PROOViD AML Docs
Reference

Bring your own data provider

Every tenant screens against PROOViD's built-in, free sources out of the box. If you hold a licence for a commercial dataset, you can layer it on with your own API key — configured per tenant, encrypted at rest, and used only for your screens. PROOViD never bundles, resells, or pays for third-party data: you bring your own key.

Built-in & free (no key needed)

These run on every screen with no configuration — they are public-domain or open government data:

  • Sanctions — UN, OFAC (US Treasury SDN), EU and UK (OFSI) consolidated lists.
  • PEPs — Politically-Exposed Persons from Wikidata (CC0 public domain): heads of state, prime ministers, ministers, central-bank governors, ambassadors and legislators.
The local engine (fuzzy + phonetic + nickname matching, classification and risk scoring) always runs against these. Commercial providers are additive — they widen coverage; they never replace the built-in screening.

Commercial providers you can add

Each is opt-in per tenant and uses your credentials:

Provider typeWhat it addsYou supply
OpenSanctions your key The OpenSanctions consolidated sanctions + PEP dataset (curated, multi-source, deduplicated) Your OpenSanctions API key (+ optional collection / datasets / threshold)
AdverseMedia your endpoint Your own adverse-media / news source — sidesteps the shared free-GDELT rate limit A GDELT DOC 2.0-compatible endpoint URL (+ optional key / keywords)
CriminalRecords your endpoint Your court / registry / vendor criminal-records feed (matches are crime-tagged → Fail) A JSON HTTP endpoint URL (+ optional key)
Licensing is yours. Commercial datasets carry their own terms — e.g. OpenSanctions is CC BY-NC, so commercial use requires a licence from them. You obtain the licence and key; PROOViD simply uses the key you provide.

Configure a provider

Admin-only, per tenant. The key is write-only (sent on configure, never returned), stored AES-GCM encrypted, and masked when listed.

Add or update

PUT /v1/tenants/{tenantId}/providers/{providerType}
Authorization: Bearer <admin token>
Content-Type: application/json

{providerType} is one of OpenSanctions, AdverseMedia, CriminalRecords. Body fields:

FieldTypeApplies toNotes
enabledboolallRequired. Turn the provider on/off.
apiKeystringallYour key. Required to enable; omit to keep the stored key. Never returned.
baseUrlstringAdverseMedia, CriminalRecordsYour endpoint URL. Required to enable AdverseMedia.
collectionstringOpenSanctionsScope to match, e.g. default or sanctions.
thresholdnumberOpenSanctionsProvider-side min score 0–1 (falls back to your profile threshold).
includeDatasetsstring[]OpenSanctionsRestrict to these datasets (empty = all).
topicsstring[]OpenSanctionsRestrict to these risk topics (empty = all).
algorithmstringOpenSanctionsScoring algorithm, e.g. logic-v1.
keywordsstring[]AdverseMediaNegative-context terms (empty = sensible defaults).
maxRecordsnumberAdverseMediaMax articles considered per screen.

Example — OpenSanctions with your key

curl -X PUT https://aml-screening.dloizides.com/v1/tenants/$TENANT_ID/providers/OpenSanctions \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "apiKey": "<your-opensanctions-key>",
    "collection": "default",
    "threshold": 0.7
  }'

Example — your own adverse-media endpoint

curl -X PUT https://aml-screening.dloizides.com/v1/tenants/$TENANT_ID/providers/AdverseMedia \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "apiKey": "<optional-key>",
    "baseUrl": "https://news.example.com/api/v2/doc",
    "keywords": ["fraud", "sanction", "money laundering"],
    "maxRecords": 50
  }'

List configured providers (keys masked)

GET /v1/tenants/{tenantId}/providers
Authorization: Bearer <admin token>

Remove a provider

DELETE /v1/tenants/{tenantId}/providers/{providerType}
Authorization: Bearer <admin token>
Validation: enabling any provider without a key (and with none stored) returns 400"Enabling a provider requires an API key"; enabling AdverseMedia without a baseUrl returns 400"Enabling an adverse-media provider requires an endpoint (baseUrl)". Every change is written to the tamper-evident audit log.

How it behaves on a screen

  • Enabled providers run in parallel with the built-in engine; their matches are classified and risk-scored by the same rules.
  • A provider you configure for a type overrides the built-in default for that type (e.g. your adverse-media endpoint replaces the shared free GDELT).
  • If your provider is unreachable, the screen still completes on the built-in sources — a provider outage never fails a screen.
  • Your key is scoped to your tenant only; it is never shared, logged, or returned.
© PROOViD AML · Developer Docs API reference · Authentication