Developer Reference
Pull verified company profiles into your platform. Bearer token auth, JSON responses, webhook push events. API keys are issued by the BPV team — email dev@businesspartnervetting.com to get one.
Authentication
All requests (except /api/v1/profiles/search) require an Authorization header with your BPV API key. Keys are prefixed bpv_.
Authorization: Bearer bpv_your_api_key_here
Keys are issued with either profiles or profiles + documents permission scopes. The documents scope unlocks the documents array on profile responses.
Base URL
https://businesspartnervetting.com
All endpoints are versioned under /api/v1/. No trailing slash required.
/api/v1/profiles/:slugFetch a verified company profile by its unique slug. Companies that are not yet verified return 404 — use this endpoint to gate access in your own platform.
| Parameter | Type | Description |
|---|---|---|
| slug | string | The company's unique BPV profile slug (e.g. acme-capital-llc) |
curl https://businesspartnervetting.com/api/v1/profiles/acme-capital-llc \ -H "Authorization: Bearer bpv_your_api_key_here"
{
"id": "a1b2c3d4-...",
"slug": "acme-capital-llc",
"name": "Acme Capital LLC",
"tier": "tier3",
"tierName": "Professional",
"status": "verified",
"verifiedAt": "2026-05-15T14:30:00.000Z",
"profileUrl": "https://businesspartnervetting.com/profile/acme-capital-llc",
"badges": [
{ "slug": "identity_verified", "type": "Identity Verified", "awardedAt": "2026-05-15T14:30:00.000Z" },
{ "slug": "corporate_entity_verified", "type": "Corporate Entity Verified", "awardedAt": "2026-05-15T14:30:00.000Z" },
{ "slug": "banking_relationship_verified", "type": "Banking Relationship Verified", "awardedAt": "2026-05-15T14:30:00.000Z" },
{ "slug": "financials_reviewed", "type": "Financials Reviewed", "awardedAt": "2026-05-15T14:30:00.000Z" }
]
}Includes all fields above plus a documents array.
{
...profile fields,
"documents": [
{
"category": "Banking & Financial Verification",
"filename": "bank-statement-q1-2026.pdf",
"uploadedAt": "2026-05-10T09:15:00.000Z",
"reviewStatus": "approved",
"url": "https://..."
}
]
}/api/v1/profiles?email=:emailLook up all verified profiles associated with an email address. Returns an array — a single email may have multiple verified entities (e.g. an individual who verified two separate companies). Unverified companies are excluded.
| Parameter | Type | Description |
|---|---|---|
| string | The email address used at BPV checkout |
curl "https://businesspartnervetting.com/api/v1/profiles?email=john@acmecapital.com" \ -H "Authorization: Bearer bpv_your_api_key_here"
{
"profiles": [
{
"id": "a1b2c3d4-...",
"slug": "acme-capital-llc",
"name": "Acme Capital LLC",
"tier": "tier3",
"tierName": "Professional",
"status": "verified",
"verifiedAt": "2026-05-15T14:30:00.000Z",
"profileUrl": "https://businesspartnervetting.com/profile/acme-capital-llc",
"badges": [
{ "slug": "identity_verified", "type": "Identity Verified", "awardedAt": "2026-05-15T14:30:00.000Z" }
]
}
]
}Returns { "profiles": [] } when no verified profiles are found — whether the email is unknown or the company is still pending review. The verifiedAt field is an ISO 8601 timestamp or null if verification has not yet completed.
/api/v1/profiles/lookupBatch lookup — resolve up to 50 email addresses in one request. Returns a map keyed by email. Emails with no verified profile return an empty array.
