Introduction
OKLink Onchain AML APIs comprise a comprehensive suite of blockchain and crypto compliance tools, assisting law enforcement to monitor transactions and ensure compliance with regulatory AML/CFT requirements.
At the core of our Onchain AML solutions is the utilization of the industry's largest and most reputable address label database. This extensive database encompasses hundreds of categories, each meticulously linked to tens of thousands of entities. Our dedicated in-house security and forensic experts, 24/7 OSINT research and scanning, alongside adept AI engines and extensive customer and partner networks, collectively contribute to the high curation standards of this database.
The OKLink Onchain AML APIs, designed in accordance with OpenAPI specifications, provide a set of Restful API products. These APIs equip you with real-time risk detection capabilities, enabling scrutiny of crypto transactions, wallet addresses, and crypto tokens with precision and efficiency.
Know Your Transaction (KYT) API Fully automated real-time crypto transaction monitoring that traces funds across blockchains and assets with a customizable risk rules engine across 130+ blockchains
Know Your Address (KYA) API Enhanced due-diligence and crypto wallet screening in real-time to protect your business from financial crimes and confidently onboard new customers across 21 major L1/L2 blockchains
Webhook API Webhooks are used to subscribe to KYT and KYA risk alert pushes, and you can add a Webhook URL to receive real-time alerts and continuous monitoring alerts from the AML service
Quickstart Guide
Getting Started
Please contact your support representative to obtain the API key to access Onchain AML APIs.
Authentication and Invocation Example
Your API key is the unique identifier used for accessing Onchain AML API endpoints. All endpoints require API key authentication for access.
Root URL for API:
- https://www.oklink.com/
How to use API Key:
- For each API request, you need to add your API key in the Http Request Headers ("Ok-Access-Key", followed by your API key).
Example of API interface invocation:
- We provide example code snippets in different programming languages, including cURL, Python, JavaScript - jQuery, Go, Java - OkHttp, PHP, and Rust to help you quickly get started.
cURL
curl -X GET 'https://www.oklink.com/api/v5/tracker/kyt/chain-list' \
--header 'Ok-Access-Key:followed by your API key' \
--header 'Content-type: application/json'
Python
import requests
url = "https://www.oklink.com/api/v5/tracker/kyt/transfers-info?txid=0x4e9939db7cabf8cad10206478638a58afc85cbf29dc76342570fefbccd1deaf1&network=ETH&outputAddress=0x75ff2d554afe3f9631bcbcd28d24cffc8dd27642&tokenContractAddress=0x7714f320adca62b149df2579361afec729c5fe6a"
payload = ""
headers = {
# apiKey
'Ok-Access-Key': 'apiKey'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
JavaScript - jQuery
var settings = {
"url": "https://www.oklink.com/api/v5/tracker/kyt/transfers-info?txid=0x4e9939db7cabf8cad10206478638a58afc85cbf29dc76342570fefbccd1deaf1&network=ETH&outputAddress=0x75ff2d554afe3f9631bcbcd28d24cffc8dd27642&tokenContractAddress=0x7714f320adca62b149df2579361afec729c5fe6a",
"method": "GET",
"timeout": 0,
"headers": {
"Accept": "*/*",
"Ok-Access-Key": "apiKey",
},
};
$.ajax(settings).done(function (response) {
console.log(response);
});
Go
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://www.oklink.com/api/v5/tracker/kyt/transfers-info?txid=0x4e9939db7cabf8cad10206478638a58afc85cbf29dc76342570fefbccd1deaf1&network=ETH&outputAddress=0x75ff2d554afe3f9631bcbcd28d24cffc8dd27642&tokenContractAddress=0x7714f320adca62b149df2579361afec729c5fe6a"
method := "GET"
apiKey := "apiKey"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Ok-Access-Key", apiKey)
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
Java - OkHttp
package com.oklink.demo;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import java.io.IOException;
public class JavaDemo {
public static void main(String[] args) {
try {
String url = "https://www.oklink.com/api/v5/tracker/kyt/transfers-info?txid=0x4e9939db7cabf8cad10206478638a58afc85cbf29dc76342570fefbccd1deaf1&network=ETH&outputAddress=0x75ff2d554afe3f9631bcbcd28d24cffc8dd27642&tokenContractAddress=0x7714f320adca62b149df2579361afec729c5fe6a";
String apiKey = "apiKey";
OkHttpClient client = new OkHttpClient.Builder().build();
Request request = new Request.Builder()
.url(url)
.addHeader("Ok-Access-Key", apiKey)
.build();
Response response = client.newCall(request).execute();
System.out.println(response.body().string());
}catch (IOException e){
e.printStackTrace();
}
}
}
PHP
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.oklink.com/api/v5/tracker/kyt/transfers-info?txid=0x4e9939db7cabf8cad10206478638a58afc85cbf29dc76342570fefbccd1deaf1&network=ETH&outputAddress=0x75ff2d554afe3f9631bcbcd28d24cffc8dd27642&tokenContractAddress=0x7714f320adca62b149df2579361afec729c5fe6a');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
$headers = array();
$headers[] = 'Ok-Access-Key: apiKey';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);
Rust
extern crate reqwest;
use reqwest::header;
fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut headers = header::HeaderMap::new();
headers.insert("Ok-Access-Key", "apiKey".parse().unwrap());
let res = reqwest::Client::new()
.get("https://www.oklink.com/api/v5/tracker/kyt/transfers-info?txid=0x4e9939db7cabf8cad10206478638a58afc85cbf29dc76342570fefbccd1deaf1&network=ETH&outputAddress=0x75ff2d554afe3f9631bcbcd28d24cffc8dd27642&tokenContractAddress=0x7714f320adca62b149df2579361afec729c5fe6a")
.headers(headers)
.send()?
.text()?;
println!("{}", res);
Ok(())
}
Rate Limit
We have implemented rate limits on API calls to prevent overloading.
Support
FAQ
What is the difference between KYT and KYA?
- KYT (Know Your Transaction) is a crypto transaction monitoring product. Leveraging OKLink's extensive address label & entity database, it establishes a connection between addresses and real world events and entities, monitors the risks of deposit and withdrawal transactions, identifies malicious addresses, and generates alerts with continuous monitoring to meet the compliance and risk control needs of Virtual Asset Service Providers (VASPs)
- KYA (Know Your Address) is a blockchain risk detection tool for addresses. It meets VASP platform compliance, providing real-time risk detection and lifecycle monitoring. KYA facilitates preliminary risk screening before trading, enabling businesses to take targeted actions based on blockchain address risk characteristics
How many blockchain networks do KYT and KYA support?
- KYT currently supports 139 chains with more on the way. For more details, please refer to the Get supported crypto network API call request
- KYA currently supports 23 chains with more on the way. For more details, please refer to the Get supported crypto network API call request
What are the available label categories in OKLInk Onchain AML solutions?
- Some example label categories include sanctioned jurisdiction, sanctioned entity, terrorist financing, child exploitation, crypto mixer, blockchain bridge, darknet, gambling, hack, stolen funds, phishing, ransomware, scam, exchange, DEX, mining pool, OTC, crypto ATM and much more
How risk level is determined for KYT & KYA alerts?
- The risk level of KYT is determined by the type of labels, associated types, direction, risk fund ratio, and transaction thresholds
- The custom risk configuration mode of KYA is determined by the mapping of risk configuration labels
- The OKLink KYA risk configuration mode facilitates comprehensive risk scanning across five dimensions: suspicious transactions, blocklist addresses, blocklist associated addresses, high-risk identities, and entity risks
- We consider blocklist address risk as extremely high risk, resulting in a direct judgment of 0 points for addresses identified with our blocklist database
- In contrast, other risk dimensions are quantitative, with scores determined by weighing the base score and risk weight
- The cumulative scores from all dimensions collectively contribute to the calculation of the overall address health score, providing a nuanced and robust assessment of risk
How can I more effectively use OKLink Onchain AML solutions since there are both APIs and SaaS platforms?
