Get Payment Risk Assessment
Risk Endpoints
Payment Risk Assessment
End-to-end risk assessment for payments across and within chains, powered by advanced heuristic rules and machine-learning analysis.
GET
Get Payment Risk Assessment
Returns a comprehensive risk assessment for blockchain payments by analyzing both sender and recipient addresses across 8 independent risk dimensions. Provides real-time risk evaluation for payment flows across multiple blockchain networks. See Understanding Risk Scores for general methodology.
The overall risk level uses a maximum risk approach: if any individual assessment returns “high”, the overall risk is “high”.
Validation:
This is the most comprehensive risk endpoint. It includes address risk scoring (malicious connection analysis) and attributed address checks (including sanctions and blacklist data) for both sender and recipient, plus payment-specific risk factors.If you only need to screen a single address without payment context, use the simpler Address Risk Score endpoint. For sanctions-only pass/fail checks, use Sanctions & Blacklist Check.
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
sender_address | string | Yes | Blockchain address of the sender (min 10 characters) |
recipient_address | string | Yes | Blockchain address of the recipient (min 10 characters) |
amount | number | Yes | Payment amount in USD equivalent (must be >0) |
sender_network | string | Yes | Sender’s blockchain network identifier. See Supported Chains. |
recipient_network | string | Yes | Recipient’s blockchain network identifier. See Supported Chains. |
sender_token | string | No | Token/denom being sent (enables token risk assessment for Solana) |
recipient_token | string | No | Token/denom being received |
timestamp | string | No | Payment timestamp in ISO 8601 format (e.g., 2025-01-15T10:30:00Z) |
- Sender and recipient addresses must be different
- Amount must be greater than 0
- Address minimum length: 10 characters
Supported Networks
Full payment data support for:solana, stellar, and all Cosmos ecosystem chains (celestia, osmosis-1, cosmoshub-4, dydx-mainnet-1, neutron-1, and others). See Supported Chains for the full list.
Networks without full payment data (EVM chains, Bitcoin, Tron) still benefit from attribution checks and malicious connection analysis.
Response Schema
| Field | Type | Description |
|---|---|---|
overall_risk_level | string | Final risk determination: "low", "medium", "high", or "unknown" |
risk_factors | array | Individual risk assessments performed (see below) |
processing_time_ms | number | Processing time in milliseconds |
errors | array | Errors encountered during analysis (empty if none) |
request_summary | object | Echo of the original request parameters |
Risk Factor Object
| Field | Type | Description |
|---|---|---|
factor | string | Unique identifier (e.g., new_wallet_recipient, first_interaction) |
risk_level | string | Risk level: "low", "medium", or "high" |
description | string | Human-readable explanation |
Example Response Structure
Risk Assessments Performed
New Wallet Detection
New Wallet Detection
Analyzes recipient’s transaction history to determine if the wallet is newly created or established.Factor names:
new_wallet_recipient, established_wallet_recipient- HIGH: 0 transactions (completely new wallet)
- MEDIUM: <3 transactions OR first transaction <7 days ago
- LOW: ≥3 transactions AND >7 days old
"Recipient is a completely new wallet with no transaction history", "Recipient has substantial transaction history (500+ transactions over 6 months)"Dormant Wallet Detection
Dormant Wallet Detection
Checks if recipient has been inactive for an extended period and is now reactivating.Factor names:
dormant_wallet_recipient, active_wallet_recipient- MEDIUM: Last transaction >180 days ago
- LOW: Active within 180 days
"Recipient wallet was dormant for 200+ days and is now reactivating", "Recipient wallet was active within the last 7 days"Address Poisoning Detection
Address Poisoning Detection
Detects if the recipient address matches poison address patterns associated with the sender (4-char prefix/suffix matching).Factor names:
address_poisoning_attack, no_address_poisoning- HIGH: Recipient matches a poison address pattern
- LOW: No poisoning pattern detected
"Potential address poisoning attack detected - recipient matches poison address pattern", "No address poisoning pattern detected between sender and recipient"Interaction History
Interaction History
Examines previous transaction relationships between sender and recipient. Uses network-specific index for same-network payments and
payments_interchain index for cross-chain.Factor names: first_interaction, limited_interaction_history, established_interaction_history- HIGH: 0 interactions (first time transacting)
- MEDIUM: 1–2 interactions
- LOW: 3+ interactions (established relationship)
