Overview
AzurSafe x402 screens wallets and other counterparties before autonomous onchain actions. It returns machine-readable risk results that software can use immediately.
Built for
Why teams use it
- Verify whether any x402 seller is secure before payment
- Verify whether any x402 customer is risky or exposed to sanctions
- Block unsafe actions before execution
- Keep screening cost significantly lower than the expected loss avoided
- Return structured outputs an agent can enforce
- Keep a clear policy trail for each decision
API base
Production base domain
All requests are made to https://ai.azursafe.com.
Health endpoint
GET https://ai.azursafe.com/health
HTTP status: 200
{
"ok": true
}
OpenAPI/schema
Machine-readable API schema
OpenAPI schema: https://ai.azursafe.com/docs/openapi.json or https://ai.azursafe.com/openapi.json
Networks and coverage
AzurSafe x402 supports wallet screening across 30+ major blockchains and identifier types.
x402 payment settlement networks currently enabled on mainnet
- Base Mainnet:
eip155:8453 - Polygon Mainnet:
eip155:137 - Arbitrum Mainnet:
eip155:42161 - Solana Mainnet:
solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp
Screening coverage is broader than payment settlement rails. The API is designed to screen counterparties across major ecosystems including EVM, Solana, UTXO, XRP, Tron, and more.
Company and access
AzurSafe builds blockchain compliance and investigation solutions recognized by public and private financial institutions that help teams improve security, streamline transactions, and increase trust across digital asset operations.
We are a growing multidisciplinary team based in France, we are leading the industry across compliance, data, engineering, and investigations, supported by specialized expertise in AML/CFT, sanctions, regulatory strategy, and blockchain investigations.
+400
trust us since 2023
+30
supported blockchains
+150 years
combined advisory expertise
Why AzurSafe
- Evidence-backed datasets with FATF-aligned categorization
- Source details and proof for auditability
- +30% data coverage uplift compared to existing solutions
- Security-first delivery with traceable decisions
- Research-driven innovation through A-Labs
Links
x402 Service for AI Agents and humans:
https://ai.azursafe.com
AzurSafe main website (human required):
https://azursafe.com
Contact:
[email protected]
Endpoint: screen-id
Paid screening endpoint
Screen a wallet or counterparty before an autonomous onchain action.
Price: $0.01 USDC per screen.
GET https://ai.azursafe.com/agent/screen-id?identifier=<value>
The x402 payment request is made to the full production URL above, using
https://ai.azursafe.com as the domain.
How it works
1. Agent prepares an onchain action 2. Agent selects the identifier to screen 3. Agent sends a paid x402 request to the full URL, including the required identifier query parameter: GET https://ai.azursafe.com/agent/screen-id?identifier=<value> 4. AzurSafe x402 returns a risk result 5. Policy decides allow, review, or block 6. Agent continues only if permitted
Accepted identifier types
- Wallet addresses
- Domains
- Emails
- Phone numbers
- Usernames
Response fields
namelegitimacyStatusaslegit,fraud, orunknowncategorysourcefindings
Example requests
GET https://ai.azursafe.com/agent/screen-id?identifier=0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B GET https://ai.azursafe.com/agent/screen-id?identifier=TE3mCcPULjPUE7ykX7RArDPAhyahoy3d2j GET https://ai.azursafe.com/agent/screen-id?identifier=1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs GET https://ai.azursafe.com/agent/screen-id?identifier=example.org GET https://ai.azursafe.com/agent/[email protected] GET https://ai.azursafe.com/agent/screen-id?identifier=14155550123 GET https://ai.azursafe.com/agent/screen-id?identifier=treasury_bot GET https://ai.azursafe.com/agent/screen-id?identifier=8fjkQpV7L6Wm2nZrYt3aBcD4EfGhJkLmNoPqRsTuVwX
Copy-paste x402 client examples (EVM settlement)
JavaScript client
# Install
npm install @x402/fetch @x402/core @x402/evm viem
# Environment
EVM_PRIVATE_KEY=your_private_key_here