- To ensure the timeliness and completeness of your AML process, it is recommended that you integrate the AML into your compliance system through API to allow you to automatically take corresponding risk control measures according to your business's compliance logic
- The SaaS platform provides comprehensive visual data display and statistics, allowing you to review the comprehensive information of your AML system regularly
Error Codes
The server will promptly issue HTTP status and error codes in response to a user's request, signaling any encountered issues during the request to the server. Kindly refer to the table below to further understand the codes that indicate success or failure of an API call
Response Example
json { "code": "50038", "msg": "This chain does not currently support.", "data": [] }
General
| Error Message | HTTP Status Code | Error Code |
|---|---|---|
| Succeeded. | 200 | 0 |
| Body can not be empty. | 400 | 50000 |
| Service temporarily unavailable, please try again later. | 503 | 50001 |
| Json data format error. | 400 | 50002 |
| Invalid Content_Type, please use "application/json" format. | 400 | 50006 |
| Requests too frequent. | 429 | 50011 |
| System is busy, please try again later. | 200 | 50013 |
| Parameter {0} can not be empty. | 400 | 50014 |
| System error. | 500 | 50026 |
| No permission to use this API. | 403 | 50030 |
| Parameter %s error. | 200 | 50036 |
| Token does not exist. | 200 | 50037 |
| This endpoint requires that APIKey must be bound to IP. | 200 | 50038 |
| This alert has no history of processing. | 200 | 50039 |
| No data is displayed for this block height. | 200 | 50040 |
| The historical balance of this token is not currently supported. | 200 | 50041 |
| This token protocol type does not support scanning. | 200 | 50042 |
| Your account behavior triggered risk control, and the API function has been frozen. Please contact us by email [email protected] |
200 | 50043 |
| Data already exists. | 200 | 50044 |
| Client operation error. | 400 | 50045 |
API Class
| Error Message | HTTP Status Code | Error Code |
|---|---|---|
| API frozen, please contact customer service. | 400 | 50100 |
| Request header "OK_ACCESS_KEY" can not be empty. | 401 | 50103 |
| Invalid OK_ACCESS_KEY. | 401 | 50111 |
| Invalid request method. | 405 | 50115 |
| Exceeds the range of historical data queries. | 405 | 50117 |
Trade Class
| Error Message | HTTP Status code | Error Code |
|---|---|---|
| Parameter {0} error. | 200 | 51000 |
| The outputAddress you filled in was not found in this transaction. | 200 | 51001 |
| The outputAddress specified by this index does not exist in this transaction. | 200 | 51002 |
| Detail information with this transaction hash has not been found on the blockchain network, and risk status is pending for this transaction. | 400 | 51003 |
| The WebhookURL you added is not accessible, reset your WebhookURL. | 200 | 52000 |
| Webhook Url does not exist | 200 | 51001 |
| Webhook Url already exists | 200 | 51002 |
Contact Us
If you have any questions regarding the OKLink Onchain AML APIs, you can contact us through the following ways:
- Official Email: [email protected]
- Telegram: https://t.me/OKLinkAPI
Know Your Transaction(KYT)
KYT API Quickstart
The Onchain AML KYT API (Know Your Transaction) is an automated crypto asset transaction monitoring and compliance solution. The KYT API provides real-time risk screening and compliance insights for your customer's deposit and withdrawal activities with continuous risk monitoring and alerts.
The Onchain AML KYT API is a set of Restful APIs that meet OpenAPI specifications allowing you to:
- Monitor transaction risks in the deposit and withdrawal process, identify malicious addresses and generate risk alerts
- Continuously monitor historical transactions for updated risk assessments
- Build a comprehensive address identity profile for your compliance needs
- Supported by a massive database with billions of address labels
- Retrieve additional information the KYT UI does not provide on its own
KYT API Supported Chains
KYT currently supports 139 chains and is expanding. You can query the list of supported chains through the Supported network List API.
If the chain you need to integrate with is not on the list, please contact us at [email protected], and we will follow up and evaluate it.
KYT API Workflows
The Onchain AML KYT API provides the following 3 workflow integrations.
- Crediting a user's funds upon deposit
- Processing a user's withdrawal attempt
- Retrieving alerts for transaction monitoring
1、Receiving a user's funds upon deposit
Before depositing user assets into their accounts, integrate this workflow to conduct real-time risk screening for deposit transactions.
Call the Transaction Risk Detection API (GET /api/v5/tracker/kyt/transfers/transfers-alerts) to obtain the risk level of the transaction.
- The API will directly return the risk level of the transaction within 100ms.
- If the transaction is deemed risky, the KYT system will generate an alert based on your custom risk configuration. You will receive an alert ID, which allows you to manage the status of the alert.
- The API will directly return the risk level of the transaction within 100ms.
Based on the review by your compliance personnel, call the Alert Management API (POST /api/v5/tracker/kyt/update-alert-status) to update the status of the alert and add any necessary remarks.
View other details
- Visit GET/api/v5/tracker/kyt/transfers-info interface to get more details about the transaction.
- Visit GET/api/v5/tracker/kyt/transfers/exposures interface to get label information for the transaction.
2、Processing a user's withdrawal attempt
Before users withdraw their funds, your service can use the KYT API to pre-screen the risk of the destination addresses. If there are risks associated with the customer's destination address, measures can be taken before the actual transfer to prevent your customers from depositing or withdrawing funds with risky addresses.
Call the withdrawal risk pre-check API (GET /api/v5/tracker/kyt/transfers/withdrawal-attempts-alerts) to retrieve the risk level of the address.
- The API will directly return the risk level of the transaction within 100ms.
- If the address poses a risk, the KYT system will generate an alert based on your custom risk configuration, and you will receive an alert ID. You can manage the status of the alert.
- The API will directly return the risk level of the transaction within 100ms.
Based on the review by your compliance personnel, call the alert management API (POST /api/v5/tracker/kyt/update-alert-status) to update the status of the alert and add any necessary remarks.
Other interfaces
Access the /api/v5/tracker/kyt/transfers/exposures interface to get the label information for this transaction
3、Continuous monitoring
KYT system automatically monitors users' transaction information within the past month to detect any updated risk information for previously checked transactions/addresses. Once new risk information is detected, an alert will be generated based on the alert rules you have set.
- Call the API interface to retrieve all alerts (GET /api/v5/tracker/kyt/alerts) and obtain the latest alerts in your KYT system.
- The API will directly return the risk level of the transaction within 100ms.
- Provide the "produceAlertType" parameter. If it is "initiative", it means that the alert is generated by the current proactive risk detection. If it is "continuous", it means that the alert is generated by the continuous monitoring feature.
- The API will directly return the risk level of the transaction within 100ms.
KYT API
Get supported crypto network
This endpoint retrieves the list of chains supported by OKLink KYT.
HTTP Request
GET /api/v5/tracker/kyt/chain-list
Request Example
GET /api/v5/tracker/kyt/chain-list
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| category | String | No | The category of blockchain network, e.g., mature or emerging |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"chainFullName": "Bitcoin",
"chainShortName": "BTC",
"symbol": "BTC",
"model": "utxo",
"category": "mature",
"network": "BTC",
"chainId": "0"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| chainFullName | String | The full name of the blockchain network, e.g., Bitcoin. |
| chainShortName | String | The abbreviated name of the blockchain network, e.g., BTC. |
| symbol | String | The crypto asset's symbol, e.g., btc. |
| model | String | The type of Chain model, e.g., utxo, account and etc. |
| category | String | The category of blockchain network, e.g., mature or emerging. |
| network | String | The blockchain network the transfer occured on, use our chainList interface to retrieve the list of supported blockchains and appropriate values |
| chainId | String | The ID of the blockchain network |
Get transaction details
This endpoint retrieves transaction details through transaction hash.
