API Reference
REST endpoints for payments, swaps, compliance, and wallet verification.
NautPay Routes (Next.js API)
POST /api/agent
Server-side agent endpoint. Parses natural-language payment intent, runs compliance pre-flight, returns structured transaction for wallet signing.
Request:
{
"message": "Pay 5000 USDC to alice.sol",
"walletAddress": "7xKXtg...",
"contacts": [{ "name": "alice", "address": "ABC123..." }]
}Response (approved):
{
"intent": {
"action": "transfer",
"amount": 5000,
"token": "USDC",
"recipient": "alice.sol",
"confidence": 0.95
},
"compliance": {
"approved": true,
"risk_score": 0.05,
"recommendation": "approve"
},
"resolved": {
"from": "7xKXtg...",
"to": "ABC123...",
"source": "sns",
"label": "alice.sol"
},
"execute": {
"action": "transfer",
"amount": 5000,
"token": "USDC",
"recipient": "ABC123..."
}
}POST /api/swap
Server-side Jupiter proxy. Avoids CORS issues and dead DNS (quote-api.jup.ag).
Quote request:
{ "action": "quote", "inputToken": "USDC", "outputToken": "EURC", "amount": 1000 }Transaction request:
{ "action": "transaction", "quote": { ... }, "userPublicKey": "7xKXtg..." }POST /api/wallet-verify
Server-side proxy for NautLense wallet verification. Adds NAUTLENSE_SERVICE_TOKEN as Bearer auth.
Actions:
{ "action": "status", "wallet_address": "7xKXtg..." }
{ "action": "initiate", "wallet_address": "7xKXtg...", "chain": "solana" }
{ "action": "confirm", "verification_id": "uuid", "signature": "base58..." }POST /api/kyc/sumsub-token
Sumsub WebSDK access token generation. Returns 503 if Sumsub credentials not configured.
NautLense API (Compliance Engine)
Base URL: https://api.nautlense.com (production) / http://localhost:8090 (local)
Core Transactions
| Endpoint | Method | Description |
|---|---|---|
/tx/capture | POST | Record tx + risk scoring + sanctions + Travel Rule + hash chain |
/tx/compliance-check | POST | Pre-flight risk assessment (no DB write) |
/tx/recent | GET | Recent transactions feed (pagination) |
/tx/verify-chain | GET | SHA256 hash chain integrity verification |
/tx/:id | GET | Single transaction detail |
Travel Rule & Compliance
| Endpoint | Method | Description |
|---|---|---|
/settings/jurisdictions | GET/PUT | CH/DE/AT/EU jurisdiction configs |
/counterparties | POST/GET | Address book with auto-risk scoring |
/travel-rule/validate | POST | Pre-flight data completeness check |
/travel-rule/transfers | POST/GET | Travel Rule transfer records |
/travel-rule/stats | GET | Compliance statistics |
/travel-rule/receive | POST | Inbound VASP-to-VASP data (IVMS101) |
Sanctions Screening
| Endpoint | Method | Description |
|---|---|---|
/sanctions/screen | POST | Screen name/address against SECO/OFAC/EU/UN |
/sanctions/screen-batch | POST | Batch screening (max 100) |
/sanctions/lists | GET | Available sanctions lists metadata |
Wallet Verification (Poco)
| Endpoint | Method | Description |
|---|---|---|
/wallets/verify/initiate | POST | Start verification (generates challenge) |
/wallets/verify/confirm | POST | Submit signed challenge |
/wallets/verify/:address/status | GET | Check verification status |
Emergency
| Endpoint | Method | Description |
|---|---|---|
/emergency/lockdown | POST | Freeze all transaction processing |
/emergency/unlock | POST | Lift lockdown |
/emergency/status | GET | Current state + history |
Other
| Endpoint | Method | Description |
|---|---|---|
/sar | POST | Create SAR (case number: SAR-YYYY-NNNN) |
/sar/:id/submit | PUT | File to authority + asset freeze |
/auth/login | POST | JWT auth with RBAC |
/reports/generate | POST | Generate compliance reports |
/analytics/compliance | GET | Dashboard stats (Redis cached) |
/analytics/accounting | GET | Cost basis FIFO, P&L, tax events |
/health | GET | System health check |