Authenticate: set the Token header to YOUR_API_KEY on all requests to https://api.chainalysis.com
Register an incoming deposit for monitoring: POST https://api.chainalysis.com/api/kyt/v2/users/{userId}/transfers with body: {"network": "ETHEREUM", "asset": "USDC", "transferReference": "<txHash>:0", "direction": "RECEIVED"}
Poll GET /api/kyt/v2/users/{userId}/transfers/{transferReference} or wait for the updated_alerts webhook; the rating field (LOW/MEDIUM/HIGH/SEVERE) reflects the current risk assessment
Retrieve alerts: GET /api/kyt/v2/alerts?transferReference=<ref> to get structured alert objects including externalId, alertLevel, and category
For high-severity alerts (HIGH or SEVERE), place a hold on the associated user account and initiate enhanced due diligence per your AML policy
Resolve alerts after review: PUT /api/kyt/v2/alerts/{alertId} with {"status": "REJECTED", "comment": "<disposition_note>"} or ACCEPTED to record compliance decisions
Known gotchas
The transferReference format for UTXO chains (BTC) uses txHash:outputIndex (e.g. abc123:0); for account-based chains (ETH) it uses txHash:transferIndex — using the wrong format returns 400 INVALID_TRANSFER_REFERENCE
Chainalysis KYT risk scores are recalculated as new blockchain data and intelligence is incorporated; a transfer rated LOW at deposit may later become HIGH — implement a re-screening schedule for large or sensitive deposits
The userId in the path is your internal user identifier (a string you provide); it must be consistent across all KYT calls for a given user to enable user-level exposure aggregation — changing identifiers creates orphaned transfer records
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp