Dashboard
Core concepts

Execution modes

Payload mode keeps every signature in your hands. Delegated mode trades a small amount of custody for convenience — never withdrawal capability.

Payload modeDelegated mode
DefaultYes — every new agent starts hereOpt-in, requires submitting credentials
Who signsYou, with your own walletMeridian, in-process, using sealed-box decrypted credentials
Credential storageNone requiredSealed-box encrypted, scoped to order:place + order:cancel
Response on approvalUnsigned EIP-712 payloadvenue_order_id — already submitted

Payload mode

POST /v1/orders/intent returns an unsigned order containing the EIP-712 domain, types, and message struct — with the builder code already attached. Sign it with your agent's wallet and forward it to POST /v1/orders/submit-signed. Meridian validates the signature format before forwarding it to the venue; it never sees your private key.

Delegated mode

Submit venue API credentials via POST /v1/agents/{id}/creds. Meridian encrypts them with a NaCl sealed box before storage — decryption happens only in-process, at the moment of order submission, and the plaintext never appears in logs or error responses.

submit-credentials.ts
await client.agents.submitCredentials(agentId, {
  api_key: "...",
  api_secret: "...",
  scopes: ["order:place", "order:cancel"],
});
Only two scopes are ever accepted
Credential submissions containing withdraw, transfer, or balance_modify scopes are rejected outright with a 400. Meridian is structurally incapable of holding withdrawal capability, in either mode.

Kill switch

POST /v1/agents/{id}/kill cancels every open order for that agent, concurrently, within a 5-second SLA. In delegated mode it also deletes the decryptable credential material from storage — irreversibly. Orders that don't confirm cancellation within the deadline are marked failed and flagged for review rather than left in an unknown state.

See the API reference for the full request/response shape of every endpoint mentioned here.