What is an OFAC API and How Does it Work? (2026)

Diagram of an OFAC API connecting business systems to sanctions screening

An OFAC API is a software interface that lets businesses automatically screen customers, companies, transactions, and entities against OFAC sanctions lists.

It replaces manual OFAC searches with automated screening built into customer onboarding, business verification, and payment review workflows.

Banks, fintechs, and compliance teams use it to identify and block prohibited transactions in real time.

How does an OFAC API work
What sanctions lists does an OFAC API screen
What data does an OFAC API screen
OFAC API use cases
Free vs commercial OFAC API
OFAC compliance requirements
How to use an OFAC API

How does an OFAC API work

An OFAC API works by receiving subject data from your application, comparing it against OFAC sanctions lists, and returning a structured screening result.

Submit - Your system sends identifying data such as a name, company name, address, country, date of birth, ID number, vessel, aircraft, or wallet address.
Match - The API compares the submitted data against OFAC sanctions lists using exact matching, fuzzy matching, aliases, and other available identifiers.
Score - Potential matches are returned with confidence scores that show how closely the submitted subject matches a sanctioned party.
Act - Your system applies predefined rules based on the result, such as clearing the subject, sending it to manual review, or blocking the transaction.

This process can run in real time, making OFAC APIs useful for onboarding, payment screening, business verification, and other live compliance workflows.

What sanctions lists does an OFAC API screen

An OFAC API screens against two main OFAC sanctions lists: the Specially Designated Nationals (SDN) List and the Consolidated Sanctions List.

SDN List - OFAC’s primary blocking sanctions list. It includes sanctioned individuals, entities, vessels, aircraft, and digital currency addresses. If a party appears on the SDN List, businesses may be required to block, reject, or escalate the transaction under U.S. sanctions rules.
Consolidated Sanctions List - A combined set of OFAC non-SDN lists, including the SSI List, FSE List, NS-CMIC List, CAPTA List, and NS-MBS List. If a party appears on the Consolidated Sanctions List, businesses may be required to apply program-specific restrictions, reject certain activity, or escalate the match for review.

What data does an OFAC API screen

An OFAC API screens identifying data submitted for a person, business, vessel, aircraft, or crypto address. Submitting more complete data improves match accuracy and reduces false positives.

Individuals - name, aliases, date of birth, nationality, address, ID number
Companies - legal name, aliases, registration details, country, address
Vessels - vessel name, IMO number, flag, owner or operator
Aircraft - aircraft name, tail number, registration details
Crypto - wallet or address data linked to OFAC entries

OFAC API use cases

OFAC API use cases usually fall into two groups: pre-relationship screening and event-based screening. Pre-relationship screening happens before a customer, vendor, or business account is approved. Event-based screening happens later, when a payment, shipment, ownership change, wallet address, or sanctions list update creates new exposure.

Customer onboarding - Screen individuals and businesses before account approval to avoid starting a relationship with a sanctioned party.
Payment screening - Check counterparties and transaction details before processing payments. A customer cleared at onboarding can still create risk through a later transaction.
Business verification - Screen companies, directors, and beneficial owners during B2B onboarding. Sanctions exposure can sit at the ownership level, not only with the legal entity.
Ongoing monitoring - Rescreen existing customers when sanctions lists update. A customer who was clear yesterday may appear on a sanctions list later.
Crypto and blockchain - Screen digital currency addresses before processing transactions involving listed or high-risk wallet addresses.
Trade and logistics - Screen vessels, aircraft, owners, operators, and trade counterparties before cross-border shipments.

Free vs commercial OFAC API

The U.S. Treasury has an official OFAC Sanctions List Service API. It's a file delivery API, not a sanctions screening API. A commercial OFAC API is a ready-to-use screening service that is fast and easy to use.

Feature	Free SLS API	Commercial OFAC API
Primary goal	File-sharing	Real-time screening
Search logic	Build yourself	Built-in fuzzy matching
Response	XML, CSV, fixed-width data files	JSON match results and scores
Maintenance	Parsing, storage, updates, matching logic	Integration and monitoring
Match handling	Build review logic yourself	Scores, explanations, and review workflows included
Audit trail	Build yourself	Often included
Best for	High engineering budget	Production-ready screening

The Treasury SLS requires in-house development, matching logic, and ongoing maintenance. There is no fuzzy matching, scoring, audit logging, or workflow tooling, and no SLA or support if something fails silently.

Commercial APIs are built for teams that need screening results without upfront investment. They usually include fuzzy matching, alias detection, confidence scores, structured responses, managed updates, and support.

Most teams underestimate the cost of a DIY build. The real cost is not OFAC data access. It is the engineering time, maintenance burden, and compliance risk of running screening infrastructure yourself.

OFAC compliance requirements

OFAC rules apply to U.S. persons and companies, and can also affect foreign businesses when USD payments clear through the U.S. financial system.

In practice, OFAC compliance means screening relevant parties, reviewing possible matches, documenting decisions, and keeping the process updated as sanctions lists change.

An OFAC API helps automate that screening layer across onboarding, payments, business verification, and ongoing monitoring.

It does not replace compliance judgment. Potential matches still need review, escalation, blocking or rejection decisions, and recordkeeping. Non-compliance can lead to civil or criminal penalties.

How to use an OFAC API

Using an OFAC API means placing screening inside the workflows where sanctions risk appears.

Choose an API: Compare list coverage, matching quality, response format, pricing, uptime, and support.
Authenticate: Create API credentials and configure authentication in your backend environment.
Define screening points: Decide where to screen, such as onboarding, payment initiation, business verification, or scheduled rescreening.
Send complete data: Submit the strongest identifiers available for the subject type. Names alone create more false positives than names combined with dates of birth, countries, addresses, or ID numbers.
Handle results consistently: Use match scores and list details to define when to clear, review, block, or reject a result.
Keep records: Store screening results, timestamps, scores, and resolution decisions for audit and compliance review.

For the full implementation process, see our OFAC screening guide and documentation.

Updated on June 1, 2026