Developers

Counterparty intelligence that persists.

Callable from any contract, workflow, or runtime. Over HTTPS, MCP, or webhook.

How Verify thinks

Contract.

Upload an agreement. We extract counterparties, signers, and structured fields.

→

Counterparty.

Each identified party becomes a persistent record, callable across every future contract.

→

Risk.

Sanctions, litigation, registry, ownership, and behavioral screening compose a single typed decision.

→

Monitoring.

Open a monitoring profile. Receive change events for the life of the relationship.

Quickstart

From contract to decision.

Upload an agreement, run screening against the parties it identifies, and retrieve a structured decision attached to a persistent counterparty record.

POST /api/contracts/upload
Authorization: Bearer <token>
X-API-Key: <workspace_key>
Content-Type: multipart/form-data

file=@agreement.pdf

→ { "id": "ctr_8xq...", "status": "extracted",
    "parties": [ { "name": "Acme Corp", "type": "business" }, ... ] }

POST /api/contracts/ctr_8xq.../run-risk
→ { "status": "screening" }

GET  /api/counterparties/cp_3kn.../timeline
→ {
    "name": "Acme Corp",
    "currentRiskBadge": "green",
    "screeningCount": 4,
    "events": [
      { "type": "screening_completed", "severity": "info" },
      { "type": "monitor_change", "severity": "warning" }
    ]
  }

Authentication

Bearer JWT, workspace key.

Every request carries a Bearer JWT identifying the user session and a workspace API key. Public sample records add an X-Claim-Token header so unauthenticated reads remain scoped to a single anonymous identity.

Authorization

JWT issued by your auth provider, attached as Authorization: Bearer <token>. Identifies the user and resolves the workspace.

X-API-Key

Workspace key, issued during private beta. Required on every call. Treat as a secret.

X-Claim-Token

Optional. Scopes anonymous reads of public sample records. Not required for authenticated traffic.

Endpoints

One typed shape.

Each screened party carries a risk badge (green · orange · red), a score, and structured findings. State transitions append risk_badge_changed events to the counterparty timeline.

Party · canonical

{
  "_id":         "<ObjectId>",
  "name":        "Acme Corp",
  "type":        "business",
  "riskBadge":   "orange",
  "riskScore":   0.62,
  "riskReasons": [ "⚠ Court records returned potential matches" ],
  "findings":    {
    "sanctionsHit":          false,
    "courtCases":            2,
    "businessStatus":        "active",
    "registeredJurisdiction": "Delaware"
  }
}

Endpoint surface

POST /api/contracts/upload, extract parties and structured fields from an agreement.
POST /api/contracts/{id}/run-risk, run screening against the contract's identified parties.
GET /api/counterparties, list persistent counterparty records.
GET /api/counterparties/{id}/timeline, read the per-party event stream.
POST /api/counterparties/{id}/monitoring, open or close a continuous-watch profile.

Open the full API reference →

Webhooks private preview

Events you will listen for.

Outbound delivery is in private preview. The event surface is the same typed stream that powers GET /api/counterparties/{id}/timeline today.

Sample · single counterparty over 90 days

live

T+0

screening

screening_completedscreening

Initial screening returned.

T+0

monitoring

monitoring_enabledmonitoring

Continuous watch started on this profile.

T+12d

verification

verification_rerunverification

Scheduled re-screen ran, no change.

T+62d

litigation

litigation_foundlitigation

New federal civil filing.

T+62d

risk

risk_badge_changedrisk

green → orange driven by litigation_found.

T+114d

registry

registry_status_changedregistry

Beneficial-owner disclosure updated at registry.

Today these events are retrievable per counterparty via the timeline endpoint. Webhook delivery and signing scheme finalized at v1.

MCP private preview

Callable from any model runtime.

Model Context Protocol server in preview. A thin wrapper over the REST API exposing verify_contract, get_counterparty, and list_events. Request access to receive the package.

Errors

Status codes you will see.

Errors return a JSON body with error and message fields. The HTTP status is authoritative.

400

bad_request

Malformed request body, missing required field, or unsupported file type.

401

unauthorized

Missing or invalid Bearer JWT, or workspace API key not recognized.

402

plan_required

Endpoint requires Usage plan. Activate to unlock monitoring and persistence.

404

not_found

Contract, counterparty, or event not present in this workspace.

409

in_progress

A screening run is already in flight for this contract.

429

rate_limited

Per-workspace upload or screening rate exceeded. Retry with backoff.

500

server_error

Unexpected condition. Safe to retry with the same idempotency key.

SDKs & integrations

Where Verify already runs.

DocuSign.

OAuth integration is live. Screen counterparties against agreements stored in DocuSign without leaving the envelope.

Ironclad, PandaDoc.

Connect-style integrations are on the roadmap. Request access to be notified when private preview opens.

Typed SDKs.

Until first-party SDKs ship, the REST surface is small enough to wrap directly. The shapes documented under Endpoints are stable.

Status

Operational state, on record.

Verify reports backend health, screening latency, and provider availability on a single page. Incidents are written there before they reach support.

Open the status page →

Changelog

What shipped, dated.

Versioned, dated entries for every breaking change, new event type, and new endpoint. Subscribed teams receive a digest at each cut.

Read the changelog →

Access

Private beta.

API and MCP access is in private beta. Teams running contract workflows at scale can request a key.

Open the API reference →Read the narrative docs →See a real record →