"First ever interaction between these addresses", "Limited interaction history: 2 previous interactions found", "Strong interaction history: 15 previous interactions found"Malicious Connection Analysis
Malicious Connection Analysis
Uses Range’s ML-powered malicious distance endpoint to identify connections to known malicious addresses for both sender and recipient.Factor names (sender):
malicious_connection_sender_direct, malicious_connection_sender_high, malicious_connection_sender_medium, malicious_connection_sender_low, clean_address_senderFactor names (recipient): Same pattern with _recipient_ suffix.- HIGH: 0–2 hops from malicious addresses
- MEDIUM: 3 hops from malicious addresses
- LOW: 4+ hops OR no connections found
"Sender is directly connected to known malicious addresses (0 hops)", "Sender is 2 hops away from known malicious addresses (riskScore: 1)", "Sender address has no known connections to malicious addresses"Attributed Address Check
Attributed Address Check
Verifies both addresses against known entity databases. Network-independent — runs even for unsupported networks.Factor names:
malicious_address_sender, malicious_address_recipient, attributed_address_sender, attributed_address_recipient, known_attributed_sender, known_attributed_recipient- HIGH: Address flagged with
malicious=True - LOW: Known attributed entity (exchange, protocol, system address)
"Address attributed to 'Binance Hot Wallet' (Entity: Binance, Category: Exchange, Role: Hot Wallet)", "Sender is a known attributed address | identified as 'Token Program' | (entity: Solana) | Category: SYSTEM | Role: Program | Not flagged as malicious"Token Risk Assessment
Token Risk Assessment
When
sender_token or recipient_token is provided, evaluates token-specific risk factors. Currently Solana only.Factor names: token_risk_sender_low, token_risk_sender_medium, token_risk_sender_high (and _recipient_ variants)Maps from token risk score to payment risk level (low/medium/high).Example descriptions: "Sender token EPjFWdd5Au... has low risk (established stablecoin)", "Recipient token shows medium risk factors"Cross-Chain Support
Cross-Chain Support
Handles both same-network and cross-chain payment scenarios with appropriate index selection.
- Same network: Uses network-specific index (e.g.,
payments_solana) - Cross-chain: Uses
payments_interchainindex
Network Support
| Scenario | Coverage | Processing Time |
|---|---|---|
| Both networks fully supported | All risk factors assessed | ~1000–3000ms |
| One network supported | Partial assessment + attribution for both | ~200–600ms |
| Neither network supported | Attribution check only; returns "unknown" if no data | ~130–500ms |
Examples
High Risk — First Interaction with New Wallet
Low Risk — Established Relationship
Cross-Chain Payment
Errors
| HTTP Code | Cause | Recommended Action |
|---|---|---|
| 400 | Invalid parameters (same addresses, amount ≤ 0, etc.) | Validate parameters before requesting. |
| 422 | Request validation error | Check parameter types and formats. |
| 429 | Rate limit exceeded | Implement exponential backoff. |
| 5xx | Server error | Retry after a delay; contact support if persistent. |
Best Practices
- The overall risk is determined by the highest individual risk factor — a single “high” factor makes the entire payment “high” risk.
- Always pass
sender_token/recipient_tokenfor Solana payments to get token-level risk assessment. - For cross-chain payments, provide the correct network identifiers for both sides.
- Use
processing_time_msto monitor API performance and set appropriate timeouts. - An
"unknown"overall risk level means insufficient data, not safety — treat it with caution.
TypeScript Types
TypeScript Types
Authorizations
Use Authorization: Bearer
Query Parameters
Sender blockchain address
Example:
"TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA"
Recipient blockchain address
Example:
"7UX2i7SucgLMQcfZ75s3VXmZZY4YRUyJN9X1RgfMoDUi"
Payment amount in USD equivalent (must be positive)
Required range:
x >= 0.01Example:
1000
Sender blockchain network (e.g., solana, osmosis, ethereum)
Example:
"solana"
Recipient blockchain network
Example:
"solana"
Token/denom being sent (optional, enables token risk assessment)
Example:
"EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
Token/denom being received (optional)
Example:
"EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
Payment timestamp in ISO 8601 format (optional)
Example:
"2025-01-15T10:30:00Z"
Response
200 - application/json
Payment risk assessment with individual risk factors and overall risk level
Overall risk level determined by maximum risk approach. Possible values: low, medium, high, unknown
Available options:
low, medium, high, unknown Example:
"high"
List of individual risk assessments performed
Processing time in milliseconds
Example:
4159.017
List of errors encountered during analysis (empty if no errors)
Echo of the original request parameters for verification
Last modified on March 2, 2026