Authentication & Security

The Sanctions API uses API keys to authenticate API requests. Each request must contain your organization's API key via an apiKey parameter or header.


The apiKey may be sent in 2 ways

  1. Request Body - Include an apiKey parameter within the API request.
  2. Request Header - Include an apiKey request header (opens in a new tab) with each request.

For examples of apiKey request parameters and headers, see the example requests and the Postman Collection example on Github.


All API requests must be made over HTTPS. Unencrypted HTTP requests will be rejected.