UWAY API
The UWAY API allows regulated fintech and Web3 teams to submit customer, transaction, and counterparty data into a unified compliance workflow. The API supports case creation, risk scoring, alert review, Travel Rule workflow tracking, and audit record retrieval.
Access: The UWAY API is currently available to selected implementation partners and pilot customers. Public sandbox access may be provided upon request.
Overview
The UWAY API is a RESTful interface for integrating compliance workflows into your internal systems. All requests are authenticated via Bearer tokens and return JSON responses.
RESTful Design
Standard HTTP methods and status codes
JSON Format
All request and response bodies use JSON
Webhook Support
Real-time event notifications to your systems
Example Request
POST https://api.uway.com/v1/cases
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
{
"customer_id": "cust_8f72b1c4",
"case_type": "aml_alert",
"risk_level": "high",
"alert_source": "sanctions_screening",
"metadata": {
"customer_name": "Example Ltd",
"jurisdiction": "HK",
"screening_hit": "OFAC-SDN-12345"
}
}Authentication
All API requests require authentication using Bearer tokens. Include the token in the Authorization header of each request.
Header Format
Authorization: Bearer YOUR_API_KEYSecurity Best Practices
- Store API keys securely and never commit to version control
- Rotate keys periodically and immediately if compromised
- Use environment variables for key management
Base URL
https://api.uway.comAll API requests should be made to this base URL with the appropriate version path.
Sandbox Access
A sandbox environment is available for pilot customers and implementation partners. Sandbox uses the same API structure but operates on test data.
https://sandbox-api.uway.comCore Resources
Customers
/v1/customersCustomer records with KYC/KYB data, jurisdiction, and risk profile.
/v1/customersList customers
/v1/customers/:idGet customer details
/v1/customersCreate customer record
/v1/customers/:idUpdate customer
Cases
/v1/casesCompliance cases for AML alerts, KYC reviews, and Travel Rule exceptions.
/v1/casesList cases with filters
/v1/cases/:idGet case details
/v1/casesCreate case
/v1/cases/:idUpdate case status
/v1/cases/:id/assignAssign reviewer
/v1/cases/:id/resolveResolve with decision
Risk Scores
/v1/risk-scoresUnified risk assessments from multiple compliance signals.
/v1/risk-scores/:customer_idGet customer risk score
/v1/risk-scores/calculateCalculate risk score
/v1/risk-scores/history/:customer_idRisk score history
Alerts
/v1/alertsAML screening alerts, sanctions matches, and PEP notifications.
/v1/alertsList alerts
/v1/alerts/:idGet alert details
/v1/alerts/:id/dismissDismiss as false positive
/v1/alerts/:id/escalateEscalate to case
Travel Rule Transfers
/v1/travel-ruleCross-border transfer records with counterparty and VASP information.
/v1/travel-ruleList transfers
/v1/travel-rule/:idGet transfer details
/v1/travel-ruleRecord transfer
/v1/travel-rule/:id/submitSubmit to counterparty VASP
Example Response
{
"case_id": "case_9a3b7c2d1e",
"customer_id": "cust_8f72b1c4",
"case_type": "aml_alert",
"risk_level": "high",
"status": "pending_review",
"created_at": "2026-05-25T10:15:30Z",
"assigned_to": null,
"alert_source": "sanctions_screening",
"metadata": {
"customer_name": "Example Ltd",
"jurisdiction": "HK",
"screening_hit": "OFAC-SDN-12345"
},
"workflow": {
"current_stage": "initial_review",
"next_action": "assign_reviewer",
"sla_deadline": "2026-05-26T10:15:30Z"
}
}Webhooks
UWAY can send real-time event notifications to your systems via webhooks. Configure webhook endpoints in your Sentinel dashboard to receive updates on case status changes, escalations, and other compliance events.
Event Types
case.createdcase.escalatedcase.resolvedalert.dismissedtravel_rule.submitted
Webhook Payload Example
POST https://your-domain.com/uway/webhook
{
"event": "case.escalated",
"case_id": "case_9a3b7c2d1e",
"customer_id": "cust_8f72b1c4",
"reason": "sanctions_match_confirmed",
"previous_risk_level": "high",
"new_risk_level": "critical",
"timestamp": "2026-05-25T10:30:45Z",
"review_url": "https://sentinel.hkuway.com/cases/case_9a3b7c2d1e"
}Error Codes
| Status | Code | Description |
|---|---|---|
| 200 | OK | Request succeeded |
| 400 | BAD_REQUEST | Invalid request parameters |
| 401 | UNAUTHORIZED | Invalid or missing API key |
| 403 | FORBIDDEN | Insufficient permissions |
| 404 | NOT_FOUND | Resource not found |
| 429 | RATE_LIMITED | Too many requests |
| 500 | INTERNAL_ERROR | Server error, retry later |
Request API Access
API access is available to selected implementation partners and pilot customers. Contact our team to discuss your integration requirements.
Talk to Our Team