API & Compliance Glossary

An API key is a unique identifier used to authenticate and authorize requests to an API, enabling usage tracking and access control.

Rate limiting controls the number of API requests a client can make within a defined time window to protect service availability.

A REST API is an architectural style for web services that uses standard HTTP methods and stateless communication to manage resources.

A webhook is an HTTP callback that delivers real-time event notifications from one system to another when specific actions or conditions occur.

AML refers to laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income.

Beneficial ownership identifies the natural persons who ultimately own or control a legal entity, even through complex corporate structures.

Invoice fraud detection identifies fraudulent, duplicate, or manipulated invoices before they are processed for payment.

KYC is the process of verifying customer identity and assessing risk before establishing a business relationship.

OFAC is a US Treasury department that administers and enforces economic sanctions against targeted countries, entities, and individuals.

PEP screening identifies individuals who hold prominent public positions and present elevated risk for corruption and money laundering.

Risk scoring assigns numerical values to entities or transactions based on multiple risk factors to prioritize compliance resources effectively.

Sanctions screening checks individuals, entities, and transactions against government-maintained restricted party lists to prevent prohibited dealings.

SOX is a US federal law mandating strict financial reporting, internal controls, and auditor independence for publicly traded companies.

The SDN List is maintained by OFAC and identifies individuals and entities whose assets are blocked and with whom US persons are prohibited from dealing.

Data normalization transforms data from varying formats and structures into a consistent, standardized format for reliable processing.

Data validation verifies that input data meets defined rules for format, type, range, and consistency before processing or storage.

JSON Schema is a vocabulary for defining the structure, constraints, and validation rules for JSON data in API requests and responses.

PII is any data that can identify a specific individual, including names, addresses, social security numbers, and biometric records.

Clause extraction automatically identifies and categorizes specific provisions within legal documents for analysis and comparison.

Contract review is the systematic analysis of legal agreements to identify risks, obligations, and unfavorable terms before execution.

Document generation automates the creation of structured documents from templates and data inputs, reducing manual drafting and ensuring consistency.

A force majeure clause excuses contract performance when extraordinary events beyond the parties' control make fulfillment impossible or impractical.

Indemnification clauses allocate financial responsibility between contracting parties for losses, damages, or liabilities arising from specified events.

OCR converts text within images, scanned documents, and PDFs into machine-readable text for digital processing and analysis.

API authentication verifies the identity of clients making API requests, ensuring only authorized applications and users can access protected resources.

Data masking replaces sensitive data with realistic but fictitious values to protect confidentiality while preserving data usability.

Data residency refers to the physical or geographic location where data is stored, governed by regulations requiring data to remain within specific borders.

Encryption at rest protects stored data by converting it into an unreadable format that can only be decrypted with the proper cryptographic keys.

GDPR is the EU regulation governing the collection, processing, and storage of personal data for individuals within the European Economic Area.

Zero trust is a security model that requires strict identity verification for every request, regardless of network location or prior authentication.