components: schemas: APIKeyInfoResponse: properties: api_version: type: string created_at: format: date-time type: string id: type: string last_used_at: format: date-time type: string name: type: string object: type: string organization_id: type: string scopes: items: type: string type: array type: object AddressResponse: properties: address: example: '0x742d35Cc6634C0532925a3b844Bc454e4438f44e' type: string chain: example: ethereum type: string created_at: example: '2026-05-16T10:30:00Z' format: date-time type: string format: type: string id: example: 3f1a2b3c-4d5e-6f7a-8b9c-0d1e2f3a4b5c type: string is_primary: example: true type: boolean label: example: Customer deposits type: string network: example: mainnet type: string object: example: address type: string wallet_id: example: a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d type: string type: object AssetResponse: properties: chain: type: string decimals: type: integer id: type: string name: type: string object: type: string symbol: type: string type: type: string type: object BalanceResponse: properties: asset: type: string available: type: string balance: type: string chain: type: string decimals: type: integer locked: type: string network: type: string object: type: string type: object ChainResponse: properties: id: type: string name: type: string networks: items: type: string type: array object: type: string type: object CreateAddressRequest: properties: address_format: enum: - p2wpkh - p2tr - p2pkh example: p2wpkh type: string label: example: Customer deposits type: string network: example: mainnet type: string type: object CreateGasStationRequest: properties: auto_refill_enabled: type: boolean chain: example: ethereum type: string gas_strategy: example: standard type: string name: example: Ethereum gas station type: string network: example: mainnet type: string refill_amount: example: '0.25' type: string refill_from_wallet_id: example: f47ac10b-58cc-4372-a567-0e02b2c3d479 type: string threshold: example: '0.05' type: string required: - name - chain - network - threshold type: object CreateSubscriptionRequest: properties: address: example: '0x742d35Cc6634C0532925a3b844Bc454e4438f44e' type: string chain: example: ethereum type: string event_type: example: incoming_token_tx type: string label: example: Customer deposit monitor type: string metadata: additionalProperties: true type: object network: example: mainnet type: string webhook_url: example: https://example.com/webhooks/bitnob format: uri type: string required: - address - chain - webhook_url type: object CreateTransactionRequest: properties: amount: example: '25.5' type: string asset: example: USDC type: string fee_level: enum: - low - medium - high example: medium type: string gas_station_id: example: 9b2e7a1c-3d4f-4a8b-9c0d-1e2f3a4b5c6d format: uuid type: string network: example: mainnet type: string note: example: Invoice 4471 payout type: string sponsor_gas: type: boolean to_address: example: '0x742d35Cc6634C0532925a3b844Bc454e4438f44e' type: string wallet_id: example: f47ac10b-58cc-4372-a567-0e02b2c3d479 format: uuid type: string required: - wallet_id - to_address - amount - asset type: object CreateWalletRequest: properties: chain: example: ethereum type: string customer_ref_id: example: cust_8842 type: string metadata: additionalProperties: true type: object name: example: Treasury wallet type: string network: example: mainnet type: string vault_id: example: f47ac10b-58cc-4372-a567-0e02b2c3d479 format: uuid type: string wallet_type: enum: - hot - cold - operational example: hot type: string required: - name - chain - vault_id type: object CreateWebhookRequest: properties: event_types: items: type: string type: array name: example: Production notifications maxLength: 255 minLength: 1 type: string url: example: https://example.com/webhooks/bitnob format: uri type: string required: - name - url type: object Error: description: Standard error envelope. properties: error: properties: code: type: string message: type: string param: type: string request_id: type: string type: type: string type: object type: object EventResponse: properties: created_at: format: date-time type: string delivered_at: format: date-time type: string delivery_attempts: type: integer delivery_status: type: string destination: type: string error_message: type: string http_status_code: type: integer id: type: string max_attempts: type: integer next_retry_at: format: date-time type: string object: type: string type: type: string webhook_id: type: string type: object EventRetryResponse: properties: object: type: string status: type: string type: object GasStationResponse: properties: address: type: string asset: type: string auto_refill_enabled: type: boolean balance: type: string chain: type: string created_at: format: date-time type: string gas_strategy: type: string health_status: type: string id: type: string name: type: string network: type: string object: type: string refill_amount: type: string