Cobalt Intelligence
Business Verification Agent: Help Guide
1.What this tool does
This tool checks a business against official Secretary of State (SOS) registry data and returns a clear verdict an underwriter can act on: the legal name on file, filing date, registration status, a risk tier, and the concrete next checks to run.
It answers one question: is this entity registered and in standing with the Secretary of State?
Every verdict is Secretary of State registration standing only. It is not KYB, OFAC, TIN, fraud, or credit clearance, and no verdict from this tool should be treated as underwriting approval.
2.Before you start
You need two things:
- An access code from your Cobalt contact. Each code works once and expires 7 days after it was issued.
- Your Cobalt API key. The tool queries SOS data with your key, on your behalf. If you do not have a key yet, ask your Cobalt contact.
Use an up-to-date browser over HTTPS. The page does not work over plain HTTP.
3.Quick start
- Enter your access code. Paste the code from your Cobalt contact and select Continue.
- Add your Cobalt API key. It is held in server memory for this session only and never stored.
- Verify a business. Enter the legal business name and a two-letter state, then select Run live verification. Live lookups can take up to 3 minutes.
4.Step 1: Access code
Type or paste your code into Access code and select Continue.
- A code is single use. It is consumed the first time it opens a session.
- A code expires 7 days after it was issued, used or not.
- If your session ends (30 minutes idle, 8 hours total, or you close it), the used code cannot open a new session. Ask your Cobalt contact for a fresh code.
Code entry is rate limited. After several wrong attempts you will see "Too many attempts. Wait a minute." Wait a minute and try again.
5.Step 2: Your API key
Paste your Cobalt API key into Cobalt API key and select Use this key.
- The key is sent once over HTTPS and kept in server memory only, tied to your session.
- It is never written to disk, logs, cookies, browser storage, or URLs, and it is never shown back on screen.
- The banner "Key active for this session only" stays visible while a key is loaded.
- Select Forget my key at any time to clear it immediately and end the session.
Your key is used solely to query Secretary of State data for the verifications you run in this session. SOS lookups consume your Cobalt plan the same way your own API calls do.
6.Step 3: Run a verification
- Enter the legal business name. Use the registered legal name, not a brand name, for the strongest match. Up to 200 characters.
- Enter the two-letter state. For example ID for Idaho or CA for California: the state where the entity is registered or foreign-qualified.
- Choose the lookup mode. Leave Cache first, live fallback unchecked for a live registry lookup. Check it to try Cobalt's cached SOS record first and fall back to live only when needed; cached results are faster but carry an earlier updated-at date.
- Select Run live verification and wait. Live lookups query the state registry directly and can take up to 3 minutes. Keep the tab open; one verification runs at a time per session.
7.Reading your result
The verdict opens with a plain-language label and a standing tier, followed by the key data points, the status risk interpretation, red flags, and recommended next checks.
Verdict labels
| Label | What it means |
|---|---|
| SOS Active Match | Active SOS standing, high-confidence name match, strong supporting detail. |
| SOS Active, Thin Data | Active standing, but the registry returned little supporting detail. The gaps appear as next checks. |
| SOS Active, Review Gaps | Active standing with adequate but incomplete supporting detail. |
| SOS Active, Confidence Not Supplied | Active standing, but the registry did not return a match-confidence score. |
| SOS Active, DBA Record | The match is an Assumed Business Name (DBA), a name record rather than a legal entity. Confirming the underlying owner is pinned as the first next check. |
| Needs Human Review | Something requires a human: a non-green tier, an unmapped status, a weak match, missing key data, or a lookup error. |
| No SOS Record Found | The lookup completed and found no matching record in that state. Route to manual review; never treat as a pass. |
Standing tiers
| Tier | Meaning |
|---|---|
| green | Can legally transact per SOS standing. Proceed to your standard underwriting. |
| yellow | May have issues, for example suspended or delinquent. Fundable with conditions; needs human judgment. |
| red | Cannot legally transact, for example dissolved or forfeited. Recommend decline or a cure path. |
| review | The raw status is not mapped in the status-risk dataset, or its policy row routes to human review. |
| unknown | The lookup returned no SOS status at all, usually a tool or registry error. |
Match confidence and data completeness
- Match confidence describes name-match quality only: high, medium, low, or not supplied. Medium or low routes the case to human review.
- Data completeness describes how much underwriting-useful detail came back: strong, adequate, thin, or insufficient. Missing supporting fields become next checks; they do not by themselves change the tier.
