Sterling Screenings API

Initiate and manage background screenings (orders). Submit a screening for a candidate against a package, list and retrieve screenings, cancel a screening, and schedule recurring / continuous screenings that proactively monitor a candidate's status over time. POST /screenings is confirmed in the docs; list, retrieve, cancel, and recurring operations are honestly modeled on the documented order lifecycle.

OpenAPI Specification

sterling-check-openapi.yml Raw ↑
openapi: 3.0.3
info:
  title: Sterling API
  description: >-
    The Sterling API integrates background and identity screening into your
    platform and manages the process end to end. It is a RESTful, OAuth2-secured
    API: you exchange a Client ID and Client Secret for an access token, then
    create candidates, look up the screening packages available to your account,
    initiate screenings (orders), invite candidates by email or hosted link,
    retrieve results/reports (PDF or HTML), and receive real-time status updates
    via webhook callbacks.


    ACCESS IS GATED. Credentials are provisioned per screening region (US, EMEA,
    Canada, or APAC) by request through Sterling; there is a separate set of
    credentials for the sandbox/integration environment and for production.


    GROUNDING AND MODELING NOTE: The documented, confirmed operations are the
    OAuth token exchange, GET /packages, POST /candidates, POST /screenings
    (including the invite object and the callbackUri for webhooks), and the
    availability of results/reports with per-item statuses. The remaining
    operations in this document (list/retrieve/cancel screenings, retrieve/update
    candidates, retrieve a package, report retrieval paths, recurring screening
    management, and standalone webhook subscription management) are HONESTLY
    MODELED on Sterling's documented order lifecycle and are marked in each
    operation description with "[MODELED]". The API request host is also modeled:
    exact hosts are provisioned with your credentials. The OAuth host
    auth.sterlingcheck.app and the documentation host apidocs.sterlingcheck.app
    are confirmed; api.sterlingcheck.app is a representative modeled base.


