Holistic blockchain analytics platform (Lens for screening + monitoring, Navigator for investigations) with cross-chain risk tracing. Used by banks, exchanges, and regulators for AML wallet/transaction screening across 30+ chains.
- 01wallet and transaction AML screening
- 02cross-chain holistic risk tracing
- 03bank and FI-grade compliance
- 04investigations and SAR support
- 05batch screening pipelines
| Variable | Scope | Description |
|---|---|---|
| ELLIPTIC_API_KEY | Server | Elliptic API key ID, sent in the `x-access-key` header. |
| ELLIPTIC_API_SECRET | Server | Elliptic API secret, used to compute the `x-access-sign` HMAC-SHA256 of `${timestamp}${method}${path}${body}`. |
Use Elliptic Lens for AML wallet/transaction screening. Sign every request with HMAC-SHA256(secret, `${x-access-timestamp}${HTTP_METHOD}${PATH}${JSON_BODY}`) and send `x-access-key`, `x-access-sign`, `x-access-timestamp` headers. Wallet screening: `POST https://aml-api.elliptic.co/v2/wallet/synchronous` with `{ subject: { asset, blockchain, hash }, type: 'source_of_funds' | 'destination_of_funds' | 'wallet_exposure', customer_reference }` returns `risk_score` (0-10) and `evaluation_detail.ruleTriggered`. Transaction screening: `POST /v2/analyses/synchronous` with `{ subject: { asset, blockchain, hash, output_type, output_address }, type: 'source_of_funds' | 'destination_of_funds', customer_reference }`. Use the asynchronous variants (`/v2/wallet`, `/v2/analyses`) for batch volumes above the synchronous rate limit, then poll or consume webhook callbacks.
- ⚑Auth signature includes the exact JSON body — any whitespace or key reordering after signing breaks it. Sign the serialized string and send that exact bytes as the body.
- ⚑Synchronous endpoints are rate-limited (low TPS); high volumes MUST use the async endpoints or you'll get 429s and miss alerts.
- ⚑Risk score is 0–10 with semantic bands — Elliptic recommends specific thresholds per use case (`source_of_funds` vs `destination_of_funds` vs `wallet_exposure`); don't reuse a single threshold across all three.
- ⚑Holistic screening traces across bridges and chains — a single Ethereum address can pull risk from Solana/Tron exposure, which is correct but surprises teams expecting per-chain isolation.
- ⚑Customer reference (`customer_reference`) is mandatory and must be a stable internal user/case ID — Elliptic uses it for case linking and audit; random per-call values will fragment your investigations.
- ⚑Some jurisdictions (notably US OFAC vs UK HMT vs EU) score the same address differently based on configured policy — confirm your tenant's enabled regulator lists with Elliptic CSM, don't assume defaults.