Build
API reference
All endpoints are under /v1, return application/json, and validate every payload against the shared Zod/pydantic schemas.
Authentication
Send X-API-Key: sk_live_... on every request. Endpoints marked x402 below also accept anonymous requests paid per-call — see x402 payments.
Session
| Path | Description | |
|---|---|---|
| POST | /v1/auth/session | Exchange a verified Privy access token for an org + API key. Auto-provisions on first login. |
Agents
| Path | Description | |
|---|---|---|
| POST | /v1/agents | Create an agent. Defaults to payload mode. |
| POST | /v1/agents/{id}/kill | Kill switch — cancel all open orders within 5s, revoke delegated credentials. |
| POST | /v1/agents/{id}/creds | Submit sealed-box encrypted venue credentials for delegated mode. |
Markets
| Path | Description | |
|---|---|---|
| GET | /v1/markets/search | Search markets. x402: $0.002/call. |
| GET | /v1/markets/{id} | Get market detail. |
| GET | /v1/orderbook/{token_id} | Get live orderbook. x402: $0.001/call. |
Orders
| Path | Description | |
|---|---|---|
| POST | /v1/orders/intent | Run the risk engine and return an unsigned payload on approval. x402: $0.10/call. |
| POST | /v1/orders/submit-signed | Submit a signed payload (payload mode). |
| POST | /v1/orders | Submit an order in delegated mode. |
| DELETE | /v1/orders/{id} | Cancel an order. |
Portfolio
| Path | Description | |
|---|---|---|
| GET | /v1/orders | List orders for the authenticated org. |
| GET | /v1/fills | List fills, including builder-attribution status. |
| GET | /v1/positions | List open positions. |
| GET | /v1/portfolio | Aggregate portfolio summary. |
Policy
| Path | Description | |
|---|---|---|
| GET | /v1/policies | Get risk policies for every agent in the org. |
| PUT | /v1/policies | Update a risk policy. |
| POST | /v1/breaker/reset | Reset a tripped circuit breaker. |
Billing
| Path | Description | |
|---|---|---|
| GET | /v1/billing/usage | Usage events and running totals for the org. |
Errors
Validation failures return 422 with field-level detail. Rejected order intents return 409 with the full risk decision as the response body. Venue-side failures return 502. No response ever includes a stack trace.
422 response
{
"error": "validation_error",
"details": [
{ "field": "size_usdc", "message": "must be positive" }
]
}Prefer typed clients?
The TypeScript SDK validates every request and response against the same shared schemas at runtime and wraps all of the above in a typed client.