EQUENTOR

Developers

Custody API

Manage custody programmatically: accounts and wallets, deposit addresses, balances, withdrawal and transfer instructions, Travel Rule payloads, and webhooks. Production access follows onboarding.

Environments & auth
Production  https://api.equentor.com/v1
Sandbox     https://api-sandbox.equentor.com/v1
X-API-Key  <key_id>
X-Timestamp  unix seconds
X-Signature  HMAC-SHA256(secret, ts+method+path+body)
Idempotency-Key  on writes
Endpoints
POST /accountsCreate a custody account
POST /walletsCreate a wallet for an asset
GET /walletsList wallets
GET /wallets/{id}/addressDeposit address
GET /balancesBalances across the account
POST /withdrawalsSubmit a transfer (policy engine)
GET /transactionsList transaction history
POST /travel-rule/messagesExchange IVMS101 payloads
POST /webhooksManage webhook subscriptions

Quickstart

Open an account and receive funds

# 1 · Create an account POST /v1/accounts { "name": "Treasury" } # 2 · Create a wallet POST /v1/wallets { "account_id": "acct_123", "asset": "ETH" } # 3 · Get a deposit address GET /v1/wallets/wlt_456/address { "address": "0x…" }

Transfers

Submit a withdrawal

# POST /v1/withdrawals { "account_id": "acct_123", "asset": "BTC", "amount": "0.25000000", "destination": { "address": "bc1q…", "vasp": { "name": "Counterparty Ltd", "ivms101_ref": "tr_abc" } }, "client_reference": "invoice-9981" } → 201 { "id": "wd_789", "status": "pending_policy_review" }
receivedpending_policy_reviewpending_approvalsigningbroadcastingcompleted

Webhooks

React to events

# Webhook → your endpoint X-Equentor-Signature: t=1750000000,v1=… { "type": "deposit.confirmed", "data": { "wallet_id": "wlt_456", "asset": "ETH", "amount": "1.5", "tx": "0x…" } }

Verify the signature and respond 2xx; events retry with backoff. Events include deposit.confirmed, withdrawal.completed and travel_rule.received.

Conventions

Working with the API

Authentication

API key with HMAC request signing over the timestamp, method, path and body. A short replay window applies; writes require an idempotency key.

Pagination

List endpoints use cursor-based pagination (limit + cursor).

Errors

Structured error objects with stable codes, e.g. policy_violation, rate_limited.

Rate limits

Default 600 read / 60 write requests per minute; 429 responses include a retry hint.

Idempotency

Safely retry writes by reusing an idempotency key; the original result is returned.

Sandbox

Test assets and simulated confirmations; API keys issued from the dashboard after onboarding.

FAQ

Common questions

How do I authenticate requests?

Each request carries your API key, a timestamp and an HMAC signature over the timestamp, method, path and body. Writes also include an idempotency key.

How are withdrawals approved?

After submission, a withdrawal moves through the policy engine and approvals before signing and broadcast. Track status via the API or webhooks.

Is there a sandbox?

Yes — a sandbox environment with test assets and simulated confirmations is available for integration.

Building an integration?

Tell us about your stack and we’ll set you up with sandbox access.

Talk to our team