Risk Assessment with Chainalysis KYT API

Risk Assessment with Chainalysis KYT API

POST http://<enclave-endpoint>/v1/risk-assessment/chainalysis-kyt

Chainalysis KYT (Know Your Transaction) API is used to assess the risk level of virtual asset wallet address or transaction, based on underlying Chainalysis service. It is necessary to complete user verification (POST /verifications) before calling KYT API. The Chainalysis KYT API works differently depending on before or after Transaction Result(Txhash) Report

  1. Before Transaction Result(Txhash) Report:

    • Originating VASP : Assess the risk level of the Beneficiary’s wallet address.

    • Beneficiary VASP : Unable to call KYT API and returns UNSUPPORTED-RISK-ASSESSMENT error when KYT API is called. Therefore, the Beneficiary VASP cannot use this API before Transaction Result Report.

  2. After Transaction Result(Txhash) Report:

    • Originating VASP : Assess the risk level of withdrawal transaction.

    • Beneficiary VASP : Assess the risk level of deposit transaction.

Chainalysis KYT API

The Chainalysis KYT API is a paid API that provides 2 types of functionalities:

  1. Withdrawal Attempt Type: Allows VASPs to assess the risk level of the Beneficiary’s deposit address before initiating a withdrawal.

  2. Transfer Type: Allows VASPs to assess the risk level of actual transactions.

The Chainalysis KYT API provides more accurate risk assessment than the Chainalysis Sanction API.

In order to use Chainalysis KYT API, VASPs need to sign up on Chainalysis and purchase a license. Please refer to the following link to request KYT API subscription. Alternatively please approach your point of contact within VerifyVASP for an introduction with Chainalysis team.

After acquiring the Chainalysis KYT API license, VASP can access to KYT API key by signing in KYT Console. After signing in, click the ‘Help’ icon and refer to the ‘Developers’, ‘API Keys’ menu. (Please go to ‘Help’ > ‘Developers’ > ‘API Keys’ after signing in).

The Chainalysis KYT API operates asynchronously. VASP Registers the subject(withdrawal attempt or transfer) for risk assessment with Chainalysis and receives the results for the registered request via Inquiry API. Please refer to the following link for more information on Chainalysis KYT API.

Prerequisites

Following 2 items need to be prepared in advance to use KYT API:

  1. Setting up Enclave Environment Variable

  2. Creating Enclave Database Table

    • The history of Chainalysis KYT API calls and the resulting KYT alerts are stored in the enclave database. Therefore, it is necessary to create a separate database table.

    • For more information on the requirements of the database, please refer to the Chainalysis KYT Results Table and Chainalysis KYT Alerts Table.

Request Body

Request Body Examples
{
  "verificationUuid": "d63398e3-c806-4300-bd99-170b54642080",
  "network": "Ethereum"
}

  • Virtual assets like USDT can exist on several blockchain networks such as Ethereum, Tron, and EOS, making it difficult to proceed risk assessment without specifying which network the transfer was made.

  • Therefore, in cases where the network for virtual asset varies like USDT, the network property can be used to specify the exact network on which the transaction occurred.

  • For Network type, please refer to Supported networks and assets.

Response Body

Success Cases

Response Body Examples

  • 200 OK

{
  "requestId": "f7231c6f-f1e7-4ae7-b143-2c87cd38abe9"
}

The Chainalysis KYT operates asynchronously. Therefore, the results are not returned immediately upon calling the API. The results of the risk assessment using the Chainalysis KYT are delivered through the Callback VASP API. The risk assessment results delivered through Callback VASP API has the following format.

Request Body Example for CHAINALYSIS_KYT_RESULT callbackType
{
  "callbackType": "CHAINALYSIS_KYT_RESULT",
  "data": {
    "verificationUuid": "69a310e6-810f-4a31-83d1-bcdafccf5304",
    "riskAssessment": {
      "chainalysisKYT": {
        "requestId": "f7231c6f-f1e7-4ae7-b143-2c87cd38abe9",
        "counterpartyVaspId": "15952089931162059995",
        "apiType": "ATTEMPT",
        "userId": "15952089931162059995",
        "direction": "OUTGOING",
        "network": "ETHEREUM",
        "asset": "ETH",
        "amount": "1",
        "usdPrice": "1820.17",
        "outputAddress": "bb3fd383d1c5540e52ef0a7bcb9433375793aeaf",
        "timestamp": "2023-05-18T12:39:44.000Z",
        "externalId": "79382ac9-c7be-3fab-ad56-8c61c654e2fc",
        "status": "PROCESSED",
        "alertCount": 1,
        "createdAt": "2023-05-18T12:39:46.000Z",
        "assessedAt": "2023-05-18T12:39:45.263Z"
      },
      "chainalysisKYTAlerts": [
        {
          "counterpartyVaspId": "15952089931162059995",
          "externalId": "79382ac9-c7be-3fab-ad56-8c61c654e2fc",
          "direction": "OUTGOING",
          "alertId": "118b8cc8-f579-11ed-b86d-a3210c6ca9b8",
          "alertLevel": "MEDIUM",
          "entityCategory": "high risk exchange",
          "serviceName": "HIGH RISK EXCHANGE: SimpleSwap.io bb3fd383d1c5540e52ef0a7bcb9433375793aeaf",
          "exposureType": "DIRECT",
          "alertAmount": "1820.17",
          "createdAt": "2023-05-18T12:39:52.461Z"
        }
      ]
    }
  }
}

When the risk assessment result is delivered, the riskAssessment property is provided, and among them, the risk assessment result using the KYT API is conveyed through the chainalysisKYT property under riskAssessment.

chainalysisKYT structure has the following attributes.

If the risk assessment result using the Chainalysis KYT yields an alertCount of one or more, the KYT alerts are delivered through the chainalysisKYTAlerts property under riskAssessment as mentioned above.

The chainalysisKYTAlerts property is an array and contains elements equal to the number of alertCount. Each element has the following attributes.

entityCategory is a category defined by Chainalysis. List of Category can be found on following URL. Logging in to Chainalysis KYT dashboard is required.

List of Entity Category

Failed Cases

Missing mandatory parameter case

Response Body Examples

  • 400 Bad Request

{
  "code": "MISSING-VERIFICATION-UUID",
  "message": "`verificationUuid` is required."
}

Incorrect API Key

Response Body Examples

  • 403 Forbidden

{
  "code": "UNKNOWN-ERROR-CODE",
  "message": "AccessDenied"
}

Invalid verificationUuid

Response Body Examples

  • 400 Bad Request

{
  "code": "NOT-FOUND-VERIFICATION",
  "message": "Verification(8d729bf4-38db-471d-b052-896f8660916a) is not found"
}

API called before Transaction Result Report arrived to the Beneficiary VASP

Response Body Examples

  • 400 Bad Request

{
  "code": "UNSUPPORTED-RISK-ASSESSMENT",
  "message": "Chainalysis KYT API for received transfer should be called after txHash is reported"
}

Incorrect requests

Response Body Examples

  • 400 Bad Request

{
  "code": "BAD-REQUEST",
  "message": "......"
}
PreviousRisk Assessment with Chainalysis Sanction APINextRisk Assessment with Refinitiv WCO API

Last updated