    Sterling is a First Advantage company (First Advantage completed its $2.2B
    acquisition of Sterling Check Corp on October 31, 2024).
  version: '2.0'
  contact:
    name: Sterling (a First Advantage company)
    url: https://www.sterlingcheck.com/services/api/
  x-documentation: https://apidocs.sterlingcheck.app/
  x-developer-portal: https://developer.sterlingcheck.app/
  x-acquisition: First Advantage completed acquisition of Sterling Check Corp on 2024-10-31 ($2.2B).
servers:
  - url: https://api.sterlingcheck.app/v2
    description: Production (MODELED representative host - exact host provisioned with production credentials)
  - url: https://api-sandbox.sterlingcheck.app/v2
    description: Sandbox / Integration (MODELED representative host - exact host provisioned with sandbox credentials)
security:
  - oAuth2ClientCredentials: []
  - bearerAuth: []
tags:
  - name: Authentication
    description: OAuth2 token exchange using your Client ID and Client Secret.
  - name: Packages
    description: Screening packages (groups of screening products) available to your account.
  - name: Candidates
    description: Candidate (subject) records that screenings are run against.
  - name: Screenings
    description: Screening orders and their lifecycle, including recurring/continuous screening.
  - name: Invites
    description: Candidate invitations to complete consent and data collection.
  - name: Reports
    description: Results of completed screenings, with per-item statuses (PDF or HTML).
  - name: Webhooks
    description: Real-time screening status callbacks.
paths:
  /oauth/token:
    servers:
      - url: https://auth.sterlingcheck.app
        description: OAuth token host (CONFIRMED domain)
    post:
      operationId: createAccessToken
      tags:
        - Authentication
      summary: Exchange Client ID and Client Secret for an access token
      description: >-
        [CONFIRMED] Send your Client ID and Client Secret to obtain an OAuth2
        access token. The response contains an access token used as a Bearer
        token on all subsequent requests. Credentials are region-scoped (US,
        EMEA, Canada, APAC) and differ between sandbox and production.
      security: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - client_id
                - client_secret
                - grant_type
              properties:
                client_id:
                  type: string
                client_secret:
                  type: string
                grant_type:
                  type: string
                  enum: [client_credentials]
                  default: client_credentials
      responses:
        '200':
          description: An access token.
          content:
            application/json:
              schema:
                type: object
                properties:
                  access_token:
                    type: string
                  token_type:
                    type: string
                    example: Bearer
                  expires_in:
                    type: integer
                    example: 3600
        '401':
          $ref: '#/components/responses/Unauthorized'
  /packages:
    get:
      operationId: listPackages
      tags:
        - Packages
      summary: List available screening packages
      description: >-
        [CONFIRMED] Retrieve a list of the packages available to your account. A
        package is a group of screening products. Each package specifies which
        fields are required on a candidate record in order to process the
        associated screening.
      responses:
        '200':
          description: A list of packages.
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/Package'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /packages/{packageId}:
    get:
      operationId: getPackage
      tags:
        - Packages
      summary: Retrieve a package
      description: >-
        [MODELED] Retrieve a single package by ID, including the screening
        products it contains and the candidate fields it requires.
      parameters:
        - $ref: '#/components/parameters/PackageId'
      responses:
        '200':
          description: A package.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Package'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /candidates:
    post:
      operationId: createCandidate
      tags:
        - Candidates
      summary: Create a candidate
      description: >-
        [CONFIRMED] Create a candidate (the subject of a screening). Minimum
        fields are first name, last name, email, and clientReferenceId.
        Additional PII (date of birth, address history, government IDs, etc.) may
        be required depending on the package the candidate will be screened with.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CandidateCreate'
      responses:
        '201':
          description: The created candidate.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Candidate'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /candidates/{candidateId}:
    get:
      operationId: getCandidate
      tags:
        - Candidates
      summary: Retrieve a candidate
      description: '[MODELED] Retrieve a candidate record by ID.'
      parameters:
        - $ref: '#/components/parameters/CandidateId'
      responses:
        '200':
          description: A candidate.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Candidate'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    patch:
      operationId: updateCandidate
      tags:
        - Candidates
      summary: Update a candidate
      description: >-
        [MODELED] Update mutable fields on a candidate record before a screening
        is submitted.
      parameters:
        - $ref: '#/components/parameters/CandidateId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CandidateCreate'
      responses:
        '200':
          description: The updated candidate.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Candidate'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /screenings:
    get:
      operationId: listScreenings
      tags:
        - Screenings
      summary: List screenings
      description: '[MODELED] List the screenings (orders) in your account, filterable by status.'
      parameters:
        - name: status
          in: query
          required: false
          schema:
            $ref: '#/components/schemas/ScreeningStatus'
        - name: limit
          in: query
          required: false
          schema:
            type: integer
            default: 25
        - name: offset
          in: query
          required: false
          schema:
            type: integer
            default: 0
      responses:
        '200':
          description: A list of screenings.
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/Screening'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createScreening
      tags:
        - Screenings
      summary: Initiate a screening
      description: >-
        [CONFIRMED] Initiate a background screening (order) for a candidate
        against a package. Three initiation workflows are supported via the
        invite object: set invite.method to "email" so Sterling emails the
        candidate an invite; set invite.method to "link" to receive a hosted form
        URL in the response for embedding in your own flow; or omit the invite to
        initiate directly when candidate data is already complete. Provide a
        callbackUri to receive real-time webhook status updates. Set the recurring
        object to schedule continuous/recurring screening.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ScreeningCreate'
      responses:
        '201':
          description: The created screening. If invite.method is "link", the response includes the hosted form URL.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Screening'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /screenings/{screeningId}:
    get:
      operationId: getScreening
      tags:
        - Screenings
      summary: Retrieve a screening
      description: >-
        [MODELED] Retrieve a screening (order) by ID, including its current
        status and rolled-up report item statuses.
      parameters:
        - $ref: '#/components/parameters/ScreeningId'
      responses:
        '200':
          description: A screening.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Screening'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /screenings/{screeningId}/cancel:
    post:
      operationId: cancelScreening
      tags:
        - Screenings
      summary: Cancel a screening
      description: '[MODELED] Cancel an in-progress screening where allowed by product and compliance rules.'
      parameters:
        - $ref: '#/components/parameters/ScreeningId'
      responses:
        '200':
          description: The cancelled screening.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Screening'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /screenings/{screeningId}/invite:
    post:
      operationId: resendInvite
      tags:
        - Invites
      summary: Resend or retrieve a screening invite
      description: >-
        [MODELED] Resend the candidate invitation email, or retrieve the hosted
        invite/form link for a screening that was created with invite.method set
        to "link".
      parameters:
        - $ref: '#/components/parameters/ScreeningId'
      responses:
        '200':
