API reference

REST overview

The Advisors Crypto Agent API is REST + JSON. Same surface as the MCP server, exposed as endpoints for non-MCP runtimes.

Base URL

text
https://api.advisorscrypto.com/api/agent/v1

The OpenAPI 3.1 spec is at /openapi.json — feed it to any SDK generator or HTTP client.

Authentication

Bearer keys in the Authorization header on every call. See authentication for scopes and rotation.

Content type

Requests and responses are JSON. Send Content-Type: application/json on POSTs. We reject unknown fields with 400 Bad Request.

Error envelope

json
{
  "statusCode": 401,
  "message": "Invalid or revoked key",
  "error": "Unauthorized"
}

For validate_trade and propose_trade a 200 response can still carry allowed: false — that’s a policy rejection, not an HTTP error. Real HTTP errors mean the request didn’t reach the policy layer.

Idempotency

POST /trades/propose accepts an Idempotency-Key header. Within 24 hours a second call with the same key returns the existing record instead of creating a duplicate.

Rate limits

Global throttle of 100 requests per minute per user, applied before auth. Mostly a denial-of-service cap — interactive agents are nowhere near this. Bursts are tolerated within the window.

Endpoints

Six endpoints, three scopes. Click into any of them for full request and response shapes.

NameEndpointScope
whoami
GET/whoami
readget_mandate
GET/mandate
readget_holdings
GET/holdings
readvalidate_trade
POST/policy/validate
validatepropose_trade
POST/trades/propose
proposeget_audit
GET/audit
read
Last updated 2026-06-15
Suggest an edit·Changelog