Base path
Wallet resources use the/v2/wallets path prefix. Supporting APIs use their own /v2/* prefixes, including /v2/activity, /v2/accounting, /v2/webhooks, /v2/address-book, /v2/turnkey, and /v2/system.
Authentication
All requests require a Bearer token in theAuthorization header. If the token is missing or invalid, the API returns 401.
Environments
Sandbox focuses on test networks while you integrate. Production processes live funds on supported chains. Swap the base URL to move between environments, but note that sandbox uses explicit testnet chain keys such as
ethereum_sepolia and may expose a smaller yield-source catalog than production.
Sandbox is limited to a subset of networks for integration testing. Unlike production, sandbox chain keys include the network suffix to make the testnet explicit:
ethereum_sepolia— Ethereum Sepolia testnetsolana_devnet— Solana devnet
arbitrum, base, ethereum, polygon, solana). See Supported Chains for details.
Pagination
List endpoints use cursor-based pagination withlimit and cursor parameters.
nextCursor field. Pass it as cursor to fetch the next page:
nextCursor is null, you have reached the end of the result set.
Endpoint-specific filters, sort options, limits, and status semantics vary by endpoint. Treat each API reference page’s parameter table as authoritative for that endpoint.
Idempotency
Create and withdrawal endpoints accept arequestId (UUID v4). These endpoints return 200 OK for both the initial request and an idempotent replay with the same requestId — the existing resource state is returned on replay.
Wallet and withdrawal creation use requestId to find and return the existing resource on replay. Do not rely on these create endpoints to compare the replayed payload field-by-field.
yieldSourceId and pct. Each included group independently totals 100%.
Allocation pct values support 0.1% increments and must sum to 100.
Replaying the same requestId with the same payload returns 200 OK with the existing resource. Replaying a requestId with a different payload returns 409 request_id_conflict:
409, fetch the existing resource by requestId rather than retrying the create.
Rate limiting
Endpoints are rate limited. The API applies pre-auth request limiting, global API-key limiting for authenticated requests, and endpoint-specific or wallet-scoped limits where configured. Limits vary by environment and may change; use429 handling rather than depending on fixed numeric thresholds.
Rate-limit headers are not currently emitted. When rate limited, the API returns 429 Too Many Requests; back off and retry with jitter.
Error handling
Business API errors are returned as JSON with a human-readableerror string and a machine-readable code field.
Business API errors include both
error and code fields. Authentication middleware can return { "error": "...", "message": "..." } before the request reaches a business handler. Use code for programmatic branching when it is present, and use the error string for logging and debugging.