Overview
The Amani REST API uses JSON Web Token (JWT) authentication and accepts/returns JSON. All requests must be made over HTTPS. Use your regional base URL for all requests.
| Region | Base URL |
|---|---|
| Europe | https://eu.amani.ai |
| Turkey | https://tr.amani.ai |
| UAE | https://ae.amani.ai |
Interactive API Explorer
Try all endpoints directly in your browser — no setup needed. Open Swagger Documentation →
Token Types
User Token
Obtained by logging in with your credentials. Grants access to all actions within your permission group. Use server-side only — never expose in client code.
Profile Token
Obtained by creating a customer profile. Scoped to that profile only — used to launch the verification flow via SDK or Web SDK link.
API Sections
Authentication
Login, token refresh, and user management.
- POST /api/v2/user/login
- POST /api/v2/token/refresh/
Profiles
Create, retrieve, and update customer profiles.
- POST /api/v2/profile
- GET /api/v2/profile/{id}
- PATCH /api/v2/profile/{id}
Documents
Upload, retrieve, approve, archive, and delete identity documents.
- POST /api/v2/document
- GET /api/v2/document/{id}
- PUT /api/v2/document/{id}
Webhooks
Manage webhook endpoints and receive real-time event notifications.
- POST /api/v2/webhook
- GET /api/v2/webhook/events
- GET /api/v2/webhook/secret
AML
Anti-Money Laundering screening across 210+ data sources and 1.4M+ entities.
- GET /api/v2/aml/search
- GET /api/v2/aml/report/{id}
IP Whitelist
Manage allowed IP addresses for your API integration.
- GET /api/v2/ip-whitelist
- POST /api/v2/ip-whitelist
- DELETE /api/v2/ip-whitelist/{ip}
Authentication
All API requests require a valid JWT token in the Authorization header. Obtain a token by logging in with your credentials. Tokens expire periodically — use the refresh endpoint to get a new access token without re-authenticating.
Login
Authenticate with your credentials to receive a user token. Must be performed server-side.
POST {base_url}/api/v2/user/login
curl '{base_url}/api/v2/user/login' \
-H 'Content-Type: application/json' \
--data '{
"username": "user@account.com",
"password": "password"
}'Response includes the access token, refresh token, and user details:
{
"id": "user-uuid",
"username": "username",
"first_name": "First",
"last_name": "Last",
"access": "ACCESS_TOKEN",
"refresh": "REFRESH_TOKEN",
"groups": [...],
"permissions": [...]
}access token in all subsequent requests: Authorization: Bearer <ACCESS_TOKEN>Refresh Token
When your access token expires (you'll receive a 401 Unauthorized response), use the refresh token to obtain a new access token:
POST {base_url}/api/v2/token/refresh/
curl '{base_url}/api/v2/token/refresh/' \
-H 'Content-Type: application/json' \
--data '{"refresh": "<REFRESH_TOKEN>"}'{
"access": "<NEW_ACCESS_TOKEN>"
}Profiles
Customer profiles are the core entity in Amani. Create a profile to register a customer, retrieve the profile token for SDK initialization, and update profile data or status as needed.
Create Profile
Register a new customer and receive their profile token. If a customer with that ID already exists, the existing profile is returned.
Retrieve Profile Token
Get the profile token for an existing customer to initialize a new verification session.
Update Profile
Update customer information (name, email, phone, ID number) or set the profile status (approved, rejected, pending, etc.).
Documents
The Documents API manages identity documents submitted during verification. You can upload documents on behalf of customers, retrieve submitted documents, and manage their lifecycle.
Upload Document
Submit identity document pages (front, back, selfie) programmatically for a given profile.
Retrieve Documents
Fetch all submitted documents for a profile, including status, results, and metadata.
Approve / Reject
Manually approve or reject a document via the API.
Archive / Restore
Archive outdated documents or restore archived ones back to active status.
Delete
Permanently delete a document from a customer's profile.
Webhooks
Webhooks let Amani push real-time verification event notifications to your server. Each request is signed with an HMAC signature using your webhook secret — always verify the signature before processing the payload.
List Events
Get all available webhook event types you can subscribe to.
Create Endpoint
Register a webhook endpoint URL to receive event notifications.
Secret Token
Get or regenerate the HMAC secret key used to sign webhook payloads.
Logs & Retry
View webhook delivery logs and retry failed event deliveries.
AML
The AML (Anti-Money Laundering) API screens individuals against a global database of sanctions lists, PEP (Politically Exposed Person) registries, and adverse media sources.
210+ Data Sources
Comprehensive coverage across global sanctions lists, law enforcement databases, and regulatory watchlists.
1.4M+ Entities
Over 1,437,809 entities monitored across PEP registries, sanctions lists, and adverse media.
48 Countries
Jurisdiction-specific coverage for 48 countries with dedicated local data sources.
IP Whitelist
The IP Whitelist API lets you restrict API access to a defined set of trusted IP addresses — useful for locking down server-to-server integrations and preventing unauthorized access.
| Endpoint | Description |
|---|---|
GET /api/v2/ip-whitelist | List all whitelisted IP addresses |
POST /api/v2/ip-whitelist | Add a new IP address to the whitelist |
DELETE /api/v2/ip-whitelist/{ip} | Remove an IP address from the whitelist |
Ready to integrate?