Base URL
/v1. The MCP server is at /mcp (not under /v1).
Authentication
Every REST request requires a bearer token in theAuthorization header:
auo_sk_test_... for sandbox fixtures (free, no quota consumed). Use
auo_sk_live_... for real government data. See Authentication for
the full guide including key rotation and webhook signature verification.
Response conventions
Provenance on every field
Every substantive field in a/resolve response is wrapped in a provenance object:
value: the field value (may benullif the source has no record).source: the register that produced this value (e.g.ABR,ASIC-Companies,ACNC,GLEIF).as_of: when the source was last read (ISO 8601 with timezone). Present where the source provides a date; omitted otherwise.
Inter-source conflicts
When two sources disagree on the same field (due to cadence skew between registers), the response flags the conflict rather than silently picking one value. The conflict is visible in the response so you can decide how to handle it.Empty candidates is not an error
A query that finds no matching entity returns a clean200 with an empty candidates
array. Only an upstream source outage returns a 502. See Error handling
for the full error reference.
Error envelope
All errors use the same shape:Pagination
List endpoints use a cursor-based pagination pattern:GET /v1/watch: returns all active subscriptions for the account. No cursor required for typical account sizes.GET /v1/entity/:id/changes: accepts asincequery parameter (ISO 8601 timestamp, exclusive) to page through events. Returns events created after the cursor, in ascending order.
Rate limits
Rate limiting applies per account. If you exceed the limit, the API returns a429
with type: "rate_limited". Back off and retry. The soft-cap overage policy (plan
allowance exceeded) does not block requests. See Pricing for the allowance
model.
Endpoints
Resolve
POST /v1/resolveTurn an ABN, ACN, or name into a canonical entity joined across all sources, with
provenance on every field and enrichment blocks for charity, licensing, and screening.Screen
POST /v1/screenCheck a name or identifier against the DFAT sanctions consolidated list and ASIC
banned-persons and organisations registers. Returns review, no_match, or
unavailable. Never pass or fail.Validate
GET /v1/validate/{identifier}Check the format and check digit of an ABN or ACN. Does not hit the ABR or any
live source. Fast, always available.Watch
POST /v1/watch, GET /v1/watch, GET /v1/watch/:id, PATCH /v1/watch/:id,
DELETE /v1/watch/:id, POST /v1/watch/:id/rollCreate and manage watch subscriptions. AUO posts a signed webhook to your endpoint
when a monitored entity changes.Changes (polling)
GET /v1/entity/:id/changesPoll for pending, delivered, and failed events for a watched entity. Useful when
your webhook endpoint is temporarily unavailable.MCP
The MCP server at/mcp exposes 6 read-only tools that call the same core functions
as the REST endpoints. See MCP guide for connection instructions and
the tool list.