Compliance

PEP (Politically Exposed Person) Check

Credits: 1 per call.

Searches the consolidated PEP (Politically Exposed Persons) database for a subject — covering active PEPs, former PEPs (EX_PEP), and their immediate family and close associates (PEP_AFFINITY, EX_PEP_AFFINITY).

Input flexibility — three valid invocation forms:

The endpoint accepts a search in any of three forms — pick the one that matches the data you have on hand. You may include nationalIdNumber alongside any of them to tighten the match.

Single name (name) — pass the full name as one string. Quick and convenient when you only have the full name as a single value.
Separated name (givenNames + firstSurname + optional secondSurname) — Mexican-style split. Strongly recommended for best match quality, because the matching engine can apply per-component logic that produces fewer false positives on compound first names and compound surnames. When using this form, both givenNames and firstSurname are required.
Identifier only (nationalIdNumber) — pass a CURP or RFC by itself when that is all you have. The search runs against records that publish the identifier.

If more than one form is sent (for example name plus separated fields), the separated fields take precedence over name. The nationalIdNumber is normalised (trim, uppercase) and reported back per match in matchedOn.identifiersMatched and in the standalone identifierMatch field.

Risk Level Matrix (riskLevel):

Each match in matches[] has a base severity per its listType:

`listType`	base severity
`PEP_ACTIVE`	HIGH
`EX_PEP`	MEDIUM
`PEP_INACTIVE`	MEDIUM
`PEP_AFFINITY`	MEDIUM
`EX_PEP_AFFINITY`	LOW

The endpoint riskLevel is the maximum severity across matches[]:

NONE — no matches at or above minSimilarityScore. Safe for automated approval from a PEP perspective.
LOW — only EX_PEP_AFFINITY hits found (family or close associate of a former PEP).
MEDIUM — at least one EX_PEP, PEP_INACTIVE, or PEP_AFFINITY hit.
HIGH — at least one PEP_ACTIVE hit. Aligned with the categories that FATF Recommendation 12 and Mexican LFPIORPI flag for Enhanced Due Diligence (EDD).

riskLevel is a screening signal intended to feed your compliance workflow. Combine it with identifierMatch, similarityScore, and the per-match complianceDetails we surface so your team can apply its own internal policy.

Which variant matched: every entry in matches[] carries a matchedOn object identifying the canonical record that was hit and an identifiersMatched array — for example name and nationalIdNumber — listing which fields agreed. The standalone identifierMatch field exposes the precision of the identifier comparison (EXACT, PARTIAL, MISMATCH, or NOT_PROVIDED when no identifier was sent). Use these together to audit the confidence behind a hit.

How similarityScore is computed: the score reflects combined name + identifier confidence, not name alone. A match’s similarityScore is the higher of (a) the name match quality and (b) the strength of the identifier comparison — an EXACT nationalIdNumber match contributes a full-confidence score, a PARTIAL match contributes a strong-but-not-certain score, and MISMATCH / NOT_PROVIDED contribute nothing (the name drives the score in those cases). This means a search by nationalIdNumber alone still returns a high-confidence hit even though no name was supplied to compare — a CURP or RFC coincidence is a deterministic identity signal. Inspect identifierMatch and matchedOn.identifiersMatched to see why a given match scored the way it did.

Multi-match handling: the response returns every match at or above minSimilarityScore, sorted by similarityScore descending. data.totalMatchesFound mirrors matches[].length and is provided for convenience.

Use this endpoint as part of AML programs where screening counterparties against PEPs is part of your KYC workflow — common in regulated financial services, cross-border payments, and onboarding pipelines.

cURL

curl -X POST https://api.origoid.com/mex/compliance/v1/peps-searches \
  -H "x-api-key: YOUR_API_KEY" \
  -H "content-type: application/json" \
  -d '{"givenNames": "ANDRES MANUEL", "firstSurname": "LOPEZ", "secondSurname": "OBRADOR", "nationalIdNumber": "LOOA531113HTCPBN07"}'

{
  "status": "OK",
  "type": "SUCCESS",
  "message": "No PEPs matches found",
  "data": {
    "matchFound": false,
    "riskLevel": "NONE",
    "totalMatchesFound": 0,
    "matches": []
  },
  "transactionId": "d2b0b572-0be8-4744-bf0d-72f21135125b",
  "processedAt": "2026-03-19T10:05:00-06:00",
  "billable": true
}

Authorizations

x-api-key

string

header

required

Body

application/json

Option 1
Option 2
Option 3

name

string

required

Full name of the subject (single string). Optional alternative to the split givenNames / firstSurname format. Use this when you only have the full name as one value (form input, OCR extraction). For best match quality, prefer the separated fields below.

