API & Compliance Glossary

An API key is a unique identifier used to authenticate and authorize requests to an API, enabling usage tracking and access control.

AI-powered capability to automatically extract, classify, and interpret structured data from unstructured documents like invoices, contracts, and forms.

Natural gas cooled to -162°C to become a liquid for storage and transport, enabling global trade of energy that cannot travel via pipeline.

Rate limiting controls the number of API requests a client can make within a defined time window to protect service availability.

A REST API is an architectural style for web services that uses standard HTTP methods and stateless communication to manage resources.

A webhook is an HTTP callback that delivers real-time event notifications from one system to another when specific actions or conditions occur.

An individual who reports anti-money laundering violations to regulators and may receive a financial reward as a percentage of the resulting penalties.

AML refers to laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income.

Beneficial ownership identifies the natural persons who ultimately own or control a legal entity, even through complex corporate structures.

The European Union's comprehensive regulation for artificial intelligence systems, establishing risk-based requirements for AI developers and deployers operating in or serving EU markets.

A risk management strategy that uses financial instruments to offset potential losses from adverse price movements in commodities, currencies, or other assets.

The Health Insurance Portability and Accountability Act — US federal law establishing privacy and security standards for protected health information (PHI).

Invoice fraud detection identifies fraudulent, duplicate, or manipulated invoices before they are processed for payment.

KYC is the process of verifying customer identity and assessing risk before establishing a business relationship.

OFAC is a US Treasury department that administers and enforces economic sanctions against targeted countries, entities, and individuals.

PEP screening identifies individuals who hold prominent public positions and present elevated risk for corruption and money laundering.

Risk scoring assigns numerical values to entities or transactions based on multiple risk factors to prioritize compliance resources effectively.

Sanctions screening checks individuals, entities, and transactions against government-maintained restricted party lists to prevent prohibited dealings.

SOX is a US federal law mandating strict financial reporting, internal controls, and auditor independence for publicly traded companies.

The SDN List is maintained by OFAC and identifies individuals and entities whose assets are blocked and with whom US persons are prohibited from dealing.

The process of investigating a supplier or business partner before engagement to assess financial, legal, reputational, and compliance risks.

The complete record of a data element's origin, transformation history, and movement through systems — essential for debugging, compliance, and data quality assurance.

Data normalization transforms data from varying formats and structures into a consistent, standardized format for reliable processing.

Data validation verifies that input data meets defined rules for format, type, range, and consistency before processing or storage.

JSON Schema is a vocabulary for defining the structure, constraints, and validation rules for JSON data in API requests and responses.

PII is any data that can identify a specific individual, including names, addresses, social security numbers, and biometric records.

Clause extraction automatically identifies and categorizes specific provisions within legal documents for analysis and comparison.

Contract lifecycle management (CLM) is the process of systematically managing contracts from creation through execution, compliance monitoring, and renewal or expiration.

Contract review is the systematic analysis of legal agreements to identify risks, obligations, and unfavorable terms before execution.

Document generation automates the creation of structured documents from templates and data inputs, reducing manual drafting and ensuring consistency.

A force majeure clause excuses contract performance when extraordinary events beyond the parties' control make fulfillment impossible or impractical.

Indemnification clauses allocate financial responsibility between contracting parties for losses, damages, or liabilities arising from specified events.

A foundational contract that governs an ongoing business relationship, defining standard terms for all future work orders, SOWs, and service engagements between parties.

OCR converts text within images, scanned documents, and PDFs into machine-readable text for digital processing and analysis.

API authentication verifies the identity of clients making API requests, ensuring only authorized applications and users can access protected resources.

A security incident where unauthorized parties gain access to confidential, sensitive, or protected data — often including personally identifiable information.

Data masking replaces sensitive data with realistic but fictitious values to protect confidentiality while preserving data usability.

Data residency refers to the physical or geographic location where data is stored, governed by regulations requiring data to remain within specific borders.

Encryption at rest protects stored data by converting it into an unreadable format that can only be decrypted with the proper cryptographic keys.

GDPR is the EU regulation governing the collection, processing, and storage of personal data for individuals within the European Economic Area.

A supply chain attack compromises software by targeting dependencies, packages, or third-party vendors rather than attacking the target system directly.

Zero trust is a security model that requires strict identity verification for every request, regardless of network location or prior authentication.