This guide provides the steps necessary to start using Compliance.ai’s Developer API with OAuth 2.0.

  • Register once
  • Authorize periodically (refresh token)
  • Authenticate each time you call the API

Registration

A Client ID (API key) and Client Secret is generated once a user has registered an account and created a new application:

  • If you haven’t already, register for an account on Compliance.ai’s developer platform by signing up here.
  • Once you are logged in:
    • Go to “My Account” on the top right of the screen
    • Select the “Application” section
    • Create a new application and add following details:
      • Application name
      • Web page about the application
      • Description
  • When an application is created, Compliance.ai team will review & approve the application.
  • After approval, the application status will change to “active”
    • The Client ID and Client Secret can be found under the “Keys” section of “My Account”, along with details of the API plan
      • Client ID is also referred to as Key or API Key
      • API Key / Client ID string will be 24 characters long
      • Client Secret string will be 10 characters long

Authorization

An access token is issued, along with other parameters, in a response to a well formatted authorization request. Please note that an authorization request will count towards the calls per day quota and Compliance.ai has accounted for 6 authorization related requests per day in each of our API subscription plans.

  • A successful response will include the following parameters:
    • Access Token
    • Token Type: bearer
    • Time to Expiration: 3600
    • Refresh Token
  • Access Token string will be 24 characters long
  • Refresh Token string will be 24 characters long

There are three ways you can generate an access token to pass along in header of the API request:

  • Generating through I/O Docs on Compliance.ai Developer Platform
  • Generating through API call directly
    • Add in the following into the authorization request:
    • Example of request and response using Postman:
      • POST /oauth2/token HTTP/1.1
      • Host: compliance.api.mashery.com
      • Content-Type: application/x-www-form-urlencoded
      • cache-control: no-cache
      • Postman-Token: 2d3b1419-9273-454d-8261-dd926960bf88
      • client_id=[]client_secret=[]grant_type=client_credentials

  • Generating using Refresh Token
    • Add in the following into a Post request:
    • Example Request:
      • POST /oauth2/token HTTP/1.1
      • Host: compliance.api.mashery.com
      • Content-Type: application/x-www-form-urlencoded
      • cache-control: no-cache
      • client_id=ysszm2yk7gp5r9ernuaurgccclient_secret=w9t7t48g7Hgrant_type=refresh_tokenrefresh_token=6mh3cgqvc6d992fd45zc88ueundefined=undefined
    • Example Response:
      • “access_token”: ” “,
      • “token_type”: “bearer”,
      • “expires_in”: 3600,
      • “refresh_token”: ” “
    • Notes:
      • A new refresh token is issued along with the new access token
      • If the most recent refresh token is not included in the request, you will receive the following error:
        • “error”: “invalid_grant”,
          “error_description”: “Invalid refresh token”

Request Authentication

When making a request to any Compliance.ai API method using OAuth 2.0 authentication, include the Access Token in the Request Header as an Authorization Bearer.

  • Examples:
    • Interactive API on Compliance.ai
      • Request URL:
        • https://api.compliance.ai/v1/searchoauth?[filters]
      • Request Header:
        • accept-encoding: identity
        • Authorization: Bearer [access token]
        • X-Originating-IP:
    • Postman
        • GET /v1/searchoauth HTTP/1.1
        • Host: api.compliance.ai
        • Authorization: Bearer [access token]
        • cache-control: no-cache

Next Steps

Contact us to schedule a demo and discuss integration options in detail.

If you’re a developer, join our Developer Program to learn more and begin using our interactive API.

X