API DOCS
The Rabbit Hole — Crypto Counterparty Intelligence
Overview
The Rabbit Hole API provides programmatic access to risk intelligence on crypto entities — exchanges, custodians, DeFi protocols, capital markets firms, and more.
Each entity carries a composite risk score derived from 20 compliance criteria, enforcement penalty history, and jurisdictional data. Scores are supplemented by 10 key compliance signals, each with evidence, source, and last assessed date.
Base URL: https://therabbithole.xyz
For questions, access requests, or issues contact [email protected]
Endpoints
GET
/v1/search
Search entities
Search and filter crypto entities. Returns enriched results with risk scores, compliance signals, and penalty history.
| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | optional | Search by entity name (partial match) |
| type | string | optional | Filter by type: Exchange, Custody, DEX, DeFi, Capital Markets, Financial Services |
| status | string | optional | Filter by status (default: Active) |
| risk | string | optional | Filter by risk label: LOW, MEDIUM, HIGH, CRITICAL |
| limit | integer | optional | Max results 1–500 (default: 20). Note: no cursor/offset pagination — use limit and filter parameters to narrow results. |
Python
curl
# Search by name
response = requests.get(
"https://therabbithole.xyz/v1/search",
params={"q": "coinbase", "limit": 5},
headers=headers
)
# Filter by type and risk
response = requests.get(
"https://therabbithole.xyz/v1/search",
params={"type": "Exchange", "risk": "HIGH"},
headers=headers
)
curl -H "X-API-Key: trh_..." \
"https://therabbithole.xyz/v1/search?q=coinbase&limit=5"
Response shape
{
"results": [
{
"entity_id": "2d7a0a17-...",
"name": "Coinbase",
"type": "Exchange",
"status": "Active",
"composite_risk_score": 78.2,
"compliance_signals": [ /* 10 signals — same shape as /v1/entity */ ],
"criteria_by_category": { "AML / CFT": 80.0, /* ... */ },
"active_penalties": [],
"regulatory_jurisdictions": [ /* ... */ ],
"jurisdictions": [ /* ... */ ]
// Full field list identical to /v1/entity response
}
],
"count": 1,
"query": "coinbase",
"generated_at": "2026-03-27T10:00:00Z"
}
GET
/v1/screen
Screen entities — lightweight triage
Lightweight screening endpoint designed for bulk triage. Returns name, type, status, composite risk score, and risk label only — no signals, licences, or penalty data. Use this to identify entities of interest before pulling full profiles via /v1/entity.
Requires App + API plan. Costs 1 screening credit (£0.25) per entity returned.
| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | optional | Search by entity name (partial match) |
| type | string | optional | Filter by type: Exchange, Custody, DEX, DeFi, Payments, Capital Markets, Financial Services, Gambling |
| risk | string | optional | Filter by risk label: LOW, MEDIUM, HIGH, CRITICAL |
| limit | integer | optional | Max results 1–500 (default: 20) |
Python
curl
# Screen all HIGH risk exchanges
response = requests.get(
"https://therabbithole.xyz/v1/screen",
params={"type": "Exchange", "risk": "HIGH", "limit": 100},
headers=headers
)
# Screen by name
response = requests.get(
"https://therabbithole.xyz/v1/screen",
params={"q": "binance"},
headers=headers
)
curl -H "X-API-Key: trh_..." \
"https://therabbithole.xyz/v1/screen?type=Exchange&risk=HIGH&limit=100"
Response shape
{
"results": [
{
"entity_id": "2d7a0a17-...",
"name": "Acme Exchange",
"type": "Exchange",
"status": "Active",
"composite_risk_score": 31.2,
"risk_label": "HIGH"
}
],
"count": 1,
"query": null,
"generated_at": "2026-03-27T10:00:00Z"
}
GET
/v1/entity/{entity_id}
Full entity profile
Retrieve the complete diligence profile for a single entity by UUID. Returns all 20 criteria scores, compliance signals with evidence and sources, full penalty history, and regulatory licence data.
