API Reference

Getting Started with the CorpNet Compliance API

🚧

Limited Availability

Access to the Compliance API is currently limited to approved partners. Endpoints, request/response shapes, and field names may change before reaching general availability — use against staging for early integration work and coordinate with your CorpNet account manager before relying on Compliance API calls in production-critical paths. Report issues or feedback to your account manager.

This guide walks through your first end-to-end call against the CorpNet Compliance API: authenticate, list your compliance-enrolled companies, and retrieve open compliance alerts for one of them. By the end you'll have a working baseline you can extend for your integration.

Prerequisites

  • A Bearer token issued by CorpNet (staging and production tokens are distinct). Contact your CorpNet account manager if you do not yet have one. See API Key for storage best practices.
  • Your partnerId (Account PID) — issued during partner onboarding.
  • A REST client (curl, Postman, or your own HTTP library).

Step 1 — Verify your token

The Compliance API uses the same Bearer token as the Business Formation and Tax Registration APIs. If you've already integrated with either, the same token works here. Verify against staging first:

curl -s \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  "https://api.staging24.corpnet.com/v1/partners/$PARTNER_ID/companies"

A 200 response (even with an empty data array) confirms your token authenticates against the Compliance API.

Step 2 — Register your first company

Add a company to compliance tracking via Create a Company. At minimum, you need a name:

curl -s -X POST \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"Acme Holdings LLC","homeState":"DE","type":"LLC"}' \
  "https://api.staging24.corpnet.com/v1/partners/$PARTNER_ID/companies"

The response returns the new companyId and PCID. Save the companyId — you'll use it in subsequent calls.

Step 3 — List compliance alerts for that company

Compliance alerts are CorpNet-tracked opportunities (Annual Report, Registered Agent renewal, BOI filing, etc.) requiring partner action. Retrieve open alerts for the company you just registered:

curl -s \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  "https://api.staging24.corpnet.com/v1/partners/$PARTNER_ID/alerts?companyId=$COMPANY_ID"

If the company has no open alerts yet, you'll receive { "data": [] } — that's the success-with-no-results shape, not an error.

Step 4 — Retrieve a single alert with form data

Once you have an alertId from the previous response, fetch its full detail (including prefilled form data) via Get a Compliance Alert:

curl -s \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  "https://api.staging24.corpnet.com/v1/partners/$PARTNER_ID/alerts/$ALERT_ID"

The response includes a complianceForms array with prefilled fields drawn from the entity's records. Your application presents this to the customer, accepts their updates, and submits the completed form via Submit Compliance Form Data.

Next steps

  • Bulk-onboard your existing book of business: see Bulk Create Companies. Batch up to 200 companies per request.
  • Subscribe a company to a Registered Agent or other recurring service: see List Subscriptions and the subscription endpoints.
  • Production cutover: swap your staging token for a production token and the base URL from api.staging24.corpnet.com to api.corpnet.com. Endpoint paths are identical between environments.

Common pitfalls

  • Using apiUserPid where partnerId is expected. The Compliance API takes partnerId in the URL path (/v1/partners/{partnerId}/...), not in the request body. For most partners the value is the same as the apiUserPid field used by the Business Formation API — just sent in a different position.
  • Mixing staging and production hosts. A staging-issued token only authenticates against staging hosts, and vice versa. Calling production with a staging token returns 401 Unauthorized.
  • Branching on message text. The message field in responses is human-readable and may change without notice. Branch on statusCode or the HTTP status code instead.

Updated 14 days ago

Updated 14 days ago