DOCS / API

Seven endpoints, one signature each.

Base URL https://useflipforge.xyz. Every read endpoint accepts ?cluster=devnet (default mainnet) and returns result + slot + receipt. Errors come back as { error } with a matching HTTP status — errors are not signed.

Auth: no key needed to explore. With an X-Api-Key header (get one in the dashboard) you run at 600 req/min, metered per key — invalid or revoked keys get 401, over the window gets 429. Holder tiers land with $FORGE.

GET /api/v1/status

Probes the ZK ElGamal Proof program on mainnet and devnet by simulating VerifyZeroCiphertext against the native program. A live program parses and rejects the empty payload; a feature-gated one never executes.

clusters[].deployedprogram account exists and is executable
clusters[].enabledthe simulation reached the program
clusters[].logsfirst program log lines, for transparency

GET /api/v1/mint/:address

Decodes a Token-2022 mint: the classic header, every extension TLV by name, and the full confidential-transfer config if present.

header.supply / decimalsclassic SPL mint fields
extensions[]type id, name and byte length of each TLV
confidentialTransferMint.authoritywho can update the config / approve accounts
confidentialTransferMint.autoApproveNewAccountsfalse ⇒ the issuer approves each account
confidentialTransferMint.auditorElgamalPubkeyset ⇒ this key can decrypt every transfer amount

GET /api/v1/account/:address

Decodes a Token-2022 token account, including the 295-byte ConfidentialTransferAccount extension: approval state, the account's ElGamal pubkey and the encrypted balances themselves.

header.amountthe public (non-confidential) amount
confidential.availableBalanceTwisted ElGamal ciphertext: commitment + handle, 32 bytes each
confidential.pendingBalanceLo / Hiencrypted pending credits, split 16/48 bits
confidential.pendingBalanceCreditCounterhow many confidential credits await ApplyPendingBalance

GET /api/v1/tx/:signature

Decodes a transaction's confidential-transfer and proof instructions byte-by-byte, names each one and explains what it guarantees.

instructions[].namee.g. ConfidentialTransfer, VerifyBatchedRangeProofU64
instructions[].meaningone-line plain-language guarantee
logsfirst 30 program log lines

GET /api/v1/registry

The known institutional mints with the confidential extension (PYUSD, USDG, AUSD), parsed live from mainnet on every request — supply, decimals, config. Nothing cached, nothing hand-written.

mints[].livenull if the account disappeared — we show what the chain shows

GET /api/v1/activity

The most recent transactions that invoked the ZK ElGamal Proof program — a live pulse of confidential-transfer usage.

transactions[]signature, slot, blockTime, error

GET /api/v1/pubkey

The ed25519 public key every receipt verifies against. Pin it in your integration.

pubkey59bd5714f8c76aeb45f27f55eb0d4aec…