Skip to content

API · v1

Build secure crypto custody into your product.

A signed REST API for opening custody accounts, issuing deposit wallets, moving funds, and reacting to on-chain events in real time. Idempotent, multi-tenant, and built for production from day one.

Get started → Open API reference

  • Vaults

    A vault per end-customer. Segregated balances, isolated audit trail. Spin one up with a single POST /vaults.

    → Overview

  • Wallets

    One per asset, per vault. Native deposit address on every supported chain. BTC, ETH, USDT, USDC, and more.

    → Overview

  • Transactions

    Internal transfers and on-chain withdrawals to allow-listed addresses. Estimate fees before submitting. Track via webhook or pull.

    → Reference

  • Webhooks

    Signed HMAC-SHA256 callbacks for every deposit, withdrawal, and balance change. At-least-once delivery with retries and a dead-letter view.

    → Webhook integration

  • Address book

    Per-tenant allow-list of external addresses. Withdrawals can only go to addresses you've already added — typo and key-leak protection by design.

    → Reference

  • Signed key auth

    Every request signed with X-API-Key + X-Timestamp + X-Signature (HMAC-SHA256). Optional IP allow-list, scoped permissions per key.

    → Authentication

Start here

Three short pages will get you from zero to first transaction.

  1. Overview — vault, wallet, transaction, address book, webhook. The mental model in five concepts.
  2. Authentication — sign every request. Worked examples in bash, Node, Python, C#.
  3. Quick start — your first end-to-end integration in ~10 minutes.

Two environments

Environment Key prefix Real funds?
Sandbox ..._test_… No — for integration testing.
Production ..._live_… Yes.

Pick the matching server in the Server dropdown on the API Reference page when calling out from there. Keys are not interchangeable between environments.

Guides

  • Webhook integration — full payload schemas for every event type, signature verification in 3 languages, delivery and retry semantics.
  • Reliability & Limits — idempotency keys, rate limits, replay protection, page-size caps, webhook URL safety. The runtime contract; read once before integrating.
  • Error handling — every status code your client needs to handle, with retry strategies.