Skip to main content
Perps Agent talks to three classes of external APIs.

1. Exchange APIs (e.g. Bybit)

  • Auth: user-provided, trade-only API key + secret. Stored encrypted at rest.
  • Transport: REST for actions, WebSocket for market data and fills.
  • Permissions: trade-only. No withdraw. No transfer.
  • Rate limits: handled per-venue in the adapter; the engine never bypasses them.
  • Failure handling: transient errors retried with backoff; persistent errors surface to the user in Telegram.

2. Mantle RPC

  • Reads: event logs for commits and attestations, consumed by the indexer feeding the AI loop.
  • Writes: commit(...) before trading, attest(...) after. Both signed by an agent service key whose only authority is to write append-only registry entries.
  • Verification: every write is verifiable independently by an observer using a public Mantle RPC.

3. x402 alpha API (outbound)

For programmatic consumers of Perps Agent’s signals:
  • Pricing: per-call, charged on-chain via x402.
  • Auth: wallet signatures and on-chain payment receipts — no API keys.
  • Endpoints: see x402 alpha API.

Security boundaries

  • The exchange adapter is the only component that holds user API keys.
  • The on-chain agent key can write registry entries but cannot move user funds.
  • The Telegram bot is a thin UX layer — it never touches venue keys or chain keys directly.
Perps Agent will never ask you to share withdraw-enabled keys, seed phrases, or 2FA seeds. See Official links to verify any account claiming to be us.