{ "emails": ["john@acmecapital.com", "jane@otherfirm.com"] }curl -X POST https://businesspartnervetting.com/api/v1/profiles/lookup \
-H "Authorization: Bearer bpv_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"emails":["john@acmecapital.com","jane@otherfirm.com"]}'{
"results": {
"john@acmecapital.com": [
{
"id": "a1b2c3d4-...",
"slug": "acme-capital-llc",
"name": "Acme Capital LLC",
"tier": "tier3",
"tierName": "Professional",
"status": "verified",
"verifiedAt": "2026-05-15T14:30:00.000Z",
"profileUrl": "https://businesspartnervetting.com/profile/acme-capital-llc",
"badges": [
{ "slug": "identity_verified", "type": "Identity Verified", "awardedAt": "2026-05-15T14:30:00.000Z" }
]
}
],
"jane@otherfirm.com": []
}
}| Constraint | Detail |
|---|---|
| Max emails per request | 50 — returns 400 if exceeded |
/api/v1/profiles/search?q=:queryNo auth requiredPublic name search — returns up to 10 verified companies whose names contain the query string (case-insensitive). Useful for building search-as-you-type UIs. No API key required. Query must be at least 2 characters.
| Parameter | Type | Description |
|---|---|---|
| q | string | Partial or full company name. Min 2 characters. |
curl "https://businesspartnervetting.com/api/v1/profiles/search?q=acme"
{
"results": [
{
"name": "Acme Capital LLC",
"slug": "acme-capital-llc",
"tierName": "Professional",
"verifiedAt": "2026-05-15T14:30:00.000Z",
"badgeCount": 4,
"profileUrl": "https://businesspartnervetting.com/profile/acme-capital-llc"
}
]
}Returns { "results": [] } when the query is under 2 characters or no verified companies match. Only verified companies appear in results.
/api/v1/verification-requestsInitiate a verification on behalf of a business partner. BPV creates a pending profile, generates a 30-day upload link, and emails it directly to the subject company. You receive a review.completed webhook when their profile is verified. Enterprise (tier5) requires a direct arrangement — contact us.
| Field | Type | Description |
|---|---|---|
| subject_email | string | Email of the company being verified — they receive the upload link |
| subject_company | string | Legal name of the company being verified |
| tier_id | string | One of tier1 · tier2 · tier3 · tier4 |
curl -X POST https://businesspartnervetting.com/api/v1/verification-requests \
-H "Authorization: Bearer bpv_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"subject_email": "cfo@partnerfirm.com",
"subject_company": "Partner Firm LLC",
"tier_id": "tier2"
}'{
"request_id": "api_req_a1b2c3d4e5f6...",
"subject_email": "cfo@partnerfirm.com",
"subject_company": "Partner Firm LLC",
"tier": "Standard",
"upload_url": "https://businesspartnervetting.com/upload/eyJ...",
"expires_at": "2026-06-21T14:30:00.000Z"
}The upload_url is a 30-day JWT-signed link sent directly to subject_email. You can also embed it in your own onboarding flow. Note: the tier field here is the tier name (e.g. Standard), not the ID — unlike profile endpoints which return the tier ID in tier. See the Tier Reference for the full mapping. Billing is settled monthly against your API agreement — no per-request Stripe checkout.
Tier Reference
Use these tier_id values in POST /verification-requests. Profile responses return the same ID in the tier field and the human-readable name in tierName.
| tier_id | Name | Price | Turnaround | Notes |
|---|---|---|---|---|
| tier1 | Foundation | $199 | 3–5 business days | Identity & corporate formation |
| tier2 | Standard | $499 | 5–7 business days | Adds banking & financials — most common |
| tier3 | Professional | $799 | 5–7 business days | Adds compliance, litigation, backgrounds |
| tier4 | Institutional | $1,499 | 10–14 business days | Full EDD with AML/sanctions & assets |
| tier5 | Enterprise | $2,499 + $299/mo | Priority 3–5 days | Ongoing monitoring — contact us, not available via API |
Error Responses
All errors return a JSON body with a single error string.
