Risk Assessment with Chainalysis Sanction API

Risk Assessment with Chainalysis Sanction API

POST http://<enclave-endpoint>/v1/risk-assessment/chainalysis-sanction

The Chainalysis Sanction API is used to evaluate the risk level associated with a virtual asset wallet address, based on underlying Chainalysis service.

It is necessary to complete user verification (POST /verifications) before calling Sanction API.

The Chainalysis Sanction API can be used in various scenarios. For instance, when a user requests to withdraw VA, the Originating VASP can use Chainalysis Sanction API to assess the risk level of the Beneficiary's wallet address after User Verification API (POST /verifications). This allows for a quick evaluation of any risk factors associated with the Beneficiary's wallet address.

Additionally, a Beneficiary VASP can use the Chainalysis Sanction API to screen the Originator's wallet address against sanctioned wallet addresses. This allows the VASP to detect or avoid transactions with sanctioned wallets.

Chainalysis Sanction API

Chainalysis Sanction API allows VASPs to validate wallet address by confirming whether an address is on a sanction list.

In order to use Chainalysis Sanction API, VASP needs to obtain an API key which is available free of charge. By following the link provided below, VASPs can register and generate an API Key. Once VASP’s API Key is generated, the VASP can integrate the Chainalysis sanction screening feature into VV’s service.

Please refer to the link below for information on how to use the API and related details.

Prerequisites

Following 2 items need to be prepared to use Chainalysis Sanction API :

  1. Setting up Enclave Environment Variable

  2. Creating Enclave Database Table

    • Chainalysis Sanction API call histories are stored in the Enclave database. Therefore, creating a separate database to store the API call histories is required.

    • Please refer to the Chainalysis Sanction Results Table for the table definition.

Request Body

Request Body Examples
{
  "verificationUuid": "d63398e3-c806-4300-bd99-170b54642080"
}
Field NameData TypeRequiredDescription

verificationUuid

string

true

Verification UUID for Travel Rule verification , which will be subject to risk assessment.

Response Body

Success Cases

Response Body Examples
  • 200 OK

{
  "chainalysisSanction": {
    "requestId": "398ace46-6baf-4488-a9f2-ee43680b413e",
    "counterpartyVaspId": "15952089931162059995",
    "direction": "OUTGOING",
    "address": "0xBb3fd383d1C5540E52EF0A7bcb9433375793aEAF",
    "status": "NOHIT",
    "createdAt": "2023-05-26T13:34:23.053Z"
  }
}
Field NameData TypeRequiredDescription

chainalysisSanction

object

true

-

chainalysisSanction.requestId

string

true

An identifier to distinguish risk assessment requests. It is different from the verificationUuid and is issued for each risk assessment.

chainalysisSanction.counterpartyVaspId

string

true

Counterparty VASP’s vaspId

chainalysisSanction.direction

string

true

‘OUTGOING’ for withdrawal, ‘INCOMING’ for deposit

chainalysisSanction.address

string

true

Counterparty’s wallet address subject to risk assessment

chainalysisSanction.status

string

true

Risk Assessment results

chainalysisSanction.ofacName

string

false

If If the status is 'SANCTION', the OFAC name associated with the sanctioned address is returned; in other cases, nothing returned.

chainalysisSanction.ofacDescription

string

false

If the status is 'SANCTION', the OFAC description for the sanctioned address is returned; in other cases, nothing returned.

chainalysisSanction.ofacUrl

string

false

If the status is 'SANCTION', the OFAC URL that contained information on the sanctioned address is returned; in other cases, nothing returned.

chainalysisSanction.createdAt

string

true

The time when the risk assessment was requested.

  • chainalysisSanction.status field can contain the following values :

    • "NOHIT" : for an address that is not sanctioned

    • "SANCTION" : for a sanctioned address

Failed Cases

Missing mandatory parameter case

Response Body Examples
  • 400 Bad Request

{
  "code": "MISSING-VERIFICATION-UUID",
  "message": "`verificationUuid` is required."
}

Incorrect API Key

Response Body Examples
  • 401 Unauthorized

{
  "code": "UNKNOWN-ERROR-CODE",
  "message": "Invalid API Key"
}

Invalid verificationUuid

Response Body Examples
  • 400 Bad Request

{
  "code": "NOT-FOUND-VERIFICATION",
  "message": "Verification(8d729bf4-38db-471d-b052-896f8660916a) is not found"
}

Incorrect requests

Response Body Examples
  • 400 Bad Request

{
  "code": "BAD-REQUEST",
  "message": "......"
}

Last updated