refill_from_wallet_id: type: string status: type: string threshold: type: string updated_at: format: date-time type: string type: object JSONRPCRequest: properties: id: {} jsonrpc: type: string method: type: string params: {} type: object JSONRPCResponse: properties: error: {} id: {} jsonrpc: type: string result: {} type: object RefillGasStationRequest: properties: amount: example: '0.25' type: string source_wallet_id: example: f47ac10b-58cc-4372-a567-0e02b2c3d479 format: uuid type: string required: - source_wallet_id - amount type: object SigningSecretResponse: properties: object: type: string signing_secret: type: string type: object SponsorBroadcastRequest: properties: amount: example: '100' type: string asset: example: USDT type: string fee_level: example: medium type: string from_address: example: TQn9Y2khEsLJW1ChVWFMSMeRDow5KcbLSE type: string network: example: mainnet type: string signed_tx: example: 0a02... type: string to_address: example: TWd4WrZ9wn84f5x1hZhL4DHvk738ns5jwb type: string tx_hash: example: e1f2c3... type: string required: - from_address - to_address - asset - amount - network - signed_tx type: object SponsorBroadcastResponse: properties: broadcast_accepted: type: boolean gas_station_id: type: string mode: type: string object: type: string root_sponsor_tx_id: type: string sponsor_amount_trx: type: string sponsor_tx_id: type: string status: type: string tx_hash: type: string type: object SubscriptionResponse: properties: address: type: string chain: type: string created_at: format: date-time type: string event_type: type: string failure_reason: type: string has_signing_secret: type: boolean id: type: string label: type: string last_event_at: format: date-time type: string metadata: additionalProperties: true type: object network: type: string object: type: string signing_secret: type: string status: type: string updated_at: format: date-time type: string webhook_url: type: string type: object TransactionResponse: properties: amount: example: '25.5' type: string asset: example: USDC type: string asset_decimals: example: 6 type: integer block_number: example: 21345678 type: integer broadcast_at: example: '2026-05-16T10:30:02Z' format: date-time type: string chain: example: ethereum type: string completed_at: example: '2026-05-16T10:30:45Z' format: date-time type: string confirmations: example: 12 type: integer created_at: example: '2026-05-16T10:30:00Z' format: date-time type: string direction: example: outbound type: string error_message: type: string fee_amount: example: '0.0012' type: string from_address: example: '0x3f5CE5FBFe3E9af3971dD833D26bA9b5C936f0bE' type: string gas_station_id: example: 9b2e7a1c-3d4f-4a8b-9c0d-1e2f3a4b5c6d type: string id: example: 7c9e6679-7425-40de-944b-e07fc1f90ae7 type: string network: example: mainnet type: string note: example: Invoice 4471 payout type: string object: example: transaction type: string signed_at: example: '2026-05-16T10:30:01Z' format: date-time type: string sponsored: example: false type: boolean status: example: confirmed type: string to_address: example: '0x742d35Cc6634C0532925a3b844Bc454e4438f44e' type: string tx_hash: example: '0x9f4c1b8e2a7d3f06c5b1a09e8d7c6f5e4d3c2b1a09f8e7d6c5b4a3928170615f' type: string tx_type: type: string wallet_id: example: a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d type: string type: object UpdateGasStationRequest: properties: auto_refill_enabled: type: boolean name: maxLength: 100 minLength: 2 type: string refill_amount: type: string threshold: type: string type: object UpdateSubscriptionRequest: properties: event_type: type: string webhook_url: type: string type: object UpdateWalletRequest: properties: metadata: additionalProperties: true type: object name: maxLength: 100 minLength: 2 type: string type: object UpdateWebhookRequest: properties: event_types: items: type: string type: array name: maxLength: 255 minLength: 1 type: string url: format: uri type: string type: object VaultResponse: properties: created_at: format: date-time type: string custody_type: type: string id: type: string name: type: string object: type: string status: type: string updated_at: format: date-time type: string vault_type: type: string wallet_count: type: integer type: object WalletResponse: properties: addresses: items: $ref: '#/components/schemas/AddressResponse' type: array chain: example: ethereum type: string created_at: example: '2026-05-16T10:30:00Z' format: date-time type: string customer_ref_id: example: cust_8842 type: string id: example: a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d type: string metadata: additionalProperties: true type: object name: example: Treasury wallet type: string object: example: wallet type: string primary_address: example: '0x742d35Cc6634C0532925a3b844Bc454e4438f44e' type: string status: example: active type: string updated_at: example: '2026-05-16T10:30:00Z' format: date-time type: string vault_id: example: f47ac10b-58cc-4372-a567-0e02b2c3d479 type: