API Reference

The Dualis Finance API exposes 272 endpoints across 19 domain groups, served by Fastify 5.7 over HTTP and WebSocket. This page provides an overview of the API structure, authentication, and example requests.

Base URL

All API endpoints are served under a versioned base path:

Base URL

http://localhost:4000/v1

In production, replace the host with your deployment domain (e.g., https://api.dualis.finance/v1). All responses use application/json content type.

Authentication

Protected endpoints require a JWT Bearer token in the Authorization header. Obtain a token by authenticating through the /v1/auth/login endpoint.

Terminal

curl -X POST http://localhost:4000/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "demo@dualis.finance", "password": "Demo1234!"}'

Include the returned token in subsequent requests:

Terminal

curl http://localhost:4000/v1/pools \
  -H "Authorization: Bearer <your-jwt-token>"

Token Lifetime

JWT tokens expire after 24 hours. Use the /v1/auth/refresh endpoint to obtain a new token without re-authenticating.

Endpoint Groups

The 272 endpoints are organized into the following domain groups:

Group	Prefix	Description
Health	`/v1/health`	Service health and readiness checks
Auth	`/v1/auth`	Login, registration, token refresh, sessions
Pools	`/v1/pools`	Lending pool listings, details, and statistics
Supply	`/v1/supply`	Deposit and withdraw from lending pools
Borrow	`/v1/borrow`	Borrow requests, repayments, collateral management
Credit	`/v1/credit`	Credit tier assignments, score queries, tier parameters
Oracle	`/v1/oracle`	Price feeds, asset valuations, historical prices
Flash Loans	`/v1/flash-loans`	Atomic flash loan execution and history
Securities Lending	`/v1/sec-lending`	Securities lending offers, matches, and settlements
Governance	`/v1/governance`	Proposals, voting, delegation, results
Staking	`/v1/staking`	Stake, unstake, rewards, validator info
Productive	`/v1/productive`	Yield strategies, vault deposits, auto-compound
Institutional	`/v1/institutional`	Institutional accounts, sub-accounts, bulk operations
Privacy	`/v1/privacy`	Privacy-preserving transaction controls
Compliance	`/v1/compliance`	KYC/AML status, sanctions screening, audit logs
Analytics	`/v1/analytics`	Portfolio analytics, TVL, utilization, historical data
Notifications	`/v1/notifications`	User notification preferences and delivery
Admin	`/v1/admin`	Platform administration and configuration (privileged)
WebSocket	`/v1/ws`	Real-time data streams for prices, pools, positions

Example: List Lending Pools

Retrieve all active lending pools with their current rates and utilization:

Terminal

curl http://localhost:4000/v1/pools \
  -H "Authorization: Bearer <token>"

Response

{
  "data": [
    {
      "id": "pool_usdc_01",
      "asset": "USDC",
      "totalSupply": "12500000.00",
      "totalBorrow": "8750000.00",
      "utilization": 0.70,
      "supplyAPY": 0.0342,
      "borrowAPR": 0.0521,
      "collateralFactor": 0.85
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 8
  }
}

Example: Request a Borrow

Submit a borrow request against existing collateral:

Terminal

curl -X POST http://localhost:4000/v1/borrow/request \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "poolId": "pool_usdc_01",
    "amount": "5000.00",
    "collateralPositionIds": ["pos_eth_01", "pos_btc_02"]
  }'

Response

{
  "data": {
    "borrowId": "brw_abc123",
    "poolId": "pool_usdc_01",
    "amount": "5000.00",
    "borrowRate": 0.0521,
    "healthFactor": 1.82,
    "status": "pending_settlement",
    "createdAt": "2026-02-28T10:30:00Z"
  }
}

Health Factor

The API rejects borrow requests that would push the health factor below 1.0. Always check available borrowing power via GET /v1/borrow/capacity before submitting.

Request and Response Format

All request bodies must be valid JSON. The API validates inputs using Zod 4 schemas and returns structured errors for invalid payloads (see the Error Codes page for details). Successful responses wrap data in a { "data": ... } envelope. Paginated endpoints include a pagination object with page, limit, and total fields.

Full Specification

For the complete endpoint specification including all request/response schemas, query parameters, and error responses, refer to the docs/API_CONTRACT.md file in the repository. The contract document covers all 272 endpoints with exhaustive type definitions.

OpenAPI

An OpenAPI 3.1 specification is auto-generated from the Fastify route schemas. Access it at GET /v1/docs/openapi.json when running in development mode.