2026-07-06

What Australian business verification APIs don't tell you (and why 'cleared' is a dangerous word)

"Cleared" is the most dangerous word in business verification. It implies a certainty that no free public record can give you. A watchlist search that comes back empty is not a clearance, and a court filing is not a verdict. AUO never uses the word "cleared," and this post explains why, with concrete examples of what goes wrong when other tools do.

A no-match is not a clearance

Screening a name against a sanctions or banned-persons list and finding nothing means exactly one thing: no match found as of this date, against these lists. It does not mean the entity is safe. The lists are incomplete, names transliterate differently across sources, and new listings are added daily. A name might not match today because it is listed under a variant spelling, or because it gets added to the register next week.

That is why the screening endpoint returns review or no_match, never pass, fail, or cleared.

curl https://api.auo.com.au/v1/screen \
  -H "Authorization: Bearer auo_sk_test_your_key" \
  -H "Content-Type: application/json" \
  -d '{"name": "J Smith", "dob": "1980-04-12"}'

Every response carries the disclaimer plainly: no match found as of the query date, against the named registers, not a statement that the entity carries no risk. A hit is always review, because a name-and-date-of-birth match against a sanctions list is a signal for a human to check, not an automated verdict either way. If a tool you use today reports a screening result as "cleared" or "passed," ask what happens the week that name is added to a list it already told you was clean.

A petition is not a verdict

The Commonwealth Courts Portal publishes bankruptcy PETITIONS: applications that have been filed, not adjudicated outcomes. A creditor or the debtor themselves can file a petition, and plenty are withdrawn, contested, or dismissed. Presenting a filed petition as "this business is bankrupt" is not just inaccurate, it is defamatory-risky, because it asserts a legal status that has not been decided by any court.

This is modelled as bankruptcy_petition_filed, a distress signal worth investigating, never a concluded status. The same discipline applies to external administration and insolvency notices: a notice that a company has entered administration is a fact about a filing, reported with its source and date, not a claim about what happens next.

What the free public record can and can't support

The API is built entirely on free Australian government sources: ABR, ASIC, ACNC, ORIC, GLEIF, DFAT, AUSTRAC, Super Fund Lookup, and the ASIC insolvency notices, among others. That record can tell you an entity is real, its current status, which licences it holds, and whether it appears on a given register, each fact carrying the source and date it was retrieved from.

It can NOT tell you who owns or controls a company. Directors, shareholders, and beneficial ownership are not in any free public register for an ordinary company, full stop. It will not imply otherwise, and it does not replace human due diligence or a full KYB/CDD program. Where a field cannot be determined from a free source, the response says so, rather than omitting the field and leaving you to assume it was checked.

Why honest framing is better for you

A false "cleared" is a liability you carry, not a service you received. If an entity you screened as "passed" later turns up on a sanctions list, "the API said cleared" is not a defence, for you or for the API. "Here is exactly what we checked, against which register, as of when, and what still needs review" is defensible, because it is true and it is complete.

That is why every field returned carries provenance: a source and a date. Not as a compliance afterthought, but because provenance is the only thing that turns a lookup into evidence. When two sources disagree because one updated before the other, the discrepancy is flagged instead of quietly picking a winner.

Screen honestly

If you are screening businesses or individuals against sanctions and banned registers, use a tool that tells you what it actually found, and what it did not check. Read more about how the screening endpoint works on the sanctions screening API page.

Get a free sandbox key