string wallet_type: example: hot type: string type: object WebhookResponse: properties: created_at: format: date-time type: string event_types: items: type: string type: array has_signing_secret: type: boolean id: type: string last_triggered_at: format: date-time type: string name: type: string object: type: string signing_secret: type: string status: type: string updated_at: format: date-time type: string url: type: string type: object securitySchemes: ApiKeyAuth: in: header name: X-API-Key type: apiKey info: description: "# Bitnob Enterprise API\n\nA high-performance Wallet-as-a-Service API for partners and\ \ developers:\nnon-custodial wallets, transactions, gas stations, on-chain subscriptions and\nplatform\ \ webhooks across multiple chains.\n\n## Authentication\n\nAuthenticate every request with your secret\ \ API key in the **X-API-Key**\nrequest header. Keys are scoped to one organization and carry a fixed\ \ set of\npermissions; an endpoint returns **403** when the key lacks the required\npermission. Treat\ \ the key as a credential — never expose it in a browser or\nmobile client.\n\n## Request tracing\n\ \nEvery response carries an **X-Request-Id** header. Log it, and quote it when\ncontacting support\ \ — it identifies the exact request in our systems.\n\n## Rate limits\n\nEvery response carries the\ \ current rate-limit state:\n\n- **X-RateLimit-Limit** — requests permitted in the current window.\n\ - **X-RateLimit-Remaining** — requests still available in this window.\n- **X-RateLimit-Reset** —\ \ Unix time (seconds) when the window resets.\n- **X-RateLimit-Scope** — the scope the limit was applied\ \ at.\n\nRead these proactively and slow down before you are throttled. When a limit is\nexceeded\ \ the API responds **429** with a **Retry-After** header (seconds to\nwait); retry only after that\ \ delay.\n\n## Idempotency\n\nSend an **Idempotency-Key** header (a unique value you generate, e.g.\ \ a UUID)\non **POST**, **PATCH** and **DELETE** requests so a network retry never\napplies the same\ \ change twice.\n\n- It is **required** on value-moving endpoints (creating transactions,\n creating\ \ addresses, refilling and sponsor-broadcasting gas stations,\n creating wallets); those return **400\ \ idempotency_key_required** if absent.\n- Keys are retained for **24 hours**.\n- Retrying with the\ \ same key replays the original response byte-for-byte and\n adds an **Idempotent-Replayed: true**\ \ header.\n- Reusing a key with a **different request body** is rejected with\n **409 idempotency_conflict**\ \ — generate a fresh key per distinct operation.\n- Only successful (2xx) responses are stored, so\ \ a request that failed can be\n safely retried with the same key.\n- An Idempotency-Key sent without\ \ authentication is rejected with **401**.\n\n## Pagination\n\nList endpoints are cursor-paginated.\ \ Parameters:\n\n- **limit** — page size; bounded by the endpoint maximum.\n- **starting_after** —\ \ return the page after this opaque cursor.\n- **ending_before** — return the page before this opaque\ \ cursor.\n\nSupplying both **starting_after** and **ending_before** is rejected with\n**400 ambiguous_cursor**.\ \ Every list response is the same envelope:\n\n {\n \"object\": \"list\",\n \"data\"\ : [ ... ],\n \"has_more\": true,\n \"next_cursor\": \"b3JnOjE2ODk...\",\n \"url\":\ \ \"/wallets\"\n }\n\nWhen **has_more** is true, pass **next_cursor** as **starting_after** to\ \ fetch\nthe following page. Cursors are opaque — do not parse or construct them.\n\n## Errors\n\n\ Every error response is the same envelope:\n\n {\n \"error\": {\n \"type\": \"invalid_request_error\"\ ,\n \"code\": \"invalid_cursor\",\n \"message\": \"starting_after is not a valid cursor\"\ ,\n \"param\": \"starting_after\",\n \"request_id\": \"req_01HX...\"\n }\n }\n\ \n**type** is the broad category; **code** is a stable, machine-readable\nidentifier — branch on **code**,\ \ show **message** to humans, and **param**\nnames the offending field when applicable.\n\n### Error\ \ code catalogue\n\n**invalid_request_error** (HTTP 400) — the request was malformed or failed\nvalidation:\ \ invalid_request, invalid_json, invalid_body, empty_body,\ntrailing_data, type_mismatch, unknown_field,\ \ missing_required_field,\ninvalid_id, invalid_cursor, ambiguous_cursor, invalid_expand, invalid_chain,\n\ invalid_vault_id, wallet_chain_unknown, invalid_transaction_data,\namount_precision_loss, gas_station_low_balance,\ \ body_too_large,\nidempotency_key_required, idempotency_key_invalid, invalid_webhook_id,\nmethod_not_allowed.\n\ \n**authentication_error** (HTTP 401) — the request was not authenticated:\nnot_authenticated, auth_required,\ \ org_required.\n\n**permission_error** (HTTP 403) — the request is authenticated but not\npermitted:\ \ insufficient_permissions (the API key lacks the required\npermission), ip_not_allowed (the request's\ \ source IP is not in the key's IP\nallowlist).