API reference
Every endpoint, exactly as deployed.
Plain HTTP and JSON. Public identity checks need no key; partner endpoints authenticate with sandbox or production Bearer keys.
Endpoints
Surface area
| Method | Path | Auth | Availability | Description |
|---|---|---|---|---|
| GET/POST | /api/v1/identity/check | None | live | Check a name + ticker pair. Optional chain and launcher wallet. Returns status, decision, authorized launcher, protection expiry, and data source. |
| GET | /api/v1/identity/status?key=NAME::TICKER | None | live | Identity detail + full event timeline by identity key. |
| GET | /api/v1/protected-identities | None | live | Explorer listing with q / chain / status filters and cursor pagination (max limit 50). |
| GET | /api/v1/chains | None | live | Typed chain registry plus live per-chain health (latest block, index lag, indexer reachability). |
| GET | /api/v1/health | None | live | Service telemetry: registry index, HyperEVM RPC, cross-chain indexers, partner API. |
| POST | /api/v1/sandbox/keys | None | live | Self-serve sandbox key creation. Raw key + webhook signing secret returned exactly once. |
| GET/DELETE | /api/v1/sandbox/keys | Bearer key | live | Introspect usage and limits for the calling key, or revoke it. |
| GET | /api/v1/sandbox/logs | Bearer key | live | Recent request logs for the calling key. |
| POST | /api/v1/launches/validate | Bearer key | live | Signed launch decision: allow, allow_authorized_only, block, or recheck_required. Supports Idempotency-Key and nonce replay protection. 5-minute decision TTL. |
| POST | /api/v1/launches/report | Bearer key | sandbox | Report a completed launch. Sandbox keys write sandbox records; production reporting requires a provisioned production key. |
| POST | /api/v1/events/bonded | Bearer key | sandbox | Report a bonding event. Longest-lock semantics: 60d reserved / 48h unreserved. |
| POST | /api/v1/events/milestone | Bearer key | sandbox | Report a verified market-cap milestone. 90d reserved / 7d unreserved. |
| GET/POST | /api/v1/webhooks | Bearer key | live | List or register webhook endpoints. Payloads signed via X-AntiVamp-Signature (HMAC-SHA256). |
| PATCH/DELETE | /api/v1/webhooks/:id | Bearer key | live | Pause, rotate the signing secret, or delete an endpoint. |
| GET | /api/v1/webhooks/deliveries | Bearer key | live | Delivery history with attempt counts and response codes. |
| POST | /api/v1/webhooks/deliveries/:id/replay | Bearer key | live | Replay a recorded delivery to its endpoint. |
| POST | /api/v1/webhooks/test | Bearer key | live | Send a signed test event to every active endpoint. |
| GET | /api/v1/openapi | None | live | Machine-readable OpenAPI 3.1 spec for this API. |
| POST | /api/v1/events/graduated | Bearer key | planned | Graduated identity block reporting — ships with the production reporting pipeline. |
Errors
Structured error codes
Every partner-endpoint error is { error: { code, message, details? } }. Treat any 5xx from validation as a blocked launch — AntiVamp fails closed.
| Code | HTTP | Meaning |
|---|---|---|
| invalid_json | 400 | Body was not valid JSON. |
| invalid_request | 400 | Schema validation failed — details array included. |
| insecure_url | 400 | Webhook URL must be https (localhost allowed). |
| missing_api_key | 401 | No Authorization: Bearer header supplied. |
| invalid_api_key | 401 | Key unknown or malformed. |
| key_revoked | 401 | Key has been revoked. |
| production_reporting_restricted | 403 | Sandbox keys cannot write production records. |
| webhook_not_found | 404 | No webhook with that id belongs to this key. |
| delivery_not_found | 404 | No delivery with that id belongs to this key. |
| rate_limited | 429 | Per-minute limit exceeded (default 60 req/min per key). |
| validation_failed | 502 | Backend unavailable — fail closed, do not allow the launch. |
| service_unavailable | 503 | Backend not configured in this environment. |
Full request/response walkthroughs with curl, TypeScript, and Python live on the Developers page.