8.Status risk interpretation
Under the verdict you will find a Status Risk Interpretation section. The tier here is assigned deterministically by Cobalt's statute-verified 50-state status dataset, not by the AI: the exact state and raw status pair is looked up, and the dataset row supplies the fields below.
| Field | What it tells you |
|---|---|
| Status risk tier | The authoritative tier for this state and status pair. |
| Recommended action | What an underwriter should do with this standing today. |
| Verify next | The checks to run next, for example registered agent, officers, OFAC screen. |
| Statute citation | The state statute behind the interpretation, with corrected citations where the original reference has been superseded. |
| Statute source | A deep link to the official statute page. |
| Citation check | Whether the citation has been verified against the official source: pass, fail, or manual check pending. |
| Review status | Where this policy row is in Cobalt's sign-off process. |
Rows marked "Status-risk policy pending human signoff" are statute-grounded but still awaiting final sign-off by Cobalt's risk owner. Treat the tier as provisional until then.
If the registry returns a status string the dataset does not recognize, the case is routed to Needs Human Review automatically. An unrecognized status is never assumed to be good standing.
9.Key handling and privacy
- Your API key lives in server memory only, encrypted at rest in the session store, and is discarded at session end, on Forget my key, or on server restart.
- Sessions end after 30 minutes of inactivity or 8 hours total, whichever comes first.
- Logs never contain keys, access codes, full business names, or verdict contents.
- The optional contact form stores exactly three fields (name, email, company) plus a timestamp in Cobalt's private lead list, only with your consent, and no verification data is attached. Deletion requests: shela@cobaltintelligence.com.
10.Session and usage limits
| Limit | Value |
|---|---|
| Verifications per session per day | 25 |
| Concurrent verifications per session | 1 |
| Verification wall-clock cap | Up to 3 minutes each |
| Session idle timeout | 30 minutes |
| Session absolute limit | 8 hours |
| Access code validity | Single use, 7 days |
The service also has a shared daily capacity. When it is exhausted you will see "Daily capacity reached. Come back tomorrow."
11.Troubleshooting
| Message | What to do |
|---|---|
| That access code is not valid. | Check for typos and paste the full code. Codes are single use and expire after 7 days; if yours was already used or has expired, request a new one from your Cobalt contact. |
| Too many attempts. Wait a minute. | Code entry is rate limited. Wait a minute, then try again. |
| That does not look like a Cobalt API key. | Re-copy the key from where you store it and paste it without surrounding spaces. |
| Cobalt rejected this API key. | The key format was fine but Cobalt's API refused it. Re-copy the exact key from your Cobalt account; if it still fails, the key may be revoked or expired, so contact your Cobalt representative. |
| Session expired. Enter your access code again. | The session hit its idle or absolute limit. Your used code cannot be replayed; request a new code. |
| A verification is already running in this session. | Wait for the current verification to finish; sessions run one at a time. |
| All verification slots are busy. Try again shortly. | The service is at peak load. Wait a moment and retry. |
| Daily verification limit reached for this session. | The 25-per-day session quota is used up. Come back tomorrow or ask your contact about direct API access. |
| Daily capacity reached. Come back tomorrow. | The shared daily capacity is exhausted. Try again tomorrow. |
| Verification service error. Try again or contact us. | Something failed on our side or at the state registry. Retry once; if it persists, contact your Cobalt representative. |
| Needs Human Review with "backend error" red flag | The state registry did not answer. The flag says whether a retry is worthwhile; otherwise verify directly at the state SOS site listed in the verdict. |
12.FAQ
Does a green verdict mean the business is safe to fund?
No. Green means the entity is registered and in standing with the Secretary of State, nothing more. The verdict lists the checks that remain, for example TIN, OFAC, and financials. Your team keeps final underwriting control.
Why does my verdict say Needs Human Review when the status says Active?
Standing is only one input. A moderate name match, missing key data, an unmapped status variant, or a policy row that routes to review will all escalate the case on purpose. The red flags section states the exact reason.
What is a test fixture result?
Results labeled as a Cobalt test fixture came from a deterministic demo dataset, not a live registry lookup. The sources section of every verdict says which one you got.
Can I verify several businesses at once?
Not in this tool; it runs one verification at a time. For batch verification or direct API integration, talk to your Cobalt contact.
Where does the data come from?
Directly from state Secretary of State registries via the Cobalt Intelligence API, with the registry URL and, when available, a source screenshot linked in every verdict.
Who do I contact for help or a new access code?
Your Cobalt Intelligence contact, or use the contact form on the main page and we will reach out to you.