10. API Specification
10.1 Verification API
The Baseline API exposes RESTful endpoints for claim submission, Verification Object retrieval, attestation queries, and engine management.
Base URL: https://api.baseline.io/v1
| Endpoint | Method | Description |
|---|---|---|
/claims |
POST | Submit a claim for verification |
/claims/{claimId} |
GET | Retrieve claim definition |
/verification-objects |
GET | List VOs (with filters) |
/verification-objects/{voId} |
GET | Retrieve single VO |
/verification-objects/{voId}/attestations |
GET | List attestations for VO |
/engine/versions |
GET | List available engine versions |
/engine/versions/{version} |
GET | Engine version details |
/predicates |
GET | List registered predicates (all versions) |
/predicates/{predicateId} |
GET | Predicate details (ACTIVE version) |
/predicates/{predicateId}/versions |
GET | All versions of a predicate |
/engine/versions/{version}/manifest |
GET | Predicate Manifest for an engine version (Section 2.5) |
10.2 Product API (Memecoin Intel Portal)
| Endpoint | Method | Description |
|---|---|---|
/api/coins |
GET | List tracked coins |
/api/coins/{coinId} |
GET | Coin details |
/api/coin-scores |
GET | All coin scores (paginated) |
/api/coin-scores/{scoreId} |
GET | Score by ID |
/api/coin-scores/ca/{contractAddress} |
GET | Score by contract address |
/api/coin-scores/coin/{coinId} |
GET | Score by coin ID |
/api/coin-scores/tier/{tier}/top |
GET | Top coins by tier |
/api/coin-scores/stats/distribution |
GET | Score distribution by tier |
/api/social/content |
GET | Social content feed |
/api/baseline-feed |
GET | Aggregated Baseline insights |
/api/baseline-feed/recent |
GET | Recent insights |
/api/baseline-feed/ticker/{ticker} |
GET | Insights by ticker |
/api/baseline-feed/ca/{ca} |
GET | Insights by contract address |
/api/bot-trader/accounts |
GET | Bot trading accounts |
/api/bot-trader/history/{accountId} |
GET | Trading history |
/api/bot-trader/portfolio/{accountId} |
GET | Bot portfolio |
/api/pnl-history |
GET | PNL history (all accounts) |
/api/pnl-history/account/{accountId} |
GET | PNL history (single account) |
/api/watchlist |
GET/POST | User watchlist |
/api/watchlist/{coinId} |
DELETE | Remove from watchlist |
/api/watchlist/check/{coinId} |
GET | Check if coin in watchlist |
10.3 Authentication
The API supports three authentication mechanisms:
API Key (Server-to-Server)
For server-to-server integration.
Header: X-API-Key: <api_key>
OAuth 2.0 (End-User)
Providers: Google, Apple Flow: Authorization code with PKCE
| Endpoint | Method | Description |
|---|---|---|
/api/auth/oauth/providers |
GET | Available providers |
/api/auth/oauth/google |
GET | Google OAuth redirect |
/api/auth/oauth/apple |
GET | Apple OAuth redirect |
Wallet Authentication (Web3)
Flow: Challenge-response with message signing
| Endpoint | Method | Description |
|---|---|---|
/api/auth/wallet/challenge |
POST | Get signing challenge |
/api/auth/wallet/verify |
POST | Verify signature |
/api/auth/wallet/link |
POST | Link wallet to user |
Session Management
| Endpoint | Method | Description |
|---|---|---|
/api/auth/session/refresh |
POST | Refresh access token |
/api/auth/session/logout |
POST | Logout current session |
/api/auth/session/logout-all |
POST | Logout all sessions |
JWT Configuration:
- Access token expiry: 15 minutes (configurable)
- Refresh token expiry: 7 days (configurable)
- Signing algorithm: HS256
10.4 Real-Time Data Pipeline
For real-time monitoring and low-latency alerts, the system provides:
WebSocket Endpoints:
| Endpoint | Description |
|---|---|
ws://api.baseline.io/ws/events |
Real-time trade events |
ws://api.baseline.io/ws/scores |
ML score updates |
ws://api.baseline.io/ws/feed |
Baseline feed updates |
Event Types (Server → Client):
{ "type": "event", "data": "TradeEvent" }
{ "type": "ml_score", "data": "MLScore" }
{ "type": "token_meta", "data": "TokenMetadata" }
