Knogin
[Developers]

Machine Domain

Investigating a cryptocurrency wallet typically means running a blockchain lookup, feeding the result into a compliance screening tool, and then cross-referencing the owner against sanctions lists. The Machine domain aut

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscomplianceblockchain

Overview#

Investigating a cryptocurrency wallet typically means running a blockchain lookup, feeding the result into a compliance screening tool, and then cross-referencing the owner against sanctions lists. The Machine domain automates that chain. It lets analysts build reusable machines that string multiple provider transforms together, passing variables from one step to the next across a sequential pipeline.

Key Features#

  • Sequential transform chaining with variable passing between steps
  • Multiple provider integration for diverse data sources
  • Transform registry for discovering available operations per provider
  • Dynamic runtime provider selection and binding
  • Result aggregation from multiple transform steps
  • Error handling for individual step failures
  • Initial entity input with JSON payload support

Use Cases#

Relevant sectors include financial crime, law enforcement, and intelligence agencies.

  • Enriching IP addresses by chaining threat intelligence and network scanning transforms
  • Investigating cryptocurrency wallets through sequential blockchain and compliance checks
  • Resolving domains to IPs and running cascaded threat analysis
  • Building reusable investigation workflows from modular provider transforms

Integration#

The Machine domain integrates with Transform for data operations, Provider for registry access, Enrichment for data augmentation, Investigation for case context, and Workflow for automation orchestration.

Open Standards#

  • GraphQL (June 2018 specification): the Machine domain's entire API surface, including queries for listing providers and transforms and mutations for running or updating machines, is defined and served as a GraphQL schema using typed inputs and outputs.
  • JSON (RFC 8259): machine step definitions, the initial entity payload, and all pipeline execution results are encoded and exchanged as JSON; pipeline steps are stored in PostgreSQL as JSON and deserialised at runtime.
  • JSON Web Token / RS256 (RFC 7519 / RFC 7518): every Machine endpoint enforces the IsAuthenticated permission class, which validates caller identity by verifying an RS256-signed JWT against a JWKS endpoint.
  • OAuth 2.0 Bearer Token (RFC 6749 / RFC 6750): access to Machine queries and mutations is gated on a bearer token presented in the authorisation header, issued by the platform's OpenID-Connect authorisation server.
  • UUID (RFC 4122): machine records and organisation (tenant) identifiers are version-4 UUIDs, used to enforce row-level tenant isolation in all database queries.
  • ISO 8601: created_at and updated_at timestamps on machine records are stored and returned as UTC-anchored ISO 8601 datetime strings.
  • HTTPS / TLS (RFC 2818 / RFC 8446): all underlying provider integrations invoked as transform steps (VirusTotal, Shodan, Censys, and others) communicate exclusively over HTTPS, relying on TLS for transport security.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.