> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cbpayapp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Screen a blockchain address

> Assesses the AML risk of a blockchain address (sanctioned entity, illicit-fund exposure) against global on-chain intelligence and returns a normalized risk level (Low/Medium/High/Severe) with the full evidence. Network-agnostic: the address is evaluated across every supported chain at once; `chain` only labels your record. Bills the fixed `address_screening` fee (refunded automatically if the screening fails), so `idempotency_key` is required — replaying with the same key returns the original screening with `idempotency_hit: true` and never charges twice. Requires the `screenings` service enabled and an approved account verification.



## OpenAPI

````yaml /openapi.yaml post /v1/screenings/addresses
openapi: 3.1.0
info:
  title: CBPay API
  version: '1.89'
  description: |
    CBPay is a multi-currency payment platform: fiat payouts and collections
    across Latin America, internal transfers, on-chain funding and
    withdrawals, and KYC screening. Every account holds four independent
    virtual balances — USDT (the operating currency), USDC, BTC and GOLD
    (grams of fine gold) — that never mix or convert automatically.
    Payouts and service fees can be paid from any of the four balances:
    set a default with `PUT /v1/settlement` or override per payout with
    `settlement_asset`.

    All amounts are decimal strings in each currency's precision (6 decimals
    for USDT/USDC/GOLD, 8 for BTC). Errors always return
    `{"error": "<code>", "message": "<detail>"}`.
servers:
  - url: https://api.qbank.cl/platform
    description: Live (production, real money)
  - url: https://cryptobank.qbank.cl/platform
    description: Test (sandbox, simulated money — pk_test_ keys)
security:
  - bearerAuth: []
tags:
  - name: Receipts
    description: >-
      Branded PDF receipt per operation, with a public signed-QR authenticity
      check, receipt_url on every response/webhook and automatic email delivery
      on final states.
  - name: Authentication
    description: Register and log in account members. Sessions last 24 hours.
  - name: Account
    description: Profile, members and API keys of the calling account.
  - name: Balances
    description: Balances, movement history and FX rates.
  - name: Payouts
    description: >-
      Fiat dispersals debited from the settlement balance of your choice (USDT
      by default).
  - name: Payins
    description: Fiat top-ups credited to the USDT balance.
  - name: Transfers
  - name: Contacts
  - name: Swaps
    description: >-
      Free internal transfers between CBPay accounts (person or company, any
      combination).
  - name: Crypto
    description: On-chain funding and withdrawals (TRON, Ethereum and Bitcoin).
  - name: Segregated wallets
    description: >-
      On-chain wallets with their own balance (companies unlimited; persons 1
      per network+asset pair) — create, import, send, export the private key and
      auto-forward. The balance lives on-chain, never in the ledger.
  - name: QR Crypto POS
    description: >-
      Amount-bearing crypto QR charges for processors with physical POS
      terminals (company accounts): verified merchants, exclusive address + QR
      per charge, early payment detection, per-merchant reconciliation and
      refunds over the crypto withdrawal rail.
  - name: KYC / KYB
  - name: AML screening
    description: >-
      Identity verification: KYC for persons, KYB for companies, with AML
      screening, rescreening and continuous monitoring.
  - name: Wallet screening
    description: >-
      AML risk assessment of blockchain addresses (sanctions, illicit-fund
      exposure) with a per-scan fee, plus free automatic protection on
      withdrawals and deposits.
  - name: Analytics
  - name: Webhooks
    description: Subscriptions to receive signed event notifications.
  - name: Status
    description: Service availability.
  - name: Banking
    description: >-
      Real bank accounts: receive, hold and send money over international
      banking rails.
  - name: Cards
    description: >-
      Virtual and physical cards that spend Just-In-Time from the account's USDT
      balance, with per-card spending limits.
  - name: Security (OTP)
    description: >-
      One-time verification codes over SMS/WhatsApp/email protecting sensitive
      actions, plus self-service 2FA preferences. Applies to user sessions only
      — API keys are exempt.
  - name: Passkeys
    description: >-
      Passwordless sign-in with the device's biometrics (Face ID, Touch ID,
      Windows Hello, security keys) via WebAuthn, authenticator apps (TOTP) with
      backup codes, and session/device management.
  - name: Social login
    description: >-
      Passwordless sign up and sign in with Google, Apple, Microsoft and
      Facebook via token exchange. The front end obtains the provider
      credential; the API verifies it and issues the CBPay session.
paths:
  /v1/screenings/addresses:
    post:
      tags:
        - Wallet screening
      summary: Screen a blockchain address
      description: >-
        Assesses the AML risk of a blockchain address (sanctioned entity,
        illicit-fund exposure) against global on-chain intelligence and returns
        a normalized risk level (Low/Medium/High/Severe) with the full evidence.
        Network-agnostic: the address is evaluated across every supported chain
        at once; `chain` only labels your record. Bills the fixed
        `address_screening` fee (refunded automatically if the screening fails),
        so `idempotency_key` is required — replaying with the same key returns
        the original screening with `idempotency_hit: true` and never charges
        twice. Requires the `screenings` service enabled and an approved account
        verification.
      operationId: createAddressScreening
