Knogin
[Developers]

Organization Domain

Following the money in a financial crime investigation often means building out a web of shell companies, their directors, and their connections to known criminal entities. The Organization domain provides the profile in

Back to All Modules
Category: Api DomainsLast Updated: Feb 9, 2026
api-domainsai

Overview#

Following the money in a financial crime investigation often means building out a web of shell companies, their directors, and their connections to known criminal entities. The Organization domain provides the profile infrastructure for that work: comprehensive organisation records covering industry classification, personnel, and relationship graphs, all linked to the cases where they appear.

Key Features#

  • Organisation profile creation and management with comprehensive metadata
  • Industry classification across technology, finance, healthcare, manufacturing, energy, and retail
  • Organisation type categorisation: corporation, LLC, partnership, non-profit, government, criminal, and terrorist
  • Personnel tracking for key individuals within organisations
  • Token usage statistics and monitoring for AI service billing
  • Graph-based relationship connections between organisations and other entities
  • Investigation linking to associate organisations with active cases

Use Cases#

Relevant sectors include financial crime investigation, law enforcement, and intelligence agencies.

  • Creating and maintaining profiles for organisations relevant to investigations
  • Classifying organisations by type and industry for analytical filtering
  • Tracking personnel and key individuals within target organisations
  • Monitoring AI token usage and managing capacity across organisational accounts

Integration#

The Organization domain integrates with Profile for base profile functionality, Investigation for case linking, Graph for relationship visualisation, Person for personnel tracking, and Note for annotations.

Open Standards#

  • GraphQL (June 2018 specification): All organisation profile queries and mutations are exposed through a typed GraphQL API, enabling structured querying of profiles, personnel, and relationship graphs by investigation clients.
  • OASIS STIX 2.1: Organisation entities (corporations, shell companies, criminal and terrorist groups) are mapped to the STIX 2.1 identity and threat-actor SDO types, supporting bidirectional exchange with threat intelligence platforms.
  • OASIS TAXII 2.1: The platform's TAXII 2.1 client transports STIX bundles containing organisation objects to and from external threat intelligence feeds and sharing communities.
  • RFC 9562 (UUID version 4): Every organisation profile is assigned a UUID v4 identifier at creation, providing globally unique, collision-resistant record keys across tenants and investigations.
  • ISO 8601: All timestamps on organisation records and audit log entries are serialised as ISO 8601 strings, ensuring unambiguous date and time interchange across system boundaries.
  • OWASP ASVS v4 (V7.1.3): Every state-changing mutation (create, update, delete) on an organisation profile writes a structured audit log row, satisfying the ASVS requirement for tamper-evident logging of security-relevant events.
  • RFC 7519 / RFC 7518 (JSON Web Token / JWS, RS256): All GraphQL resolvers in this domain are gated by an IsAuthenticated permission class that validates a caller-supplied JWT signed with RS256, verified against a JWKS endpoint.

Last Reviewed: 2026-02-09 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.