This guide covers advanced operations for managing Alerts and Cases - including batch creation, bulk assignments, status updates, escalation, and entity associations.
Full API endpoint details are available in the API Reference (requires API credentials).
Alerts Step 1: Batch Create Alerts Endpoint: POST /v1/alerts/batchCreate up to 50 alerts in a single request. Each alert in the array follows the same schema as the single-create endpoint.
POST /v 1 /alerts/batch Content-Type: application/json { "alerts" : [ { "referenceId" : "EXT-ALERT-001" , "category" : "TRANSACTION_MONITORING" , "priority" : "HIGH" , "status" : "NEW" , "description" : "Large withdrawal detected for a high-risk account." }, { "referenceId" : "EXT-ALERT-002" , "category" : "SCREENING_SANCTIONS" , "priority" : "MEDIUM" , "status" : "NEW" , "description" : "Potential sanctions match found during screening." } ], "upsert" : true }
Maximum 50 alerts per batch request. Set upsert: true to update existing alerts matched by referenceId.
Step 2: Bulk Update Alerts Endpoint: PATCH /v1/alerts/bulk/updateApply the same field changes to up to 100 alerts in one request. Use this when you need to set the same priority, category, or custom fields across a group of alerts.
PATCH /v 1 /alerts/bulk/update Content-Type: application/json { "alertIds" : [ "alert-uuid-1" , "alert-uuid-2" , "alert-uuid-3" ], "update" : { "priority" : "HIGH" , "customFields" : { "reviewTier" : { "label" : "Review Tier" , "value" : "2" } } } }
Maximum 100 alerts per request. Only the fields in update are modified; all other fields remain unchanged.
Step 3: Update an Alert Endpoint: PUT /v1/alerts/{alertId}/updateUpdate any field on an existing alert - priority, status, assignee, associated entities, and more.
PUT /v 1 /alerts/alert-uuid/update Content-Type: application/json { "priority" : "HIGH" , "status" : "IN_REVIEW" , "assigneeId" : "analyst-uuid" , "category" : "TRANSACTION_MONITORING" , "description" : "Updated: confirmed suspicious pattern in withdrawal activity." , "associatedClients" : [ "client-uuid-1" ], "associatedTransactions" : [ "transaction-uuid-1" ], "dueDate" : "2024-02-01T17:00:00Z" , "customFields" : { "internalScore" : { "label" : "Internal Score" , "value" : "95" } } }
Alert Statuses Status Description NEWNewly created, not yet reviewed IN_REVIEWUnder active review by an analyst ESCALATEDEscalated to a case RESOLVEDResolved (no further action needed)
Alert Categories Category Description KYCKnow Your Customer KYBKnow Your Business TRANSACTION_MONITORINGFiat transaction monitoring ONCHAIN_TRANSACTION_MONITORINGOn-chain transaction monitoring SCREENING_SANCTIONSSanctions screening SCREENING_PEPPEP screening SCREENING_ADVERSE_MEDIAAdverse media screening SCREENING_REGULATORYRegulatory screening SCREENING_OTHEROther screening type FRAUDFraud detection PERIODIC_REVIEWPeriodic review EDDEnhanced Due Diligence OTHEROther
Step 4: Bulk Assign Alerts Endpoint: PATCH /v1/alerts/bulk/assignAssign or unassign up to 100 alerts at once.
PATCH /v 1 /alerts/bulk/assign Content-Type: application/json { "alertIds" : [ "alert-uuid-1" , "alert-uuid-2" , "alert-uuid-3" ], "assigneeId" : "analyst-uuid" }
Omit assigneeId or set it to null to unassign alerts.
Step 5: Bulk Update Alert Status Endpoint: PATCH /v1/alerts/bulk/statusUpdate the status of up to 100 alerts at once, with an optional decision reason.
PATCH /v 1 /alerts/bulk/status Content-Type: application/json { "alertIds" : [ "alert-uuid-1" , "alert-uuid-2" ], "status" : "RESOLVED" , "decision" : { "reason" : "False positive - confirmed legitimate activity after review." } }
Step 6: Bulk Escalate Alerts to Cases Endpoint: PATCH /v1/alerts/bulk/escalateEscalate multiple alerts to cases in a single request. Each alert gets its own case.
PATCH /v 1 /alerts/bulk/escalate Content-Type: application/json { "alertIds" : [ "alert-uuid-1" , "alert-uuid-2" ], "reason" : "Pattern of suspicious transactions requires formal investigation." , "description" : "Multiple high-value transactions flagged across related accounts." , "caseCategory" : "TRANSACTION_MONITORING" , "casePriority" : "HIGH" , "caseAssigneeId" : "analyst-uuid" , "dueDate" : "2024-02-15T17:00:00Z" }
Step 7: Associate Entities with Alerts Link clients or transactions to an existing alert.
