Introduction
AnChain.AI’s BEI API is an AI-powered, behavior-based intelligence that connects cryptocurrency wallet addresses and transactions to real-world entities, enabling your business to secure crypto assets, quantify risk, and remain KYC/AML compliant. Currently, our BEI API supports Bitcoin and Ethereum.
Below is the summary of BEI API Endpoints:
| API Endpoint | Description |
|---|---|
| Address Label | Address category + Address entity |
| Address Risk Score | Address category + Address entity + Risk score + Risk level |
| Address Risk Activity | Address category + Address entity + Risk score Risk level + Suspicious activity |
| Transaction Risk Score | Transaction Risk score + Risk level |
Below is the explanation of the keys in BEI API response body:
| Section | Key | Description | Example |
|---|---|---|---|
| data | is_address_valid | Address verification result | True |
| self | Address attribute, including the labels | ||
| risk | Address risk assessment | ||
| activity | Address transaction activity summary | ||
| data.self | category | Address category label | ransomware |
| detail | Address category and entity label combination | ransomware:WannaCry | |
| data.risk | score | Address risk score | 100 |
| level | Address risk level | 4 | |
| data.activity | suspicious_activity | Summary of address suspicious transactions | Sent money to exchange 1 time “ txn_hashes”: [“498719f8…”] |
Authorization
To get the API key, please contact us at info@anchain.ai
Each API request should contain a valid API Key in the request query parameter in the form of
apikey=YOURAPIKEY
Rate Limiting
API rate limiting is dependent on our security configuration and your plan limit.
API Endpoints
Address Label
var request = require('request')
request('https://bei.anchainai.com/api/address_label?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>', function (error, response, body) {
})
import requests
url = 'https://bei.anchainai.com/api/address_label'
payload = {
'proto': '<PROTO>',
'address': '<ADDR>',
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
curl -XGET 'https://bei.anchainai.com/api/address_label?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>'
The above command returns JSON structured like this:
{
"data": {
"12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw": {
"is_address_valid": true,
"self": {
"category": [
"ransomware",
"abuse"
],
"detail": [
"ransomware:WannaCry"
]
}
}
},
"err_msg": "",
"status": 200
}
Returns the address category and entity name. Address categories are listed below:
| ● hacker | ● sanction | ● ransomware |
| ● scam | ● blackmail | ● darknet market |
| ● malware | ● bot | ● abuse |
| ● exchange | ● mixer | ● app wallet |
| ● dapp | ● wallet | ● miner |
| ● defi | ● contract | ● token |
| ● forwarding agent | ● pass-through | ● whale |
| ● unaffiliated |
HTTP RequestGET /api/address_label
URL Parameters
| Parameter | Type | Description |
|---|---|---|
| proto | string | blockchain protocol, current available options: btc, eth, xrp, egld, algo, sol, trx, flow, one, ltc, bch, zec, dash, bsv, bsc, tron, xvg, btg |
| address | string | blockchain address |
| apikey | string | your BEI API key |
Address Risk Score
var request = require('request')
request('https://bei.anchainai.com/api/address_risk_score?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>', function (error, response, body) {
})
import requests
url = 'https://bei.anchainai.com/api/address_risk_score'
payload = {
'proto': '<PROTO>',
'address': '<ADDR>',
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
curl -XGET 'https://bei.anchainai.com/api/address_risk_score?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>'
The above command returns JSON structured like this:
{
"data": {
"12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw": {
"is_address_valid": true,
"risk": {
"level": 4,
"score": 100,
"verdict_time": 1605920588
},
"self": {
"category": [
"abuse",
"ransomware"
],
"detail": [
"ransomware:WannaCry"
]
}
}
},
"err_msg": "",
"status": 200
}
AnChain.Ai risk scores are calculated by our patented machine learning model that comprehensively evaluates the risks associated with any addresses using our AI powered risk engine and proprietary user behavior analytics. Our engine is powered by data from public sanction database lists, as well as the work of threat intelligence teams to identify scams and hacks. Other data sources include, but are not limited to data partners, internal research, and open source intel (OSINT). Our data goes through a rigorous vetting process before being implemented into our systems. Once updated, our machine learning engine continuously improves to provide scoring based on real time transaction behavior.