| Status | Meaning |
|---|---|
| 400 | Missing or invalid parameter (e.g. emails array empty, invalid tier_id). |
| 401 | Missing or invalid API key. Check your Authorization header. |
| 404 | Profile not found, or company not yet verified by BPV. |
| 500 | Internal error on our end. Contact dev@businesspartnervetting.com. |
{ "error": "Invalid or missing API key. Include Authorization: Bearer bpv_... header." }Rate Limits
Limits are enforced per API key based on the plan assigned at issuance. Trial keys are for evaluation only. If you expect high volume, note it when requesting a key. There is no 429 response header today — keys that exceed their plan limit will be reviewed and may be suspended.
| Plan | Daily limit |
|---|---|
| Trial | 100 requests |
| Paid | 10,000 requests |
| Master key | Unlimited |
Badge Reference
All possible badge slugs returned in API responses. Use slug for programmatic mapping — it is the stable identifier. type is the human-readable label and will not change.
| Slug | Label | Min tier |
|---|---|---|
| identity_verified | Identity Verified | Foundation |
| corporate_entity_verified | Corporate Entity Verified | Foundation |
| banking_relationship_verified | Banking Relationship Verified | Standard |
| financials_reviewed | Financials Reviewed | Standard |
| beneficial_owner_verified | Beneficial Owner Verified | Standard |
| compliance_regulatory_verified | Compliance & Regulatory Verified | Professional |
| background_cleared | Background Cleared | Professional |
| accredited_investor_verified | Accredited Investor Verified | Professional |
| institutional_grade_verified | Institutional Grade Verified | Institutional |
| asset_verified | Asset Verified | Institutional |
| aml_sanctions_cleared | AML/Sanctions Cleared | Institutional |
| rwa_verified | RWA Verified | Institutional |
| continuously_monitored | Continuously Monitored | Enterprise |
| premium_enterprise_verified | Premium Enterprise Verified | Enterprise |
| full_kyb_complete | Full KYB Complete | Enterprise |
Webhooks
Register a webhook endpoint to receive push events instead of polling. BPV delivers signed POST requests to your URL whenever verification status changes.
| Event | Fires when |
|---|---|
| review.completed | A company's verification closes and their profile is marked verified |
| badge.revoked | A badge is removed from a verified profile |
{
"event": "review.completed",
"timestamp": "2026-05-22T14:30:00.000Z",
"email": "john@acmecapital.com",
"slug": "acme-capital-llc",
"badges": [
{ "slug": "identity_verified", "type": "Identity Verified" },
{ "slug": "corporate_entity_verified", "type": "Corporate Entity Verified" }
]
}{
"event": "badge.revoked",
"timestamp": "2026-05-22T14:30:00.000Z",
"email": "john@acmecapital.com",
"slug": "acme-capital-llc",
"badge": { "slug": "financials_reviewed", "type": "Financials Reviewed" }
}| Header | Value |
|---|---|
| Content-Type | application/json |
| X-BPV-Signature | sha256=<hex> — HMAC-SHA256 of the raw request body |
| X-BPV-Event | The event name, e.g. review.completed |
Compute HMAC-SHA256 over the raw request body using your endpoint secret and compare to the X-BPV-Signature header. Always use a constant-time comparison to prevent timing attacks. Verify against the raw body — do not parse and re-serialize JSON first.
// Node.js
const crypto = require('crypto')
function verifySignature(rawBody, secret, signatureHeader) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('hex')
return crypto.timingSafeEqual(
Buffer.from(signatureHeader),
Buffer.from(expected)
)
}| Attempts | 2 total (1 retry on network error or 5xx) |
| Timeout | 8 seconds per attempt |
| Success | Any 2xx response — return it as fast as possible |
| 4xx responses | Not retried — treated as a permanent failure |
| 5xx / timeout | Retried once immediately, then dropped |
| No queue | Failed events are logged but not re-queued — design your endpoint to be idempotent |
Webhook endpoints are registered by the BPV team against your API key. Email dev@businesspartnervetting.com to register a URL and select your events. Each endpoint gets its own signing secret, shown once at registration.
Need an API key?
We issue keys manually. Email us with your platform name, expected request volume, and whether you need document access. Trial keys are available immediately for evaluation.
Request a Key →