Associate clients: PUT /v1/alerts/{alertId}/clientsThe request body is a plain JSON array of client IDs.
PUT /v 1 /alerts/alert-uuid/clients Content-Type: application/json [ "client-uuid-1" , "client-uuid-2" ]
Associate transactions: PUT /v1/alerts/{alertId}/transactionsPUT /v 1 /alerts/alert-uuid/transactions Content-Type: application/json [ "transaction-uuid-1" ]
Cases Step 8: Batch Create Cases Endpoint: POST /v1/cases/batchCreate up to 50 cases in a single request. Each case in the array follows the same schema as the single-create endpoint.
POST /v 1 /cases/batch Content-Type: application/json { "cases" : [ { "referenceId" : "CASE-EXT-001" , "category" : "TRANSACTION_MONITORING" , "priority" : "HIGH" , "description" : "Suspicious withdrawal pattern identified across multiple accounts." }, { "referenceId" : "CASE-EXT-002" , "category" : "KYC" , "priority" : "MEDIUM" , "description" : "KYC documents expired — enhanced review required." } ] }
Maximum 50 cases per batch request.
Step 9: Update a Case Endpoint: PUT /v1/cases/{caseId}/updateUpdate case details, reassign, change priority, or link additional entities.
PUT /v 1 /cases/case-uuid/update Content-Type: application/json { "priority" : "HIGH" , "assigneeId" : "senior-analyst-uuid" , "reviewersIds" : [ "reviewer-uuid-1" , "reviewer-uuid-2" ], "description" : "Updated investigation scope to include related accounts." , "status" : { "status" : "UNDER_INVESTIGATION" , "reason" : "Additional evidence found" }, "alertsIds" : [ "alert-uuid-1" , "alert-uuid-2" ], "transactionsIds" : [ "transaction-uuid-1" ], "clientsIds" : [ "client-uuid-1" ], "dueDate" : "2024-03-01T17:00:00Z" }
Case Statuses Status Description NEWNewly created UNDER_INVESTIGATIONActive investigation in progress PENDING_EDDAwaiting Enhanced Due Diligence PENDING_RFIAwaiting Request for Information PENDING_REVIEWAwaiting supervisory review CLOSED_DISMISSEDClosed - no further action CLOSED_ESCALATION_TO_SARClosed - escalated to SAR filing
Step 10: Bulk Update Cases Endpoint: PATCH /v1/cases/bulk/updateApply the same field changes to up to 100 cases in one request.
PATCH /v 1 /cases/bulk/update Content-Type: application/json { "caseIds" : [ "case-uuid-1" , "case-uuid-2" , "case-uuid-3" ], "update" : { "priority" : "HIGH" , "customFields" : { "investigationTier" : { "label" : "Investigation Tier" , "value" : "2" } } } }
Maximum 100 cases per request. Only the fields in update are modified; all other fields remain unchanged.
Step 11: Bulk Assign Cases Endpoint: PATCH /v1/cases/bulk/assignAssign or unassign up to 100 cases at once.
PATCH /v 1 /cases/bulk/assign Content-Type: application/json { "caseIds" : [ "case-uuid-1" , "case-uuid-2" ], "assigneeId" : "analyst-uuid" }
Step 12: Bulk Update Case Status Endpoint: PATCH /v1/cases/bulk/statusPATCH /v 1 /cases/bulk/status Content-Type: application/json { "caseIds" : [ "case-uuid-1" , "case-uuid-2" ], "status" : "CLOSED_DISMISSED" , "reason" : "Confirmed false positive after thorough review." }
Step 13: Bulk Update Case Reviewers Endpoint: PATCH /v1/cases/bulk/reviewersManage reviewers across multiple cases with three modes: SET (replace all), ADD (append), or REMOVE.
PATCH /v 1 /cases/bulk/reviewers Content-Type: application/json { "caseIds" : [ "case-uuid-1" , "case-uuid-2" ], "mode" : "ADD" , "reviewersIds" : [ "reviewer-uuid-1" ] }
Step 14: Associate Entities with Cases Link alerts, clients, or transactions to an existing case.
Associate alerts: PUT /v1/cases/{caseId}/alertsAll case association endpoints accept a plain JSON array of IDs as the request body.
PUT /v 1 /cases/case-uuid/alerts Content-Type: application/json [ "alert-uuid-3" ]
Associate clients: PUT /v1/cases/{caseId}/clientsPUT /v 1 /cases/case-uuid/clients Content-Type: application/json [ "client-uuid-2" ]
Associate transactions: PUT /v1/cases/{caseId}/transactionsPUT /v 1 /cases/case-uuid/transactions Content-Type: application/json [ "transaction-uuid-2" ]
What’s Next?
Transaction Monitoring Set up transaction monitoring rules and evaluate transactions.
Manage Attachments Upload and link files to alerts, cases, and other entities.