# screen-id.mjs
import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { ExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";
const signer = privateKeyToAccount(process.env.EVM_PRIVATE_KEY);
const client = new x402Client();
client.register("eip155:*", new ExactEvmScheme(signer));
const fetchWithPayment = wrapFetchWithPayment(fetch, client);
const identifier = "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B";
const url = `https://ai.azursafe.com/agent/screen-id?identifier=${encodeURIComponent(identifier)}`;
const response = await fetchWithPayment(url, {
method: "GET"
});
const result = await response.json();
console.log(result);
Python client
# Install
pip install "x402[httpx]" eth-account
# Environment
EVM_PRIVATE_KEY=your_private_key_here
# screen_id.py
import asyncio
import os
from eth_account import Account
from x402 import x402Client
from x402.http.clients import x402HttpxClient
from x402.mechanisms.evm import EthAccountSigner
from x402.mechanisms.evm.exact.register import register_exact_evm_client
async def main():
account = Account.from_key(os.environ["EVM_PRIVATE_KEY"])
client = x402Client()
register_exact_evm_client(client, EthAccountSigner(account))
identifier = "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B"
url = f"https://ai.azursafe.com/agent/screen-id?identifier={identifier}"
async with x402HttpxClient(client) as http:
response = await http.get(url)
result = response.json()
print(result)
asyncio.run(main())
Legit example
Identifier: 0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B
Request URL: https://ai.azursafe.com/agent/screen-id?identifier=0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B
HTTP status: 200
{
"ok": true,
"endpoint": "screen-id",
"identifier": "0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B",
"data": {
"name": "Vb_4e62be",
"legitimacyStatus": "legit",
"category": "Foundation/Developer",
"source": "Public and Online Data",
"findings": 4
}
}
Fraud example
Identifier: TE3mCcPULjPUE7ykX7RArDPAhyahoy3d2j
Request URL: https://ai.azursafe.com/agent/screen-id?identifier=TE3mCcPULjPUE7ykX7RArDPAhyahoy3d2j
HTTP status: 200
{
"ok": true,
"endpoint": "screen-id",
"identifier": "TE3mCcPULjPUE7ykX7RArDPAhyahoy3d2j",
"data": {
"name": "OFAC_Sanctioned_2b477d",
"legitimacyStatus": "fraud",
"category": "Phishing/Fraud",
"source": "Online and Public Data",
"findings": 2
}
}
Unknown example
Identifier: 1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs
Request URL: https://ai.azursafe.com/agent/screen-id?identifier=1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs
HTTP status: 200
{
"ok": true,
"endpoint": "screen-id",
"identifier": "1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs",
"data": {
"name": null,
"legitimacyStatus": "unknown",
"category": null,
"source": null,
"findings": 0
}
}
Endpoint link
Paid screening endpoint: https://ai.azursafe.com/agent/screen-id?identifier=<value>
Endpoint: screen-kyt
Paid KYT screening endpoint
Screen a blockchain wallet address using AzurSafe KYT intelligence before an autonomous onchain action.
Price: $0.025 USDC per screen.
GET https://ai.azursafe.com/agent/screen-kyt?blockchain=<blockchain>&address=<address>
The x402 payment request is made to the full production URL above, using
https://ai.azursafe.com as the domain.
How it works
1. Agent prepares an onchain action 2. Agent selects the blockchain and wallet address 3. Agent sends a paid x402 request to the full URL, including the required blockchain and address query parameters: GET https://ai.azursafe.com/agent/screen-kyt?blockchain=<blockchain>&address=<address> 4. AzurSafe x402 returns a KYT risk result 5. Policy decides allow, caution, review, or block 6. Agent continues only if permitted
Do not send the paid request to /agent/screen-kyt without the required blockchain and address query parameters.
Accepted blockchain values
ethereum
bsc
polygon
avalanche
arbitrum
optimism
fantom
linea
base
bitcoin
bitcoincash
bitcoinsv
dash
zcash
dogecoin
litecoin
ecash
solana
xrp
cardano
stellar
Other blockchain values are currently not accepted.
