GSIG API Documentation

The GSIG API provides multi-jurisdiction crypto sanctions screening and intelligence. Every API call returns a full compliance report — sanctions match, entity attribution, proximity alerts, and laundering pattern detection — powered by 453M+ intelligence records across 22.8M tracked wallets.

The API is RESTful. It accepts JSON request bodies, returns JSON responses, and uses standard HTTP authentication and status codes. All addresses are EIP-55 checksummed. All timestamps are UTC ISO-8601.

Authentication

Authenticate requests using your API key in the Authorization header. Keys are issued when you create an account and can be managed from your dashboard.

Header
Authorization: Bearer gsig_live_a1b2c3d4e5f6...
Keep your API key secret. Do not expose it in client-side code, public repositories, or frontend applications. All API requests must be made server-side over HTTPS.

Base URL

All API requests are made to:

https://api.gsig.uk

Version prefix /v1/ is included in all endpoint paths. The current version is v1.

Rate limits

Rate limits are enforced per API key based on your subscription tier. Both monthly call limits and per-minute burst limits apply.

Starter
1K
calls/month
10/min burst
Professional
10K
calls/month
50/min burst
Business
50K
calls/month
200/min burst
Enterprise
Custom
per contract
Dedicated

When you exceed your burst limit, the API returns 429 Too Many Requests. When you exceed your monthly limit, additional calls are billed at the overage rate for your tier.

Error codes

CodeMeaningResponse
200SuccessCompliance report returned
400Bad requestInvalid address format or missing required field
401UnauthorisedMissing or invalid API key
403ForbiddenTier does not include this endpoint
404Not foundAddress not found in trace data
429Rate limitedBurst or monthly limit exceeded
500Server errorInternal error — retry with backoff

Screen address

The primary endpoint. Screens a wallet address and returns a full GSIG Compliance Report including sanctions match, entity attribution, proximity alerts, pattern flags, and risk tier.

POST /api/v1/screen
// Request body { "address": "0x53b9B72DC6f96Eb4B54143B211B22e2548e4cf5c", "chain": "ethereum" }

Request parameters:

FieldTypeDescription
addressrequiredstringWallet address to screen. EIP-55 or lowercase accepted.
chainrequiredstringBlockchain identifier: ethereum, bitcoin, tron, etc.
200 Response
{ "sanctioned": true, "risk_tier": 5, "jurisdictions": ["US", "UK", "EU"], "authority": "ofac_sdn", "entity": "Lazarus Group", "program": "CYBER2", "designation_date": "2022-08-08", "proximity_alerts": [ {"hop": 1, "count": 247, "severity": "high"}, {"hop": 2, "count": 12841, "severity": "medium"} ], "patterns": ["EXCHANGE_EXIT", "PEEL_CHAIN"], "risk_score": 1972, "report_id": "gsig_rpt_20260403_0x53b9", "timestamp": "2026-04-03T10:16:00Z", "data_freshness": "2026-04-03T02:00:00Z" }

Money flows

Returns direct counterparty flows for a screened address — the top money flow edges by value, with direction (in/out), amounts, and transaction counts.

GET /api/v1/screen/{address}/flows
// Query parameters ?chain=ethereum&direction=out&limit=20
ParamTypeDescription
chainrequiredstringBlockchain identifier
directionstringFilter: in, out, or omit for both
limitintegerMax results (default 20, max 100)

Patterns

Returns algorithmically detected laundering patterns: peel chains, layering, fan-out, fan-in, round-trips, rapid bursts, exchange exits, and mixer passes. Each pattern includes severity, description, and evidence.

GET /api/v1/screen/{address}/patterns
// Query parameters ?chain=ethereum&severity=CRITICAL
ParamTypeDescription
chainrequiredstringBlockchain identifier
severitystringFilter: CRITICAL, HIGH, or MEDIUM

Exchange exits

Returns exchange deposit addresses that received funds from the screened wallet, with exchange name, amounts, transaction counts, and block explorer links.

GET /api/v1/screen/{address}/exchanges
// Query parameters ?chain=ethereum

Sanctioned contacts

Returns other sanctioned addresses discovered in the same money flow graph as the screened address — linking cross-jurisdictional designations.

GET /api/v1/screen/{address}/contacts
// Query parameters ?chain=ethereum

Jurisdictions

Returns the list of tracked jurisdictions with last update timestamps and address counts.

GET /api/v1/jurisdictions
// No parameters required

System stats

Returns current system-wide metrics. Use this endpoint to display live statistics on dashboards or status pages.

GET /api/v1/stats
// Response { "wallets_tracked": 22780369, "intelligence_records": 452987423, "entities_resolved": 73124, "entity_connections": 7579015, "sanctioned_addresses": 1542, "chains_tracked": 25, "jurisdictions": 13, "last_refresh": "2026-04-03T02:00:00Z" }

Data format

Addresses: All Ethereum addresses in responses are EIP-55 checksummed. Both checksummed and lowercase addresses are accepted in requests.

Timestamps: All timestamps are UTC in ISO-8601 format: 2026-04-03T10:16:00Z

Amounts: ETH values are returned as floats. Values above 1B may include inflated token values (flagged with an asterisk in display).

Chain identifiers: Lowercase chain names: ethereum, bitcoin, tron, litecoin, monero, zcash, dash, doge, bnb, xrp, solana, etc.

Risk tiers: Integer 1-5. Tier 5 (EXTREME) indicates a directly sanctioned address. Tier 4 (HIGH) indicates 1-hop proximity. Tier 3 (MEDIUM) indicates 2-3 hop proximity with pattern matches.

Code examples

cURL

Shell
curl -X POST https://api.gsig.uk/api/v1/screen \ -H "Authorization: Bearer gsig_live_YOUR_KEY" \ -H "Content-Type: application/json" \ -d '{"address":"0x53b9B72DC6f96Eb4B54143B211B22e2548e4cf5c","chain":"ethereum"}'

Python

Python
import requests resp = requests.post( "https://api.gsig.uk/api/v1/screen", headers={"Authorization": "Bearer gsig_live_YOUR_KEY"}, json={"address": "0x53b9B72DC6...e4cf5c", "chain": "ethereum"} ) report = resp.json() if report["sanctioned"]: print(f"SANCTIONED — Risk tier {report['risk_tier']}") print(f"Entity: {report['entity']}") print(f"Jurisdictions: {', '.join(report['jurisdictions'])}") print(f"Patterns: {', '.join(report['patterns'])}")

JavaScript (Node.js)

JavaScript
const response = await fetch("https://api.gsig.uk/api/v1/screen", { method: "POST", headers: { "Authorization": "Bearer gsig_live_YOUR_KEY", "Content-Type": "application/json" }, body: JSON.stringify({ address: "0x53b9B72DC6...e4cf5c", chain: "ethereum" }) }); const report = await response.json(); console.log(`Sanctioned: ${report.sanctioned}, Risk: ${report.risk_tier}`);

Changelog

v1.0 — 3 April 2026 — Initial release. Screen endpoint, money flows, patterns, exchange exits, sanctioned contacts, jurisdictions, and system stats. Ethereum screening live. 1,542 sanctioned addresses across 25 chains and 13 jurisdictions.