Sionix API Documentation

Real-time risk scoring, threat detection, and network intelligence across 7 EVM chains. Integrate in minutes. Powered by the Prism engine.

Overview

Sionix provides a REST API for detecting automated fraud, threat networks, and high-risk wallet activity on EVM-compatible chains. Every request returns a risk score, threat classification, and recommended action in milliseconds.

Base URL: https://api.sionix.tech

Sionix offers three plans: Trial (limited evaluation access), Business, and Enterprise. All production endpoints require a Business or Enterprise API key. Enterprise adds deeper intelligence fields, threat feed access, ecosystem management, and higher rate limits.

All responses follow a consistent format:

{
  "success": true,
  "data": { ... },
  "meta": {
    "requestId": "req_abc123",
    "version": "1.0.0"
  }
}

Quickstart

Get a risk score in under 60 seconds.

1. Get your API key

Sionix is sales-led. To get an API key and sandbox access, email sales@sionix.tech with your company name and use case. We'll provision a key and walk you through onboarding.

Once you have a key, pass it in the x-api-key header on every request. You can also use Authorization: Bearer YOUR_API_KEY.

2. Scan a wallet

cURL
curl -X POST https://api.sionix.tech/v1/wallet/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18", "chain": "ETH"}'
Node.js (fetch)
const response = await fetch("https://api.sionix.tech/v1/wallet/scan", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": "YOUR_API_KEY",
  },
  body: JSON.stringify({
    address: "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18",
    chain: "ETH",
  }),
});

const result = await response.json();
console.log(result.data);
Python (requests)
import requests

response = requests.post(
    "https://api.sionix.tech/v1/wallet/scan",
    headers={
        "Content-Type": "application/json",
        "x-api-key": "YOUR_API_KEY",
    },
    json={
        "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18",
        "chain": "ETH",
    },
)

result = response.json()
print(result["data"])

3. Response (Business tier)

{
  "success": true,
  "data": {
    "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18",
    "chain": "ETH",
    "riskScore": 14,
    "riskTier": "low",
    "isMalicious": false,
    "threatType": "SAFE",
    "threatCategory": "NONE",
    "recommendedAction": "allow",
    "summary": "No threat indicators detected",
    "threatIntel": {
      "sanctioned": false,
      "reportedScam": false,
      "knownEntity": false,
      "feedSources": 0
    }
  }
}

Authentication

Every request requires an API key. Pass it using either header format:

x-api-key: YOUR_API_KEY
Authorization: Bearer YOUR_API_KEY

API keys are tied to your account and plan tier. Keep them secret — keys are hashed on our side and cannot be recovered if lost.

To request an API key, email sales@sionix.tech.

Never expose your API key in client-side code, public repos, or browser requests. Use a server-side proxy.

Scan Wallet

POST /v1/wallet/scan Business

Analyze a wallet and return a full risk assessment. Enterprise keys receive additional intelligence fields (see Response Tiers).

Request body

FieldTypeRequiredDescription
addressstringYesEthereum-format address (0x...)
chainstringNoChain to scan. Default: ETH
includeHistorybooleanNoInclude historical context. Default: false

Example request

curl -X POST https://api.sionix.tech/v1/wallet/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"address": "0x...", "chain": "ETH"}'

Example response (Business tier)

{
  "success": true,
  "data": {
    "address": "0x...",
    "chain": "ETH",
    "riskScore": 85,
    "riskTier": "critical",
    "isMalicious": true,
    "threatType": "CONFIRMED_THREAT",
    "threatCategory": "WALLET_DRAINER",
    "recommendedAction": "block",
    "summary": "Confirmed threat — wallet exhibits drainer behavior",
    "threatIntel": {
      "sanctioned": false,
      "reportedScam": true,
      "knownEntity": false,
      "feedSources": 2
    }
  }
}

threatType is one of: CONFIRMED_THREAT, HIGH_RISK, SUSPICIOUS, SAFE.

Response Tiers — Business vs Enterprise

Enterprise keys receive all Business fields plus deeper intelligence. Below is a side-by-side comparison for the same flagged wallet.

Business
{
  "address": "0x...",
  "chain": "ETH",
  "riskScore": 85,
  "riskTier": "critical",
  "isMalicious": true,
  "threatType": "CONFIRMED_THREAT",
  "threatCategory": "WALLET_DRAINER",
  "recommendedAction": "block",
  "summary": "...",
  "threatIntel": {
    "sanctioned": false,
    "reportedScam": true,
    "knownEntity": false,
    "feedSources": 2
  }
}
Enterprise
{
  // ... all Business fields, plus:
  "threatSeverity": "CRITICAL",
  "assessmentConfidence": 0.95,
  "lifecycleStage": "ACTIVE",
  "behavioralContext": ["..."],
  "classifications": ["..."],
  "riskWindow": "24h",
  "riskStability": "VOLATILE",
  "threatNetwork": true,
  "networkSeverity": "CRITICAL",
  "networkThreatType": "DRAINER",
  "networkSize": 14,
  "associatedVictimCount": 230,
  "estimatedLossEth": 412.5,
  "networkConfidence": 0.92,
  "threatPersistence": "PERSISTENT",
  "threatRecurrence": "PATTERN_DETECTED",
  "walletClassification": {
    "role": "WALLET_DRAINER",
    "confidence": 0.95,
    "recommendedAction": "block"
  },
  "riskIndicators": [
    { "category": "...",
      "severity": "...",
      "description": "..." }
  ],
  "riskContext": {
    "category": "...",
    "confidence": 0.95,
    "networkAssociation": true,
    "activeThreats": true,
    "firstSeen": "...",
    "lastActivity": "...",
    "chainsAffected": 2
  },
  "recommendedMonitoringWindow": "24h",
  "threatIntel": {
    "sanctioned": false,
    "reportedScam": true,
    "knownEntity": false,
    "entityType": null,
    "entityLabel": null,
    "feedMatches": [
      { "source": "...",
        "category": "...",
        "severity": "...",
        "label": "..." }
    ],
    "feedSources": 2,
    "riskBoost": 15
  }
}

Batch Scan

POST /v1/wallet/batch Business

Scan up to 100 wallets in a single request.

