Sionix API Documentation

Real-time risk scoring, threat detection, and cluster intelligence across 7 EVM chains. Integrate in minutes. Powered by the Prism engine.

Overview

Sionix provides a REST API for detecting automated fraud, attacker clusters, and high-risk wallet activity on EVM-compatible chains. Every request returns a risk score, threat classification, and recommended action in milliseconds.

Base URL: https://api.sionix.tech

All responses follow a consistent format:

{
  "success": true,
  "data": { ... },
  "meta": {
    "requestId": "req_abc123",
    "version": "1.0.0"
  }
}

Quickstart

Get a risk score in under 60 seconds.

1. Get your API key

2. Scan a wallet

curl -X POST https://api.sionix.tech/v1/wallet/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18", "chain": "ETH"}'

3. Response

{
  "success": true,
  "data": {
    "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18",
    "chain": "ETH",
    "riskScore": 14,
    "riskTier": "LOW",
    "isMalicious": false,
    "threatType": "NONE",
    "recommendedAction": "none"
  }
}

Authentication

Every request requires an API key passed in the x-api-key header.

x-api-key: YOUR_API_KEY

API keys are tied to your account and plan tier. Keep them secret — keys are hashed on our side and cannot be recovered if lost.

Never expose your API key in client-side code, public repos, or browser requests. Use a server-side proxy.

Scan Wallet

POST /v1/wallet/scan All tiers

Analyze a wallet and return a full risk assessment.

Request body

Field	Type	Required	Description
address	string	Yes	Ethereum-format address (0x...)
chain	string	No	Chain to scan. Default: `ETH`
includeHistory	boolean	No	Include historical context. Default: `false`

Example request

curl -X POST https://api.sionix.tech/v1/wallet/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"address": "0x...", "chain": "ETH"}'

Example response

{
  "success": true,
  "data": {
    "address": "0x...",
    "chain": "ETH",
    "riskScore": 72,
    "riskTier": "HIGH",
    "isMalicious": true,
    "threatType": "DRAINER",
    "recommendedAction": "block"
  }
}

Batch Scan

POST /v1/wallet/batch Pro+

Scan up to 50 wallets (Pro) or 100 wallets (Business+) in a single request.

Request body

Field	Type	Required	Description
addresses	string[]	Yes	Array of addresses (1–100)
chain	string	No	Chain to scan. Default: `ETH`

Example request

curl -X POST https://api.sionix.tech/v1/wallet/batch \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"addresses": ["0xabc...", "0xdef..."], "chain": "ETH"}'

Get Risk Score

GET /v1/wallet/:address/risk All tiers

Get the cached risk score for a previously scanned wallet.

Check Compromised

GET /v1/wallet/:address/is-compromised All tiers

Quick boolean check — is this wallet compromised?

Example response

{
  "success": true,
  "data": {
    "address": "0x...",
    "isCompromised": true,
    "riskScore": 89,
    "recommendedAction": "block"
  }
}

Risk History

GET /v1/wallet/:address/history Pro+

Historical risk data for a wallet. Pro gets a summary; Business+ gets the full timeline with compliance fields.

Pre-Transaction Screen

POST /v1/transaction/screen All tiers

Screen a wallet before allowing a transaction. Returns an allow, warn, or block recommendation in under 200ms.

Example response

{
  "success": true,
  "data": {
    "address": "0x...",
    "decision": "warn",
    "riskScore": 54,
    "reason": "Elevated risk — associated with known threat activity"
  }
}

Monitors

Set up continuous monitoring on wallets. Sionix rescans them on a configurable interval and fires alerts via webhooks when risk changes.

POST /v1/monitors Pro+

Create a new wallet monitor.

GET /v1/monitors Pro+

List all active monitors.

GET /v1/monitors/:id Pro+

Get details for a specific monitor.

PATCH /v1/monitors/:id Pro+

Update monitor settings (threshold, interval, active state).

DELETE /v1/monitors/:id Pro+

Delete a monitor.

Create monitor — request body

Field	Type	Required	Description
address	string	Yes	Wallet address to monitor
chain	string	No	Default: `ETH`
label	string	No	Friendly name (max 100 chars)
alertThreshold	number	No	Risk score to trigger alert (0–100). Default: `50`
scanInterval	number	No	Rescan interval in seconds (60–86400). Default: `300`
webhookUrl	string	No	URL to receive alerts

Webhooks

POST /v1/webhooks Pro+

GET /v1/webhooks Pro+

List registered webhooks.

Supported events

Event	Description
monitor.alert	Risk score crossed alert threshold
monitor.risk_change	Risk tier changed (e.g. LOW → HIGH)
monitor.compromise_detected	Wallet flagged as compromised
monitor.threat_match	Wallet linked to a known threat group
scan.complete	Async scan finished

Cluster Intelligence

GET /v1/cluster/stats Pro+

Aggregate statistics on tracked threat groups.

GET /v1/cluster/:id Pro+

Get details on a specific cluster.

Threat Feed

GET /v1/threat-feed Pro+

Live threat intelligence feed. Pro gets an overview; Business+ gets expanded threat context and estimated losses.

Ecosystem Import

Import your entire wallet base for continuous risk monitoring.

POST /v1/ecosystem/import Business+

Import up to 10,000 wallets in a single call. Returns a job ID for tracking.

GET /v1/ecosystem/summary Business+

Aggregate risk summary across your entire imported wallet base.

POST /v1/ecosystem/rescan Business+

Trigger a full rescan of all imported wallets.

GET /v1/ecosystem/scan/:jobId Business+

Check status of a background scan job.

Compliance Reports

GET /v1/ecosystem/compliance Business+

Generate a compliance-grade risk report across your ecosystem. Includes risk trajectory, tier changes, compromise history, and audit metadata.

Error Codes

Code	Meaning
400	Invalid request — check your request body against the schema
401	Invalid or missing API key
403	Feature not available on your plan
404	Resource not found
429	Rate limit exceeded — back off and retry
500	Internal server error

All error responses include a structured body:

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid request body",
    "details": [...]
  }
}

Rate Limits

Plan	Requests/min	Monthly scans	Batch size	Monitors	Webhooks
Free	10	100	10	3	0
Pro	60	50,000	50	25	5
Business	200	250,000	100	100	20
Enterprise	1,000	Unlimited	100	Unlimited	Unlimited

Overage on paid plans: $0.25 per scan beyond your monthly limit. Free tier has a hard cap.

Supported Chains

Code	Chain
ETH	Ethereum
POLYGON	Polygon
ARBITRUM	Arbitrum One
BASE	Base
OPTIMISM	Optimism
BSC	BNB Smart Chain
AVALANCHE	Avalanche C-Chain

Support

Need help integrating? Have a question about your plan?

Channel	Contact
General support	support@sionix.tech
Sales	sales@sionix.tech
Security	security@sionix.tech
API status	api.sionix.tech/health

Official Sionix domains

Sionix will never ask for your private keys, seed phrases, or wallet credentials. The only legitimate Sionix domains are:

sionix.tech — Website
api.sionix.tech — API
docs.sionix.tech — Documentation

If you encounter a site impersonating Sionix, report it to security@sionix.tech.