Skip to main content
GET
/
screen
/
{chain}
/
{address}
$0.10 — per-source labels + Aegis consensus risk score
curl --request GET \
  --url https://x402.aegis-kyt.com/screen/{chain}/{address}
{
  "schema_version": 2,
  "address": "0x21a31ee1afc51d94c2efccaa2092ad1028285549",
  "chain": "ETH",
  "labels": [
    {
      "source": "graphsense-tagpacks",
      "source_name": "GraphSense TagPacks",
      "label": "Binance.com",
      "category": "exchange",
      "confidence": 92,
      "first_seen_at": "2025-08-12T00:00:00+00:00",
      "last_seen_at": "2026-04-29T00:00:00+00:00"
    }
  ],
  "risk": {
    "risk_level": "low",
    "risk_score": 12,
    "risk_categories": [
      "exchange"
    ],
    "source_count": 2,
    "confidence": 0.74
  },
  "smart_contract": null,
  "sdn_match": null
}
Tier: $0.10 · Asset: USDC · Network: Base
Tier 0+1+2 in one call:
  • sdn_match — direct lookup against OFAC SDN, UK OFSI, and EU sanctions lists. If the address is sanctioned, this is populated and risk.risk_level is forced to "sanctioned".
  • labels[] — every per-source claim we have for the address across all 44 ingest sources (Tether blacklist, GraphSense tagpacks, exchange Proof-of-Reserves, etc.).
  • risk — the Aegis consensus row (Tier 1+2, no graph traversal, no external providers). Aggregated risk level, score, categories, and source count.
Designed for “what is this address, and is it dangerous?” — sanctions screen + AML labels + risk score in a single $0.10 settlement.
2026-05-05. This endpoint replaces the old $0.10 /label and $0.20 /screen/light paths. Both are removed — same data is now returned here for $0.10. If your client still hits the old paths, it will get HTTP 404; update to /screen/{chain}/{address}.

Path parameters

NameTypeDescription
chainstringNetwork slug — see networks. e.g. eth, tron, bsc, polygon, base
addressstringAddress. EVM addresses are lowercased server-side; TRON / BTC / SOL kept as-is (case-sensitive)

Request

# Probe — no payment, returns 402 with quote
curl https://x402.aegis-kyt.com/screen/eth/0x6b175474e89094c44da98b954eedeac495271d0f

# With X-PAYMENT (signed via the Coinbase x402 SDK)
curl -H "X-PAYMENT: <base64-proof>" \
     https://x402.aegis-kyt.com/screen/eth/0x6b175474e89094c44da98b954eedeac495271d0f

Response — 200

{
  "schema_version": 1,
  "address": "0x6b175474e89094c44da98b954eedeac495271d0f",
  "chain": "ETH",
  "labels": [
    {
      "source":        "provider_a-verdicts",
      "source_name":   "provider_a",
      "label":         "Binance.com",
      "category":      "exchange",
      "confidence":    92,
      "source_url":    "https://…",
      "first_seen_at": "2025-08-12T00:00:00Z",
      "last_seen_at":  "2026-04-29T00:00:00Z"
    }
  ],
  "risk": {
    "risk_level":          "none",
    "risk_score":          0,
    "is_risky":            false,
    "risk_categories":     [],
    "source_count":        9,
    "confidence":          94,
    "primary_source_slug": "provider_a-verdicts",
    "label":               "DAI Stablecoin",
    "consensus_found":     true
  },
  "sdn_match": null
}
SDN hit example (sdn_match populated; risk.risk_level is always "sanctioned" when this is non-null): 
{
  "schema_version": 1,
  "address": "0xa7efae728d2936e78bda97dc267687568dd593f4",
  "chain": "ETH",
  "labels": [],
  "risk": {
    "risk_level":      "sanctioned",
    "risk_score":      100,
    "is_risky":        true,
    "risk_categories": ["ofac-sdn"],
    "source_count":    0,
    "confidence":      null,
    "primary_source_slug": null,
    "label":           null,
    "consensus_found": true
  },
  "sdn_match": {
    "id":             "a1b2c3d4-…",
    "address":        "0xa7efae728d2936e78bda97dc267687568dd593f4",
    "asset_type":     "Digital Currency Address",
    "entity_name":    "TORNADO CASH",
    "programs":       ["CYBER2"],
    "sanctions_types": ["Block"],
    "listing_date":   "2022-08-08"
  }
}

Top level

FieldTypeNotes
schema_versionintCurrently 1
addressstringThe address as you sent it (modulo case-normalisation per chain)
chainstringEcho of the path param (uppercased — ETH, TRON, …)
labels[]arrayPer-source label rows. [] if no source has labelled the address
riskobjectAegis consensus verdict. See below
sdn_matchobject | nullOFAC / OFSI / EU sanctions hit. null when the address is not sanctioned. When non-null, risk.risk_level is always "sanctioned"

sdn_match object (when non-null)

FieldTypeNotes
idstringInternal SDN address row ID
addressstringCanonical address as stored in the sanctions list
asset_typestring | nullE.g. "Digital Currency Address"
entity_namestring | nullSanctioned entity name ("TORNADO CASH", "GARANTEX", …)
programsstring[]Sanctions programs, e.g. ["CYBER2"]
sanctions_typesstring[]E.g. ["Block"]
listing_datestring | nullISO 8601 date when added to the list

labels[] rows

FieldTypeNotes
sourcestringSlug — stable identifier of the ingest source (e.g. provider_a-verdicts, ofac-sdn, tether-blacklist)
source_namestringHuman-readable source name
labelstring | nullThe text label this source attached ("Binance.com", "Suspected mixer counterparty", …)
categorystring | nullSource-specific category slug
confidenceint 0..100 | nullPer-source confidence in this claim
source_urlstring | nullURL where this claim originated, if available
first_seen_atISO 8601 | nullWhen the source first observed this label
last_seen_atISO 8601 | nullWhen the source last confirmed this label
Stale claims are filtered out — you only see currently-believed labels. Sorted newest-last_seen_at first.

risk object

FieldTypeNotes
risk_levelenum | nullnone / low / medium / high / critical / sanctioned
risk_scoreint 0..100 | nullConsensus risk score
is_riskyboolTrue for medium and above
risk_categoriesstring[]Slugs only — see risk categories
source_countintHow many sources contributed to the consensus
confidenceint 0..100 | nullConfidence-weighted across sources
primary_source_slugstring | nullHighest-trust source contributing to the verdict
labelstring | nullBest human-readable label across sources
consensus_foundboolfalse → no consensus row exists; all other risk fields are null/0/[]
If we have no signal at all (no claims AND no consensus row), the endpoint still returns 200 with labels: [] and risk.consensus_found: false. Same paid-for-lookup contract: you paid for the lookup, not for a guarantee of a hit.

Response — 402

See Authentication for the quote schema.

When to use this vs other tiers

  • Use Check Address ($1.00) when you need 1-hop counterparty inheritance or BFS multi-hop exposure. This tier reads the consensus row only — it doesn’t traverse the transaction graph.
  • Use Check Transfer ($0.50) to screen an inbound transaction rather than a single address.

High-volume B2B integrations

If you’re a wallet or exchange running a pre-send screen on every user-typed address, paying $0.10 per click adds up fast. Use the V2 API’s POST /v2/screen instead — same data, same SQL, billed via subscription quota with no on-chain settlement floor.

Path Parameters

chain
string
required
address
string
required

Response

Successful Response

The response is of type Response Tier Screen Screen Chain Address Get · object.