| Parameter | Type | Required | Description |
|---|---|---|---|
| entity_id | string (UUID) | required | Entity UUID from search results |
Python
curl
entity_id = "2d7a0a17-c1dd-4888-93dc-2da118343c3f"
response = requests.get(
f"https://therabbithole.xyz/v1/entity/{entity_id}",
headers=headers
)
curl -H "X-API-Key: trh_..." \
https://therabbithole.xyz/v1/entity/2d7a0a17-c1dd-4888-93dc-2da118343c3f
Response shape
{
"entity_id": "2d7a0a17-c1dd-4888-93dc-2da118343c3f",
"name": "Acme Exchange",
"type": "Exchange",
"status": "Active",
"website": "https://acme.exchange",
"year_established": 2017,
"operating_entity": "Acme Ltd",
"operating_entity_jurisdiction": "Cayman Islands",
"entity_overview": "...",
"integrity_issues": "...",
"company_number": "12345678",
"key_personnel": ["Alice Smith (CEO)"],
// Risk score
"composite_risk_score": 61.4,
"basel_aml_average": 4.12,
// Category-level scores (0–100)
"criteria_by_category": {
"AML / CFT": 72.0,
"KYC": 65.0,
"Sanctions": 50.0
},
// All 20 individual criteria (0–1 scale)
"criteria_detail": [
{ "criterion_name": "aml_policy", "criterion_category": "AML / CFT", "score": 0.85 }
// ...19 more
],
// 10 compliance signals (see Compliance Signals section)
"compliance_signals": [
{
"label": "AML Policy",
"status": "COMPREHENSIVE",
"evidence": "Published AML policy covers all FATF recommendations",
"source": "https://acme.exchange/aml-policy",
"scored_at": "2026-02-10T09:00:00Z",
"color": "#44ff88"
}
// ...9 more signals
],
// Enforcement actions
"active_penalties": [
{
"total_penalty": 5000000,
"evidence_summary": "Fined by FinCEN for AML programme deficiencies",
"sources": ["https://fincen.gov/..."]
}
],
"customer_funds_impacted": false,
"amount_stolen_usd": 0,
// Regulatory licences
"regulatory_jurisdictions": [
{
"jurisdiction_name": "United Kingdom",
"regulatory_status": "Registered",
"license_type": "Cryptoasset Business",
"license_number": "ZB123456",
"license_holder_name": "Acme Ltd",
"regulator_name": "FCA",
"registration_date": "2021-03-10",
"source_url": "https://register.fca.org.uk/..."
}
],
// Basel AML jurisdiction scores
"jurisdictions": [
{
"jurisdiction_name": "Cayman Islands",
"jurisdiction_type": "Operating",
"basel_aml_normalized_score": 4.2
}
]
}
Commercial information fields
| Field | Type | Description |
|---|---|---|
| entity_id | string (UUID) | Unique identifier for the entity |
| name | string | Entity trading name |
| type | string | Entity category (Exchange, Custody, DEX, etc.) |
| status | string | Active or Inactive |
| website | string | Primary website URL |
| year_established | integer | Year the entity was founded |
| company_number | string | Registered company number, if available |
| operating_entity | string | Legal name of the operating entity |
| operating_entity_jurisdiction | string | Jurisdiction of incorporation |
| key_personnel | array of strings | Named individuals and their roles (e.g. "Alice Smith (CEO)") |
| entity_overview | string | Narrative summary of the entity's business and operations |
Regulatory licence fields (per item in regulatory_jurisdictions)
| Field | Type | Description |
|---|---|---|
| jurisdiction_name | string | Country or region of the licence (e.g. United Kingdom) |
| regulatory_status | string | Current status: Registered, Licensed, Pending, Revoked, etc. |
| license_type | string | Type of licence or registration (e.g. Cryptoasset Business, VASP) |
| license_number | string | Official licence or registration number issued by the regulator |
| license_holder_name | string | Legal name of the licence holder |
| regulator_name | string | Name of the issuing regulatory authority (e.g. FCA, MAS, BaFin) |
| registration_date | string (date) | Date the licence or registration was granted |
| source_url | string | Direct link to the entry on the regulator's public register |
Integrity issues & penalty history fields (per item in active_penalties)
| Field | Type | Description |
|---|---|---|
| integrity_issues | string | Narrative summary of known integrity concerns, controversies, or red flags at the entity level |
| total_penalty | float (USD) | Total financial penalty imposed (USD) |
| evidence_summary | string | Narrative description of the incident, enforcement action, or breach |
| sources | array of strings | Source URLs — regulatory notices, news reports, or court documents |
POST
/v1/request-entity
Request a new entity
Submit a request to add a new entity to the database. Requests are reviewed by the Hoptrail team.
