8 specialised microservices. OpenAPI 3.0 specifications. Enterprise-grade authentication. Build on the full-stack economic operating system with comprehensive REST APIs designed for scale.
Each service owns a bounded domain and exposes a focused set of endpoints. All services share common authentication, error handling, and pagination patterns.
svc-auth
Unified OAuth2 Identity Provider with PKCE, session management, 15-minute access tokens with 7-day rotating refresh tokens, and multi-context account switching.
Public (login) / JWT Bearer
POST/auth/loginPOST/auth/refreshPOST/auth/logoutGET/auth/sessionsGET/auth/contextsGET/oauth/authorizePOST/oauth/tokensvc-kyc
Privacy-preserving identity verification with document upload, multi-step KYC workflows, face verification, and attribute-based queries without exposing personal data.
JWT Bearer
POST/kyc/documentsGET/kyc/status/:profileIdPOST/kyc/face-verificationGET/kyc/verify-attributesvc-tokenomics
Core value transfer layer. Execute GX transfers, query wallet balances, retrieve transaction histories, and manage genesis distribution — all with CQRS async processing and idempotency guarantees.
JWT Bearer
POST/transfersGET/wallets/:profileId/balanceGET/wallets/:profileId/transactionsPOST/genesisGET/treasury/:countryCode/balancesvc-government
Sovereign treasury management with public transparency endpoints. No authentication required for public data — treasury balances, disbursement histories, and economic statistics by country.
Public (read) / JWT Bearer (write)
GET/public/treasuriesGET/public/treasuries/:countryCodeGET/public/treasuries/:countryCode/disbursementsGET/public/treasuries/:countryCode/statisticsPOST/api-credentials/treasury/:idsvc-governance
On-chain governance for protocol evolution. Submit proposals, cast votes programmatically, and execute approved changes. Public read access to all active proposals and voting results.
Public (read) / JWT Bearer (write)
GET/proposalsGET/proposals/:proposalIdPOST/proposalsPOST/proposals/:proposalId/votePOST/proposals/:proposalId/executesvc-loanpool
Interest-free loan pool with credit-score-driven eligibility. Loan applications, multi-step approval workflows, repayment tracking, and borrower history — integrated with the 6-component credit scoring engine.
JWT Bearer
POST/loansGET/loans/:loanIdPOST/loans/:loanId/approveGET/users/:borrowerId/loanssvc-organization
Multi-signature institutional accounts with configurable authorization rules. Propose organizations, endorse membership, define signing thresholds, and execute multi-party transactions with three-eyes-minimum approval.
JWT Bearer
POST/organizationsPOST/organizations/:orgId/endorsePOST/organizations/:orgId/activatePOST/organizations/:orgId/rulesPOST/organizations/:orgId/transactionsPOST/transactions/:pendingTxId/approvesvc-trust
Dynamic credit scoring with 6 weighted components (trust, transactions, repayment, KYC, account maturity, velocity compliance). Consent-driven data sharing with FSPs, dispute resolution, and admin-configurable scoring parameters.
JWT Bearer
GET/credit-score/:participantIdGET/credit-score/:participantId/breakdownGET/credit-score/:participantId/historyPOST/credit-score/consent/grantPOST/credit-score/consent/revokePOST/credit-score/disputesPOST/credit-score/disputes/:id/resolveThree authentication methods support different integration patterns — from participant-facing applications to service-to-service communication and cross-application SSO.
For participant and admin applications
Authorization: Bearer <access_token>15-minute access tokens with 7-day rotating refresh tokens. Obtain via /auth/login, refresh via /auth/refresh with replay detection.
For service-to-service integrations
X-API-Key: <key> / X-API-Secret: <secret>Provisioned per treasury or institution. Generate via /api-credentials endpoints. Supports credential rotation and revocation.
For SSO integrations between applications
Authorization Code Flow with PKCEFull OAuth2 authorization code flow with PKCE challenge. Supports cross-application SSO between Wallet App and Command Center.
All GX Protocol APIs follow consistent patterns for reliability, consistency, and developer experience.
Financial write operations return a commandId immediately. Poll GET /commands/:commandId/status for PENDING → CONFIRMED or FAILED.
All write operations accept X-Idempotency-Key header. Duplicate requests with the same key return the original result without re-processing.
List endpoints support ?page=1&limit=20 parameters. Responses include total count and pagination metadata.
All errors return { success: false, error: { code, message, statusCode } }. Domain-specific error codes for programmatic handling.
| Endpoint Category | Limit | Window |
|---|---|---|
| Login | 5 requests | per minute |
| Token Refresh | 20 requests | per minute |
| OAuth Authorize | 20 requests | per minute |
| OAuth Token Exchange | 10 requests | per minute |
| Credit Score Recalculation | 1 request | per 60 minutes |
| Credit Disputes | 3 disputes | per 90 days |
| Consent Grants | 10 requests | per hour |
| General API | 100 requests | per 10 minutes |
All chartered partners receive dedicated engineering support, sandbox environment access, and comprehensive documentation for a seamless integration experience.