\n\n**not_found_error** (HTTP 404) — the addressed\ \ resource does not exist:\nnot_found, route_not_found, asset_not_found, event_not_found,\ngas_station_not_found,\ \ subscription_not_found, transaction_not_found,\nvault_not_found, wallet_not_found, address_not_found,\ \ webhook_not_found.\n\n**conflict_error** (HTTP 409) — the request conflicts with current state:\n\ conflict, idempotency_conflict, wallet_archived.\n\n**rate_limit_error** (HTTP 429) — too many requests:\ \ rate_limit_exceeded.\n\n**api_error** (HTTP 500) — an unexpected server error: request_error,\n\ internal_error.\n\n**service_unavailable_error** (HTTP 503) — a dependency is unavailable;\nretry\ \ after the Retry-After delay: service_unavailable.\n\n## Webhook signature verification\n\nThe platform\ \ signs every webhook delivery with HMAC-SHA256 using the signing\nsecret issued when you create the\ \ webhook or subscription (and rotated via the\nrotate-secret endpoints — the plaintext secret is\ \ shown only once).\n\nThe signature covers the canonical JSON object below, where **data**,\n**event**\ \ and **timestamp** are the corresponding fields of the delivered\npayload and **timestamp** is Unix\ \ seconds:\n\n {\"data\": , \"event\": \"\", \"timestamp\": }\n\nThe\ \ signed object contains ONLY those three keys — when verifying, build a\nfresh object from the delivery's\ \ data, event and timestamp and exclude the\nsignature field (and any other body fields) from the\ \ HMAC input. Serialize the\nkeys in lexical order (data, event, timestamp), matching Go's encoding/json.\n\ The signature value is:\n\n \"sha256=\" + hex( HMAC_SHA256(signing_secret, canonical_json) )\n\n\ **Platform webhooks** (created via /webhooks) carry this value in the\n**X-Webhook-Signature** response\ \ header. **On-chain subscription webhooks**\n(created via /subscriptions) carry it as a **signature**\ \ field inside the\ndelivered JSON body — there is no signature header.\n\nTo verify a delivery: recompute\ \ the signature from your stored secret and\ncompare it to the received value with a constant-time\ \ comparison. Reject the\ndelivery on mismatch, and reject deliveries whose **timestamp** is older\ \ than\nyour tolerance window (a few minutes is typical) to defend against replay.\n\n## Webhook event\ \ types\n\n**Platform notification webhooks** (/webhooks) deliver these event types:\nwallet.created,\ \ wallet.deleted, wallet.suspended, wallet_address.created,\ntransaction.created, transaction.signed,\ \ transaction.broadcasting,\ntransaction.confirmed, transaction.completed, transaction.received,\n\ transaction.failed, transaction.cancelled, gas_station.low_balance,\ngas_station.critical_balance,\ \ gas_station.auto_refilled, session.created,\napi_key.created, api_key.deleted, policy.violation,\ \ kyt.deposit.held,\nkyt.deposit.approved, kyt.deposit.rejected, kyt.deposit.blocked,\nkyt.withdrawal.blocked,\ \ kyt.sanctions.match, kyt.alert.escalated,\nkyt.screening.timeout, kyt.screening.requeued, kyt.screening.completed.\n\ \n**On-chain subscription webhooks** (/subscriptions) deliver these event\ntypes: incoming_native_tx,\ \ incoming_token_tx, incoming_nft_transfer,\nincoming_internal_tx, outgoing_native_tx, outgoing_token_tx,\n\ outgoing_nft_transfer, outgoing_internal_tx, tx_failed, tx_pending,\nconfirmation_threshold_met, confirmation_finalized,\ \ contract_deployed,\ncontract_executed, balance_changed.\n\n## Versioning and deprecation\n\nPin\ \ the API version with the **API-Version** request header; omit it to take\nthe current default. Additive\ \ changes (new endpoints, new optional fields) are\nnot versioned and may appear at any time — write\ \ tolerant clients.\n\nWhen an operation or version is scheduled for removal it is marked\n**deprecated**\ \ in this specification, and its responses carry a\n**Deprecation** header plus a **Sunset** header\ \ (RFC 8594) giving the date\nafter which it stops functioning. Monitor those headers and migrate\ \ before the\nSunset date." title: Bitnob Enterprise API version: v1 openapi: 3.0.3 paths: /assets: get: description: Returns all supported assets. Filterable by chain and type. operationId: getAssets parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Filter by chain (e.g. ethereum, bitcoin). in: query name: chain required: false schema: type: string - description: Filter by asset type. in: query name: type required: false schema: enum: - native - erc20 - spl - trc20 - bep20 type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/AssetResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List assets tags: - Assets /assets/chains: get: description: Returns all supported blockchain networks. operationId: getAssetsChains parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/ChainResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List chains tags: - Assets /assets/{id}: get: description: Returns a single asset by ID (e.g. ETH, USDC_ETH, BTC). operationId: getAssetsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/AssetResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get