> ## Documentation Index
> Fetch the complete documentation index at: https://docs.range.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Fetch Assessment Evidence

> Fetch full evidence for a previous risk assessment using its screen ID.



## OpenAPI

````yaml get /v2/risk/evidence/{screenId}
openapi: 3.0.0
info:
  title: Range Risk API
  description: The Range Risk API for risk assessment of crypto addresses.
  version: 1.7.8
  contact: {}
servers:
  - url: https://api.range.org
    description: Range API Server
security:
  - Authorization: []
tags:
  - name: Risk
    description: Get risk information about a crypto address.
  - name: Risk v2
    description: >-
      Address risk assessment, workspace configuration, and signals catalogue
      (API v2).
  - name: Simulator
    description: Simulate a transaction on a network.
  - name: Alert Templates
    description: Browse alert rule templates available to the workspace.
  - name: Alert Rules
    description: Create and manage workspace alert rules.
  - name: Alert Events
    description: List and retrieve fired alert events.
  - name: Channels
    description: Configure alert delivery channels.
paths:
  /v2/risk/evidence/{screenId}:
    get:
      tags:
        - Risk v2
      summary: Get Evidence by screen_id
      description: >-
        Returns the full evidence breakdown for a previously issued screen_id,
        grouped by pillar (attribution, exposure, behaviour) and signal,
        alongside the original risk assessment. Scoped to the calling workspace.
      operationId: getEvidence
      parameters:
        - name: screenId
          required: true
          in: path
          schema:
            type: string
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EvidenceResponseDto'
components:
  schemas:
    EvidenceResponseDto:
      type: object
      properties:
        screen_id:
          type: string
          example: a1b2c3d4-e5f6-7890-abcd-ef1234567890
        assessment:
          $ref: '#/components/schemas/RiskAssessmentDto'
        attribution_evidence:
          type: array
          items:
            $ref: '#/components/schemas/AttributionEvidenceEntryDto'
        exposure_evidence:
          type: array
          items:
            $ref: '#/components/schemas/ExposureEvidenceEntryDto'
        behaviour_evidence:
          type: array
          items:
            $ref: '#/components/schemas/BehaviourEvidenceEntryDto'
      required:
        - screen_id
        - assessment
        - attribution_evidence
        - exposure_evidence
        - behaviour_evidence
    RiskAssessmentDto:
      type: object
      properties:
        screen_id:
          type: string
          example: a1b2c3d4-e5f6-7890-abcd-ef1234567890
        address:
          type: string
          example: '0x742d35Cc6634C0532925a3b844Bc9e7595f2bD28'
        address_active_on:
          example:
            - ethereum
            - polygon
          description: >-
            Networks this address has labelled activity on (from
            addresses.labels).
          type: array
          items:
            type: string
        total_incoming_usd:
          type: number
          example: 1842300.45
          description: >-
            All-counterparty incoming USD volume (lifetime). 0 for unsupported
            networks.
        total_outgoing_usd:
          type: number
          example: 1798450.12
          description: All-counterparty outgoing USD volume (lifetime).
        malicious_incoming_usd:
          type: number
          example: 184500
          description: USD volume from counterparties tagged as malicious.
        malicious_outgoing_usd:
          type: number
          example: 92300
          description: USD volume to counterparties tagged as malicious.
        severity:
          type: string
          example: high
          enum:
            - severe
            - high
            - medium
            - low
            - none
          description: Worst individual signal severity across all three pillars.
        attribution:
          $ref: '#/components/schemas/AttributionSummaryDto'
        exposure:
          $ref: '#/components/schemas/ExposureSummaryDto'
        behaviour:
          $ref: '#/components/schemas/BehaviourSummaryDto'
        timestamp:
          type: string
          example: '2026-05-04T14:30:00Z'
        meta:
          description: Per-upstream-call latency (ms) for this screen.
          allOf:
            - $ref: '#/components/schemas/ScreenMetaDto'
        evidence:
          type: object
          description: >-
            Present only when `include_evidence=true`. Same shape as GET
            /v2/risk/evidence/:screenId minus the wrapping screen_id.
      required:
        - screen_id
        - address
        - address_active_on
        - total_incoming_usd
        - total_outgoing_usd
        - malicious_incoming_usd
        - malicious_outgoing_usd
        - severity
        - attribution
        - exposure
        - behaviour
        - timestamp
        - meta
    AttributionEvidenceEntryDto:
      type: object
      properties:
        signal:
