Skip to main content

Documentation Index

Fetch the complete documentation index at: https://paxos-0ac97319-preview-travel-rule-api-changes.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The Travel Rule requires financial institutions, including regulated crypto custodians, to collect and share information about the originator and beneficiary of transfers above a defined threshold. The U.S. rule (31 CFR 1010.410(f)) sets the threshold at $3,000. This guide covers U.S. Travel Rule compliance for customers serving end users under Paxos Trust Company, N.A. (federally regulated by the OCC). If you serve end users under Paxos’s Singapore or EU entities, see:
  • Travel Rule compliance — Singapore (MAS) (separate guide, coming soon)
  • Travel Rule compliance — EU (TFR/MiCA) (separate guide, coming soon)
The mechanics are the same across jurisdictions; the required fields and thresholds differ. The Singapore and EU guides build on this one.

Who this is for

Customers using the V2 Crypto Withdrawals API or the V2 Orchestration API to move crypto to external addresses on behalf of end users. Travel Rule does not apply to:
  • Transfers under $3,000 USD-equivalent
  • First-party transfers between Paxos sub-accounts you own
  • Fiat payment flows
  • Internal Paxos-to-Paxos transfers
Transfers to unhosted (self-hosted) wallets above the threshold are subject to Travel Rule data collection, but no counterparty message is sent — there is no counterparty institution to receive one.

How it works

Travel Rule information is collected and stored on the destination address, not on the transaction. Once an address is saved with valid Travel Rule metadata, every subsequent withdrawal or orchestration to that address inherits it automatically. You collect once, transact many times. This is a deliberate shift from the legacy beneficiary field on POST /transfer/crypto-withdrawals, which was per-transaction and not enforced. That field is now deprecated. Three actors are involved in every above-threshold transfer:
ActorWhoWhat you provide
OriginatorYour end user sending the cryptoNothing — Paxos derives this from your KYC submission
BeneficiaryThe person or entity receiving the cryptoProvided on the destination address via travelrule_metadata
Counterparty institutionThe VASP holding the beneficiary’s wallet, if anyvasp.id (preferred) or vasp.name (fallback)

Looking up VASPs

Paxos maintains a directory of known VASPs. Use GET /v2/travelrule/vasps to power a type-ahead picker in your UI: 
curl 'https://api.paxos.com/v2/travelrule/vasps?search=coinb&limit=10' \
  -H 'Authorization: Bearer <token>'

{
  "items": [
    {
      "id": "vasp_01HXYZABC123",
      "name": "Coinbase, Inc."
    },
    {
      "id": "vasp_01HXYZDEF456",
      "name": "Coinbase Custody Trust"
    }
  ]
}
The directory covers the institutions most commonly transacted with and expands over time. If no match is returned, fall back to vasp.name + vasp.website_url — the transfer proceeds and Paxos Compliance handles the Travel Rule obligation for off-directory institutions. You can cache directory results aggressively; changes to the directory are infrequent.