REST API · OpenAPI 3.1 · v1

One API. Ten European registries. Auditable provenance.

Verify any European company against the 10+ government registries Veritor integrates with. REST API, OpenAPI 3.1 specification, SDKs for Node.js, Python, and PHP. Sandbox free.

01 / Core endpoints

Six verbs. Forty registries' worth of data.

POST /v1/verifycore
Entity verification by name, identifier, or partial match. Returns verified entity with confidence score, full provenance chain, and source registry payloads.
POST /v1/verify/nipPL
Polish NIP white-list validation. Returns VAT status, declared bank accounts, audit ID required for STIR split-payment documentation.
POST /v1/uboUBO
Beneficial owner resolution. Recursive chain resolution across CRBR, PSC, Transparenzregister. Output: natural persons with control percentages.
POST /v1/counterpartyfull KYB
Full KYB report — entity verification + UBO + sanctions screening + PEP check + financial health + risk score. PDF-exportable audit report.
POST /v1/batchbulk
Batch verification — up to 100 entities per request, async webhooks for larger workloads. Designed for onboarding queues and CRM cleanups.
GET /v1/changesmonitoring
Polling or webhook subscription for changes on watched entities — status, leadership, UBO, sanctions match. Real-time risk monitoring.
02 / Example: verify a Polish company

From query to verified record in 1.8s

# Verify by company name (AI disambiguation kicks in if multiple candidates)
curl https://api.veritor.org/v1/verify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PKN Orlen",
    "country": "PL"
  }'

# Response
{
  "verified": true,
  "confidence": 99,
  "entity": {
    "name": "POLSKI KONCERN NAFTOWY ORLEN S.A.",
    "krs": "0000028860",
    "nip": "7740001454",
    "regon": "610188201",
    "lei": "259400N3WD80SSEVTM73",
    "status": "ACTIVE"
  },
  "provenance": [
    {"source": "gleif", "authority": 99, "ts": "2026-05-15T08:23:11Z"},
    {"source": "krs", "authority": 98, "ts": "2026-05-15T08:23:12Z"},
    {"source": "mf_whitelist", "authority": 99, "ts": "2026-05-15T08:23:12Z"}
  ],
  "audit_id": "verify-2026051508-9f8e7d6c",
  "duration_ms": 1842
}
03 / SDKs & quickstart

Officially supported language SDKs

Node.js / TypeScript
npm install @veritor/sdk
Type-safe client with full IntelliSense. Built on fetch, zero heavy deps. Works in Node 18+, Deno, Bun, Edge runtimes.
Python
pip install veritor
async/sync clients, Pydantic models, typed responses. Compatible with FastAPI, Django, Celery workers.
PHP
composer require veritor/sdk
PSR-18 compliant client. Tested against PHP 8.1+, Laravel, Symfony, Magento.
OpenAPI 3.1 spec
Public, versioned
Generate clients for Go, Ruby, Java, C#, Rust, or any language with openapi-generator. We test against generated clients on every release.
04 / Common questions

API FAQ

What are the rate limits?

Free: 5 req/min, 50/month. Starter: 100 req/min, 5,000/month. Pro: 500 req/min, 10,000/month. Team: 1,000 req/min, 15,000/month. Enterprise: custom, no monthly cap. Burst tolerated within reason; sustained over-limit returns 429 with retry-after header.

Where is the data hosted?

EU only. Frankfurt (primary), Warsaw (PL connectors), Dublin (replica). No US transfer. GDPR-compliant by design. DPA available on request, SCCs included for any non-EU sub-processor.

What happens if a source registry is down?

Veritor's EAM gateway has cache + circuit-breaker per source. If a source is unhealthy, you get last-known cached data with a stale-flag and timestamp. For Polish MF white-list, the secondary source is EU VIES; for GLEIF, the secondary is direct ISO 17442 lookups. Graceful degradation is the design default.

Does the API return PDF reports?

The /v1/counterparty endpoint returns JSON by default and supports format=pdf for an audit-ready PDF with full provenance chain, suitable for regulator inspection. Available from Professional tier.

How long is data cached?

Default cache TTL is 24 hours per source. You can request fresh=true to force a live registry query (counts as 2x quota). Status-change events fire webhooks regardless of cache state.

Get an API key

Email api@veritor.org with your use case and we'll provision a sandbox key within one business day. Production keys follow after a 15-minute scoping call.

api@veritor.org →