Skip to main content
Every error response is JSON with an error message:
Some responses include an extra details object (for example, GET /vault/register when a vault already exists).

Authentication errors apply everywhere

Every endpoint except POST /auth/challenge and POST /auth/verify requires a JWT in the Authorization: Bearer <token> header. A missing, malformed, or expired token returns:
with status 401. When you see a 401 on an authenticated call, re-run the challenge-response flow to get a fresh token. The tables below list the errors specific to each endpoint on top of this shared 401.

Authentication

POST /auth/challenge

POST /auth/verify

Vault

GET /vault

GET /vault/register

Deposit

POST /deposit/craft

Orders

POST /orders/price

PATCH /orders/price/

POST /orders/price/cancel/

POST /orders/price/confirm-cancel/

History

GET /orders/history

Lifecycle

The full call sequence and order state machine.

Manage Orders

Update, cancel, and recover orders.