asset tags: - Assets /gasstations: get: description: Returns gas stations for the organization. Filterable by chain. operationId: getGasstations parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer - description: Filter by chain (e.g. bitcoin, ethereum, tron). in: query name: chain required: false schema: type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/GasStationResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List gas stations tags: - Gasstations post: description: Creates a new gas station for automated fee management. operationId: postGasstations parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateGasStationRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/GasStationResponse' description: Created headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Create gas station tags: - Gasstations /gasstations/{id}: get: description: Returns a single gas station by ID. operationId: getGasstationsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/GasStationResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get gas station tags: - Gasstations patch: description: Updates a gas station's refill configuration — threshold, auto-refill toggle, and refill amount. Omitted fields are left unchanged. operationId: patchGasstationsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateGasStationRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/GasStationResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Update gas station tags: - Gasstations /gasstations/{id}/refill: post: description: Transfers funds to refill a gas station. Requires the Idempotency-Key header. operationId: postGasstationsByIdRefill parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: true schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RefillGasStationRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/TransactionResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Refill gas station tags: - Gasstations /gasstations/{id}/sponsor-broadcast: post: description: Sponsors and/or broadcasts an externally signed Tron transaction using the selected gas station. Requires the Idempotency-Key header. operationId: postGasstationsByIdSponsor-broadcast parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: true schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SponsorBroadcastRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SponsorBroadcastResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Sponsor and broadcast external Tron transaction tags: - Gasstations /me: get: description: Returns metadata about the authenticated API key including organization and scopes. operationId: getMe parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeyInfoResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get API key info tags: - Meta /rpc/{chain}: post: description: Proxies a JSON-RPC 2.0 call to the specified blockchain node. The request body and response body are passed through verbatim. operationId: postRpcByChain parameters: - in: path name: chain required: true schema: type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/JSONRPCRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/JSONRPCResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Execute RPC call tags: - Rpc /subscriptions: get: description: Returns a paginated list of subscriptions for the organization. Filterable by chain, network, status. operationId: getSubscriptions parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer - description: Filter by chain. in: query name: chain required: false schema: type: string - description: Filter by network (e.g. mainnet, testnet). in: query name: network required: false schema: type: string - description: Filter by subscription status. in: query name: status required: false schema: type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/SubscriptionResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List subscriptions tags: - Subscriptions post: description: Creates an address subscription to monitor blockchain activity. operationId: postSubscriptions parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateSubscriptionRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/SubscriptionResponse' description: Created headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Create subscription tags: - Subscriptions /subscriptions/events: get: description: Returns a paginated list of on-chain delivery events for this organization across all subscriptions, newest first. Filter to a single subscription with the subscription_id query param. operationId: getSubscriptionsEvents parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer - description: Filter by delivery status. in: query name: status required: false schema: enum: - pending - delivered - failed type: string - description: Narrow the listing to a single subscription. in: query name: subscription_id required: false schema: format: uuid