          description: The invite details, including the hosted form URL.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Invite'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /screenings/{screeningId}/report:
    get:
      operationId: getScreeningReport
      tags:
        - Reports
      summary: Retrieve a screening report
      description: >-
        [MODELED path, CONFIRMED concept] Retrieve the report/results for a
        completed screening. A screening rolls up multiple report items, each
        with its own status. Request PDF or HTML via the Accept header (the docs
        state reports are available in PDF or HTML formats).
      parameters:
        - $ref: '#/components/parameters/ScreeningId'
        - name: Accept
          in: header
          required: false
          schema:
            type: string
            enum:
              - application/json
              - application/pdf
              - text/html
            default: application/json
      responses:
        '200':
          description: The screening report.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Report'
            application/pdf:
              schema:
                type: string
                format: binary
            text/html:
              schema:
                type: string
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /webhooks:
    get:
      operationId: listWebhooks
      tags:
        - Webhooks
      summary: List webhook subscriptions
      description: >-
        [MODELED] List account-level webhook subscriptions. The confirmed
        mechanism is the per-screening callbackUri on POST /screenings; an
        account-level subscription surface is modeled here.
      responses:
        '200':
          description: A list of webhook subscriptions.
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/WebhookSubscription'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createWebhook
      tags:
        - Webhooks
      summary: Create a webhook subscription
      description: '[MODELED] Register an account-level callback URL to receive screening status events.'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WebhookSubscriptionCreate'
      responses:
        '201':
          description: The created webhook subscription.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookSubscription'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /webhooks/{webhookId}:
    delete:
      operationId: deleteWebhook
      tags:
        - Webhooks
      summary: Delete a webhook subscription
      description: '[MODELED] Delete an account-level webhook subscription.'
      parameters:
        - name: webhookId
          in: path
          required: true
          schema:
            type: string
      responses:
        '204':
          description: Deleted.
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  securitySchemes:
    oAuth2ClientCredentials:
      type: oauth2
      description: OAuth2 client credentials grant using your Client ID and Client Secret.
      flows:
        clientCredentials:
          tokenUrl: https://auth.sterlingcheck.app/oauth/token
          scopes: {}
    bearerAuth:
      type: http
      scheme: bearer
      description: The access token returned from the OAuth token exchange, sent as a Bearer token.
  parameters:
    PackageId:
      name: packageId
      in: path
      required: true
      schema:
        type: string
    CandidateId:
      name: candidateId
      in: path
      required: true
      schema:
        type: string
    ScreeningId:
      name: screeningId
      in: path
      required: true
      schema:
        type: string
  responses:
    BadRequest:
      description: The request was malformed or missing required fields.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing or invalid access token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: The requested resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Package:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        description:
          type: string
        screeningProducts:
          type: array
          items:
            type: string
          description: The screening products grouped into this package (e.g., criminal, employment verification, drug test).
        requiredCandidateFields:
          type: array
          items:
            type: string
          description: Candidate fields required to process a screening with this package.
    CandidateCreate:
      type: object
      required:
        - firstName
        - lastName
        - email
        - clientReferenceId
      properties:
        firstName:
          type: string
        lastName:
          type: string
        middleName:
          type: string
        email:
          type: string
          format: email
        clientReferenceId:
          type: string
          description: Your own reference identifier for the candidate.
        phone:
          type: string
        dateOfBirth:
          type: string
          format: date
        addresses:
          type: array
          items:
            $ref: '#/components/schemas/Address'
    Candidate:
      allOf:
        - $ref: '#/components/schemas/CandidateCreate'
        - type: object
          properties:
            id:
              type: string
            createdAt:
              type: string
              format: date-time
    Address:
      type: object
      properties:
        line1:
          type: string
        line2:
          type: string
        city:
          type: string
        region:
          type: string
        postalCode:
          type: string
        country:
          type: string
    ScreeningCreate:
      type: object
      required:
        - candidateId
        - packageId
      properties:
        candidateId:
          type: string
        packageId:
          type: string
        clientReferenceId:
          type: string
        callbackUri:
          type: string
          format: uri
          description: URL Sterling posts real-time status-change webhook events to.
        invite:
          $ref: '#/components/schemas/InviteRequest'
        recurring:
          $ref: '#/components/schemas/RecurringConfig'
    InviteRequest:
      type: object
      properties:
        method:
          type: string
          enum: [email, link]
          description: >-
            "email" sends the candidate an invitation email; "link" returns a
            hosted form URL in the response for you to embed.
    RecurringConfig:
      type: object
      description: '[MODELED] Configure continuous/recurring screening to monitor a candidate over time.'
      properties:
        enabled:
          type: boolean
        interval:
          type: string
          enum: [monthly, quarterly, annually]
    Screening:
      type: object
      properties:
        id:
          type: string
        candidateId:
          type: string
        packageId:
          type: string
        clientReferenceId:
          type: string
        status:
          $ref: '#/components/schemas/ScreeningStatus'
        inviteUrl:
          type: string
          format: uri
          description: Present when invite.method was "link".
        callbackUri:
          type: string
          format: uri
        reportItems:
          type: array
          items:
            $ref: '#/components/schemas/ReportItem'
        createdAt:
          type: string
          format: date-time
        completedAt:
          type: string
          format: date-time
    ScreeningStatus:
      type: string
      description: Rolled-up screening status. Individual report items carry their own statuses.
      enum:
        - pending
        - awaiting_candidate
        - in_progress
        - completed
        - cancelled
        - review
    Invite:
      type: object
      properties:
        screeningId:
          type: string
        method:
          type: string
          enum: [email, link]
        url:
          type: string
          format: uri
        sentAt:
          type: string
          format: date-time
    Report:
      type: object
      properties:
        screeningId:
          type: string
        status:
          $ref: '#/components/schemas/ScreeningStatus'
        items:
          type: array
          items:
            $ref: '#/components/schemas/ReportItem'
        completedAt:
          type: string
          format: date-time
    ReportItem:
      type: object
      description: An individual product result within a screening report, each with its own status.
      properties:
        product:
          type: string
        status:
          type: string
          description: Common report item status values (e.g., pending, clear, consider, review).
        summary:
          type: string
    WebhookSubscription:
      type: object
      properties:
        id:
          type: string
        callbackUri:
          type: string
          format: uri
        events:
          type: array
          items:
            type: string
        active:
          type: boolean
    WebhookSubscriptionCreate:
      type: object
      required:
        - callbackUri
      properties:
        callbackUri:
          type: string
          format: uri
        events:
          type: array
          items:
            type: string
    Error:
      type: object
      properties:
        code:
          type: string
        message:
          type: string