| Risk score | Risk level | Description |
|---|---|---|
| 0-29 | 1 | Indicates a low risk. No unusual activity exists beyond the normal concern for known hacking activities, known viruses, or other malicious activity. |
| 30-50 | 2 | Indicates a general risk of illicit activity. The potential exists for malicious cyber activities, but no such activities or known exploits have been identified and no significant impact has occurred. |
| 51-79 | 3 | Indicates an elevated risk due to increased hacking, criminal, or other malicious cyber activity. At this level, the potential for exposure to illicit activity is elevated, but no direct exploitation has been observed. |
| 80-100 | 4 | Indicates an established history of past illicit activity and cybercrime engagement. At this level, addresses have been actively involved in illegal action, and are highly likely to see future involvement. |
HTTP RequestGET /api/address_risk_score
URL Parameters
| Parameter | Type | Description |
|---|---|---|
| proto | string | blockchain protocol, current available options: btc, eth, xrp, egld, algo, sol, trx, flow, one, ltc, bch, zec, dash, bsv, bsc, tron, xvg, btg |
| address | string | blockchain address |
| apikey | string | your BEI API key |
Address Risk Activity
var request = require('request')
request('https://bei.anchainai.com/api/address_risk_activity?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>', function (error, response, body) {
})
url = 'https://bei.anchainai.com/api/address_risk_activity'
payload = {
'proto': '<PROTO>',
'address': '<ADDR>',
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
curl -XGET 'https://bei.anchainai.com/api/address_risk_activity?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>'
The above command returns JSON structured like this:
{
"data": {
"12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw": {
"activity": {
"suspicious_activity": [
{
"aggr_type": "entity",
"category": "exchange",
"description": "Received money from exchange:Zaif wallet(s) 1 time",
"entity": "Zaif",
"txn_cnt": 1,
"txn_direct": 1,
"txn_hashes": [
"a3b15590878dc216c7c5b9b5bc109a1e07caab93928920b4bb5b82a7e98266f0"
],
"txn_hashes_detail": [
{
"suspicious_address": "1CZV316KMt9DR9kWFNjed8s5AB6RGUPmAr",
"txn_hash": "a3b15590878dc216c7c5b9b5bc109a1e07caab93928920b4bb5b82a7e98266f0",
"txn_timestamp": 1494864282,
"value": 0.01290216
}
],
"txn_vol": 0.01290216
},
{
"aggr_type": "entity",
"category": "unaffiliated",
"description": "Sent money to unaffiliated:unaffiliated wallet(s) 2 times",
"entity": "unaffiliated",
"txn_cnt": 2,
"txn_direct": 0,
"txn_hashes": [
"409803bb5e124fd028c0482027c7722e84ce55b78204b279d3a44aba5e7c1698",
"35e5d5fe8c8128cfa6884f56be5817e4138c58c91b79d78d3e78a8d365b9d8a7"
],
"txn_hashes_detail": [
{
"suspicious_address": "16dfTuSx4f78eQ81PzTgBtBDyZ7QhNZ8Vy",
"txn_hash": "35e5d5fe8c8128cfa6884f56be5817e4138c58c91b79d78d3e78a8d365b9d8a7",
"txn_timestamp": 1501735294,
"value": 9.02796322
},
{
"suspicious_address": "1JC41YHmjKEcW1rLH6pmMWEFHkoNwSmhnC",
"txn_hash": "409803bb5e124fd028c0482027c7722e84ce55b78204b279d3a44aba5e7c1698",
"txn_timestamp": 1501734500,
"value": 0.01227173
},
{
"suspicious_address": "1FQQ86tMuvhQ4Ruyggbb8j7iaNfUZ69gpY",
"txn_hash": "409803bb5e124fd028c0482027c7722e84ce55b78204b279d3a44aba5e7c1698",
"txn_timestamp": 1501734500,
"value": 8.71529348
}
],
"txn_vol": 9.02796322
}
],
"suspicious_activity_declare": "Suspicious Activity is summarized based on most recent 2000 suspicious transactions",
"verdict_time": 1509494400
},
"is_address_valid": true,
"risk": {
"level": 4,
"score": 100,
"verdict_time": 1509494400
},
"self": {
"category": [
"abuse",
"ransomware"
],
"detail": [
"ransomware:WannaCry"
]
}
}
},
"err_msg": "",
"status": 200
}
Returns address risk score and risk level with suspicious activity history. The suspicious activity consists of two parts, a plain and simple explanation to summarize the number of suspicious transactions the address had with a specific entity and the related evidence by transaction hash.