{ "type": "stats", "data": "GlobalStats" }
{ "type": "feed_update", "data": "BaselineFeedItem" }
Supported DEX Sources (Solana):
| DEX | Program ID |
|---|---|
| Pump.fun | 6EF8rrecthR5Dkzon8Nwu78hRvfCKubJ14M5uBEwF6P |
| PumpSwap | — |
| Raydium V4, Raydium CLMM | — |
| Orca Whirlpool | — |
| Meteora DLMM | — |
| Jupiter (aggregator) | — |
| Bags, Bags AMM | — |
Data Collection Method:
- Pure WebSocket subscription to on-chain logs (zero HTTP rate limiting)
- Events parsed directly from transaction logs (no
getParsedTransactioncalls) - AES-256-GCM encrypted logging for compliance and ML training data
- Signature deduplication to prevent double-counting
10.5 SDK Type Contract (@baseline/core)
The Verification API endpoints above accept and return structured objects whose types are formally defined in Appendix F: SDK Type Definitions. Integrators building on Baseline SHOULD use a typed SDK client rather than constructing raw REST calls.
The @baseline/core package (reference implementation: TypeScript) exports:
| Export | Description |
|---|---|
createBaselineClient(config) |
Factory function returning a typed BaselineClient |
ClaimSubmission |
Input type for POST /claims |
VerificationObject |
Output type for GET /verification-objects/{voId} |
Attestation |
Output type for attestation queries |
BaselineError |
Discriminated error type with structured code + details |
PaginatedResponse<T> |
Generic wrapper for all list endpoints (cursor-based) |
Pagination contract: All list endpoints use cursor-based pagination. Clients pass { cursor?, limit? } as query parameters and receive { data: T[], pagination: { cursor, hasMore, total? } }. Cursors are opaque strings — clients MUST NOT parse or construct them.
Error contract: All errors return HTTP 4xx/5xx with a BaselineError body. The error.code field is a machine-readable discriminant (e.g., INVALID_CLAIM, VO_NOT_FOUND). Claim validation errors include a violations array with per-field details (JSONPath, rule, message).
See Appendix F for the complete type definitions, client interface, and usage examples.
10.6 Trust Advisory and Anchoring Status
Every VO response MUST include the baselineChain object with anchoringStatus and anchoringPhase fields. These fields are the consumer's primary signal for determining what level of independent verification is possible for a given VO.
Anchoring status values:
anchoringStatus |
Consumer action |
|---|---|
PRE_ANCHORING |
No independent verification possible. The VO exists only in the operator's database. Treat as operator-asserted. Display a trust warning in UIs. |
PENDING |
Anchoring infrastructure is operational but this VO is not yet anchored. Typically resolves within 60-300 seconds. |
ANCHORED |
Independent verification is possible. Consumer can verify the VO's voId against the on-chain Merkle root via the inclusion proof. |
FAILED |
Anchoring was attempted but failed. The VO will be retried. Treat as PENDING. |
Migration phase context:
The anchoringPhase field (SHADOW, TESTNET, MAINNET, or null) indicates which migration phase (Section 8.8) the protocol was in when the VO was created. During SHADOW and TESTNET phases, all VOs have anchoringStatus: "PRE_ANCHORING" — consumers are trusting the operator with no on-chain recourse. Products built on Baseline during these phases SHOULD display this trust level prominently (e.g., "Operator-verified only — not yet anchored on-chain").
Recommended consumer behavior:
if (vo.baselineChain.anchoringStatus === "PRE_ANCHORING") {
// Display: "Operator-verified — independent verification not yet available"
// Do NOT present as independently verified
} else if (vo.baselineChain.anchoringStatus === "ANCHORED") {
// Display: "Anchored on FirmaChain — independently verifiable"
// Optionally verify: fetch Merkle proof, confirm against on-chain root
} else {
// PENDING or FAILED — anchoring in progress
// Display: "Verification pending on-chain confirmation"
}