> ## Documentation Index
> Fetch the complete documentation index at: https://docs.groundtech.co/llms.txt
> Use this file to discover all available pages before exploring further.

# API Conventions

> Authentication, environments, pagination, idempotency, rate limiting, and error handling.

This page covers the conventions shared across all Portfolio Wallet API endpoints.

## Base path

Wallet resources use the `/v2/wallets` path prefix. Supporting APIs use their own `/v2/*` prefixes, including `/v2/activity`, `/v2/accounting`, `/v2/webhooks`, `/v2/address-book`, `/v2/turnkey`, and `/v2/system`.

## Authentication

All requests require a Bearer token in the `Authorization` header. If the token is missing or invalid, the API returns `401`.

```bash theme={"theme":{"light":"github-light","dark":"github-dark"}}
curl -X GET "https://sandbox.groundtech.co/v2/wallets" \
  -H "Authorization: Bearer $API_TOKEN"
```

```json theme={"theme":{"light":"github-light","dark":"github-dark"}}
{
  "data": [
    {
      "id": "9d1a1c83-3a1c-4c14-9c5a-0c9a57a4a7db",
      "label": "Core Yield Portfolio",
      "status": "idle",
      "balance": {
        "totalUsd": "82500.000000",
        "earnedUsd": "250.000000",
        "reservedUsd": "0.000000",
        "withdrawableUsd": "82500.000000"
      },
      "createdAt": "2026-02-05T08:15:00.000Z",
      "positions": [
        { "id": "cash:ethereum:usdc", "kind": "cash", "label": "Cash (Ethereum)", "valueUsd": "0.000000" },
        { "id": "syrup-usdc", "pct": 40, "kind": "yield_source", "label": "Syrup USDC", "valueUsd": "33000.000000", "yieldSourceId": "syrup-usdc", "mode": "active", "apyBps": 491 },
        { "id": "morpho-gauntlet-usdc", "pct": 30, "kind": "yield_source", "label": "Morpho Gauntlet USDC Prime", "valueUsd": "24750.000000", "yieldSourceId": "morpho-gauntlet-usdc", "mode": "active", "apyBps": 500 },
        { "id": "morpho-steakhouse-usdc", "pct": 30, "kind": "yield_source", "label": "Morpho Steakhouse USDC Prime", "valueUsd": "24750.000000", "yieldSourceId": "morpho-steakhouse-usdc", "mode": "active", "apyBps": 500 }
      ],
      "failureReason": null,
      "depositAddresses": {
        "arbitrum": "0x21246509968c4d24611f414560971AEc2e3A079B",
        "base": "0x21246509968c4d24611f414560971AEc2e3A079B",
        "ethereum": "0x21246509968c4d24611f414560971AEc2e3A079B",
        "polygon": "0x21246509968c4d24611f414560971AEc2e3A079B",
        "solana": "7nYzKxM3bP4oEFbqkPmA5E2rYJ8HqKz8vFg9abc1"
      }
    }
  ],
  "nextCursor": null
}
```

## Environments

| Environment | Base URL                           |
| ----------- | ---------------------------------- |
| Sandbox     | `https://sandbox.groundtech.co`    |
| Production  | `https://production.groundtech.co` |

Sandbox focuses on test networks while you integrate. Production processes live funds on supported chains. Swap the base URL to move between environments, but note that sandbox uses explicit testnet chain keys such as `ethereum_sepolia` and may expose a smaller yield-source catalog than production.

Sandbox is limited to a subset of networks for integration testing. Unlike production, sandbox chain keys include the network suffix to make the testnet explicit:

* `ethereum_sepolia` -- Ethereum Sepolia testnet
* `solana_devnet` -- Solana devnet

Production uses canonical chain names (`arbitrum`, `base`, `ethereum`, `polygon`, `solana`). See [Supported Chains](/docs/portfolio-wallets/supported-chains) for details.

