DOCS / API
Seven endpoints, one signature each.
Base URL https://useflipforge.xyz. Every read endpoint accepts ?cluster=devnet (default mainnet) and returns result + slot + receipt. Errors come back as { error } with a matching HTTP status — errors are not signed.
Auth: no key needed to explore. With an X-Api-Key header (get one in the dashboard) you run at 600 req/min, metered per key — invalid or revoked keys get 401, over the window gets 429. Holder tiers land with $FORGE.
GET /api/v1/status
Probes the ZK ElGamal Proof program on mainnet and devnet by simulating VerifyZeroCiphertext against the native program. A live program parses and rejects the empty payload; a feature-gated one never executes.
| clusters[].deployed | program account exists and is executable |
| clusters[].enabled | the simulation reached the program |
| clusters[].logs | first program log lines, for transparency |
GET /api/v1/mint/:address
Decodes a Token-2022 mint: the classic header, every extension TLV by name, and the full confidential-transfer config if present.
| header.supply / decimals | classic SPL mint fields |
| extensions[] | type id, name and byte length of each TLV |
| confidentialTransferMint.authority | who can update the config / approve accounts |
| confidentialTransferMint.autoApproveNewAccounts | false ⇒ the issuer approves each account |
| confidentialTransferMint.auditorElgamalPubkey | set ⇒ this key can decrypt every transfer amount |
GET /api/v1/account/:address
Decodes a Token-2022 token account, including the 295-byte ConfidentialTransferAccount extension: approval state, the account's ElGamal pubkey and the encrypted balances themselves.
| header.amount | the public (non-confidential) amount |
| confidential.availableBalance | Twisted ElGamal ciphertext: commitment + handle, 32 bytes each |
| confidential.pendingBalanceLo / Hi | encrypted pending credits, split 16/48 bits |
| confidential.pendingBalanceCreditCounter | how many confidential credits await ApplyPendingBalance |
GET /api/v1/tx/:signature
Decodes a transaction's confidential-transfer and proof instructions byte-by-byte, names each one and explains what it guarantees.
| instructions[].name | e.g. ConfidentialTransfer, VerifyBatchedRangeProofU64 |
| instructions[].meaning | one-line plain-language guarantee |
| logs | first 30 program log lines |
GET /api/v1/registry
The known institutional mints with the confidential extension (PYUSD, USDG, AUSD), parsed live from mainnet on every request — supply, decimals, config. Nothing cached, nothing hand-written.
| mints[].live | null if the account disappeared — we show what the chain shows |
GET /api/v1/activity
The most recent transactions that invoked the ZK ElGamal Proof program — a live pulse of confidential-transfer usage.
| transactions[] | signature, slot, blockTime, error |
GET /api/v1/pubkey
The ed25519 public key every receipt verifies against. Pin it in your integration.
| pubkey | 59bd5714f8c76aeb45f27f55eb0d4aec… |