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - address
                - idempotency_key
              properties:
                address:
                  type: string
                  description: Blockchain address to screen (max 128 characters).
                chain:
                  type: string
                  description: >-
                    Optional label (tron, eth, ...) for your record; it does not
                    restrict the assessment.
                idempotency_key:
                  type: string
                  description: >-
                    Required (the scan charges a fee). Also accepted as the
                    Idempotency-Key header.
            example:
              address: TN2BBWc9EF8MMB6i1c4HZHXAssTEXstMDo
              chain: tron
              idempotency_key: scan-customer-742-1
      responses:
        '200':
          description: >-
            Idempotent replay — returns the original screening without charging
            again.
          content:
            application/json:
              example:
                screening_id: 5f0b1c9a-2f3e-4a7b-9c1d-8e6f5a4b3c2d
                account_id: 9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d
                address: TN2BBWc9EF8MMB6i1c4HZHXAssTEXstMDo
                chain: tron
                risk: Low
                screening_fee: '0.500000'
                fee_asset: USDT
                idempotency_key: scan-customer-742-1
                created_at: '2026-07-12T14:30:00Z'
                idempotency_hit: true
        '201':
          description: Screening executed and stored.
          content:
            application/json:
              examples:
                low_risk:
                  summary: Clean address
                  value:
                    screening_id: 5f0b1c9a-2f3e-4a7b-9c1d-8e6f5a4b3c2d
                    account_id: 9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d
                    address: TN2BBWc9EF8MMB6i1c4HZHXAssTEXstMDo
                    chain: tron
                    risk: Low
                    screening_fee: '0.500000'
                    fee_asset: USDT
                    idempotency_key: scan-customer-742-1
                    created_at: '2026-07-12T14:30:00Z'
                    assessment:
                      address: TN2BBWc9EF8MMB6i1c4HZHXAssTEXstMDo
                      risk: Low
                      address_identifications: []
                      exposures:
                        - category: exchange
                          value_usd: '1250.75'
                      triggers: []
                severe_risk:
                  summary: Sanctioned address
                  value:
                    screening_id: 7a2c4e6f-8b1d-4c3a-9e5f-1a2b3c4d5e6f
                    account_id: 9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d
                    address: '0x098B716B8Aaf21512996dC57EB0615e2383E2f96'
                    chain: eth
                    risk: Severe
                    risk_reason: Identified as Sanctioned Entity
                    screening_fee: '0.500000'
                    fee_asset: USDT
                    idempotency_key: scan-suspicious-9
                    created_at: '2026-07-12T14:31:00Z'
                    assessment:
                      address: '0x098B716B8Aaf21512996dC57EB0615e2383E2f96'
                      risk: Severe
                      risk_reason: Identified as Sanctioned Entity
                      cluster_name: OFAC SDN Ronin Bridge Exploiter
                      cluster_category: sanctioned entity
                      address_identifications:
                        - name: 'SANCTIONS: OFAC SDN Ronin Bridge Exploiter'
                          category: sanctioned entity
                      exposures: []
                      triggers: []
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '402':
          $ref: '#/components/responses/InsufficientFunds'
        '403':
          $ref: '#/components/responses/Forbidden'
        '422':
          description: The address could not be screened (check the format).
          content:
            application/json:
              example:
                error: invalid_address
                message: the address could not be screened (check the format)
        '502':
          description: >-
            Screening temporarily unavailable (the fee was refunded). Retry with
            the SAME key.
          content:
            application/json:
              example:
                error: screening_unavailable
                message: address screening temporarily unavailable
components:
  responses:
    BadRequest:
      description: Invalid request (see `error` code for the specific validation).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: invalid_json
            message: 'request body is not valid JSON: unknown field'
    Unauthorized:
      description: Missing or invalid credential (`unauthorized`).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: unauthorized
            message: invalid or missing credentials
    InsufficientFunds:
      description: Account balance is not enough for this operation (`insufficient_funds`).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: insufficient_funds
            message: account balance is not enough for this operation
    Forbidden:
      description: Credential level not allowed for this endpoint (`forbidden`).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: forbidden
            message: credentials required
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string
          description: Machine-readable error code (snake_case).
          example: insufficient_funds
        message:
          type: string
          description: Human-readable explanation.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: |
        Session JWT (from register/login) or API key (`pk_...`).
        `X-API-Key: <token>` is accepted as an alternative header.

````