## Pagination

List endpoints use **cursor-based** pagination with `limit` and `cursor` parameters.

```bash theme={"theme":{"light":"github-light","dark":"github-dark"}}
curl -X GET "$BASE_URL/v2/wallets/$WALLET_ID/withdrawals?limit=25" \
  -H "Authorization: Bearer $API_TOKEN"
```

The response includes a `nextCursor` field. Pass it as `cursor` to fetch the next page:

```bash theme={"theme":{"light":"github-light","dark":"github-dark"}}
curl -X GET "$BASE_URL/v2/wallets/$WALLET_ID/withdrawals?limit=25&cursor=$NEXT_CURSOR" \
  -H "Authorization: Bearer $API_TOKEN"
```

When `nextCursor` is `null`, you have reached the end of the result set.

Endpoint-specific filters, sort options, limits, and status semantics vary by endpoint. Treat each API reference page's parameter table as authoritative for that endpoint.

## Idempotency

Create and withdrawal endpoints accept a `requestId` (UUID v4). These endpoints return **`200 OK`** for both the initial request and an idempotent replay with the same `requestId` — the existing resource state is returned on replay.

Wallet and withdrawal creation use `requestId` to find and return the existing resource on replay. Do not rely on these create endpoints to compare the replayed payload field-by-field.

```bash theme={"theme":{"light":"github-light","dark":"github-dark"}}
curl -X POST "$BASE_URL/v2/wallets" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "requestId": "f0a3afc3-1e67-4c0c-a8e1-3f5d8fb9a23b",
    "label": "Core Yield Portfolio",
    "strategy": {
      "allocations": {
        "usdc": [
          { "yieldSourceId": "syrup-usdc", "pct": 40 },
          { "yieldSourceId": "morpho-gauntlet-usdc", "pct": 30 },
          { "yieldSourceId": "morpho-steakhouse-usdc", "pct": 30 }
        ],
        "usdt": [
          { "yieldSourceId": "cash", "pct": 100 }
        ]
      }
    }
  }'
```

The public write shape uses token-keyed allocation groups with `yieldSourceId` and `pct`. Each included group independently totals 100%.

Allocation `pct` values support 0.1% increments and must sum to 100.

Replaying the same `requestId` with the **same** payload returns `200 OK` with the existing resource. Replaying a `requestId` with a **different** payload returns `409 request_id_conflict`:

```json theme={"theme":{"light":"github-light","dark":"github-dark"}}
{
  "error": "requestId has already been used with a different payload",
  "code": "request_id_conflict",
  "details": "The requestId 1f1c3b2a-0000-4000-8000-000000000001 was first used with a different allocation."
}
```

When you receive a `409`, fetch the existing resource by `requestId` rather than retrying the create.

## Rate limiting

Endpoints are rate limited. The API applies pre-auth request limiting, global API-key limiting for authenticated requests, and endpoint-specific or wallet-scoped limits where configured. Limits vary by environment and may change; use `429` handling rather than depending on fixed numeric thresholds.

Rate-limit headers are not currently emitted. When rate limited, the API returns `429 Too Many Requests`; back off and retry with jitter.

## Error handling

Business API errors are returned as JSON with a human-readable `error` string and a machine-readable `code` field.

```json theme={"theme":{"light":"github-light","dark":"github-dark"}}
{
  "error": "Missing required fields: destinationAddress, amountUsd, destinationChain, requestId",
  "code": "validation_error"
}
```

| HTTP status | Meaning                                                             | Action                                  |
| ----------- | ------------------------------------------------------------------- | --------------------------------------- |
| `400`       | Validation error                                                    | Fix the request and retry               |
| `401`       | Authentication failed                                               | Check your Bearer token                 |
| `404`       | Resource not found                                                  | Verify the wallet/withdrawal ID         |
| `409`       | `requestId` reused with a different payload (`request_id_conflict`) | Fetch the existing resource instead     |
| `429`       | Rate limited                                                        | Back off and retry with jitter          |
| `500`       | Server error                                                        | Log the response and retry with backoff |

Business API errors include both `error` and `code` fields. Authentication middleware can return `{ "error": "...", "message": "..." }` before the request reaches a business handler. Use `code` for programmatic branching when it is present, and use the `error` string for logging and debugging.
