Authentication
Read endpoints on the Cupdiction API are public — no authentication required. Write endpoints require a Privy access token.
Getting a token
Cupdiction uses Privy for authentication. When a user signs in, Privy issues a short-lived JWT access token.
In the Cupdiction frontend:
import { usePrivy } from '@privy-io/react-auth'
const { getAccessToken } = usePrivy()
// Get a fresh token before each write request
const token = await getAccessToken()Using the token
Pass it as a Bearer token in the Authorization header:
POST /api/orders
Authorization: Bearer <privy_access_token>
Content-Type: application/json
{
"marketId": "bags-a1b2c3d4",
"side": "YES",
"amount": 50,
"currency": "USDC",
"maxSlippageBps": 500
}Token lifetime
Privy access tokens expire after a short period. Always call getAccessToken() immediately before each request rather than caching the token.
Endpoints that require authentication
| Endpoint | Notes |
|---|---|
POST /api/orders | Place a trade |
GET /api/wallet/balances | Your balances |
GET /api/wallet/positions | Your open positions |
GET /api/wallet/ledger | Transaction history |
POST /api/wallet/deposits/submit | Verify a deposit |
POST /api/wallet/withdraw | Withdraw funds |
GET /api/queue | Your trade queue |
POST /api/queue | Add to queue |
DELETE /api/queue/{id} | Cancel queue entry |
POST /api/queue/{id}/activate | Activate queue entry |
Admin endpoints
Admin endpoints additionally require the caller’s Privy user ID to be listed in the ADMIN_PRIVY_IDS environment variable. These are not available to regular users.
⚠️
Admin API documentation is internal and not published here. Contact the Cupdiction team for admin access.