OFAC screening APIs

Use Cross River OFAC screening APIs to verify OFAC compliance, get screening status, and get details about a compliance scan using a scan ID, so you can be sure that individuals don't put you or the bank at risk of fraud or other criminal behavior.

Note

Get started with Cross River APIs.

The endpoints listed in this table are described in detail in the sections below.

Action

API Call

Description
Verify OFAC compliance

POST /api/OfacScan

Checks OFAC compliance before proceeding with an international transaction
Get OFAC screening status

GET /api/OfacScan/{scanId}/{sourceSenderId}

Returns international transaction screening requirements compliance details
Get OFAC scan ID

GET /api/OfacScan/{scanId}

Returns details about a compliance scan

Verify OFAC compliance (OFAC scan)

/api/OfacScan

Checks OFAC compliance.

Cross River requires OFAC screening before sending an international money transfer. This API endpoint makes this check.

Important

Every international transaction requires a new OFAC key.

Request attributes

requestId

string

Optional 

The GUID that enables the application to link request with response.

sourceSenderId

string

Optional 

The GUID that identifies the merchant partner.

cardToken

string

Required  

A randomly generated character string that relates to the consumer's payment card (15 to 38 alphanumeric characters). Matches the creditCardToken in the response.

Response attributes

requestId

string

Matches the RequestId found in the request for information on international transaction screening

creditCardToken

string

A string of randomly generated characters for the payment card the consumer signed up for. Length = 38 characters (alphanumeric).

error

string

A numeric code that describes any error that could happen during the OFAC compliance check

requestedAt

string

The date and time you requested the OFAC transaction.

In this case, the date and time are in this format: yyyy-mm-ddThh:mm:ss[.mmm]

respondedAt

string

The actual date and time the OFAC service sent the response.

In this case, the date and time are in this format: yyyy-mm-ddThh:mm:ss[.mmm]

updatedAt

string

The date and time Cross River received the OFAC status change after checking for cardholders that could be matches (“hits”). Verify whether transaction was allowed or rejected. Status changes not yet available.

In this case, the date and time are in this format: yyyy-mm-ddThh:mm:ss[.mmm]

status

string

  • "Hit" - either the entity is a suspect on the OFAC list, or the check is still in progress.

  • "Allowed" - the entity can transact.

Back to top

Copy

Sample request

{
  "requestId": "3fa85f85-5217-4562-b3fc-2c963f66afa4",
  "sourceSenderId": "298fa967-97dp-vvy6-afag-11sghvk6nx12",
  "cardToken": "xh7alh99sxn7b5v"
}
Copy

Sample response

{
  "requestId": "3fa85f85-5217-4562-b3fc-2c963f66afa4",
  "creditCardToken": "xh7alh99sxn7b5v",
  "error": "",
  "requestedAt": "2023-04-27T10:25:53.685Z",
  "respondedAt": "2023-04-27T10:25:53.885Z",
  "updatedAt": "2023-04-27T10:27:25.555Z",
  "status": "Hit",
  }

 

Get OFAC screening status

/api/OfacScan/{scanId}/{sourceSenderId}

Returns details showing compliance with international transaction screening requirements.The API makes the request based on the scanId and the sourceSender (partner) identifier.

Request attributes

scanId

string

Required  

Matches the RequestId found in the response. Use this GUID to identify this scan at a later time.

Note: This is the RequestId you sent in a specific OfacScan call.

sourceSenderId

string

Required  

The GUID that identifies the merchant partner

Response attributes

The response attributes for this call are the same as for Verify OFAC compliance.

Back to top

Copy

Sample request

{
  "requestId": "3fa85f85-5217-4562-b3fc-2c963f66afa4",
  "sourceSenderId": "298fa967-97dp-vvy6-afag-11sghvk6nx12",
  "cardToken": "xh7alh99sxn7b5v"
}
Copy

Sample response

{
  "requestId": "3fa85f85-5217-4562-b3fc-2c963f66afa4",
  "creditCardToken": "xh7alh99sxn7b5v",
  "error": "",
  "requestedAt": "2023-04-27T10:25:53.685Z",
  "respondedAt": "2023-04-27T10:25:53.885Z",
  "updatedAt": "2023-04-27T10:27:25.555Z",
  "status": "Hit",
  }

 

Get OFAC scan ID

/api/OfacScan/{scanId}

Returns details about a particular compliance scan, based on a specific request identifier.

Request attributes

scanId

string

Required  

Matches the RequestId found in the response. Use this GUID to identify this scan at a later time.

sourceSenderId

string

Optional 

The GUID that identifies the merchant partner

Response attributes

The response attributes for this call are the same as for Verify OFAC compliance.

Back to top

Copy

Sample request

{
  "requestId": "3fa85f85-5217-4562-b3fc-2c963f66afa4",
  "sourceSenderId": "298fa967-97dp-vvy6-afag-11sghvk6nx12",
  "cardToken": "xh7alh99sxn7b5v"
}
Copy

Sample response

{
  "requestId": "3fa85f85-5217-4562-b3fc-2c963f66afa4",
  "creditCardToken": "xh7alh99sxn7b5v",
  "error": "",
  "requestedAt": "2023-04-27T10:25:53.685Z",
  "respondedAt": "2023-04-27T10:25:53.885Z",
  "updatedAt": "2023-04-27T10:27:25.555Z",
  "status": "Hit",
  }

Related topics

Card payments overview

Card management APIs

Transaction management APIs

Request and response codes

Error codes