Skip to main content
This guide covers advanced operations for managing Alerts and Cases - including batch creation, bulk assignments, status updates, escalation, and entity associations. Full API reference is available in the API Reference.
For basic alert and case creation, see the Ingesting Alerts & Cases guide first.

Alerts

Step 1: Batch Create Alerts

Endpoint: POST /v1/alerts/batch Create up to 50 alerts in a single request. Each alert in the array follows the same schema as the single-create endpoint. 
POST /v1/alerts/batch
Content-Type: application/json

{
  "alerts": [
    {
      "referenceId": "EXT-ALERT-001",
      "category": "TRANSACTION_MONITORING",
      "priority": "HIGH",
      "status": "NEW",
      "description": "Large withdrawal detected for a high-risk account."
    },
    {
      "referenceId": "EXT-ALERT-002",
      "category": "SCREENING_SANCTIONS",
      "priority": "MEDIUM",
      "status": "NEW",
      "description": "Potential sanctions match found during screening."
    }
  ],
  "upsert": true
}
Maximum 50 alerts per batch request. Set upsert: true to update existing alerts matched by referenceId.

Step 2: Update an Alert

Endpoint: PUT /v1/alerts/{alertId}/update Update any field on an existing alert - priority, status, assignee, associated entities, and more. 
PUT /v1/alerts/alert-uuid/update
Content-Type: application/json

{
  "priority": "HIGH",
  "status": "IN_REVIEW",
  "assigneeId": "analyst-uuid",
  "category": "TRANSACTION_MONITORING",
  "description": "Updated: confirmed suspicious pattern in withdrawal activity.",
  "associatedClients": ["client-uuid-1"],
  "associatedTransactions": ["transaction-uuid-1"],
  "dueDate": "2024-02-01T17:00:00Z",
  "customFields": {
    "internalScore": {
      "label": "Internal Score",
      "value": "95"
    }
  }
}

Alert Statuses

StatusDescription
NEWNewly created, not yet reviewed
IN_REVIEWUnder active review by an analyst
ESCALATEDEscalated to a case
RESOLVEDResolved (no further action needed)

Alert Categories

CategoryDescription
KYCKnow Your Customer
KYBKnow Your Business
TRANSACTION_MONITORINGFiat transaction monitoring
ONCHAIN_TRANSACTION_MONITORINGOn-chain transaction monitoring
SCREENING_SANCTIONSSanctions screening
SCREENING_PEPPEP screening
SCREENING_ADVERSE_MEDIAAdverse media screening
SCREENING_REGULATORYRegulatory screening
SCREENING_OTHEROther screening type
FRAUDFraud detection
PERIODIC_REVIEWPeriodic review
EDDEnhanced Due Diligence
OTHEROther

Step 3: Bulk Assign Alerts

Endpoint: PATCH /v1/alerts/bulk/assign Assign or unassign up to 100 alerts at once. 
PATCH /v1/alerts/bulk/assign
Content-Type: application/json

{
  "alertIds": ["alert-uuid-1", "alert-uuid-2", "alert-uuid-3"],
  "assigneeId": "analyst-uuid"
}
Omit assigneeId or set it to null to unassign alerts.

Step 4: Bulk Update Alert Status

Endpoint: PATCH /v1/alerts/bulk/status Update the status of up to 100 alerts at once, with an optional decision reason. 
PATCH /v1/alerts/bulk/status
Content-Type: application/json

{
  "alertIds": ["alert-uuid-1", "alert-uuid-2"],
  "status": "RESOLVED",
  "decision": {
    "reason": "False positive - confirmed legitimate activity after review."
  }
}

Step 5: Bulk Escalate Alerts to Cases

Endpoint: PATCH /v1/alerts/bulk/escalate Escalate multiple alerts to cases in a single request. Each alert gets its own case. 
PATCH /v1/alerts/bulk/escalate
Content-Type: application/json