Response fields
decision: go, caution, review, no_go
safeToProceed
recommendedAction: allow, allow_with_caution,
manual_review, block
riskScore
riskLevel: low, medium, high,
critical, unknown
confidence
summary
riskTriggers
walletProfile
walletProfile.firstSeenAt
walletProfile.lastSeenAt
counterpartySummary
topCounterparties
Example requests
GET https://ai.azursafe.com/agent/screen-kyt?blockchain=ethereum&address=0xffef4634155a477a8877deef8eaff293a373d5de GET https://ai.azursafe.com/agent/screen-kyt?blockchain=bitcoin&address=1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs
Copy-paste x402 client examples (EVM settlement)
JavaScript client
# Install
npm install @x402/fetch @x402/core @x402/evm viem
# Environment
EVM_PRIVATE_KEY=your_private_key_here
# screen-kyt.mjs
import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { ExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";
const signer = privateKeyToAccount(process.env.EVM_PRIVATE_KEY);
const client = new x402Client();
client.register("eip155:*", new ExactEvmScheme(signer));
const fetchWithPayment = wrapFetchWithPayment(fetch, client);
const blockchain = "ethereum";
const address = "0xffef4634155a477a8877deef8eaff293a373d5de";
const url = `https://ai.azursafe.com/agent/screen-kyt?blockchain=${encodeURIComponent(blockchain)}&address=${encodeURIComponent(address)}`;
const response = await fetchWithPayment(url, {
method: "GET"
});
const result = await response.json();
console.log(result);
Python client
# Install
pip install "x402[httpx]" eth-account
# Environment
EVM_PRIVATE_KEY=your_private_key_here
# screen_kyt.py
import asyncio
import os
from urllib.parse import urlencode
from eth_account import Account
from x402 import x402Client
from x402.http.clients import x402HttpxClient
from x402.mechanisms.evm import EthAccountSigner
from x402.mechanisms.evm.exact.register import register_exact_evm_client
async def main():
account = Account.from_key(os.environ["EVM_PRIVATE_KEY"])
client = x402Client()
register_exact_evm_client(client, EthAccountSigner(account))
query = urlencode({
"blockchain": "ethereum",
"address": "0xffef4634155a477a8877deef8eaff293a373d5de"
})
url = f"https://ai.azursafe.com/agent/screen-kyt?{query}"
async with x402HttpxClient(client) as http:
response = await http.get(url)
result = response.json()
print(result)
asyncio.run(main())
High-risk KYT example
Blockchain: ethereum
Address: 0xffef4634155a477a8877deef8eaff293a373d5de
Request URL: https://ai.azursafe.com/agent/screen-kyt?blockchain=ethereum&address=0xffef4634155a477a8877deef8eaff293a373d5de
HTTP status: 200
{
"ok": true,
"endpoint": "screen-kyt",
"version": "1.0",
"pricingTier": "kyt-lite",
"address": "0xffef4634155a477a8877deef8eaff293a373d5de",
"blockchain": "ethereum",
"auditId": "92c5b798-8539-4c98-9960-16b35d3984dd",
"checkedAt": "2026-05-01T22:25:59.301Z",
"data": {
"result": {
"decision": "no_go",
"safeToProceed": false,
"recommendedAction": "block",
"riskScore": 100,
"riskLevel": "critical",
"confidence": 0.72
},
"summary": {
"short": "Critical risk. Block payment.",
"text": "Wallet 0xffef...d5de engaged in 5 transactions (2 incoming, 3 outgoing) with 5 counterparties and handled 3 different tokens. Funds primarily received through intermediary wallets, suggesting potential layering activity. Key risk factors: interaction with 2 fraudulent addresses (Bybit_Hackers_1f47d6, Bybit_Hackers_1f38a3). Overall risk assessment: VERY HIGH (100/100) - COMPLIANCE ACTION RECOMMENDED."
},
"riskTriggers": [
{
"name": "Fraud Wallet Detected",
"severity": "critical",
"wallet": "0xffef4634155a477a8877deef8eaff293a373d5de",
"transactionHash": "0x19c9fc8adcbdad18869c72da2fceaba37aef2d67643da0fdeed320a34724dde1",
"description": "Direct transaction with known fraud wallet detected"
},
{
"name": "Fraud Wallet Detected",
"severity": "critical",
"wallet": "0x56d2ff9760ee2e973fcb85d57d906d2f79a3d650",
"transactionHash": null,
"description": "Fraud wallet detected (walletType, legitimacyStatus, tagCategory): 0x56d2ff9760ee2e973fcb85d57d906d2f79a3d650"
},
{
"name": "Fraud Wallet Detected",
"severity": "critical",
"wallet": "0x809197cb7e6bc8b3c672f914bf1644dade8106d9",
"transactionHash": "0x1059dee902fc6d55c8f40f7b2af193232035d1dca4c3a5705710a7dd9283e151",
"description": "Direct transaction with known fraud wallet detected"
