Get a key
Request a partner key (vlx_live_…) and a tier. We issue it; the plaintext is shown once.
The same behavioural risk engine that protects people, as an API. Score any link, wallet, email, entity, transaction or behaviour pattern in milliseconds. One HTTPS call in, a scored and explained decision out. EU-built, fail-closed, auditable, and sharper every day.
Most risk APIs resell the same blocklists. Vilkax has its own: fraud and scam detection built on real signals, on-chain fund-flow tracing, and a cross-domain view no single-lane vendor can see - that an inbound counterparty is receiving the proceeds of a romance or pig-butchering scam.
Live threat intelligence from on-chain data, sanctions lists, phishing feeds and real users. Continuously tested and tuned for high precision.
No black box. Each verdict returns the reasons, the matched evidence and a confidence, with a stable explain id for disputes and reviews.
Inputs aren't training fodder. Auth fails closed: a missing or inactive key denies, never opens. Run on our EU edge, or self-host on Enterprise.
Three steps: get a key, make one authenticated call, act on the explained verdict. Every example below targets a real, live endpoint on https://vilkax.com.
Request a partner key (vlx_live_…) and a tier. We issue it; the plaintext is shown once.
Send Authorization: Bearer vlx_live_… on every request. Each endpoint needs a scope.
POST a signal bundle, get back a verdict + reasons + confidence + a stable explain id. Approve, review or block.
Transparent per-call metering. A unit = one call; deep fused signals bill at 3. Check /api/partner/v1/usage any time.
Every endpoint below is a real, deployed route. Auth is Authorization: Bearer vlx_live_<key>, the API is versioned v1, and the verdict contract (allow / review / block) is stable across model updates. The machine-readable OpenAPI 3.1 spec describes them all.
Bearer key on every call. A key carries scopes (e.g. decide, kyt:screen); a wildcard signals:* grants the family. Missing, inactive, or under-scoped fails closed. It never silently downgrades to a free read.
When a provider source isn't configured for your key yet, the response is still well-formed and scored, with "degraded": true and an honest note, never a false all-clear. Build against the real response shape before sources are fully provisioned.
Every error is { "ok": false, "error": "<code>", "detail"?: "…" } with a documented status. Metering and limits ride in response headers so you can budget and back off precisely.
invalid_auth · insufficient_scope · tier_gated · rate_limited · quota_exceeded · service_unavailable
The same signal bundle always returns the same verdict, so retrying a failed call is safe by construction. The verdict contract is stable: we add fields, never remove them.
Two independent guards: a per-minute burst limit and a monthly metered-unit quota. Burst overage returns 429 rate_limited with Retry-After; monthly exhaustion returns 429 quota_exceeded. Enterprise is uncapped by contract.
Every metered response carries an x-billed-units header with the exact units that call consumed, so you can reconcile spend per request without parsing the body. It matches the billed_units field and the running total at /api/partner/v1/usage.
A lone signal is usually innocent. A remote-access tool runs during real IT support, "urgent" appears in a real bank alert. The danger is the co-occurrence. The engine fuses signals so the combinations that are the fraud and coercion playbooks escalate beyond the sum of their parts, while a single tell stays quiet, and every verdict comes back explained.
One fused call returns the threat type, severity, confidence and the action, plus the reasons, the evidence and a stable explain id. The decision core is deterministic; the AI sharpens the explanation, never the safeguards.
Vilkax routes across multiple AI providers with a deterministic fallback, monitors drift and quality, and accounts every call, so the answer is always the best available, never a single point of failure.
The intel core folds live web and source corroboration into the calibrated decision, so an explanation is backed by current evidence, not a stale blocklist. Safeguards are enforced in the engine: behaviour, not people; assessment, never accusation; the highest-stakes categories are human-review-only.
Every verified analyst verdict feeds a fine-tune loop that re-ranks the classifier against the current threat landscape. The model improves continuously: no manual retraining sprints, no static blocklist that stales overnight.
Fintech and crypto for fraud and sanctions; marketplaces and social for trust & safety; insurance, eldercare and telco for the vulnerable-customer and account-takeover moments. One API, the same safeguards everywhere.
Stop synthetic and sanctioned signups before they cost you, without friction for good users.
Screen the destination before you release funds. Catch drainer addresses and mixer exposure pre-sign with KYT.
Hand agents an instant verdict on a suspicious link or message instead of a guess.
Score listings, sellers and payout wallets continuously, not just at signup.
Wallet and counterparty risk with the evidence regulators expect.
Sanctions, the SRI and OSINT depth for the teams that need it, on the same API.
All signal types. Community support. Evaluate with zero commitment.
Then ~€0.006 each. Email support. For early products going live.
Then ~€0.0035 each. Pro-tier endpoints (KYT, SRI), priority support.
Then ~€0.0025 each. Higher burst limits, dedicated channel.
Volume pricing, solutions engineer, DPA, OIDC SSO.
One unit = one check. Light signals (URL, email, SRI) bill 1 unit; deep fused signals (a /decide call, a KYT screen, an entity fan-out) bill 3. The monthly quota counts units, not raw requests, so the meter matches the price. You only pay for the calls you make.
A single prevented fraud loss pays for years of calls, so checks stay cheap and you scale on usage, not seats. A free 15-day trial to prove value, transparent metering with volume discounts, enterprise contracts for residency and compliance. No lock-in. Prices are launch guidance, finalised per workload.
Edge-served from Europe; data stays in the region you choose.
The decisioning endpoints consume opaque signal ids, never raw PII, and reject a feature vector that smuggles any. Inputs aren't training fodder.
Every verdict ships with reasons, evidence and a stable explain id.
Run the engine inside your perimeter for full residency and control (Enterprise).
SOC 2 path, DPA on request, sanctions sourcing documented for examiners. SSO via OIDCSAML/SCIM roadmap
allow / review / block verdicts that never break on a model update.
Request one from the contact form. We issue your vlx_live_ key and tier and the plaintext is shown once. A fully self-serve key portal is on the way; until then a request takes minutes.
No, and that's deliberate. Every new key starts with a free 15-day evaluation with all signal types; after that you pick a plan and pay only for the usage you meter.
One check. Light signals bill 1 unit; deep fused checks (a decision, a KYT screen) bill 3. Track it any time at /api/partner/v1/usage.
The response is still well-formed and scored, with "degraded": true and an honest note, never a false clear. You can build against the real shape immediately.
EU edge, no training on your inputs, self-host available on Enterprise. The decisioning endpoints never store raw PII.
The API is plain HTTPS + JSON, so the fetch wrappers above are all you need today. First-party SDKs are to follow.
Start free, wire one call, and decide with evidence from day one.