API Reference

UWAY API

The UWAY API allows regulated fintech and Web3 teams to submit customer, transaction, and counterparty data into a unified compliance workflow. The API supports case creation, risk scoring, alert review, Travel Rule workflow tracking, and audit record retrieval.

Access: The UWAY API is currently available to selected implementation partners and pilot customers. Public sandbox access may be provided upon request.

Overview

The UWAY API is a RESTful interface for integrating compliance workflows into your internal systems. All requests are authenticated via Bearer tokens and return JSON responses.

RESTful Design

Standard HTTP methods and status codes

JSON Format

All request and response bodies use JSON

Webhook Support

Real-time event notifications to your systems

Example Request

bash
Example
POST https://api.uway.com/v1/cases
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "customer_id": "cust_8f72b1c4",
  "case_type": "aml_alert",
  "risk_level": "high",
  "alert_source": "sanctions_screening",
  "metadata": {
    "customer_name": "Example Ltd",
    "jurisdiction": "HK",
    "screening_hit": "OFAC-SDN-12345"
  }
}

Authentication

All API requests require authentication using Bearer tokens. Include the token in the Authorization header of each request.

Header Format

Authorization: Bearer YOUR_API_KEY

Security Best Practices

  • Store API keys securely and never commit to version control
  • Rotate keys periodically and immediately if compromised
  • Use environment variables for key management

Base URL

https://api.uway.com

All API requests should be made to this base URL with the appropriate version path.

Sandbox Access

A sandbox environment is available for pilot customers and implementation partners. Sandbox uses the same API structure but operates on test data.

https://sandbox-api.uway.com

Core Resources

Customers

/v1/customers

Customer records with KYC/KYB data, jurisdiction, and risk profile.

GET/v1/customers

List customers

GET/v1/customers/:id

Get customer details

POST/v1/customers

Create customer record

PATCH/v1/customers/:id

Update customer

Cases

/v1/cases

Compliance cases for AML alerts, KYC reviews, and Travel Rule exceptions.

GET/v1/cases

List cases with filters

GET/v1/cases/:id

Get case details

POST/v1/cases

Create case

PATCH/v1/cases/:id

Update case status

POST/v1/cases/:id/assign

Assign reviewer

POST/v1/cases/:id/resolve

Resolve with decision

Risk Scores

/v1/risk-scores

Unified risk assessments from multiple compliance signals.

GET/v1/risk-scores/:customer_id

Get customer risk score

POST/v1/risk-scores/calculate

Calculate risk score

GET/v1/risk-scores/history/:customer_id

Risk score history

Alerts

/v1/alerts

AML screening alerts, sanctions matches, and PEP notifications.

GET/v1/alerts

List alerts

GET/v1/alerts/:id

Get alert details

POST/v1/alerts/:id/dismiss

Dismiss as false positive

POST/v1/alerts/:id/escalate

Escalate to case

Travel Rule Transfers

/v1/travel-rule

Cross-border transfer records with counterparty and VASP information.

GET/v1/travel-rule

List transfers

GET/v1/travel-rule/:id

Get transfer details

POST/v1/travel-rule

Record transfer

POST/v1/travel-rule/:id/submit

Submit to counterparty VASP

Example Response

json
Example
{
  "case_id": "case_9a3b7c2d1e",
  "customer_id": "cust_8f72b1c4",
  "case_type": "aml_alert",
  "risk_level": "high",
  "status": "pending_review",
  "created_at": "2026-05-25T10:15:30Z",
  "assigned_to": null,
  "alert_source": "sanctions_screening",
  "metadata": {
    "customer_name": "Example Ltd",
    "jurisdiction": "HK",
    "screening_hit": "OFAC-SDN-12345"
  },
  "workflow": {
    "current_stage": "initial_review",
    "next_action": "assign_reviewer",
    "sla_deadline": "2026-05-26T10:15:30Z"
  }
}

Webhooks

UWAY can send real-time event notifications to your systems via webhooks. Configure webhook endpoints in your Sentinel dashboard to receive updates on case status changes, escalations, and other compliance events.

Event Types

  • case.created
  • case.escalated
  • case.resolved
  • alert.dismissed
  • travel_rule.submitted

Webhook Payload Example

json
Example
POST https://your-domain.com/uway/webhook

{
  "event": "case.escalated",
  "case_id": "case_9a3b7c2d1e",
  "customer_id": "cust_8f72b1c4",
  "reason": "sanctions_match_confirmed",
  "previous_risk_level": "high",
  "new_risk_level": "critical",
  "timestamp": "2026-05-25T10:30:45Z",
  "review_url": "https://sentinel.hkuway.com/cases/case_9a3b7c2d1e"
}

Error Codes

StatusCodeDescription
200OKRequest succeeded
400BAD_REQUESTInvalid request parameters
401UNAUTHORIZEDInvalid or missing API key
403FORBIDDENInsufficient permissions
404NOT_FOUNDResource not found
429RATE_LIMITEDToo many requests
500INTERNAL_ERRORServer error, retry later

Request API Access

API access is available to selected implementation partners and pilot customers. Contact our team to discuss your integration requirements.

Talk to Our Team