HTTP Request
GET /api/v5/tracker/kyt/transfers-info
Request Example
GET /api/v5/tracker/kyt/transfers-info?userId=12&txid=0x1ccba96343bd1e6aad3668203d20b75e73022179b9d505721e00b66d21c91ae6&network=eth&outputAddress=0x043827a6dcfffb7fe21953d3bad32a1c74bb73bf
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network the transfer occured on, see our table above for the supported list and appropriate values |
| tokenContractAddress | String | No | The token contract address (cannot be empty when inquiring about token transaction) |
| txid | String | Yes | The transaction hash for this transaction |
| outputAddress | String | Yes | The destination address for funds within the transaction |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"userId": "TronTest",
"chainFullName": "TRON",
"network": "TRON",
"token": "TRX",
"tokenContractAddress": "",
"txid": "9eef7ca0168332654b4392b61f55c6208f39f5edd52cdbb9adf150529399e34d",
"outputAddress": "TWd4WrZ9wn84f5x1hZhL4DHvk738ns5jwb",
"inputAddresses": "TZAzpGxSLHoKDEo1PhS18hTvnLSU57w44G",
"usdAmount": "0",
"tokenAmount": "0.000001",
"transactionTime": "1683780423000"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| chainFullName | String | The full name of the blockchain network, e.g., Bitcoin. |
| network | String | The blockchain network the transfer occured on, use our chainList interface to retrieve the list of supported blockchains and appropriate values |
| token | String | The token used for this network transction, e.g., BTC. |
| tokenContractAddress | String | The token contract address (cannot be empty when inquiring about token transaction), returns "" if empty |
| txid | String | The transaction hash for this transaction |
| outputAddress | String | The destination address for funds within the transaction |
| inputAddresses | String | A list of input addresses of the transfer to match network identifications |
| usdAmount | String | The USD amount of cryptocurrency funds used in this transfer |
| tokenAmount | String | The amount of cryptocurrency funds used in this transfer |
| transactionTime | String | The Unix timestamp when the transfer occurred, e.g:1597026383085 |
Get address label details
This endpoint retrieves the label details of a specific address including sanctions, malicious, entity-related, etc.
HTTP Request
GET /api/v5/tracker/kyt/transfers/exposures
Request Example
GET /api/v5/tracker/kyt/transfers/exposures?network=eth&userId=userId1&address=0x5a52E96BAcdaBb82fd05763E25335261B270Efcb&direction=sent
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network the transfer occured on, see our table above for the supported list and appropriate values |
| tokenContractAddress | String | No | The token contract address (cannot be empty when inquiring about token transaction) |
| txid | String | Optional | The transaction hash for this transaction (choose either txid or address for this endpoint) |
| address | String | Optional | The blockchain address for this transaction (choose either txid or address for this endpoint) |
| direction | String | No | This value (case insensitive) defines whether the transfer is sent or received |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "0x5a52e96bacdabb82fd05763e25335261b270efcb",
"entity": [
{
"category": "Exchange",
"value": "Binance"
}
],
"maliciousDirect": [],
"maliciousIndirect": [
{
"category": "Blocked",
"value": ""
},
{
"category": "Sanction",
"value": ""
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | The blockchain address for this call |
| entity | Array | The list of entity labels for this address |
| > category | String | The entity category label |
| > value | String | The detailed information of the entity category label |
| maliciousDirect | Array | The list of malicious labels for this address |
| > category | String | The malicious category label |
| > value | String | The detailed information of the malicious category label |
| maliciousIndirect | Array | The list of suspicious labels for this address |
| > category | String | The suspicious category label |
| > value | String | The detailed information of the suspicious category label |
Get transaction alert
This endpoint retrieves risk alerts through transaction hash when certain transactions have triggered the customized risk rules.
HTTP Request
GET /api/v5/tracker/kyt/transfers/transfers-alerts
Request Example
GET /api/v5/tracker/kyt/transfers/transfers-alerts?userId=63&network=eth&direction=received&address=0x7ff9cfad3877f21d41da833e2f775db0569ee3d9&tokenAmount=1
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| userId | String | Yes | A unique user ID (must be between 1 and 36 characters in length, and allowed characters are -_:a-zA-Z0-9) that is tracked in the KYT API (use the same user ID for a user across all supported asset types to allow KYT to assess user risk based on combined activity) |
| network | String | Yes | The blockchain network the transfer occured on, use our chainList interface to retrieve the list of supported blockchains and appropriate values |
| tokenContractAddress | String | No | The token contract address (cannot be empty when inquiring about token transaction) |
| txid | String | Yes | The transaction hash for this transaction (choose either txid or address for this endpoint) |
| outputAddress | String | Yes | The destination address for funds within the transaction |
| index | String | No | The position of the output address for this is located within the transaction (always at the index of the receiving address), and it is only applicable to the blockchain of the UTXO model |
| direction | String | Yes | This value (case insensitive) defines whether the transfer is sent or received |
| tag | String | No | The reference for your organization that can be added to this call |
| tokenAmount | String | No | The amount of cryptocurrency used in this transfer (required when choosing address as an input parameter) |
| tokenPrice | String | No | The price of the token |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"tag": "test2",
"category": "Darknet",
"value": "",
"alertId": "f72b2ff2706d4ab5945587c7fba36487",
"alertAmount": "16.60490448518",
"alertLevel": "SEVERE",
"exposureType": "direct",
"alertType": "deposit",
"address": "0xca30d700034461a007f51867a505bef7307869102b1b1509c7403adfc4675275"
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| tag | String | The reference for your organization that can be added to this call |
| category | String | The address category label |
| value | String | The detailed information of the label |
| alertId | String | The alert ID for this call |
| alertAmount | String | The USD amount threshold for alert triggers on this type of risk category |
| alertLevel | String | The risk severity of the alert from the following: SEVERE HIGH MEDIUM LOW NONE |
| exposureType | String | The exposure type of the transfer that triggered the alert as direct or indirect. |
| alertType | String | The different types of alerts from the following: deposit withdrawal behavioral |
| address | String | The blockchain address for this transaction |
Get withdrawal attempts alerts
This endpoint retrieves address risk severity through our API by performing preliminary risk screening to withdrawal addresses. If a risk is identified, users can instantly implement precise prevention and control measures.
