Using the REST API directly
4 min read Updated January 30, 2026
When to Use the REST API Directly
While we recommend using an official SDK when available, you may prefer direct REST calls if:
- Your language doesn't have an SDK yet
- You want minimal dependencies
- You're testing from the command line
- You're integrating from a low-code platform
Authentication
All requests require a Bearer token obtained via the OAuth token endpoint:
bash
# Get a token export CG_TOKEN=$(curl -s -X POST https://sandbox.api.compliancegrid.ai/oauth/token \ -d "grant_type=client_credentials" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" | jq -r '.access_token')
Making Requests
Include the token in the Authorization header:
bash
# GET request
curl -H "Authorization: Bearer $CG_TOKEN" \
"https://sandbox.api.compliancegrid.ai/v1/hs/search?q=laptop"
# POST request with JSON body
curl -X POST https://sandbox.api.compliancegrid.ai/v1/compliance/restricted-party-screening \
-H "Authorization: Bearer $CG_TOKEN" \
-H "Content-Type: application/json" \
-d '{"parties": [{"name": "Test Corp", "country": "US"}]}'Response Format
All responses return JSON with consistent error formatting:
json
{
"error": "validation_error",
"message": "'parties' array is required",
"statusCode": 400
}Common Headers
| Header | Direction | Description |
|---|---|---|
| `Authorization` | Request | `Bearer <token>` |
| `Content-Type` | Request | `application/json` for POST/PUT |
| `X-RateLimit-Remaining` | Response | Remaining requests in window |
| `X-RateLimit-Reset` | Response | Window reset timestamp |
| `X-Data-Freshness` | Response | Data age in seconds |
Was this article helpful?