          type: string
          example: sanctions_ofac
        evidence:
          type: array
          items:
            $ref: '#/components/schemas/EvidenceDto'
      required:
        - signal
        - evidence
    ExposureEvidenceEntryDto:
      type: object
      properties:
        signal:
          type: string
          example: obfuscation
        evidence:
          type: array
          items:
            $ref: '#/components/schemas/EvidenceDto'
      required:
        - signal
        - evidence
    BehaviourEvidenceEntryDto:
      type: object
      properties:
        behaviour:
          type: string
          example: smurfing
        evidence:
          type: array
          items:
            $ref: '#/components/schemas/EvidenceDto'
      required:
        - behaviour
        - evidence
    AttributionSummaryDto:
      type: object
      properties:
        triggered:
          type: array
          items:
            $ref: '#/components/schemas/AttributionSignalResultDto'
      required:
        - triggered
    ExposureSummaryDto:
      type: object
      properties:
        triggered:
          type: array
          items:
            $ref: '#/components/schemas/ExposureSignalResultDto'
      required:
        - triggered
    BehaviourSummaryDto:
      type: object
      properties:
        detected:
          type: array
          items:
            $ref: '#/components/schemas/BehaviourSignalResultDto'
      required:
        - detected
    ScreenMetaDto:
      type: object
      properties:
        es_attribution_ms:
          type: number
          example: 120
        config_ms:
          type: number
          example: 5
        ch_counterparties_ms:
          type: number
          example: 340
        ch_totals_ms:
          type: number
          example: 80
        es_interchain_ms:
          type: number
          example: 210
        helius_ms:
          type: number
          example: 150
        features_redis_ms:
          type: number
          example: 60
        counterparty_attribution_ms:
          type: number
          example: 0
        parallel_ms:
          type: number
          example: 350
        total_ms:
          type: number
          example: 410
      required:
        - es_attribution_ms
        - config_ms
        - ch_counterparties_ms
        - ch_totals_ms
        - es_interchain_ms
        - helius_ms
        - features_redis_ms
        - counterparty_attribution_ms
        - parallel_ms
        - total_ms
    EvidenceDto:
      type: object
      properties:
        type:
          type: string
          example: counterparty
          enum:
            - transaction
            - counterparty
            - pattern
            - attribution
        summary:
          type: string
          example: Interacted with OFAC-sanctioned address 0xDEF... on 2026-03-15
        details:
          type: object
          additionalProperties: true
          example:
            address: 0xDEF...
            tx_hash: 0x789...
            timestamp: '2026-03-15T14:22:00Z'
            entity: Tornado Cash
            list: OFAC SDN
      required:
        - type
        - summary
        - details
    AttributionSignalResultDto:
      type: object
      properties:
        signal:
          type: string
          example: sanctions_ofac
        severity:
          type: string
          example: severe
          enum:
            - severe
            - high
            - medium
            - low
        result:
          type: boolean
          example: true
      required:
        - signal
        - severity
        - result
    ExposureSignalResultDto:
      type: object
      properties:
        signal:
          type: string
          example: compliance-risk
        mode:
          type: string
          example: percentage
          enum:
            - percentage
        result:
          type: boolean
          example: true
        percentage:
          type: string
          example: 42.30%
          description: >-
            Exposed bucket volume as a share of total counterparty volume,
            formatted human-readable.
        summary:
          type: string
          example: >-
            42.30% of counterparty volume is compliance-risk, crossing the 5%
            (high) threshold.
          description: Human-readable explanation of why this signal fired.
      required:
        - signal
        - mode
        - result
        - percentage
        - summary
    BehaviourSignalResultDto:
      type: object
      properties:
        behaviour:
          type: string
          example: smurfing
        severity:
          type: string
          example: high
          enum:
            - severe
            - high
            - medium
            - low
        confidence:
          type: number
          example: 0.78
          minimum: 0
          maximum: 1
      required:
        - behaviour
        - severity
        - confidence
  securitySchemes:
    Authorization:
      scheme: bearer
      bearerFormat: API Key
      description: 'Use Authorization: Bearer <api-key>'
      type: http

````