{
  "alertIds": ["alert-uuid-1", "alert-uuid-2"],
  "reason": "Pattern of suspicious transactions requires formal investigation.",
  "description": "Multiple high-value transactions flagged across related accounts.",
  "caseCategory": "TRANSACTION_MONITORING",
  "casePriority": "HIGH",
  "caseAssigneeId": "analyst-uuid",
  "dueDate": "2024-02-15T17:00:00Z"
}

Step 6: Associate Entities with Alerts

Link clients or transactions to an existing alert. Associate clients: PUT /v1/alerts/{alertId}/clients The request body is a plain JSON array of client IDs. 
PUT /v1/alerts/alert-uuid/clients
Content-Type: application/json

["client-uuid-1", "client-uuid-2"]
Associate transactions: PUT /v1/alerts/{alertId}/transactions 
PUT /v1/alerts/alert-uuid/transactions
Content-Type: application/json

["transaction-uuid-1"]

Cases

Step 7: Update a Case

Endpoint: PUT /v1/cases/{caseId}/update Update case details, reassign, change priority, or link additional entities. 
PUT /v1/cases/case-uuid/update
Content-Type: application/json

{
  "priority": "HIGH",
  "assigneeId": "senior-analyst-uuid",
  "reviewersIds": ["reviewer-uuid-1", "reviewer-uuid-2"],
  "description": "Updated investigation scope to include related accounts.",
  "status": {
    "status": "UNDER_INVESTIGATION",
    "reason": "Additional evidence found"
  },
  "alertsIds": ["alert-uuid-1", "alert-uuid-2"],
  "transactionsIds": ["transaction-uuid-1"],
  "clientsIds": ["client-uuid-1"],
  "dueDate": "2024-03-01T17:00:00Z"
}

Case Statuses

StatusDescription
NEWNewly created
UNDER_INVESTIGATIONActive investigation in progress
PENDING_EDDAwaiting Enhanced Due Diligence
PENDING_RFIAwaiting Request for Information
PENDING_REVIEWAwaiting supervisory review
CLOSED_DISMISSEDClosed - no further action
CLOSED_ESCALATION_TO_SARClosed - escalated to SAR filing

Step 8: Bulk Assign Cases

Endpoint: PATCH /v1/cases/bulk/assign Assign or unassign up to 100 cases at once. 
PATCH /v1/cases/bulk/assign
Content-Type: application/json

{
  "caseIds": ["case-uuid-1", "case-uuid-2"],
  "assigneeId": "analyst-uuid"
}

Step 9: Bulk Update Case Status

Endpoint: PATCH /v1/cases/bulk/status 
PATCH /v1/cases/bulk/status
Content-Type: application/json

{
  "caseIds": ["case-uuid-1", "case-uuid-2"],
  "status": "CLOSED_DISMISSED",
  "reason": "Confirmed false positive after thorough review."
}

Step 10: Bulk Update Case Reviewers

Endpoint: PATCH /v1/cases/bulk/reviewers Manage reviewers across multiple cases with three modes: SET (replace all), ADD (append), or REMOVE. 
PATCH /v1/cases/bulk/reviewers
Content-Type: application/json

{
  "caseIds": ["case-uuid-1", "case-uuid-2"],
  "mode": "ADD",
  "reviewersIds": ["reviewer-uuid-1"]
}

Step 11: Associate Entities with Cases

Link alerts, clients, or transactions to an existing case. Associate alerts: PUT /v1/cases/{caseId}/alerts All case association endpoints accept a plain JSON array of IDs as the request body. 
PUT /v1/cases/case-uuid/alerts
Content-Type: application/json

["alert-uuid-3"]
Associate clients: PUT /v1/cases/{caseId}/clients 
PUT /v1/cases/case-uuid/clients
Content-Type: application/json

["client-uuid-2"]
Associate transactions: PUT /v1/cases/{caseId}/transactions 
PUT /v1/cases/case-uuid/transactions
Content-Type: application/json

["transaction-uuid-2"]

What’s Next?

Rules & Evaluation

Set up transaction monitoring rules and evaluate transactions.

Manage Attachments

Upload and link files to alerts, cases, and other entities.