Skip to content
Turbine.cash Docs
Launch App >
API Reference

OFAC API

API endpoint for OFAC compliance

OFAC API

Section titled “OFAC API”

Endpoint for obtaining OFAC compliance signatures.

POST /get_ofac_signature/{network}/{id}

Section titled “POST /get_ofac_signature/{network}/{id}”

Get a cryptographic signature proving OFAC compliance for your wallet.

Request

Section titled “Request”
POST /get_ofac_signature/{network}/{id}

Path Parameters:

ParameterDescription
networkNetwork: “mainnet” or “devnet”
idAuth token

Response

Section titled “Response”

Success (compliant):

"SignatureData..."

Failure (not compliant):

403 Forbidden
"OFAC check failed"

Example

Section titled “Example”
async function getOfacSignature(
  authToken: string,
  network: string = 'mainnet'
): Promise<string> {
  const response = await fetch(
    `https://worker.turbine.cash/get_ofac_signature/${network}/${authToken}`,
    { method: 'POST' }
  );


  if (!response.ok) {
    if (response.status === 403) {
      throw new Error('OFAC compliance check failed');
    }
    throw new Error(`OFAC check error: ${response.status}`);
  }


  return response.json();
}

Using the Signature

Section titled “Using the Signature”

The OFAC signature should be obtained before each withdrawal. It’s typically used in the on-chain instruction to prove compliance.

async function withdrawWithOfac(
  deposit: DepositSecrets,
  recipient: string,
  authToken: string
) {
  // 1. Check OFAC compliance
  try {
    const ofacSig = await getOfacSignature(authToken);
  } catch (e) {
    throw new Error('Your address failed OFAC compliance check');
  }


  // 2. Proceed with withdrawal
  const result = await relay({
    // ... withdrawal params
  });


  return result;
}

Compliance Check Process

Section titled “Compliance Check Process”

What Gets Checked

Section titled “What Gets Checked”

The compliance check verifies the authenticated wallet against:

  • OFAC SDN (Specially Designated Nationals) list
  • Known sanctioned addresses
  • Addresses linked to illicit activity

[PLACEHOLDER: OFAC_SIGNATURE_EXPLANATION]

Errors

Section titled “Errors”
StatusErrorCause
401UnauthorizedInvalid or expired auth token
403OFAC check failedAddress is on sanctions list
500Compliance check errorService unavailable

Caching

Section titled “Caching”

OFAC signatures should NOT be cached long-term:

  • Sanctions lists update frequently
  • Fresh signatures ensure current compliance
  • Get a new signature before each withdrawal