Org-scoped • RLS enforced • Audited
Server-to-server API for screening, check-in, adjudication, and audits. All endpoints enforce `organization_id` via RLS; privileged actions are append-only audited; tokens are hashed at rest.
POST /api/v1/prescreen
Create a prescreen request
GET /api/v1/screenings/[id]
Fetch screening details
POST /api/v1/checkin
Check in a visitor
POST /api/v1/webhooks/screening_completed
Receive screening completed events
POST /api/v1/webhooks/visitor_checked_in
Receive visitor check-in events
POST /api/v1/webhooks/visitor_checked_out
Receive visitor check-out events
POST /api/v1/webhooks/session_escalated
Receive escalation events
GET /api/v1/screenings/[id]/evidence
Download screening evidence PDF
POST /api/v1/ownership/check
BIS 50 / OFAC ownership graph check
GET /api/v1/adjudication/queue
List adjudication queue cases
GET /api/v1/adjudication/[id]
Get adjudication case detail
POST /api/v1/adjudication/[id]/disposition
Apply CLEARED / ESCALATED / DENIED
PUT /api/v1/workforce/sync
Bulk sync workforce profiles
POST /api/v1/vendors/screen
Screen vendors/contractors
GET /api/v1/audit/export
Export audit logs
PUT /api/v1/adjudication/rules
Upsert adjudication rules
POST /api/v1/sessions/[id]/update
Update visitor session status/metadata
Use API keys for server-to-server. JWTs for interactive admin flows.
curl -X POST https://securepointusa.com/api/v1/prescreen \
-H "Authorization: Bearer spusa_***" \
-H "Content-Type: application/json" \
-d '{"subject":"Jane Doe","company":"AeroFab","country":"US"}'curl -H "Authorization: Bearer <jwt>" \ https://securepointusa.com/api/v1/screenings/<id>