HTTP Request
GET /api/v5/tracker/kyt/transfers/withdrawal-attempts-alerts
Request Example
GET /api/v5/tracker/kyt/transfers/withdrawal-attempts-alerts?userId=63&network=eth&direction=received&address=0x7ff9cfad3877f21d41da833e2f775db0569ee3d9&tokenAmount=1
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| userId | String | Yes | A unique user ID (must be between 1 and 36 characters in length, and allowed characters are -_:a-zA-Z0-9) that is tracked in the KYT API (use the same user ID for a user across all supported asset types to allow KYT to assess user risk based on combined activity) |
| network | String | Yes | The blockchain network the transfer occured on, see our table above for the supported list and appropriate values |
| tokenContractAddress | String | No | The token contract address (cannot be empty when inquiring about token transaction) |
| address | String | Yes | The blockchain address for this transaction (choose either txid or address for this endpoint) |
| direction | String | Yes | This value (case insensitive) defines whether the transfer is sent or received |
| tag | String | No | The reference for your organization that can be added to this call |
| tokenAmount | String | Yes | The amount of cryptocurrency funds used in this transfer (required when choosing address as an input parameter) |
| tokenPrice | String | Yes | The price of the token |
| time | String | No | The time of the withdrawal attempt |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"tag": "test2",
"category": "Darknet",
"value": "",
"alertId": "f72b2ff2706d4ab5945587c7fba36487",
"alertAmount": "16.60490448518",
"alertLevel": "SEVERE",
"exposureType": "direct",
"alertType": "deposit",
"address": "0xca30d700034461a007f51867a505bef7307869102b1b1509c7403adfc4675275"
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| tag | String | The transfer reference of the transaction |
| category | String | The address category label |
| value | String | The detailed information of the label |
| alertId | String | The alert ID for this call |
| alertAmount | String | The USD amount alert trigger threshold for this type of risk category |
| alertLevel | String | The risk severity of the alert from the following: SEVERE HIGH MEDIUM LOW NONE |
| exposureType | String | The exposure type of the transfer that triggered the alert as direct or indirect. |
| alertType | String | The different types of alerts from the following:deposit withdrawal behavioral |
| address | String | The blockchain address for this transaction |
Get all transaction alerts
This endpoint retrieves information on all alerts that have been raised within your organization.
HTTP Request
GET /api/v5/tracker/kyt/alerts
Request Example
GET /api/v5/tracker/kyt/alerts?limit=2&alertLevel=HIGH
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| userId | String | No | Returns all alerts associated with a specific user ID |
| token | String | No | Returns all alerts associated with a specific token |
| tokenContractAddress | String | No | Returns all alerts associated with a specific token address |
| produceAlertType | String | No | Filters alerts by alert generation method as initiative and continuous. |
| alertLevel | String | No | Filters alerts by risk severity from the following: SEVERE, HIGH, MEDIUM, LOW and NONE. |
| alertType | String | No | Filters alerts by alert types, such as deposit, withdrawal and behavioral. |
| alertStatus | String | No | Filters alerts by alert status from the following: unreviewed, in_review, completed, flagged and dismissed. |
| limit | String | No | Places a limit on the number of returned results |
| page | String | No | Returns all data on a specific page number |
| begin | String | No | Filters alerts by a time period greater than specific Unix timestamp |
| end | String | No | Filters alerts by a time period less than specific Unix timestamp |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"page": "1",
"limit": "1",
"totalPage": "397",
"alertList": [
{
"alertUsdAmount": "0",
"txid": "0xf7e679b1f59312c46034384dd9e5e9f506a8f7a18f210626908caaef654a3ef4",
"exposureType": "indirect",
"alertStatus": "unreviewed",
"alertId": "61ac574e6ee34c7ca789d55b72e8bdbd",
"direction": "received",
"transactionTime": "1652646460000",
"alertLevel": "SEVERE",
"category": "Hack",
"value": "",
"updateTime": "1678696120133",
"userId": "98",
"alertCreatTime": "1678696120133",
"alertType": "deposit",
"produceAlertType": "initiative",
"address": "0x73b359d5da488eb2e97990619976f2f004e9ff7c",
"token": "eth"
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| page | String | The current page number |
| limit | String | The total number of alert results returned |
| totalPage | String | The total number of pages |
| alertList | Array | A list of alerts |
| > alertUsdAmount | String | The transaction value in USD |
| > txid | String | The transaction hash |
| > exposureType | String | The exposure type of the transfer that triggered the alert as direct or indirect. |
| > alertStatus | String | The alert status from the following:unreviewed, in_review, completed, flagged and dismissed. |
| > alertId | String | The alert ID generated by our KYT system |
| > direction | String | This value (case insensitive) defines whether the transfer is sent and received. |
| > transactionTime | String | The time of the blockchain transaction that caused the alert |
| > alertLevel | String | Transaction alert risk severity from the following: SEVERE, HIGH, MEDIUM, LOW and NONE. |
| > category | String | The address category label |
| > value | String | The detailed information of the label |
| > updateTime | String | The Unix timestamp when the alert status was last updated |
| > userId | String | The user ID used to monitor transaction activities |
| > alertCreatTime | String | The time when the alert was created |
| > alertType | String | The type of alert from the following: deposit, withdrawal and behavioral. |
| > produceAlertType | String | The alert generation method, either initiative and continuous. |
| > address | String | The blockchain address for this transaction |
| > token | String | The token used for this network transction, e.g. BTC |
Custom modification of alert status and comments
The compliance team may modify alert status and add remarks through API.
HTTP Request
POST /api/v5/tracker/kyt/update-alert-status
Request Example
POST /api/v5/tracker/kyt/update-alert-status
Body
{
"alertId": "50ac803210c842bcbbe2e9d5deaf1acc",
"alertStatus": "flagged",
"comment": "pdsd"
}
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| alertId | String | Yes | The alert ID generated by our KYT system |
| alertStatus | String | No | Filters alerts by alert status from the following: unreviewed, in_review, completed, flagged and dismissed. |
| comment | String | No | Include the comment (within 1,000 characters) you want to specify for the given alert |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"alertId": "50ac803210c842bcbbe2e9d5deaf1acc",
"alertStatus": "completed",
"comment": "this is bug",
"updateTime": "1678699149743"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| alertId | String | The alert ID generated by our KYT system |
| alertStatus | String | The alert status from the following: unreviewed, in_review, completed, flagged and dismissed. |
| comment | String | The comment (within 1,000 characters) you submitted in your request |
| updateTime | String | The Unix timestamp when the alert status was last updated |
Get alert statuses and comments
This endpoint retrieves the latest alert status and comments through API.
HTTP Request
GET /api/v5/tracker/kyt/alert-status
Request Example
GET /api/v5/tracker/kyt/alert-status?alertId=4cb7279357064143af29b26d0cf19bea
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| alertId | String | Yes | The alert ID generated by our KYT system |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"alertId": "50ac803210c842bcbbe2e9d5deaf1acc",
"alertStatus": "completed",
"comment": "this is bug",
"updateTime": "1678699149743"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| alertId | String | Alert ID generated by our KYT system |
| alertStatus | String | The alert status from the following: unreviewed, in_review, completed, flagged and dismissed. |
| comment | String | The comment (within 1,000 characters) you submitted in your request |
| updateTime | String | The Unix timestamp when the alert status was last updated |
Get all users' information and address risk screening reports
This endpoint retrieves all user details and address risk screening reports in the KYT system.
HTTP Request
GET /api/v5/tracker/kyt/users
Request Example
GET /api/v5/tracker/kyt/users
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| limit | String | No | Places a limit on the total number of returned alert results, default is 100, maximum is 100 |
| page | String | No | Returns all data on a specific page number |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"page": "1",
"limit": "1",
"totalPage": "19",
"userList": [
{
"userId": "98",
"updateTime": "1678697034939",
"riskLevel": "SEVERE"
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| page | String | The current page number |
| limit | String | The total number of user results returned |
| totalPage | String | The total number of pages |
| userList | Array | A list of users |
| > userId | String | User ID |
| > riskLevel | String | The user's risk severity from the following: SEVER HIGH MEDIUM LOW |
| > updateTime | String | The Unix timestamp when the alert status was last updated |
Get a specific user details by userId
This endpoint retrieves details from a single user in our KYT system.