},
{
"name": "Full Withdrawal (Single Transaction)",
"severity": "medium",
"wallet": "0xffef4634155a477a8877deef8eaff293a373d5de",
"transactionHash": "0x1059dee902fc6d55c8f40f7b2af193232035d1dca4c3a5705710a7dd9283e151",
"description": "Wallet withdrew 100% of its balance in a single transaction"
},
{
"name": "Full Withdrawal (Single Transaction)",
"severity": "medium",
"wallet": "0xffef4634155a477a8877deef8eaff293a373d5de",
"transactionHash": "0x28e25a6c38b5375c833caaebf6c2e319f07d815e68f09031247c2c7fdc1b847c",
"description": "Wallet withdrew 100% of its balance in a single transaction"
}
],
"walletProfile": {
"totalTransactions": 5,
"detectedWallets": 5,
"auditedWallets": 1,
"tokensDetected": 3,
"firstSeen": 1740572759,
"firstSeenAt": "2025-02-26T12:25:59.000Z",
"lastSeen": 1774858667,
"lastSeenAt": "2026-03-30T08:17:47.000Z",
"transactionVelocity": 0.0126,
"incomingOutgoingRatio": 0.67
},
"counterpartySummary": {
"totalCounterparties": 5,
"receivedFrom": 2,
"sentTo": 3,
"types": {
"known": 0,
"intermediary": 3,
"fraud": 2,
"unknown": 0,
"bridge": 0,
"publicContract": 0,
"unknownContract": 0
}
},
"topCounterparties": [
{
"address": "0x56d2ff9760ee2e973fcb85d57d906d2f79a3d650",
"walletType": "fraud",
"riskLevel": "critical",
"depth": 1,
"transactionCount": 1,
"identity": {
"tag": "Bybit_Hackers_1f47d6",
"entity": null,
"category": "Phishing/Fraud",
"source": "Online and Public Data"
}
},
{
"address": "0x6357d3843d715496257e338a878ab0b72040a918",
"walletType": "intermediary",
"riskLevel": "low",
"depth": 1,
"transactionCount": 1
},
{
"address": "0x809197cb7e6bc8b3c672f914bf1644dade8106d9",
"walletType": "fraud",
"riskLevel": "critical",
"depth": 1,
"transactionCount": 1,
"identity": {
"tag": "Bybit_Hackers_1f38a3",
"entity": null,
"category": "Phishing/Fraud",
"source": "Online and Public Data"
}
}
]
}
}
Low-risk KYT example
Blockchain: bitcoin
Address: 1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs
Request URL: https://ai.azursafe.com/agent/screen-kyt?blockchain=bitcoin&address=1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs
HTTP status: 200
{
"ok": true,
"endpoint": "screen-kyt",
"version": "1.0",
"pricingTier": "kyt-lite",
"address": "1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs",
"blockchain": "bitcoin",
"auditId": "a497dfa8-8e25-4127-9f04-937acc509d52",
"checkedAt": "2026-05-01T22:24:29.033Z",
"data": {
"result": {
"decision": "go",
"safeToProceed": true,
"recommendedAction": "allow",
"riskScore": 8,
"riskLevel": "low",
"confidence": 0.72
},
"summary": {
"short": "Low risk. Allow payment.",
"text": "Wallet 1PMyca...XUAs engaged in 8 transactions (4 incoming, 4 outgoing) with 8 counterparties and handled 1 different tokens. Funds primarily received through intermediary wallets, suggesting potential layering activity. Overall risk assessment: LOW (8/100)."
},
"riskTriggers": [
{
"name": "Full Withdrawal (Single Transaction)",
"severity": "medium",
"wallet": "1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs",
"transactionHash": "6ad41173066e80bea9f31e8d96e19103e3b3fdf84a024e00b8d8c19bbd090659",
"description": "Wallet withdrew 100% of its balance in a single transaction"
}
],
"walletProfile": {
"totalTransactions": 8,
"detectedWallets": 8,
"auditedWallets": 1,
"tokensDetected": 1,
"firstSeen": 1413679755,
"firstSeenAt": "2014-10-19T00:49:15.000Z",
"lastSeen": 1754056650,
"lastSeenAt": "2025-08-01T13:57:30.000Z",
"transactionVelocity": 0.002,
"incomingOutgoingRatio": 1
},
"counterpartySummary": {
"totalCounterparties": 8,
"receivedFrom": 4,
"sentTo": 4,
"types": {
"known": 0,
"intermediary": 8,
"fraud": 0,
"unknown": 0,
"bridge": 0,
"publicContract": 0,
"unknownContract": 0
}
},
"topCounterparties": [
{
"address": "bc1q9dyr2a49xtnw3qq6sfdyxa74a9fr8p5kkew4dh",
"walletType": "intermediary",
"riskLevel": "low",
"depth": 1,
"transactionCount": 1
},
{
"address": "bc1qsn3f956aaps0yht6pfqd8wxr69hevy07269y5k",
"walletType": "intermediary",
"riskLevel": "low",
"depth": 1,
"transactionCount": 1
},
{
"address": "1BdrNSpGQHapLpu4HUXBHE9cmpjUPtbZW7",
"walletType": "intermediary",
"riskLevel": "low",
"depth": 1,
"transactionCount": 1
}
]
}
}
Endpoint link
Paid KYT screening endpoint: https://ai.azursafe.com/agent/screen-kyt?blockchain=<blockchain>&address=<address>