REPUTA

Developer & Agent API

Wallet risk & security,
as an API.

Everything the scanner shows - crisis behaviour, security, scores, Safe checks - as clean HTTP endpoints. Read-only, Ethereum mainnet. Facts (approvals, exposure, distribution) for any wallet; ratings only for wallets you own, proven by a free ownership signature (personal_sign, no transaction). Free reads; deep scans are paid per-use via x402.

Network polygon Per scan - Full report - Paywall ?

Quickstart

Fastest path: add the MCP server to your AI host and ask it about a wallet. No API key needed for the free tools.

  1. Add the server to your host config (Claude Desktop, Cursor, or any MCP host):
    {
      "mcpServers": {
        "reputa": {
          "command": "npx",
          "args": ["-y", "reputa-mcp"],
          "env": {
            "REPUTA_PAYER_PRIVATE_KEY": "0x…  (USDC on Polygon, optional)"
          }
        }
      }
    }
  2. Restart the host so it loads the server.
  3. Ask it: Analyze the wallet 0xd8dA…6045 with Reputa.

The payer key is optional - only needed to auto-pay the paid tools. Use a dedicated hot wallet with a small USDC balance on polygon, never your main key.

Endpoints

Free

No auth, no payment. Rate-limited per IP. Without ownership headers, crisis-check returns facts only (no verdict, no scores). To receive ratings, add X-OWNER-TS + X-OWNER-SIG - a free personal_sign of this message, signed by the wallet being scored (30-minute validity):

Reputa ownership proof
wallet: <0xyourwallet lowercase>
issued: <unix ms>
I confirm this wallet is mine. Scores are only computed for wallets you own.
This signature is free and only proves ownership. It does not move any funds.
POST/api/crisis-check

Crisis-behaviour verdict + security snapshot (approvals, flagged-address contact, protocol usage, concentration) incl. the CURRENT cross-chain ETH distribution.

POST/api/safe-owner

Teaser: Ethereum-only count of Safes this address co-controls. (details:true is paid.)

GET/api/resolve?name=

Resolve an ENS name (e.g. vitalik.eth) to its address.

GET/api/health

Service + paywall status: network, price, bundle price, rate-limit mode.

GET/api/cover/v1/analyses

Catalog of all DeFi cover analyses: Assecura score, band, covered protocol, coverage gaps, red flags, asOf. Free discovery for agents.

Paid

x402

Per-use each, USDC on polygon. Unpaid request → HTTP 402 with PaymentRequirements → sign an EIP-3009 authorization → retry with the X-PAYMENT header. Settle-before-deliver.

POST/api/scores

Security + Risk + Reputation scores, reason codes, profile traits, staking & governance.

POST/api/safe-check

Gnosis Safe: on-chain version, transaction guard, and enabled modules.

POST/api/safe-owner

details:true - full multichain Safe breakdown incl. the Safe addresses.

POST/api/approvals

Deep ERC-20 approval history (full, chunked).

POST/api/chain-history

Historical chain distribution, months = 3 / 6 / 12 / 24 (current state is free via crisis-check).

GET/api/cover/v1/analyses/{provider}/{product}

Full structured DeFi cover analysis (coverage clause by clause, claims, capital, red flags, sources). Free teaser in the 402 body, full via x402. The receipt is shared with the web unlock.

POST/api/full-report bundle

Everything above in one paid call: scores + traits, Safe config, Safe co-control (all chains), deep approvals, and the 2-year history - one payment instead of five. Single-scan price × 5 by default, set via X402_FULL_REPORT_PRICE_USD.

Payments

Three ways to pay, easiest first. Browser: open reputa.xyz and it signs in your wallet (MetaMask / WalletConnect) - nothing to code. Agent: the MCP server below signs and pays autonomously once you set a funded payer key. Direct integration: produce the X-PAYMENT header with an x402 client library. The payer needs USDC on polygon - there is no auto-swap, so bring the right asset on the right network.