HTTP Request
GET /api/v5/tracker/kyt/user
Request Example
GET /api/v5/tracker/kyt/user?userId=APTTest2
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| userId | String | Yes | Returns all alerts associated with a specific user ID |
| limit | String | No | Places a limit on the number of returned results |
| page | String | No | Returns all data on a specific page number |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"page": "1",
"limit": "100",
"totalPage": "1",
"userId": "APTTest2",
"updateTime": "1684327472684",
"riskLevel": "SEVERE",
"createTime": "1684210586588",
"sentUsdAmount": "0",
"receivedUsdAmount": "50.400687283012005",
"alertList": [
{
"alertId": "f72b2ff2706d4ab5945587c7fba36487",
"value": "",
"category": "Darknet"
},
{
"alertId": "e080161a2a5c4e08b978812f3177fb90",
"value": "",
"category": "Darknet"
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| page | String | The current page number |
| limit | String | The total number of objects returned |
| totalPage | String | The total number of pages |
| userId | String | The user ID you need the information from |
| updateTime | String | The Unix timestamp when the the user status was updated |
| riskLevel | String | The risk severity of the user from the following: SEVERE, HIGH, MEDIUM, LOW and NONE |
| createTime | String | The Unix timestamp when the the user status was created |
| sentUsdAmount | String | Total amount sent in USD |
| receivedUsdAmount | String | Total amount received in USD |
| alertList | Array | List of alerts created by the user |
| > alertId | String | The alert ID generated by our KYT system |
| > category | String | The address risk category |
| > value | String | The address risk category's specific tag name |
Know Your Address(KYA)
KYA API Quickstart
The Onchain AML KYA API (Know Your Address) is a risk assessment tool that allows law enforcement agencies to quickly assess the risks associated with on-chain wallet addresses.
To use KYA effectively, you need to customize and add risk rules that meet your compliance requirements. Specific risk screening configurations, thresholds, and risk control rules should be formulated and reviewed by your compliance team, and then integrated into your internal workflow process.
KYA API Supported Chains
| Chain Full Name | Chain Short Name | Chain ID |
|---|---|---|
| Bitcoin | BTC | 0 |
| Ethereum | ETH | 1 |
| BNB Chain | BSC | 56 |
| TRON | TRON | 195 |
| Arbitrum One | ARBITRUM | 42161 |
| Polygon | POLYGON | 137 |
| OP Mainnet | OP | 10 |
| Avalanche-C | AVAXC | 43114 |
| Fantom | FTM | 250 |
| DASH | DASH | 5 |
| Ethereum Classic | ETC | 61 |
| Litecoin | LTC | 2 |
| EthereumPoW | ETHW | 10001 |
| EthereumFair | ETHF | 513100 |
| KLAYTN | KLAYTN | 8217 |
| Dogecoin | DOGE | 3 |
| Bitcoin Cash | BCH | 145 |
| LINEA | LINEA | 59144 |
| zkSync Era | ZKSYNC | 324 |
| Gnosis | GNOSIS | 100 |
| Polygon zkEVM | POLYGON_ZKEVM | 1101 |
| Base | BASE | 8453 |
| Scroll | SCROLL | 534352 |
Custom Risk Configuration KYA
According to your compliance requirements, you can customize the risk configuration.
- Use the Address Risk Level API GET/api/v5/tracker/kya/address-risk-screening to obtain the address risk level.
- Conduct pre-screening for risks when your users interact with their own private wallet addresses in your application or engage in fund transactions.
- Use the Add Address Monitoring API POST/api/v5/tracker/kya/create-address-monitoring to add the addresses you are interested in to the monitoring system. You will be notified via SMS or email if there are any changes in the risk level.
OKLink Risk Detection Model KYA
OKLink utilizes machine learning and multi-model algorithms to accurately identify various address labels, enabling comprehensive scanning of on-chain EOA addresses in five dimensions: suspicious transactions, blocklist addresses, associated blocklist entities, high-risk identities, and entity risks.
- You can perform risk detection on any EOA address to further assess the risk.
- Use the Address Risk Scoring API GET/api/v5/tracker/kya/address-risk-level to screen EOA addresses.
- Take appropriate measures based on the risk score.
KYA API
Get supported crypto network
Retrieve the list of blockchains supported through this interface.
HTTP Request
GET /api/v5/tracker/kya/chain-list
Request Example
GET /api/v5/tracker/kya/chain-list
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"chainId": "1",
"chainFullName": "Ethereum",
"chainShortName": "ETH",
"network": "ETH"
},
{
"chainId": "195",
"chainFullName": "TRON",
"chainShortName": "TRON",
"network": "TRON"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| chainFullName | String | The full name of the blockchain network, e.g., Ethereum. |
| chainShortName | String | The abbreviated name of the blockchain network, e.g., ETH. |
| chainId | String | The ID of the blockchain network. |
| network | String | The blockchain network, e.g., ETH. |
Get address score
This endpoint retrieves address risk severity and detailed breakdown.
HTTP Request
GET /api/v5/tracker/kya/address-risk-level
Request Example
GET /api/v5/tracker/kya/address-risk-level?network=ETH&address=0xde3fa44e0f532fb1de4fbe157ff3b031b7df67e0
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network, e.g., ETH |
| address | String | Yes | The blockchain address for this call |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "0xde3fa44e0f532fb1de4fbe157ff3b031b7df67e0",
"level": "LOW",
"riskScore": "80",
"associatBlackAddresses": "1",
"interactionTime": "1",
"amount": "6.9883895758257",
"maliciousAddressrelatedpartiesList": [
{
"associatedWithDarknet": false,
"associatedWithFakeIco": false,
"associatedWithGambling": false,
"associatedWithHack": false,
"associatedWithLaundering": false,
"associatedWithPhishing": false,
"associatedWithPonzi": false,
"associatedWithScam": false,
"associatedWithThief": false,
"associatedWithRansomware": false,
"associatedWithSanction": false,
"associatedWithBlocked": true,
"associatedWithTerroristFinancing": false,
"associatedWithHighRiskJurisdiction": false
}
],
"suspiciousTransactionList": [
{
"newAddressNotEnabled": false,
"multipleTransaction": false,
"largeTransaction": false,
"frequentTransaction": false,
"ultraHighValueTransaction": false,
"frequentTransferIn": false,
"decentralizedTransferOut": false,
"privacyToken": false,
"frequentTransfers": false,
"highConcentration": false,
"transitAddress": false,
"excessiveTransactionTarget": false,
"frequentTransferOut": false,
"centralizedTransferOut": false,
"inactiveAddress": false
}
],
"maliciousAddressList": [
{
"darknet": false,
"fakeIco": false,
"gambling": false,
"hack": false,
"moneyLaundering": false,
"phishing": false,
"ponzi": false,
"scam": false,
"thief": false,
"ransomware": false,
"sanction": false,
"blocked": false,
"terroristFinancing": false,
"highRiskJurisdiction": false
}
],
"entityRiskList": [
{
"highRiskExchange": false,
"mediumRiskExchange": false,
"lowRiskExchange": false
}
],
"identityRisk": [
{
"sybil": false,
"mixerUser": false,
"flashLoanAttack": false
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | An echo back of the address parameter. |
| level | String | The risk severity of the address from the following: SEVERE, HIGH, MEDIUM, LOW and NONE. |
| riskScore | String | The risk score assigned to an address |
| maliciousAddressrelatedpartiesList | Array | List of malicious parties' related addresses |
| > associatedWithDarknet | Bol | Address associated with risky address category label - darknet |
| > associatedWithFakeIco | Bol | Address associated with risky address category label - fake ICO |
| > associatedWithGambling | Bol | Address associated with risky address category label - gambling |
| > associatedWithHack | Bol | Address associated with risky address category label - hack |
| > associatedWithLaundering | Bol | Address associated with risky address category label - money laundering |
| > associatedWithPhishing | Bol | Address associated with risky address category label - phishing |
| > associatedWithPonzi | Bol | Address associated with risky address category label - ponzi |
| > associatedWithScam | Bol | Address associated with risky address category label - scam |
| > associatedWithThief | Bol | Address associated with risky address category label - thief |
| > associatedWithRansomware | Bol | Address associated with risky address category label - ransomware |
| > associatedWithSanction | Bol | Address associated with risky address category label - sanctions |
| > associatedWithBlocked | Bol | Address associated with risky address category label - blocked |
| > associatedWithTerroristFinancing | Bol | Address associated with risky address category label - terrorist financing |
| > associatedWithHighRiskJurisdiction | Bol | Address associated with risky address category label - high-risk jurisdiction |
| associatBlackAddresses | String | Count illicit addresses that are associated with target address |
| interactionTime | String | Count the interactions between illicit addresses and target address |
| amount | String | Total transaction amount in USD. |
