> For the complete documentation index, see [llms.txt](https://www.bokk.ltd/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.bokk.ltd/readme/v3/3.-real-time-transaction-risk-alert-api.md). # 3. Real-Time Transaction Risk Alert API #### Description Supports risk screening for recent real-time transactions (within the last 24 hours). This endpoint is used when you act as the fund recipient and perform a risk screening after an on-chain transaction has occurred, with a focus on the risk associated with the source of funds. The interface applies the strategies configured in the rule engine. *** ### 1. Endpoint URL ``` GET /openapi/v3/risk/rule/tx/screening ``` *** ### 2. Request Parameters

Parameter	Type	Required	Description
apikey	string	true	API key
tx	string	true	Transaction hash
chain	string	true	Main chain name
to_address	string	true	Token receiving address
coin	string	true	Token name
app_id	string	true	Application ID

*** ### 3. Response Parameters ```json { "code": 200, "message": "success", "data": { "unique_id": "2541......c245", "risk_level": "severe", "risk_types": [ "Blackmail Scam" ], "risk_tags": [ "phishing", "Blackmail Scam" ], "risk_code": 4444, "risk_detail": { "private_data": { "hit_private_whitelist": false, "hit_private_blacklist": false, "private_blacklist_name": "Private blacklist name" }, "hit_blacklist_address": true, "tx_blacklist_address": [ { "blacklist_address": "0xE0......D015", "risk_types": "Blackmail Scam", "risk_tags": [ "phishing" ] } ], "hit_direct_risk_review": false, "hit_indirect_risk_review": true, "hit_aml_review": true } } } ``` *** ## Response Field Description

Field	Type	Description
code	int	Business status code. `200` indicates success; other values indicate failure (refer to actual error codes returned).
message	string	Response status message, e.g., `success`.
data	object	Response data object.

*** ## `data` Field Description

Field	Type	Description
unique_id	string	Unique request ID (used for tracking and troubleshooting).
risk_level	string	Risk level: `severe`, `high`, `medium`, `low`, `none` (no risk hit or unknown).
risk_types	string[]	Risk type array (high-level categories), e.g., `["Blackmail Scam"]`.
risk_tags	string[]	Risk tag array (more granular labels), e.g., `["phishing","Blackmail Scam"]`.
risk_code	int	Risk code: `0` (no risk detected), `-1` (not found), `4444` (blacklist hit). For other codes, refer to the Risk Code Specification.
risk_detail	object	Detailed risk information (strategy hits, blacklist matches, etc.).

*** ## `risk_detail` Field Description

Field	Type	Description
private_data	object	Private list hit information.
hit_blacklist_address	boolean	Whether the transaction includes a blacklist address (from or to).
tx_blacklist_address	array	List of blacklist addresses matched in the transaction (may contain multiple entries).
hit_direct_risk_review	boolean	Whether direct risk review rules were triggered.
hit_indirect_risk_review	boolean	Whether indirect risk review rules were triggered.
hit_aml_review	boolean	Whether AML review rules were triggered.

*** ## `private_data` Field Description

Field	Type	Description
hit_private_whitelist	boolean	Whether the address hits the private whitelist. `true` indicates a match.
hit_private_blacklist	boolean	Whether the address hits the private blacklist. `true` indicates a match.
private_blacklist_name	string	Name of the matched private blacklist (may be empty or not returned if no match).

*** ## `tx_blacklist_address` Element Description

Field	Type	Description
blacklist_address	string	The matched blacklist address.
risk_types	string	Risk type associated with the address.
risk_tags	string[]	Risk tag array associated with the address.

--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.bokk.ltd/readme/v3/3.-real-time-transaction-risk-alert-api.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.