HTTP RequestGET /api/address_risk_activity
URL Parameters
| Parameter | Type | Description |
|---|---|---|
| proto | string | blockchain protocol, current available options: btc, eth, xrp, egld, algo, sol, trx, flow, one, ltc, bch, zec, dash, bsv, bsc, tron, xvg, btg |
| address | string | blockchain address |
| apikey | string | your BEI API key |
Transaction Risk Score
var request = require('request')
request('https://bei.anchainai.com/api/kyt/<proto>/<hash>/risk_score?apikey=<APIKEY>', function (error, response, body) {
})
curl -XGET 'https://bei.anchainai.com/api/kyt/<proto>/<hash>/risk_score?apikey=<apikey>'
url = 'https://bei.anchainai.com/api/kyt/<proto>/<hash>/risk_score'
payload = {
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
The above command returns JSON structured like this:
{
"status": 200,
"err_msg": "",
"data": {
"overview": {
"blockno": 7146988,
"timestamp": "2019-01-30 03:29:31 UTC",
"fee": 0.0004
},
"risk": {
"score": 100,
"level": "Severe",
"direction": "outputs",
"breakdown": {
"inputs": 50,
"outputs": 100,
"internals": 50
}
},
"labels": {
"inputs": {
"0xc67813f468975099b09dd76b55ae6011a9f359ca": {
"category": [
"unaffiliated"
],
"detail": [
]
}
},
"outputs": {
"0x4ac6307a85d83962503f86457de9c331a6926f48": {
"category": [
"hacker"
],
"detail": [
"hacker:fake_phishing"
]
}
},
"internals": {
"0x7297862b9670ff015192799cc849726c88bf1d77": {
"category": [
"unaffiliated"
],
"detail": [
]
}
}
},
"transfers": {
"ERC-20": 1
}
}
}
Returns the risk score of the Transaction, and the label information of the associated addresses in the Transaction.
Using our AI-powered risk engine and proprietary user entity behavior analytics, our machine learning model comprehensively evaluates the risks associated with any Transaction.
HTTP RequestGET /api/kyt/<proto>/<hash>/risk_score
URL Parameters
| Parameter | Type | Description |
|---|---|---|
| proto | string | blockchain protocol, current available options: eth |
| hash | string | transaction hash |
| apikey | string | your BEI API key |
Response Fields
| Fields | Description |
|---|---|
| overview | Overview of this transaction, including block number, timestamp, fee, etc. |
| risk |
|
| labels |
|
| transfers | For number of all Transfers in the Transaction, the value scope varies per the protocols:
|
Dark Web Wallet
var request = require('request')
request('https://bei.anchainai.com/api/cdi/indicator?apikey=<CDI-APIKEY>&address=<ADDR>&proto=<PROTO>&type=<TYPE>', function (error, response, body) {
})
curl -XGET 'https://bei.anchainai.com/api/cdi/indicator?apikey=<CDI-APIKEY>&address=<ADDR>&proto=<PROTO>&type=<TYPE>'
url = 'https://bei.anchainai.com/api/cdi/indicator'
payload = {
'apikey': '<CDI-APIKEY>',
'address': '<ADDR>',
'proto': '<PROTO>',
'type': '<TYPE>',
}
res = requests.get(url=url, params=payload)
The above command returns JSON structured like this:
{
"status": 200,
"err_msg": "",
"data": [
{
"btc": [
{
"indicator": "3QmaJdWqQKZszSbriB3LVwLcQHF59tMbGh",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"doge": [
{
"indicator": "DAyLTAuMTQzLTAuMDA5LTAuMjE5LTAuMDQ",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"email": [
{
"indicator": "cheena@cheena.net",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"javascript": [
{
"indicator": "http://cheenazap345z6a7.onion/app.js?b95fafe537c8474d9172",
"reference": [
"cheenazap345z6a7.onion"
]
}
],
"links": [
{
"indicator": "cheenazap345z6a7.onion",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"onion": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
],
"xmr": [
{
"indicator": "44C9RkTNeaFe2nJa8jnw22iQfYsKqgXuWigip4X2w3eFJEigZXNR61pi5kj2JKt7mJBu5qsvED7NGaFG8UnQPQkUDUoW9Yx",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
]
}
]
}
With Dark Web API functionality, users will be allowed to query wallet addresses and identify the sites these addresses have been found on and other addresses and relevant indicators (such as email addresses or IP addresses) also found on those sites. Users can also query onion site URLs and identify wallet addresses found on the site.