| suspiciousTransactionList | Array | List of suspicious transactions / activities for this address |
| > largeTransaction | Bol | Target address has a large portion of whale transactions |
| > ultraHighValueTransaction | Bol | Target address has ultra high transaction volume |
| > frequentTransferIn | Bol | Target address has frequent inflow volume |
| > frequentTransferOut | Bol | Target address has frequent outflow volume |
| > frequentTransaction | Bol | Target address has high transaction volume |
| > highConcentration | Bol | Target address has a high concentration of transactions |
| > centralizedTransferOut | Bol | Target address has many small amount inflow transactions and large concentrated outflow transactions |
| > decentralizedTransferOut | Bol | Target address has many small amount outflow transaction and large concentrated inflow transactions |
| > multipleTransaction | Bol | Target address has frequent transactions with a single counterparty |
| > transitAddress | Bol | Target address is a transit address |
| > inactiveAddress | Bol | Target address is an inactive address |
| > newAddressNotEnabled | Bol | Target address is not enabled |
| > frequentTransfers | Bol | Target address has many inflow transactions with infrequent outflow transactions |
| > excessiveTransactionTarget | Bol | Target address trades with a large selection of tokens |
| > privacyToken | Bol | Target address trades in privacy tokens |
| maliciousAddressList | Array | List of malicious labels for target address |
| > darknet | Bol | Target address risk category - darknet |
| > fakeIco | Bol | Target address risk category - fake ICO |
| > gambling | Bol | Target address risk category - gambling |
| > hack | Bol | Target address risk category - hack |
| > moneyLaundering | Bol | Target address risk category - money laundering |
| > phishing | Bol | Target address risk category - phishing |
| > ponzi | Bol | Target address risk category - ponzi |
| > scam | Bol | Target address risk category - scam |
| > thief | Bol | Target address risk category - thief |
| > ransomware | Bol | Target address risk category - ransomware |
| > sanction | Bol | Target address risk category - sanction |
| > blocked | Bol | Target address risk category - blocked |
| > terroristFinancing | Bol | Target address risk category - terrorist financing |
| > highRiskJurisdiction | Bol | Target address risk category - high-risk jurisdiction |
| entityRiskList | Array | Entity risk category labels for this address |
| > highRiskExchange | Bol | Target address risk category - medium-risk exchange |
| > mediumRiskExchange | Bol | This address labels as medium risk exchange. |
| > lowRiskExchange | Bol | This address labels as low risk exchange. |
| identityRiskList | Array | Identity label for this address. |
| > sybil | Bol | Target address risk category - sybil attacks |
| > mixerUser | Bol | Target address risk category - crypto mixer |
| > flashLoanAttack | Bol | Target address risk category - flash loan attacks |
Get address risk level
Generate address risk assessment results based on customized risk settings and address risk severities returned by API in real-time.
HTTP Request
GET /api/v5/tracker/kya/address-risk-screening
Request Example
GET /api/v5/tracker/kya/address-risk-screening?network=BSC&address=0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec'
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network, e.g., ETH |
| address | String | Yes | The blockchain address for this call |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "0x489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec",
"level": "HIGH",
"associateBlackAddresses": "0",
"interactionTime": "0",
"amount": "0",
"maliciousAddressList": [
{
"category": "Hack",
"value": "BNB Token Hub"
}
],
"maliciousAddressRelatedPartiesList": []
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | An echo back of the address parameter |
| level | String | The risk severity of the address from the following: SEVERE, HIGH, MEDIUM, LOW and NONE. |
| associateBlackAddresses | String | Total number of interactions with blocklist addresses |
| interactionTime | String | Count the interactions between illicit addresses and target address |
| amount | String | Total transaction amount in USD |
| maliciousAddressList | Array | List of malicious addresses |
| >category | String | Addresses with the following risk categories: darknet gambling hack phishing scam thief ransomware sanction blocked terrorist_financing high_risk_jurisdiction crypto_mixer_user child_exploitation blockchain_bridge exchange custodial_wallet atm dex mining_pool otc merchant_solutions |
| >value | String | Label name |
| maliciousAddressRelatedPartiesList | Array | List of malicious parties' related addresses |
| >category | String | Risk Label Category darknet gambling hack thief phishing scam ransomware blocked sanction terrorist_financing high_risk_jurisdiction child_exploitation crypto_mixer_user blockchain_bridge |
Create address monitoring
This interface adds real-time monitoring to the addresses you want to monitor.
HTTP Request
POST /api/v5/tracker/kya/create-address-monitoring
Request Example
POST /api/v5/tracker/kya/create-address-monitoring
{
"duration":"30D",
"trigger":"BLACK_TYPE",
"note":"binance",
"phone":"18888",
"network":"BSC",
"address":"0x8894E0a0c962CB723c1976a4421c95949bE2D4E3"
}
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network, e.g., ETH |
| address | String | Yes | The blockchain address for this call |
| note | String | No | Note |
| trigger | String | No | Monitoring conditions that trigger a change in risk severity: RISK_LEVEL BLACK_TYPE |
| duration | String | No | Set the duration of address monitoring from the following options: perpetual 90D 60D 30D |
| phone | String | Optional | Set the phone number to receive notifications and information about risk updates at this address |
| String | Optional | Set the email address to receive notifications and information about risk updates at this address |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "0x098b716b8aaf21512996dc57eb0615e2383e2f96",
"network": "BCH",
"monitorId": "2094b78d8391495fa3b65cfc4fb10f55"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | An echo back of the address parameter |
| network | String | The blockchain network, e.g., ETH. |
| monitorId | String | The Monitor id |
Cancel address monitoring
This interface allows you to cancel addresses that you are currently monitoring.
HTTP Request
POST /api/v5/tracker/kya/cancel-address-monitoring
Request Example
POST /api/v5/tracker/kya/cancel-address-monitoring
{
"monitorId":"2094b78d8391495fa3b65cfc4fb10f55"
}
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| monitorId | String | Yes | The Monitor id |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "",
"network": "",
"monitorId": "2094b78d8391495fa3b65cfc4fb10f55"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | An echo back of the address parameter |
| network | String | The blockchain network, e.g., ETH. |
| monitorId | String | The Monitor id |
Get address monitoring list
This interface allows you to view the list of addresses you have added to the watch list.
HTTP Request
GET /api/v5/tracker/kya/address-monitoring-list
Request Example
GET /api/v5/tracker/kya/address-monitoring-list
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| monitorId | String | No | The Monitor id |
| trigger | String | No | Monitoring conditions that trigger a change in risk severity:RISK_LEVEL BLACK_TYPE |
| limit | String | No | Places a limit on the number of returned alert objects, default is 100, maximum is 100 |
| page | String | No | Returns all data on a specific page number |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"page": "0",
"limit": "1",
"totalPage": "13",
"monitoringList": [
{
"network": "BCH",
"address": "0x098b716b8aaf21512996dc57eb0615e2383e2f96",
"trigger": "BLACK_TYPE",
"email": "",
"phone": "188889",
"createdTime": "1705566280254",
"updateTime": "0",
"note": "binance",
"monitorId": "c6bebf16ec824e6fa558ef64292f8925"
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| page | String | The current page number |
| limit | String | The total number of users objects returned |
| totalPage | String | The total number of pages |
| monitoringList | Array | Address monitoring list |
| > network | String | The blockchain network, e.g., ETH. |
| > address | String | An echo back of the address parameter |
| > trigger | String | Monitoring conditions that trigger a change in risk severity: RISK_LEVEL BLACK_TYPE |
| String | Set the email address to receive information about risk updates at this address | |
| > phone | String | Set the phone number to receive information about risk updates at this address |
| > createdTime | String | Address monitor creation time |
| > updateTime | String | Time of last risk update |
| > note | String | Note |
| > monitorId | String | The Monitor id |
Get address monitoring detail
This interface allows you to view the details of addresses you have added to the watch list.
