How transaction screening differs from address screening
Address screening evaluates everything behind an address: which sources its funds came from. Transaction screening is tied to one transfer — it takes the transaction hash and the recipient address.
The cost is the same: an address and a transaction each debit one check from your balance.
How to read the score
The number alone means little without the breakdown. The response contains the signals field — the shares of funds by source — and that is what explains the score: for example, 0.6 from a mixer and 0.3 from a darknet market produce a high score.
The check status comes in the status field: ok — risk below the blocking threshold, dirty — risk in the blocking zone (50% and above), pending — still running, error — a provider error with the check automatically refunded.
How to get the score via the API
Create a check with POST /v1/checks using the tx kind, the network code, the transaction hash and the recipient address. You get back 202 Accepted with an id.
From there you have two options: poll GET /v1/checks/{id} until a final status, or pass webhookUrl and receive the result as a push notification signed with HMAC-SHA256.
FAQ
Which value counts as blocking?
The risk zone starts at 0.5: such a check is marked dirty. The actual decision is up to your risk policy.
What if a check returns an error?
The debited check is automatically refunded. Provider errors are not billed.