Self-hosting the OpenSanctions API

The OpenSanctions API server is based on an open source software package. By installing that software on your own infrastructure, you can control scaling, save costs and protect your customers' privacy.

The idea is simple: in addition to offering the hosted OpenSanctions API, we've made it easy to run the system by yourself. The API server application, yente, is simple to install and will update itself with the latest OpenSanctions data in regular intervals.

What are the benefits of self-hosting?

  • Self-hosting the API means none of your customer data is shared with others. Instead of submitting a list of vetting targets to us, your data remains fully within your control.
  • You can import additional entity lists that the API should check against, for example if your organization has an in-house blocking list, or you need to cross-check specific datasets not included in OpenSanctions in order to meet regulatory requirements.
  • All you need is a bulk data license. Since the API software is an open source package, we won't charge you to run it.
  • It's fast and scalable. Need to check a few million names? No problem: using your own hardware, you won't face any query volume limitations. And of course, no API is faster than the one that sits on the same server as the application that uses it.
  • You don't need to declare OpenSanctions as a data processor for your customer data under the terms of the GDPR.

How do I get started?

We recommend you take the following steps:

  1. Evaluate the deployment of opensanctions/yente inside your infrastructure (guide). The service will automatically import OpenSanctions data unless configured otherwise.
  2. Try out the service by building a simple API client (Tutorial: Using the matching API to do KYC-style checks)
  3. Acquire a bulk data license so that you're legally entitled to use the OpenSanctions dataset.
  4. Scale up: you can run as many instances of the API as you choose, and handle as many screening requests as you wish.

What are the server requirements?

The OpenSanctions API software, yente, ships as a set of two Docker containers (the application itself, and an ElasticSearch search index). Docker containers are easy to run across different platforms (Linux, Mac, Windows) and computing environments (e.g. Amazon AWS, Google Compute or Microsoft Azure). While we suggest running a simple setup based on docker-compose as a starting point, the software also works well on Kubernetes.

Hardware specifications: 4GB RAM, 1vCPU, 4GB hard drive. For improved performance, consider allocating 8GB RAM and housing the search index on an SSD-backed disk.

How often does the on-prem service update with new data?

By default, the service will check for updated data every 30 minutes and download OpenSanctions bulk data whenever a new release is found. Releases are published at least once a day, but usually several times each day.

What support is available with the application?

While the OpenSanctions team will have no visibility into your self-hosted service, we are happy to offer consultation services to discuss the use of the software and work out a deployment strategy for your use case.

Got more questions? Join the Slack chat to ask questions and get support. You can also book an hour of consulting time to discuss technical questions with the team.