ArbiFlow
arbiflow · desktop experience
DESKTOP ONLY
DESKTOP ONLY
DESKTOP ONLY

The ArbiFlow landing is built around motion that needs a big screen. Open it on desktop — or jump straight into the app, which works great on mobile.

Open the app
[F] · Developer API

Plug ArbiFlow's analytics layer into anything.

An open, API-keyed HTTP layer over the same data the dashboard runs on: wallet scans, scored Arbitrum pools, and APY/TVL history. JSON in, JSON out, CORS everywhere. Looking for how to use the app itself? See the user docs.

[01] · Getting started

Base URL, keys & limits.

All endpoints live under https://arbiflow-one.vercel.app. The read API requires an API key — send it as an Authorization: Bearer <key> header or an x-api-key header.

  • A publishable demo key ships with the app, so the examples below work out of the box. Like a Stripe pk_ key it is not secret — rate limits, not secrecy, protect the endpoints.
  • Want higher limits or usage attribution? Run your own deployment and set ARBIFLOW_API_KEYS (server-side, comma-separated).
  • Rate limits: 60 requests / minute per key by default. Over the limit returns 429; every response carries X-RateLimit-Limit/Remaining/Reset.
  • CORS: open (*) — call it from a browser or a server.
# header auth, either form
Authorization: Bearer af_pub_demo
x-api-key: af_pub_demo
[02] · Read endpoints

The open analytics surface.

  • GET
    /api/opportunities
    Every curated + honorable Arbitrum pool, each scored 0–100 and ranked.
    { pools: ScoredPool[], generatedAt, source }
  • GET
    /api/scan
    ?address=0x…
    Token balances + idle-capital classification for any wallet.
    { address, totalUsd, idleUsd, tokens: TokenBalance[] }
  • GET
    /api/pool-chart
    ?id=<pool-uuid>
    Up to 90 days of APY & TVL history for one DeFiLlama pool.
    { points: { t, apy, tvlUsd }[] }
  • GET
    /api/keeper/address
    ?vault=0x…
    The testnet keeper a vault should delegate to (sharded per vault).
    { address }
[03] · Example

A scan in curl.

$ curl -s "https://arbiflow-one.vercel.app/api/scan?address=0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045" \
    -H "x-api-key: af_pub_demo"

{
  "address": "0xd8da6bf26964af9d7eed9e03e53415d37aa96045",
  "scannedAt": "2026-05-26T17:00:00.000Z",
  "totalUsd": 2340.18,
  "idleUsd": 1840.22,
  "tokens": [
    { "symbol": "USDC", "balanceFormatted": 1840.22, "usdValue": 1840.22, "idle": true },
    ...
  ]
}
[04] · Authenticated · not open

The fund-moving endpoints, and why they're locked.

POST /api/keeper/tick, /api/keeper/redeem and POST /api/execute-route are notpart of the open API. The keeper endpoints move a vault's funds (auto-rebalance / redeem to idle), so they require the vault owner's authorization:

  • The caller signs a SIWE (Sign-In With Ethereum) message once; the server re-verifies it on every call and requires the recovered signer to equal the vault's on-chain owner().
  • So no one can move another user's funds— a request for someone else's vault is rejected with 401/403.
  • Even the owner's moves are constrained on-chain: funds only ever shift between admin-whitelisted pools, value-preserving, and only the owner can ever withdraw. See the non-custodial safety model.
errors
400
Bad request — a required param is missing or malformed.
401
Missing or invalid API key (read API), or missing owner signature (write API).
403
Authenticated, but the signer does not own the target vault.
429
Rate limit exceeded — back off until the X-RateLimit-Reset time.
502 / 503
Upstream data source or keeper backend unavailable.
Using the app instead? Read the user docs