type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/EventResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List subscription delivery events tags: - Subscriptions /subscriptions/events/{id}: get: description: Returns a single delivery event by ID. The event must belong to a subscription owned by the caller's organization. operationId: getSubscriptionsEventsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get subscription delivery event tags: - Subscriptions /subscriptions/events/{id}/retry: post: description: Re-queues the specified delivery for another attempt. Org ownership is enforced via the delivery's parent subscription. operationId: postSubscriptionsEventsByIdRetry parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventRetryResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Retry subscription delivery tags: - Subscriptions /subscriptions/{id}: delete: description: Soft-deletes a subscription and removes it from the provider. operationId: deleteSubscriptionsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string responses: '204': description: No Content headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Delete subscription tags: - Subscriptions get: description: Returns a single subscription by ID. operationId: getSubscriptionsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/SubscriptionResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get subscription tags: - Subscriptions patch: description: Partially updates a subscription. operationId: patchSubscriptionsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateSubscriptionRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SubscriptionResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Update subscription tags: - Subscriptions /subscriptions/{id}/rotate-secret: post: description: Generates a new HMAC signing secret for this subscription's webhook URL. The new secret is returned once. operationId: postSubscriptionsByIdRotate-secret parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/SigningSecretResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Rotate signing secret tags: - Subscriptions /transactions: get: description: Returns a paginated list of transactions. Filterable by wallet_id, status, direction, asset, and created_at range. operationId: getTransactions parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer - description: Filter by wallet UUID. in: query name: wallet_id required: false schema: format: uuid type: string - description: Filter by transaction status. in: query name: status required: false schema: type: string - description: Filter by direction. in: query name: direction required: false schema: enum: - inbound - outbound type: string - description: Filter by asset symbol (e.g. USDT). in: query name: asset required: false schema: type: string - description: Created at >= this RFC3339 timestamp. in: query name: created_at[gte] required: false schema: format: date-time type: string - description: Created at <= this RFC3339 timestamp. in: query name: created_at[lte] required: false schema: format: date-time type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/TransactionResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List transactions tags: - Transactions post: description: Creates a new transaction. The transaction is automatically signed using your API key credentials and submitted for broadcast. Requires the Idempotency-Key header. operationId: postTransactions parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: true schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateTransactionRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/TransactionResponse' description: Created headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Create transaction tags: - Transactions /transactions/{id}: get: description: Returns a single transaction by ID. operationId: getTransactionsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/TransactionResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get transaction tags: - Transactions /vaults: get: description: Returns vaults for the organization. Filterable by vault_type and status. operationId: getVaults parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer - description: Filter by vault type. in: query name: vault_type required: false schema: enum: - dedicated - pool type: string - description: Filter by status. in: query name: status required: false schema: type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/VaultResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List vaults tags: - Vaults /vaults/{id}: get: description: Returns a single vault by ID with wallet count. operationId: getVaultsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/VaultResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get vault tags: - Vaults /wallets: get: description: Returns a paginated list of wallets. Supports expand[]=addresses, chain, and status filters. operationId: getWallets parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer - description: Filter by chain. in: query name: chain required: false schema: type: string - description: Filter by wallet status. in: query name: status required: false schema: type: string - description: Expand related resources inline (e.g. addresses). in: query name: expand[] required: false schema: items: type: string type: array responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/WalletResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List wallets tags: - Wallets post: description: Creates a new wallet inside an existing vault, scoped to the given chain. vault_id is required — create the vault first, then create wallets under it. The chain's native primary address is auto-provisioned as part of creation; partners do not need a second call. Use POST /wallets/:id/addresses afterwards only for Bitcoin (which permits multiple addresses) — account-based chains return the same primary on subsequent calls. operationId: postWallets parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: true schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateWalletRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/WalletResponse' description: Created headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Create wallet tags: - Wallets /wallets/{id}: get: description: Returns a single wallet by ID. Supports expand[]=addresses. operationId: getWalletsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Expand related resources inline (e.g. addresses). in: query name: expand[] required: false schema: items: type: string type: array responses: '200': content: application/json: schema: $ref: '#/components/schemas/WalletResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get wallet tags: - Wallets patch: description: Updates a wallet's name or metadata. Omitted fields are left unchanged. operationId: patchWalletsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateWalletRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/WalletResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Update wallet tags: - Wallets /wallets/{id}/addresses: get: description: Returns a paginated list of addresses for a wallet. operationId: getWalletsByIdAddresses parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/AddressResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List addresses tags: - Wallets post: description: 'Derives an address for the wallet. Account-based chains (Ethereum / EVM L2s, Solana, Tron, TON) hold exactly one address per wallet — repeated calls with an asset_id on the same chain return the existing primary (with `X-Idempotent-Replayed: true`). Bitcoin permits multiple addresses, so each call derives a new one.' operationId: postWalletsByIdAddresses parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: true schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateAddressRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/AddressResponse' description: Created headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Create address tags: - Wallets /wallets/{id}/addresses/{addressId}: get: description: Returns a single address by ID. The address must belong to the wallet in the path. operationId: getWalletsByIdAddressesByAddressId parameters: - in: path name: id required: true schema: format: uuid type: string - in: path name: addressId required: true schema: type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/AddressResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get address tags: - Wallets /wallets/{id}/balances: get: description: Returns all asset balances for a wallet. operationId: getWalletsByIdBalances parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/BalanceResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List wallet balances tags: - Wallets /webhooks: get: description: Returns webhook endpoints for the organization. operationId: getWebhooks parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/WebhookResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List webhooks tags: - Webhooks post: description: Registers a new webhook endpoint for platform notifications. The signing secret is returned once at creation time; subsequent reads do not include it. Pass event_types to filter to a subset, or omit to receive every event the platform emits. operationId: postWebhooks parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateWebhookRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/WebhookResponse' description: Created headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Create webhook tags: - Webhooks /webhooks/events: get: description: Returns a paginated list of platform notification deliveries for this organization across all webhook endpoints, newest first. Filter to a single endpoint with the webhook_id query param. operationId: getWebhooksEvents parameters: - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Opaque cursor; returns the page after this item. in: