A Non-Natural Person (NNP) is an entity participant (e.g., a company or organization)
rather than an individual. Every NNP has associated users who must be identified and
screened as part of onboarding and ongoing compliance:
- Control Person (CP) — an individual with significant responsibility to control,
manage, or direct the entity. - Beneficial Owner (BO) — an individual who owns or controls a qualifying share of
the entity.
These two endpoints return information about the CPs and BOs behind an NNP participant.
Because that information identifies real people and includes sensitive compliance and
identity data, access is restricted.
GATED ENDPOINTS — PII EXPOSUREThese endpoints return personally identifiable information (PII) about the
individuals associated with a Non-Natural Person (NNP) participant. They are
gated by default and require a security review before any platform is enabled
to access them. Do not enable a platform for these endpoints without sign-off.
Endpoints
Both endpoints require standard authentication headers: X-SCX-SIGNED and X-SCX-TIMESTAMP (Unix timestamp in seconds, within 60 seconds of server time).
1. Get participant user sanction screening info — CP / BO
GET /participant/{participant_code}/sanction_screening_info/cp_bo
Returns the sanction screening status and compliance results for the control persons and
beneficial owners tied to an NNP participant.
2. Get participant user full info — CP / BO
GET /participant/{participant_code}/full_info/cp_bo
Returns comprehensive profile details, verification status, and compliance data for the
control persons and beneficial owners tied to an NNP participant.
PII Notice
Both endpoints expose PII on the underlying individuals of an NNP. This may include
identity, contact, and compliance/screening data tied to named individuals. Treat all
responses as sensitive:
- Data must be handled, stored, and transmitted in line with zerohash data-handling and
privacy requirements. - Access should follow least-privilege — only platforms with a demonstrated business need.
- Responses should not be logged, cached, or forwarded to third parties without review.
Access & Gating Requirements
These endpoints are not enabled by default. Before a platform can be granted access:
- Security review is mandatory. A security review must be completed and signed off
prior to enabling any platform for these endpoints. - Documented business justification for why the platform requires CP/BO PII.
- Least-privilege enablement — enable only the specific endpoint(s) required.
- Compliance awareness — because this data supports AML/KYC and sanctions obligations,
route any regulatory questions to Compliance.
No platform should be enabled for
sanction_screening_info/cp_boorfull_info/cp_bo
until the security review is complete and approved.