Endpoint Reference
The API surface, organised by route prefix. Each page documents request/response shape, status codes, on-chain reverts (where applicable), and includes a runnable end-to-end example.
| Route prefix | Wraps | Page |
|---|---|---|
/health, /info, /addresses, /tx | Infrastructure | System & Transactions |
/roles | Roles | /roles |
/collaterals | CollateralRegistry | /collaterals |
/currencies | FiatCurrencyRegistry | /currencies |
/prices | CryptoPriceOracle | /prices |
/fx | FxOracle (incl. EIP-712 helpers) | /fx |
/allowlist | BorrowerAllowlist | /allowlist |
/treasury | Treasury | /treasury |
/lending | LendingCore | /lending |
Read this first
Conventions — error format, build-tx envelope, BigInt encoding, currency codes, status codes. The per-route pages assume you know it.
Auth requirements at a glance
The API itself is keyless and doesn't enforce auth on its own endpoints. Auth comes from the on-chain role check when the build-tx is signed and broadcast. So:
| Caller signs as… | Can usefully call write endpoints under… |
|---|---|
| User wallet | /lending/deposit, /lending/withdraw, /lending/repay-with-usdc, /lending/liquidate |
| Operator wallet | /lending/record-borrow, /lending/record-fiat-repay, /allowlist/* |
| Admin multisig | /collaterals/*, /currencies/*, /prices/*, /fx/admin-set, /fx/threshold, /fx/{code}/config, /lending/admin/*, /lending/capital/set-*, /roles/grant, /roles/revoke |
| Pauser multisig | /collaterals/pause, /currencies/pause, /fx/{code}/pause, /lending/admin/set-*-paused |
| Treasury manager multisig | /treasury/withdraw |
| Capital manager (multisig or bot) | /lending/capital/deploy, /lending/capital/recall |
| Oracle signers (3 HSMs) | sign report digests for /fx/submit |
| Anyone | every read endpoint, /tx/broadcast |
If you build a tx that doesn't match the calling wallet's role, the
build succeeds but the on-chain broadcast reverts with Unauthorized.
The API can't pre-check this — it doesn't know who you'll sign with.