Sanctions Check API

Single-address sanctions check across the major public feeds. Free, open, unauthenticated, rate-limited per IP. Aggregates OFAC SDN direct, UK OFSI direct, and OpenSanctions-aggregated national crypto-wallet sub-lists from Israel and Japan; EU consolidated direct feed pending operator credential.

Educational research tool — not a compliance product. Daily refresh means a same-day OFAC addition can be up to 24 hours late on our side. Every response carries a per-source last_sync_utc so you can judge appropriate use. Regulated entities should source a contracted feed with an SLA (Chainalysis, Elliptic, TRM Labs); this API doesn't substitute for that.

Endpoint

GET https://chainquery.com/api/sanctions/check/<address>

No auth header. CORS-open. 30 requests / hour / IP (sliding window). Exceeding the limit returns 429 with Retry-After: 3600; persistent abuse is subject to manual ban. Need higher volume? Email [email protected] with the use case and we'll discuss.

Response shape

{
  "address": "...",
  "structurally_valid": true,
  "sanctioned": true,
  "agreement_count": 2,
  "sources": [
    {
      "slug": "ofac-sdn",
      "list": "OFAC SDN",
      "jurisdiction": "United States",
      "label": "Lazarus Group, DPRK state-sponsored",
      "source_ref": "OFAC SDN UID 12345",
      "added_at": "2026-05-11T04:15:00Z"
    },
    {
      "slug": "opensanctions",
      "list": "OpenSanctions consolidated",
      "jurisdiction": "Global (aggregated)",
      "label": "...",
      "source_ref": "https://...",
      "added_at": "2026-05-11T01:02:00Z"
    }
  ],
  "freshness": {
    "ofac-sdn": "2026-05-11T04:15:00Z",
    "opensanctions": "2026-05-11T01:02:00Z",
    "uk-ofsi": "2026-05-09T21:32:56+00:00"
  },
  "disclaimer": "Aggregated public sanctions feeds ..."
}

Example

$ curl -s https://chainquery.com/api/sanctions/check/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa | jq '{sanctioned, agreement_count}'
{
  "sanctioned": false,
  "agreement_count": 0
}

Contract guarantees

  • HTTP 200 even for sanctioned: false; check the field, not the status.
  • HTTP 400 for malformed addresses (with the same response shape, structurally_valid: false).
  • HTTP 403 if your IP is on the manual ban list.
  • HTTP 429 if you exceed 30/hour; honor Retry-After.
  • Always read freshness.<source> before acting on a negative result. A "not sanctioned" answer is only as good as our last sync.
  • sources can be empty even when sanctioned is false; this is the normal case.
  • Schema bumps will be communicated; treat unknown fields as forward-compatible.

When this is the right tool

  • Individual due diligence before accepting a payment.
  • First-pass screening on a list of addresses in research or journalism.
  • Hobbyist and small-project use where Chainalysis pricing is out of reach.
  • Cross-checking a single primary-source feed against the aggregate.

When this is not the right tool

  • Regulated entity compliance (KYT, transaction monitoring) — you need a contracted feed with audit logs and an SLA.
  • Real-time same-day designation detection — our 24h refresh is the ceiling.
  • Cluster / indirect-exposure analysis ("did this address recently receive from a sanctioned cluster?") — we only do direct address matches; commercial providers add cluster heuristics on top.

Why this exists

Direct-match sanctions checks are the easy 10% of compliance screening — but they're the part everyone benefits from having open, free, and aggregated.

Commercial providers charge $50K–500K/yr for the full compliance stack (cluster analysis, audit logs, SLA, indemnification). The basic "is this address on any public sanctions list" check has no business reason to sit behind that pricing.

Feeds aggregated

  • OFAC SDN United States (direct)
  • UK OFSI United Kingdom (direct)
  • OpenSanctions: Israel
  • OpenSanctions: Japan

EU consolidated feed (direct) is on the roadmap once operator credentials are issued by the European Commission FSD service.