HTTP Request
GET /api/v5/tracker/kya/address-monitoring-detail
Request Example
GET /api/v5/tracker/kya/address-monitoring-detail?monitorId=a66d0f48727149d6ba5873e5721b3330'
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| monitorId | String | Yes | The Monitor id |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"network": "ETH",
"address": "0x94f1b9b64e2932f6a2db338f616844400cd58e8a",
"level": "SEVERE",
"totalTransactionVolume": "9752202.670120968",
"createTime": "1694063288625",
"trigger": "RISK_LEVEL",
"email": "",
"phone": "133333",
"note": "",
"associateBlackAddresses": "2",
"duration": "perpetual",
"monitorId": "a66d0f48727149d6ba5873e5721b3330",
"records": [
{
"updateTime": "1705327841804",
"level": "HIGH",
"category": "hack",
"isRelated": true
},
{
"updateTime": "1705327711513",
"level": "NONE",
"category": "",
"isRelated": true
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | An echo back of the address parameter |
| network | String | The blockchain network, e.g., ETH. |
| level | String | Address risk level as SEVERE, HIGH, MEDIUM, LOW and NONE. |
| totalTransactionVolume | String | Total transaction volume |
| createTime | String | Address Monitor create Time |
| trigger | String | Monitoring conditions that trigger a change in risk severity: RISK_LEVEL BLACK_TYPE |
| String | Email address to receive information about risk changes at this address | |
| phone | String | Phone number to receive information about risk changes at this address |
| note | String | Note |
| associateBlackAddresses | String | Interactions with blocklist addresses |
| monitorId | String | Monitor Id |
| duration | String | Duration perpetual 90D 60D 30D |
| records | Array | Monitoring records |
| > level | String | Risk level of changeSEVEREHIGHMEDIUMLOWNONE |
| > updateTime | String | Risk update time for this address |
| > isRelated | Bol | Whether or not the black address is related to the party true flase |
| > category | String | Risk Label Category darknet fake_ico gambling hack money_laundering phishing ponzi scam thief ransomware sanction blocked terrorist_financing high_risk_jurisdiction crypto_mixer_user sybil_attacks flash_loan_attacks |
Get entity labels
Get the entity label of the address through this interface.
HTTP request
GET /api/v5/tracker/tag/entity-tag
Request Example
GET /api/v5/tracker/tag/entity-tag?network=eth&address=0xF977814e90dA44bFA03b6295A0616a897441aceC
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network, e.g., ETH. |
| address | String | Yes | Address |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "0xf977814e90da44bfa03b6295a0616a897441acec",
"entityTagList": [
{
"category": "Exchange",
"value": "Binance",
"attribute": "Cold Wallet"
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | The blockchain address for this call |
| entityTagList | Array | Entity labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
Get entity labels and black labels
Get the entity label and black label of the address through this interface.
HTTP request
GET /api/v5/tracker/tag/entity-black-tag
Request Example
GET /api/v5/tracker/tag/entity-black-tag?network=eth&address=0xcf5e4066bab04ac196816aa04ee94143b79e14d2
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network, e.g., ETH. |
| address | String | Yes | The blockchain address for this call |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "0xcf5e4066bab04ac196816aa04ee94143b79e14d2",
"entityTagList": [
{
"category": "Exchange",
"value": "Coinbase",
"attribute": "Exchange User"
}
],
"blackTagList": []
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | The blockchain address for this call |
| entityTagList | Array | Entity labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
| blackTagList | Array | Black labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
Get all labels
Get all labels' information on the address through this interface.
HTTP request
GET /api/v5/tracker/tag/tag-all
Request Example
GET /api/v5/tracker/tag/tag-all?network=eth&address=0xcf5e4066bab04ac196816aa04ee94143b79e14d2
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| network | String | Yes | The blockchain network, e.g., ETH. |
| address | String | Yes | The blockchain address for this call |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"address": "0xcf5e4066bab04ac196816aa04ee94143b79e14d2",
"entityTagList": [
{
"category": "Exchange",
"value": "Coinbase",
"attribute": "Exchange User"
}
],
"blackTagList": [],
"identityTagList": [],
"projectTagList": [],
"attributeTagList": [
{
"category": "",
"value": "",
"attribute": "Eth2-depositor,beacon-depositor"
}
]
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| address | String | The blockchain address for this call |
| entityTagList | Array | Entity labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
| blackTagList | Array | Black labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
| identityTagList | Array | Identity labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
| projectTagList | Array | Project labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
| transactionBehaviorTagList | Array | Transaction Behavior labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
| attributeTagList | Array | Attribute labels |
| > category | Bol | Category |
| > value | String | Label |
| > attribute | String | Attribute |
Webhook
The Webhook API is used to subscribe to KYT and KYA risk alert pushes. You can create a Webhook to receive real-time and continuous monitoring alert notifications from our Onchain AML service. When new alerts are generated, they are proactively pushed to your application in the fastest way possible, so that your compliance system can respond and take action on the alerts immediately.
Webhook Type
| Type | Description | Chain |
|---|---|---|
| kyt_alert | Push newly generated alert messages when a user performs the following behaviors transaction alert withdrawal attempts alerts Continuous alert monitoring |
All |
| kya_alert | Push newly generated alert messages when a user performs the following address behaviors.Continuous alert monitoring |
All |
How to add a Webhook URL
Set up a Webhook URL by using the API: POST /api/v5/tracker/webhook/create-webhook
Testing Webhooks with Ngrok
Test whether your Webhook monitoring task can receive push data from alerts according to this Ngrok flow:
- Sign-up for a free Ngrok account.
- Install Ngrok using the Ngrok guide (on macOS run 'brew install ngrok')
- Connect your Ngrok account (ngrok authtoken YOUR_AUTH_TOKEN)
- Start your local forwarding tunnel (get webhook url (Forwarding))
Python Code Demo
from flask import Flask, request
app = Flask(__name__)
@app.route('/webhook', methods=['POST'])
def webhook():
data = request.get_json()
print(data)
return 'suucess'
if __name__ == '__main__':
app.run(port=8001, debug=True)
Once you have a URL to test your webhook,follow the steps below:
- Create Webhook alert monitors (use the url from Ngrok)
- Create Webhook monitoring task
- Create Webhook alert monitors (use the url from Ngrok)
To create webhook listeners, use the starter code given
Webhook retry logic
The Webhook API has built-in retry logic. If the client's server cannot be reached, requests with non-200 response codes will be retried up to 3 times before failing. The following are the request retry intervals:
- 10 seconds
- 30 seconds
- 1 minute
Webhook Subscription Limits
A functional Onchain AML account is required for this feature. If an account expires, the callback URL task stops, removing the monitoring task. Note the following:
- Both KYT and KYA allows only one callback URL to be added each, adding more than one will overwrite the previous one
- Either KYT or KYA account permission is needed when adding a Webhook URL
Webhook API
Create Webhook
This interface allows you to add WebhookURLs for receiving push messages for KYT and KYA alerts.
HTTP Request
POST /api/v5/tracker/webhook/create-webhook
Request Example
POST https://www.oklink.com/api/v5/tracker/webhook/create-webhook
Body
{
"webhookUrl": "https://e211-222-249-184-61.ngrok-free.app/webhook",
"webhookType": "kyt_alert"
}
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| webhookUrl | String | Yes | Add a URL for callback data |
| webhookType | String | Yes | Alert alarm monitoring in the KYT system: kyt_alert Alert alarm monitoring in the KYA system: kya_alert |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"webhookId": "a47f4e48-3a27-4b4f-a6b2-058b61c48d02",
"createTime": "1703675552444",
"webhookUrl": "https://e211-222-249-184-61.ngrok-free.app/webhook",
"webhookType": "kyt_alert"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| webhookId | String | Webhook Subscription Type Unique ID |
| createTime | String | The Unix timestamp for when the Webhook was created, in milliseconds format e.g., 1597026383085. |
| webhookType | String | Alert alarm monitoring in the KYT system: kyt_alert Alert alarm monitoring in the KYA system: kya_alert |
| webhookUrl | String | Add a URL for callback data |
Remove Webhook
This interface allows you to remove Webhook URLs used to receive KYT and KYA alert push messages.
HTTP Request
POST /api/v5/tracker/webhook/delete-webhook
Request Example
POST https://www.oklink.com/api/v5/tracker/webhook/delete-webhook
Body
{
"webhookUrl": "https://e211-222-249-184-61.ngrok-free.app/webhook",
"webhookType": "kyt_alert"
}
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| webhookUrl | String | Yes | Add a URL for callback data |
| webhookType | String | Yes | Alert alarm monitoring in the KYT system: kyt_alert Alert alarm monitoring in the KYA system: kya_alert |
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"webhookId": "67563d0c-4a73-4e05-ba11-53c7a7c6c659",
"webhookUrl": "https://e211-222-249-184-61.ngrok-free.app/webhook"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| webhookId | String | Webhook Subscription Type Unique ID |
| webhookUrl | String | Add a URL for callback data |
Get all webhook
This interface allows you to query the Webhook URLs used to receive push messages for KYT and KYA alerts.
HTTP Request
GET /api/v5/tracker/webhook/get-webhooks
Request Example
GET https://www.oklink.com/api/v5/tracker/webhook/get-webhooks
Response Example
{
"code": "0",
"msg": "",
"data": [
{
"webhookId": "dcfe640e-9c14-4886-bce0-7e826458766a",
"createTime": "1703646841620",
"webhookUrl": "https://e211-222-249-184-61.ngrok-free.app/webhook",
"webhookType": "kya_alert"
},
{
"webhookId": "a47f4e48-3a27-4b4f-a6b2-058b61c48d02",
"createTime": "1703675552444",
"webhookUrl": "https://e211-222-249-184-61.ngrok-free.app/webhook",
"webhookType": "kyt_alert"
}
]
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| webhookId | String | Webhook Subscription Type Unique ID |
| createTime | String | The Unix timestamp for when the Webhook was created, in milliseconds format e.g., 1597026383085. |
| webhookType | String | Alert alarm monitoring in the KYT system: kyt_alert Alert alarm monitoring in the KYA system: kya_alert |
| webhookUrl | String | Add a URL for callback data |
KYA Webhook Response
Introduce
When you monitor KYA for continuous monitoring alerts, you will receive a response from OKLink Webhook.
Response Example
{
"eventId":"257ea99d-63b8-4284-a8ac-08ddcdc0dd90",
"webhookId":"dcfe640e-9c14-4886-bce0-7e826458766a",
"createTime":"1703732768125",
"event":[
{
"duration":"perpetual",
"note":"",
"monitorId":"d4a0fd55a20649f4801c7e0d6e17aa4e",
"address":"0x59abf3837fa962d6853b4cc0a19513aa031fd32b",
"level":"SEVERE",
"createTime":"1694154974699",
"records":[
{
"isRelated":false,
"level":"SEVERE",
"updateTime":"1703732767771",
"category":"exchange"
}
],
"trigger":"RISK_LEVEL",
"network":"BSC"
}
],
"webhookType":"kya_alert"
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| webhookId | String | Webhook Subscription Type Unique ID |
| eventId | String | Webhook Push Event Unique ID |
| createTime | String | The Unix timestamp for when the alert was pushed, in milliseconds format e.g., 1597026383085 |
| webhookType | String | Alert alarm monitoring in the KYA system: kya_alert |
| event | Array | Alert event |
| > monitorId | String | Monitor ID |
| > address | String | An echo back of the address parameter |
| > network | String | The blockchain network, e.g., ETH. |
| > level | String | Risk level of change;SEVEREHIGHMEDIUMLOWNONE |
| > createTime | String | The Unix timestamp for when the address monitor was created, in milliseconds format e.g., 1597026383085 |
| > trigger | String | Monitoring conditions that trigger a change in risk severity: RISK_LEVEL BLACK_TYPE |
| > note | String | Note |
| > duration | String | The duration of the continous monitoring alert perpetual 90D 60D 30D |
| > records | Array | Monitoring records |
| >> isRelated | Bol | Whether it is a blocklist address related party true flase |
| >> level | String | Risk level of change SEVEREHIGHMEDIUMLOWNONE |
| >> updateTime | String | Risk update time for this address |
| >> category | String | Address risk label category darknet gambling hack phishing scam thief ransomware sanction blocked terrorist_financing high_risk_jurisdiction child_exploitation crypto_mixer blockchain_bridge custodial_walletatm dex mining_pool otc merchant_solutions |
KYT Webhook Response
Introduce
When you monitor KYT for real-time alerts and continuous monitoring alerts, you will receive a response from OKLink Webhook.
- Real-time alerts: When you initiate a detection via RestAPI, if an alert is generated, Webhook immediately pushes the generated alert message to your application via the Webhook you added.
- Continuous monitoring of alerts: When a transaction that you have historically detected generates an alert again within 1 month, Webhook immediately pushes the generated alert message to your application via the Webhook you have added.
Response Example
{
"eventId":"7d6969ad-4045-45f0-8d77-a6350d02ba81",
"webhookId":"67563d0c-4a73-4e05-ba11-53c7a7c6c659",
"createTime":"1703650621242",
"event":[
{
"alertType":"withdrawal",
"address":"0xebfe7a29ea17acb5f6f437e659bd2d472deedc54",
"exposureType":"direct",
"alertLevel":"SEVERE",
"tag":"",
"alertId":"224edc7ec42943f19fbc8380c709218e",
"category":"terrorist financing",
"value":"MOHAMMED RAMADAN HASAN ABUKWAIK",
"alertAmount":"4437.64"
}
],
"webhookType":"kyt_alert"
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| webhookId | String | Webhook Subscription Type Unique ID |
| eventId | String | Webhook Push Event Unique ID |
| createTime | String | Alart Push Time |
| webhookType | String | Alert alarm monitoring in the KYT system: kyt_alert |
| event | Array | Alert event |
| > tag | Array | The reference for your organization that can be added to this call |
| > category | Array | The address category label |
| > value | Array | The detailed information of the label |
| > alertId | Array | The alert ID for this call |
| > alertAmount | Array | The USD amount threshold for alert triggers on this type of risk category |
| > alertLevel | Array | The risk severity of the alert from the following: SEVERE HIGH MEDIUM LOW NONE |
| > exposureType | Array | The exposure type of the transfer that triggered the alert as direct or indirect |
| > alertType | Array | The different types of alerts from the following deposit withdrawal behavioral |
| > address | Array | The blockchain address for this transaction |