Entity User Details

A Non-Natural Person (NNP) is an entity participant (e.g., a company or organization)
rather than an individual. Every NNP has associated users who must be identified and
screened as part of onboarding and ongoing compliance:

  • Control Person (CP) — an individual with significant responsibility to control,
    manage, or direct the entity.
  • Beneficial Owner (BO) — an individual who owns or controls a qualifying share of
    the entity.

These two endpoints return information about the CPs and BOs behind an NNP participant.
Because that information identifies real people and includes sensitive compliance and
identity data, access is restricted.

⚠️

GATED ENDPOINTS — PII EXPOSURE

These endpoints return personally identifiable information (PII) about the
individuals associated with a Non-Natural Person (NNP) participant. They are
gated by default and require a security review before any platform is enabled
to access them. Do not enable a platform for these endpoints without sign-off.

Endpoints

EndpointMethod & PathReference
Get participant user sanction screening infoGET /participant/{participant_code}/sanction_screening_info/cp_boDocs
Get participant user full infoGET /participant/{participant_code}/full_info/cp_boDocs

Both endpoints require standard authentication headers: X-SCX-SIGNED and X-SCX-TIMESTAMP (Unix timestamp in seconds, within 60 seconds of server time).

1. Get participant user sanction screening info — CP / BO

GET /participant/{participant_code}/sanction_screening_info/cp_bo

Returns the sanction screening status and compliance results for the control persons and
beneficial owners tied to an NNP participant.

2. Get participant user full info — CP / BO

GET /participant/{participant_code}/full_info/cp_bo

Returns comprehensive profile details, verification status, and compliance data for the
control persons and beneficial owners tied to an NNP participant.

PII Notice

Both endpoints expose PII on the underlying individuals of an NNP. This may include
identity, contact, and compliance/screening data tied to named individuals. Treat all
responses as sensitive:

  • Data must be handled, stored, and transmitted in line with zerohash data-handling and
    privacy requirements.
  • Access should follow least-privilege — only platforms with a demonstrated business need.
  • Responses should not be logged, cached, or forwarded to third parties without review.

Access & Gating Requirements

These endpoints are not enabled by default. Before a platform can be granted access:

  1. Security review is mandatory. A security review must be completed and signed off
    prior to enabling any platform for these endpoints.
  2. Documented business justification for why the platform requires CP/BO PII.
  3. Least-privilege enablement — enable only the specific endpoint(s) required.
  4. Compliance awareness — because this data supports AML/KYC and sanctions obligations,
    route any regulatory questions to Compliance.

No platform should be enabled for sanction_screening_info/cp_bo or full_info/cp_bo
until the security review is complete and approved.