Request body

FieldTypeRequiredDescription
addressesstring[]YesArray of addresses (1–100)
chainstringNoChain to scan. Default: ETH

Example request

curl -X POST https://api.sionix.tech/v1/wallet/batch \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"addresses": ["0xabc...", "0xdef..."], "chain": "ETH"}'

Get Risk Score

GET /v1/wallet/:address/risk Business

Get the cached risk score for a previously scanned wallet.

Check Compromised

GET /v1/wallet/:address/is-compromised Business

Quick boolean check — is this wallet compromised?

Example response

{
  "success": true,
  "data": {
    "address": "0x...",
    "chain": "ETH",
    "compromised": true
  }
}

Risk History

GET /v1/wallet/:address/history Business

Historical risk data for a wallet. Business gets a summary; Enterprise gets the full timeline with compliance fields.

Pre-Transaction Screen

POST /v1/transaction/screen Business

Screen a wallet before allowing a transaction. Returns an allow, warn, or block recommendation in under 200ms.

Example response

{
  "success": true,
  "data": {
    "address": "0x...",
    "decision": "warn",
    "riskScore": 54,
    "reason": "Elevated risk — associated with known threat activity"
  }
}

Monitors

Set up continuous monitoring on wallets. Sionix rescans them on a configurable interval and fires alerts via webhooks when risk changes.

POST /v1/monitors Business

Create a new wallet monitor. Business: up to 50 monitors. Enterprise: unlimited.

GET /v1/monitors Business

List all active monitors.

GET /v1/monitors/:id Business

Get details for a specific monitor.

PATCH /v1/monitors/:id Business

Update monitor settings (threshold, interval, active state).

DELETE /v1/monitors/:id Business

Delete a monitor.

Create monitor — request body

FieldTypeRequiredDescription
addressstringYesWallet address to monitor
chainstringNoDefault: ETH
labelstringNoFriendly name (max 100 chars)
alertThresholdnumberNoRisk score to trigger alert (0–100). Default: 50
scanIntervalnumberNoRescan interval in seconds (60–86400). Default: 300
webhookUrlstringNoURL to receive alerts

Webhooks

POST /v1/webhooks Business

Register a webhook endpoint for real-time alerts. Business: up to 5 webhooks. Enterprise: unlimited.

GET /v1/webhooks Business

List registered webhooks.

Supported events

EventDescription
monitor.alertRisk score crossed alert threshold
monitor.risk_changeRisk tier changed (e.g. LOW → HIGH)
monitor.compromise_detectedWallet flagged as compromised
monitor.cluster_matchWallet linked to a known threat group
scan.completeAsync scan finished

Threat Groups

GET /v1/cluster/stats Business

Aggregate statistics on tracked threat groups.

GET /v1/cluster/:id Enterprise

Get details on a specific threat group.

Threat Feed

GET /v1/threat-feed Enterprise

Live threat intelligence feed with cluster summaries, threat categories, and estimated losses.

Ecosystem Import

Import your entire wallet base for continuous risk monitoring.

POST /v1/ecosystem/import Enterprise

Import up to 10,000 wallets in a single call. Returns a job ID for tracking.

GET /v1/ecosystem/summary Enterprise

Aggregate risk summary across your entire imported wallet base.

POST /v1/ecosystem/rescan Enterprise

Trigger a full rescan of all imported wallets.

GET /v1/ecosystem/scan/:jobId Enterprise

Check status of a background scan job.

Compliance Reports

GET /v1/ecosystem/compliance Enterprise

Generate a compliance-grade risk report across your ecosystem. Includes risk trajectory, tier changes, compromise history, and audit metadata.

Error Codes

CodeMeaning
400Invalid request — check your request body against the schema
401Invalid or missing API key
403Feature not available on your plan
404Resource not found
429Rate limit exceeded — back off and retry
500Internal server error

All error responses include a structured body:

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid request body",
    "details": [...]
  }
}

Rate Limits

PlanRequests / minScans / month
Business200250,000
Enterprise1,000Unlimited

When you exceed a rate limit, the API returns 429 Too Many Requests. Back off and retry after the window resets (60-second rolling window).

Supported Chains

CodeChain
ETHEthereum
POLYGONPolygon
ARBITRUMArbitrum One
BASEBase
OPTIMISMOptimism
BSCBNB Smart Chain
AVALANCHEAvalanche C-Chain

Support

Need help integrating? Have a question about your plan?

ChannelContact
Sales & API keyssales@sionix.tech
General supportsupport@sionix.tech
Securitysecurity@sionix.tech
API statusapi.sionix.tech/health

Official Sionix domains

Sionix will never ask for your private keys, seed phrases, or wallet credentials. The only legitimate Sionix domains are:

  • sionix.tech — Website
  • api.sionix.tech — API
  • docs.sionix.tech — Documentation

If you encounter a site impersonating Sionix, report it to security@sionix.tech.