HTTP RequestGET /api/cdi/indicator
URL Parameters
| Parameter | Type | Valid Fields | Description |
|---|---|---|---|
| apikey | string | N/A | Your CDI API Key |
| address | string | N/A | The wallet address you are querying |
| proto | string |
|
The blockchain of the wallet address you are querying Supported blockchains are: Bitcoin (btc), Ethereum (eth), Monero (xmr), and Dogecoin (doge) |
| type | string |
|
The type of data you are requesting Defaults to all |
Dark Web Onion Site
var request = require('request')
request('https://bei.anchainai.com/api/cdi/oniondetails?apikey=<CDI-APIKEY>&onion=<ONION-SITE-URL>&type=<TYPE>', function (error, response, body) {
})
curl -XGET 'https://bei.anchainai.com/api/cdi/oniondetails?apikey=<CDI-APIKEY>&onion=<ONION-SITE-URL>&type=<TYPE>'
url = 'https://bei.anchainai.com/api/cdi/oniondetails'
payload = {
'apikey': '<CDI-APIKEY>',
'onion': '<ONION-SITE-URL>',
'type': '<TYPE>',
}
res = requests.get(url=url, params=payload)
The above command returns JSON structured like this:
{
"status": 200,
"err_msg": "",
"data": [
{
"btc": [
"18hBL7uiunfZmSYAgKg4zeo8nhBnBSzqAC",
"3QmaJdWqQKZszSbriB3LVwLcQHF59tMbGh"
],
"doge": [
"DAyLTAuMTQzLTAuMDA5LTAuMjE5LTAuMDQ",
"DAgMi45MjQtMS4zNzcgMi45MjQtMy4xMjN",
"DAtMi4zNzUgMC4xMjgtNC43MjkgMC4zNzE",
"DAuMTE1LTAuMzQ4LDAuMTJjLTAuMDY5LDA",
"DUgMTAuMTgzLTE4LjkwNWgxMy44MzJ2Mjk",
"DQuNywxMC41LDEwLjUsMTAuNWgxNTcuN2M"
],
"email": [
"cheena@cheena.net",
"cheena@xmpp.is"
],
"javascript": [
"http://cheenazap345z6a7.onion/app.js?b95fafe537c8474d9172"
],
"links": [
"cheenazap345z6a7.onion"
],
"onion": "cheenazap345z6a7.onion",
"xmr": [
"44C9RkTNeaFe2nJa8jnw22iQfYsKqgXuWigip4X2w3eFJEigZXNR61pi5kj2JKt7mJBu5qsvED7NGaFG8UnQPQkUDUoW9Yx",
"40MjYsMy4zNzRjMCwwLTAuMTQ5LDAuMTE1LTAuMzQ4LDAuMTJjLTAuMDY5LDAuMDAyLTAuMTQzLTAuMDA5LTAuMjE5LTAuM"
]
}
]
}
HTTP RequestGET /api/cdi/oniondetails
URL Parameters
| Parameter | Type | Valid Fields | Description |
|---|---|---|---|
| apikey | string | N/A | Your CDI API Key |
| onion | string | N/A | Onion site URL |
| type | string |
|
The type of data you are requesting Defaults to all |
Errors
We use the following status codes for errors:
| Code | Meaning |
|---|---|
| 200 | Information is found and returned properly |
| 400 | Invalid API key or missing parameters or rate-limited |
| 403 | Too many addresses in bulk input |
| 404 | Label not found |
| 500 | Internal server error |