query name: starting_after required: false schema: type: string - description: Opaque cursor; returns the page before this item. in: query name: ending_before required: false schema: type: string - description: Page size; bounded by the endpoint maximum. in: query name: limit required: false schema: type: integer - description: Filter by delivery status. in: query name: status required: false schema: enum: - pending - delivered - failed type: string - description: Narrow the listing to a single webhook. in: query name: webhook_id required: false schema: format: uuid type: string responses: '200': content: application/json: schema: properties: data: items: $ref: '#/components/schemas/EventResponse' type: array has_more: type: boolean next_cursor: description: Opaque cursor for the next page; pass as starting_after. Present only when has_more is true. type: string object: example: list type: string url: type: string type: object description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: List webhook delivery events tags: - Webhooks /webhooks/events/{id}: get: description: Returns a single delivery event by ID. The event must belong to a webhook owned by the caller's organization. operationId: getWebhooksEventsById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get webhook delivery event tags: - Webhooks /webhooks/events/{id}/retry: post: description: Re-queues the specified platform notification delivery for another attempt. Org ownership is enforced via the delivery's parent webhook. operationId: postWebhooksEventsByIdRetry parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventRetryResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Retry webhook delivery tags: - Webhooks /webhooks/{id}: delete: description: Soft-deletes a webhook endpoint. operationId: deleteWebhooksById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string responses: '204': description: No Content headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Delete webhook tags: - Webhooks get: description: Returns a single webhook endpoint by ID. operationId: getWebhooksById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebhookResponse' description: Success headers: X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Get webhook tags: - Webhooks patch: description: Updates a webhook endpoint's URL, name, or event-type filter. operationId: patchWebhooksById parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateWebhookRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/WebhookResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Update webhook tags: - Webhooks /webhooks/{id}/rotate-secret: post: description: Generates a new signing secret. The new secret is returned once. operationId: postWebhooksByIdRotate-secret parameters: - in: path name: id required: true schema: format: uuid type: string - description: API version (defaults to the latest supported version if omitted). in: header name: API-Version required: false schema: default: v1 enum: - v1 type: string - description: Unique key (1-255 printable ASCII chars) used to safely retry write operations. Same key + body returns the cached response; same key + different body returns 409. in: header name: Idempotency-Key required: false schema: maxLength: 255 minLength: 1 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/SigningSecretResponse' description: Success headers: Idempotent-Replayed: description: True when this response was replayed from an earlier request with the same Idempotency-Key. schema: type: boolean X-RateLimit-Limit: description: Requests permitted in the current window. schema: type: integer X-RateLimit-Remaining: description: Requests remaining in the current window. schema: type: integer X-RateLimit-Reset: description: Unix time (seconds) at which the rate-limit window resets. schema: type: integer X-RateLimit-Scope: description: Scope the rate limit was applied at. schema: type: string X-Request-Id: description: Unique id for this request; quote it in support requests. schema: type: string '400': content: application/json: schema: $ref: '#/components/schemas/Error' description: Invalid request '401': content: application/json: schema: $ref: '#/components/schemas/Error' description: Authentication required '403': content: application/json: schema: $ref: '#/components/schemas/Error' description: Insufficient permissions '404': content: application/json: schema: $ref: '#/components/schemas/Error' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/Error' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/Error' description: Rate limit exceeded headers: Retry-After: description: Seconds to wait before retrying. schema: type: integer '500': content: application/json: schema: $ref: '#/components/schemas/Error' description: Internal server error security: - ApiKeyAuth: [] summary: Rotate signing secret tags: - Webhooks security: - ApiKeyAuth: [] servers: - description: Production url: https://api.platform.bitnob.com