Skip to main content

API Overview

The Steward API is a REST API built with Hono running on Bun. All responses follow a consistent ApiResponse<T> shape.

Base URL

https://api.steward.fi
For self-hosted instances, replace with your deployment URL.

Authentication

Steward supports three authentication methods:
For tenant-level operations (agent CRUD, policy management, secret management):
curl https://api.steward.fi/agents \
  -H "X-Steward-Key: stwd_your_tenant_api_key"
The API key is returned once when a tenant is created and cannot be retrieved again.

Platform Key

For platform-level operations (cross-tenant management), use the platform key:
curl https://api.steward.fi/platform/stats \
  -H "X-Steward-Platform-Key: your-platform-key"

Response Format

All endpoints return a consistent format:
// Success
{
  "ok": true,
  "data": T  // Response payload
}

// Error
{
  "ok": false,
  "error": "Human-readable error message",
  "data"?: T  // Optional additional context (e.g., policy results)
}

HTTP Status Codes

CodeMeaning
200Success
201Created (new resource)
202Accepted (transaction queued for approval)
400Bad request (invalid input)
401Unauthorized (missing or invalid auth)
403Forbidden (policy denied, wrong scope)
404Not found
409Conflict (duplicate resource)
429Too many requests
500Internal server error
502Bad gateway (RPC error from blockchain)

Rate Limits

The Bun API entrypoint enforces a process-local global request limit per client IP, and sensitive wallet routes can enforce Redis-backed per-agent limits via policies. Production multi-instance deployments should configure Redis for shared auth and wallet-action throttles. Rate-limited responses return 429 with Retry-After, standard RateLimit-Limit, RateLimit-Remaining, and RateLimit-Reset headers, plus legacy X-RateLimit-* compatibility headers. Successful wallet-action responses that evaluate a rate-limit policy include the same standard remaining budget headers without Retry-After.

Request Hardening Inventory

The generated OpenAPI contract marks sensitive mutating operations with x-steward-hardening. These operations are under the same sensitive-prefix inventory used by the request-expiry and authorization-signature middleware. For these routes:
  • X-Steward-Request-Timestamp or X-Steward-Request-Expires-At is required when request-expiry enforcement is enabled.
  • X-Steward-Signature is required when authorization signatures are enabled. The header accepts HMAC v1= signatures and P-256 p256= signatures.
  • X-Steward-Signing-Key-Id can select a managed tenant request-signing key.
  • Idempotency-Key is required for signed sensitive requests and recommended for all sensitive mutations.
OpenAPI also lists these headers as optional parameters because enforcement is deployment-configurable; the x-steward-hardening extension records when they become mandatory.

Idempotency and safe retries

For fund-moving or signing workflows, include a caller-stable referenceId in the request body when the endpoint supports it, and send an Idempotency-Key header for sensitive mutations where your deployment accepts or requires one. Use the same values when retrying after client timeouts so transaction history, audit events, and lifecycle webhooks can be correlated to one business operation. Bitcoin PSBT signing is sign/finalize-only: POST /vault/:agentId/sign-bitcoin-psbt returns Steward’s transactionId, may return finalized raw transaction metadata when finalize: true, and never broadcasts. Because the route enforces fee caps and spend/address policies before signing, clients should query by referenceId before creating replacement PSBT requests. If a finalized raw transaction was already handed to a broadcaster, do not retry that broadcast blindly; check the Bitcoin txId with your broadcaster or indexer first.

Route Groups

PrefixDescriptionAuth Required
/agentsAgent CRUD + policy managementTenant key or agent JWT
/accountsDigital asset account resources grouping tenant walletsTenant key
/user/me/walletAuthenticated user-wallet provisioning, indexed wallets, and additional signersPersonal user session
/vaultSigning, approvals, historyAgent JWT or tenant key
/auditTenant audit events and action-history filtersOwner/admin session + recent MFA
/secretsSecret + route CRUDTenant key only
/condition-setsReusable policy allow/block list CRUD and item managementTenant owner/admin session
/tenantsTenant managementTenant key
/authSIWE, passkeys, email loginVaries
/platformCross-tenant adminPlatform key
/healthHealth checkNone

Content Type

All request bodies must be JSON:
Content-Type: application/json

Error Handling

import { StewardClient, StewardApiError } from "@stwd/sdk";

try {
  await steward.signTransaction("my-agent", { ... });
} catch (error) {
  if (error instanceof StewardApiError) {
    console.error(`Status: ${error.status}`);
    console.error(`Message: ${error.message}`);
    console.error(`Data:`, error.data); // May contain policy results
  }
}