Example:

"ANDRES MANUEL LOPEZ OBRADOR"

givenNames

string

Subject's given name(s). Use together with firstSurname for the most precise matching. Recommended over the single name field whenever the components are available.

Example:

"ANDRES MANUEL"

firstSurname

string

Subject's first (paternal) surname. Use with givenNames for best match quality.

Example:

"LOPEZ"

secondSurname

string

Subject's second (maternal) surname. Optional.

Example:

"OBRADOR"

nationalIdNumber

string

National identifier — CURP (18 chars) or RFC (12-13 chars). Optional. Normalised (trimmed, uppercase). When provided, it is reported back per match in matchedOn.identifiersMatched and in the standalone identifierMatch field so the reviewer can audit the precision of the hit. Examples: LOOA531113HTCPBN07 (CURP), LOOA531113FI5 (RFC).

Example:

"LOOA531113HTCPBN07"

minSimilarityScore

integer

default:70

Minimum similarity score required to return a match. Defaults to 70 — a balanced threshold for PEP screening. Lower it for broader recall when manual review is in place; raise it for stricter automated approval. There is no enforced floor — you can request very low thresholds, but the lower you go the noisier the response will be. The threshold is compared against the combined name + identifier similarityScore (see the description), so a search by nationalIdNumber alone with an exact match is not filtered out even though no name was provided to compare.

Required range: x <= 100

Response

PEP search results (Strict Envelope Pattern).

status

enum<string>

required

High-level outcome. OK means the request was successfully processed (regardless of business result). ERROR means the request was rejected or could not be processed.

Available options:

OK,

ERROR

type

string

required

Stable result type code. Includes generic codes (SUCCESS, INVALID_REQUEST, UNAUTHORIZED, SERVICE_UNAVAILABLE, INTERNAL_ERROR, RATE_LIMIT_EXCEEDED) plus endpoint-specific result codes — see this endpoint's response examples.

message

string

required

Human-readable summary of the result. Always in English (per Language Conventions in the API overview).

transactionId

string<uuid>

required

Unique identifier of this request, generated by the API Gateway. Propagated end-to-end for traceability.

processedAt

string<date-time>

required

ISO 8601 datetime with Mexico City offset (-06:00). Always set by the API Gateway when the response leaves the system.

billable

boolean

required

Whether this request will be charged against the client's plan. Typically true for successful business results and false for validation errors or system errors that prevented processing.

data

object

Response payload. null on error responses. Shape depends on the endpoint — see each operation's response schema.

errors

object[]

Per-field error details. Present only on INVALID_REQUEST responses.

Show child attributes

Email Deliverability & Fraud Validation**Credits:** 1 per call. Validates an email address for deliverability and risk. Returns the normalized address, deliverability verdict (`deliverable`, `risky`, `undeliverable`), a quality score (0–100), a toxicity score, and a set of boolean verdicts (`isFree`, `isDisposable`, `isRoleAccount`, `isFull`, `isCatchAll`, `isToxic`). Use this endpoint at signup time to reject typos and disposable addresses before they enter your database, reducing bounce rates on transactional email and fraud signals from throwaway accounts. **`riskLevel` reference** — standardized scoring you can branch on: | Level | When | |---|---| | `NONE` | Mailbox is deliverable and not flagged as disposable or toxic. | | `MEDIUM` | Domain is catch-all — accepts every address, so the specific mailbox cannot be confirmed to exist. | | `HIGH` | Deliverability is `risky` or `unknown` (e.g. mail server rejects probes), OR the domain belongs to a disposable / temporary email provider (Mailinator, 10minutemail, Guerrillamail, etc.). | | `CRITICAL` | Mailbox is `undeliverable` (does not exist or is full), OR the address scores above 40 on the toxicity index (associated with spam / abuse). | The `verdicts` object always carries the underlying signals (`isFree`, `isDisposable`, `isRoleAccount`, `isFull`, `isCatchAll`, `isToxic`) so you can apply your own scoring on top if you need finer granularity.

cURL

curl -X POST https://api.origoid.com/mex/compliance/v1/peps-searches \
  -H "x-api-key: YOUR_API_KEY" \
  -H "content-type: application/json" \
  -d '{"givenNames": "ANDRES MANUEL", "firstSurname": "LOPEZ", "secondSurname": "OBRADOR", "nationalIdNumber": "LOOA531113HTCPBN07"}'

{
  "status": "OK",
  "type": "SUCCESS",
  "message": "No PEPs matches found",
  "data": {
    "matchFound": false,
    "riskLevel": "NONE",
    "totalMatchesFound": 0,
    "matches": []
  },
  "transactionId": "d2b0b572-0be8-4744-bf0d-72f21135125b",
  "processedAt": "2026-03-19T10:05:00-06:00",
  "billable": true
}