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | required | Entity name |
| website | string | optional | Entity website URL |
| category | string | optional | Entity type (Exchange, DEX, etc.) |
Python
curl
response = requests.post(
"https://therabbithole.xyz/v1/request-entity",
json={
"name": "Acme Exchange",
"website": "https://acme.exchange",
"category": "Exchange"
},
headers=headers
)
curl -X POST \
-H "X-API-Key: trh_..." \
-H "Content-Type: application/json" \
-d '{"name":"Acme Exchange","category":"Exchange"}' \
https://therabbithole.xyz/v1/request-entity
Compliance Signals
Each entity response includes a compliance_signals array. Each signal represents a key compliance indicator with the following fields:
| Field | Type | Description |
|---|---|---|
| label | string | Human-readable name (e.g. AML Policy) |
| status | string | COMPREHENSIVE / PARTIAL / BASIC / NONE — or YES / LIMITED / NO for risk signals |
| evidence | string | Evidence supporting the score |
| source | string | Source URL or reference document |
| scored_at | string | ISO timestamp of last assessment |
The 10 tracked signals are: AML Policy, KYC Policy, Compliance Officer, Transaction Monitoring, Travel Rule, P2P Trading, Privacy Coins, Gambling / Wagering, Sanctioned Jurisdictions, FATF Grey List.
Commercial Information Fields
Top-level fields returned on every entity describing its commercial profile.
| Field | Type | Description |
|---|---|---|
| entity_id | string (UUID) | Unique identifier for the entity |
| name | string | Entity trading name |
| type | string | Entity category (Exchange, Custody, DEX, etc.) |
| status | string | Active or Inactive |
| website | string | Primary website URL |
| year_established | integer | Year the entity was founded |
| company_number | string | Registered company number, if available |
| operating_entity | string | Legal name of the operating entity |
| operating_entity_jurisdiction | string | Jurisdiction of incorporation |
| key_personnel | array of strings | Named individuals and their roles (e.g. "Alice Smith (CEO)") |
| entity_overview | string | Narrative summary of the entity's business and operations |
Regulatory Licence Fields
Each item in the regulatory_jurisdictions array describes a single licence or registration held by the entity.
| Field | Type | Description |
|---|---|---|
| jurisdiction_name | string | Country or region of the licence (e.g. United Kingdom) |
| regulatory_status | string | Current status: Registered, Licensed, Pending, Revoked, etc. |
| license_type | string | Type of licence or registration (e.g. Cryptoasset Business, VASP) |
| license_number | string | Official licence or registration number issued by the regulator |
| license_holder_name | string | Legal name of the licence holder |
| regulator_name | string | Name of the issuing regulatory authority (e.g. FCA, MAS, BaFin) |
| registration_date | string (date) | Date the licence or registration was granted |
| source_url | string | Direct link to the entry on the regulator's public register |
Integrity Issues & Penalty History Fields
The top-level integrity_issues field is a narrative summary of known concerns at the entity level. Each item in the active_penalties array describes a specific enforcement action, breach, or incident.
| Field | Type | Description |
|---|---|---|
| integrity_issues | string | Narrative summary of known integrity concerns, controversies, or red flags at the entity level |
| total_penalty | float (USD) | Total financial penalty imposed |
| evidence_summary | string | Narrative description of the incident, enforcement action, or breach |
| sources | array of strings | Source URLs — regulatory notices, news reports, or court documents |
For questions or to request access, contact [email protected]