Free read

# facts for any wallet (no verdict/scores without ownership):
curl -s https://reputa.xyz/api/crisis-check \
  -H 'content-type: application/json' \
  -d '{"wallet":"0xabc…"}'

# ratings for YOUR wallet: add the ownership signature headers
curl -s https://reputa.xyz/api/crisis-check \
  -H 'content-type: application/json' \
  -H 'X-OWNER-TS: <unix ms>' \
  -H 'X-OWNER-SIG: 0x<signature>' \
  -d '{"wallet":"0xyourwallet"}'

Paid scan (402 → sign → retry)

# 1) unpaid request -> HTTP 402 with PaymentRequirements
curl -i -X POST https://reputa.xyz/api/scores \
  -H 'content-type: application/json' \
  -d '{"wallet":"0xabc…"}'

# 2) sign the EIP-3009 USDC authorization from the 402 body,
#    then retry with the base64 X-PAYMENT header (+ ownership proof)
curl -s -X POST https://reputa.xyz/api/scores \
  -H 'content-type: application/json' \
  -H 'X-OWNER-TS: <unix ms>' \
  -H 'X-OWNER-SIG: 0x<signature>' \
  -H 'X-PAYMENT: <base64 payload>' \
  -d '{"wallet":"0xyourwallet"}'

The X-PAYMENT value is a base64 EIP-3009 USDC authorization - you don't hand-roll it. An x402 client library (e.g. Coinbase's x402) or the MCP server produces it from your payer key. Prefer not to write signing code? Use the MCP - it does exactly this.

For protocols, desks & platforms

B2B

The per-call x402 pricing above is the self-serve tier. If you need wallet risk data at volume - underwriting, OTC counterparty checks, community gating - there are three ways in:

NOWPay-per-use (x402)

No contract, no key, no minimum. Your agent or backend pays per call in USDC. Live today.

PLANVolume

Prepaid call bundles at volume rates, priority rate limits, usage dashboard. Talk to us.

PLANEnterprise feed

Custom risk feeds (webhooks, batch exports), SLA, co-designed signals. Talk to us.

Badge gating needs no API at all: the certificate is a verified contract on Base. One eth_call to certs(uint256(uint160(wallet))) at 0x5e425f840a449a30f0a3a48d2fd6b694e227e623 returns score, level, date and minted-flag - gate a Discord, whitelist or lending tier directly on-chain. Or server-side via GET /api/badge-verify?address=0x…. Scores are published by the wallet owners themselves (consent built in), so counterparty checks stay GDPR-clean: they show, you verify.

Consented score sharing (design partners wanted): a wallet owner grants access to their score for one recipient with a free signature and hands over a link. Redeeming that link returns a signed, offline-verifiable score attestation - so you can risk-tier an applicant without ever scoring a wallet yourself. The primitive is live today via manual link exchange; a native "paste your Reputa link" flow needs a small integration on your side - that is exactly the kind of partnership we are looking for.

# 1) the wallet owner signs a share grant in your UI (or on reputa.xyz)
#    and POSTs it to /api/score-share -> returns a share link.
# 2) your backend redeems that link:
curl -s "https://reputa.xyz/api/score-attestation?token=<share-token>"
# -> { payload: { wallet, sharedWith, security, risk, reputation, consent, ... },
#      attestation: { signer, digest, signature } }
# verify attestation.signature against the published Reputa signer offline.

Integrations & volume: DM @0xreputa or reputa.eth on Farcaster.

Agents · MCP

An MCP server exposes every endpoint as a tool for Claude Desktop, Cursor, or any MCP host. Set REPUTA_PAYER_PRIVATE_KEY and the paid tools pay autonomously (EIP-3009); otherwise they return the payment requirements.

reputa_analyze_walletreputa_wallet_scoresreputa_deep_approval_scanreputa_safe_checkreputa_safe_ownerreputa_chain_historyreputa_full_report
{
  "mcpServers": {
    "reputa": {
      "command": "npx",
      "args": ["-y", "reputa-mcp"],
      "env": {
        "REPUTA_PAYER_PRIVATE_KEY": "0x…  (USDC on Polygon, optional)"
      }
    }
  }
}