Blockchain intelligence platform for wallet screening, transaction monitoring, and entity risk attribution across 29+ chains. Sub-300ms wallet risk API used by exchanges, wallets, and pre-transaction enforcement layers.
- 01real-time wallet risk screening
- 02pre-transaction enforcement
- 03transaction monitoring + alerting
- 04entity attribution and exposure analysis
- 05regulated fintech and VASP compliance
| Variable | Scope | Description |
|---|---|---|
| TRM_API_KEY | Server | TRM Labs BLOCKINT API key, sent via HTTP Basic auth (`Authorization: Basic base64(key:)`). |
| TRM_WEBHOOK_SECRET | Server | Shared secret for verifying TRM alert webhook signatures (HMAC-SHA256 of raw body). |
Use TRM Labs for wallet risk + transaction monitoring. Screen addresses with `POST https://api.trmlabs.com/public/v2/screening/addresses` (HTTP Basic auth with `TRM_API_KEY:`) sending `[{ address, chain }]`; response yields `addressRiskIndicators[]`, `addressSubmitted`, `entities[]`, and a numeric `risk_score` plus `risk_level` (`Low|Medium|High|Severe`). For pre-transaction checks use `POST /public/v2/screening/transactions` with the transfer payload before broadcasting. Submit ongoing transfers via `POST /public/v2/transfers` for monitoring; consume alerts from `GET /public/v2/alerts` or via webhook. Webhook handler at `/api/trm/webhook` verifies the `X-TRM-Signature` header (HMAC-SHA256 over raw body) using `TRM_WEBHOOK_SECRET`, then routes `alert.created` and `alert.updated` events into your case-management queue.
- ⚑TRM API auth is HTTP Basic with the key as the username and an empty password — `Authorization: Basic base64(API_KEY:)`. Bearer-style auth will silently 401.
- ⚑Risk indicators include `OWNERSHIP` (direct hits) and `COUNTERPARTY` (indirect exposure) categories — block on `OWNERSHIP` severe/high, but route `COUNTERPARTY` to manual review or you'll over-block.
- ⚑Webhook signature is HMAC-SHA256 over the exact raw body — verify with `req.text()` before JSON parsing; framework body-parsers will break the signature.
- ⚑Sub-300ms p50 is realistic; p99 can spike past 2s during chain reorgs or backfills — set a circuit breaker and a fail-open/fail-closed policy explicitly.
- ⚑Chain coverage differs across products (screening vs monitoring vs alerting) — verify your specific chain (e.g. TON, Tron, Sui) is supported on the exact endpoint, not just the marketing list.
- ⚑Some jurisdictions (e.g. EU MiCA travel-rule flows) require submitting counterparty VASP info alongside the screening request to get the right risk attribution.