309 Enforcement Actions in the U.S. over past 30 days


FINRA enforcements decreased 70% over the past 30 days


SEC issued enforcements: $289,563,885 over the past 30 days


161 Final Rules go into effect in the next 30 days


120 Mortgage Lending docs published in the last 7 days


1460 docs with 2637 extracted obligations from the last 7 days


964 new Proposed and Final Rules were published in the past 7 days


16097 new docs in pro.compliance.ai within the last 7 days


Considering RCM Solutions?  Here’s an RFP to get started.


Getting Started with Compliance.ai API

Compliance.ai offers support for OAuth 2.0 Authentication for all of our API methods in the Compliance.ai developer API platform.

This guide provides the steps necessary to start using Compliance.ai’s Developer API with OAuth 2.0.

  • Register once
  • Authorize periodically (refresh token)
  • Authenticate each time you call the API


A Client ID (API key) and Client Secret is generated once a user has registered an account and created a new application:

  • If you haven’t already, register for an account on Compliance.ai’s developer platform by signing up here.
  • Once you are logged in:
    • Go to “My Account” on the top right of the screen
    • Select the “Application” section
    • Create a new application and add following details:
      • Application name
      • Web page about the application
      • Description
  • When an application is created, Compliance.ai team will review & approve the application.
  • After approval, the application status will change to “active”
    • The Client ID and Client Secret can be found under the “Keys” section of “My Account”, along with details of the API plan
      • Client ID is also referred to as Key or API Key
      • API Key / Client ID string will be 24 characters long
      • Client Secret string will be 10 characters long


An access token is issued, along with other parameters, in a response to a well formatted authorization request. Please note that an authorization request will count towards the calls per day quota and Compliance.ai has accounted for 6 authorization related requests per day in each of our API subscription plans.

  • A successful response will include the following parameters:
    • Access Token
    • Token Type: bearer
    • Time to Expiration: 3600
    • Refresh Token
  • Access Token string will be 24 characters long
  • Refresh Token string will be 24 characters long

There are three ways you can generate an access token to pass along in header of the API request:

  • Generating through I/O Docs on Compliance.ai Developer Platform
  • Generating through API call directly
    • Add in the following into the authorization request:
    • Example of request and response using Postman:
      • POST /oauth2/token HTTP/1.1
      • Host: compliance.api.mashery.com
      • Content-Type: application/x-www-form-urlencoded
      • cache-control: no-cache
      • Postman-Token: 2d3b1419-9273-454d-8261-dd926960bf88
      • client_id=[]client_secret=[]grant_type=client_credentials

  • Generating through Python
    • You can download the sample code using this link.
  • Generating using Refresh Token
    • Add in the following into a Post request:
    • Example Request:
      • POST /oauth2/token HTTP/1.1
      • Host: compliance.api.mashery.com
      • Content-Type: application/x-www-form-urlencoded
      • cache-control: no-cache
      • client_id=ysszm2yk7gp5r9ernuaurgccclient_secret=w9t7t48g7Hgrant_type=refresh_tokenrefresh_token=6mh3cgqvc6d992fd45zc88ueundefined=undefined
    • Example Response:
      • “access_token”: ” “,
      • “token_type”: “bearer”,
      • “expires_in”: 3600,
      • “refresh_token”: ” “
    • Notes:
      • A new refresh token is issued along with the new access token
      • If the most recent refresh token is not included in the request, you will receive the following error:
        • “error”: “invalid_grant”,
          “error_description”: “Invalid refresh token”

Request Authentication

When making a request to any Compliance.ai API method using OAuth 2.0 authentication, include the Access Token in the Request Header as an Authorization Bearer.

  • Examples:
    • Interactive API on Compliance.ai
      • Request URL:
        • https://api.compliance.ai/v1/searchoauth?[filters]
      • Request Header:
        • accept-encoding: identity
        • Authorization: Bearer [access token]
        • X-Originating-IP:
    • Postman
        • GET /v1/searchoauth HTTP/1.1
        • Host: api.compliance.ai
        • Authorization: Bearer [access token]
        • cache-control: no-cache

Next Steps

Contact us to schedule a demo and discuss integration options in detail.

If you’re a developer, join our Developer Program to learn more and begin using our interactive API.