Skip to main content
The Glider V2 API is the canonical REST surface for external integrators. It lets partners define rebalance strategies, enroll end-users into them, and monitor or withdraw the resulting portfolios. All endpoints are auto-generated from a single OpenAPI spec, so the wire contract and this documentation stay aligned.

Machine-Readable Spec

For coding agents and SDK code-generators, point your tooling at these URLs directly — they are the source of truth, not this page.
ArtifactURLPurpose
OpenAPI 3.1 JSONhttps://api.glider.fi/v2/openapi.jsonGenerate SDKs, typed clients, Postman collections
LLM-friendly markdownhttps://api.glider.fi/v2/llms.txtPrimer for coding agents (Claude, Cursor, etc.)
Interactive docs (Scalar)https://api.glider.fi/v2/docsTry-it-out UI with live request builder

Base URL

https://api.glider.fi/v2
A staging server at https://staging-api.glider.fi/v2 is available for integration testing. Contact [email protected] for a staging API key.

Authentication

Every endpoint except GET /v2/scopes requires an API key in the x-api-key header. HTTP header names are case-insensitive but the canonical form used throughout v2 is lowercase. 
curl -H "x-api-key: gldr_sk_your_api_key" https://api.glider.fi/v2/whoami
GET /v2/whoami returns your tenant identity and granted scopes. Call it first to confirm the key works.

Response Envelope

V2 uses a consistent envelope. Tracing identifiers live in response headers, not in the JSON body. This is a deliberate break from v1.

Success

{
  "success": true,
  "data": { /* endpoint-specific */ }
}

Paginated success

{
  "success": true,
  "data": { /* endpoint-specific */ },
  "nextCursor": "eyJjIjoi..." // null on the last page
}
nextCursor is a sibling of data, never nested inside it. Collections inside data are always wrapped under a named key (e.g. data.portfolios, not data directly).

Error

{
  "success": false,
  "error": {
    "code": "API_400",
    "message": "Request validation failed",
    "details": ["allocation.assets: Allocation weights must sum to 100"]
  }
}
details is optional and omitted when there is nothing to say beyond message.

Tracing Headers

Every response, success or error, includes:
HeaderPurpose
X-Correlation-IdCross-service trace id. Quote this when reporting issues.
X-Request-IdUnique per request.
V2 never places correlationId, requestId, or timestamp inside the body. Read them from headers only.

Scopes

Every authenticated endpoint declares the single scope it requires. If your key lacks the scope you get 403 API_104.
ScopeTierGrants
strategies:readdefaultList and view strategies
strategies:writestandardCreate strategies and publish versions
portfolios:readdefaultList and view user portfolios, poll operations
portfolios:writestandardStart, stop, and trigger rebalances
portfolios:withdrawstandardPrepare and submit user-signed withdrawal authorizations
enroll:writestandardEnroll new users (create vaults + strategy mirror)
Tiers:
  • default — granted to every new key at issuance.
  • standard — enabled per-integrator on request. Contact [email protected] to upgrade.
  • restricted — gated behind a commercial agreement.
To see the live set call GET /v2/scopes (no auth required). To see what your specific key has, call GET /v2/whoami.

Identifiers (CAIP)

All on-chain identifiers use CAIP so the same request shape works on every supported chain. Never send bare hex addresses — they will be rejected at the route boundary.
IdentifierFormWhen to use
End-user wallet (EOA)Chain-agnostic CAIP-10: eip155:0:0x<addr>Owner addresses in enrollment and portfolio reads. The same EOA works on every EIP-155 chain, so the chain reference is 0 per CAIP-10 §Abstract Account Addresses.
Vault / smart-contract accountChain-bound CAIP-10: eip155:<chainId>:0x<addr>Vaults, session-key agents, withdrawal recipients. The contract exists only at that (chain, address) tuple.
Asset (ERC-20)CAIP-19: eip155:<chainId>/erc20:0x<addr>Strategy allocations, withdrawal assets.
Asset (SPL, Solana)CAIP-19: solana:<ref>/spl:<mint>Same surface, Solana-native assets.
Withdrawal recipients must be chain-bound and must match the chain of every asset in the request — one withdrawal = one chain. See CAIP identifiers for a worked walk-through.

Supported Chains

Chain availability is deployment-configured. The canonical list for a given deployment is whichever JSON_RPC_URL_<chainId> env vars are set on the server. Production today supports:
ChainID
Ethereum Mainnet1
Optimism10
Polygon137
Base8453
Arbitrum42161
Linea59144
Blast81457
Plume98866
If you pass a chain id the deployment has not configured, stage-1 enrollment returns 400 with the exact allowed list in the error details.

Monetary Values

All money is expressed as decimal strings, never numbers, to avoid IEEE 754 precision loss.
FieldFormatExample
totalValueUsd, valueUsd6 decimal places"1500.500000"
balanceFull precision, trailing zeros trimmed"14562044.3028598485"
balanceRaw, amountRawInteger string, no decimal, no scientific notation"14562044302859848500000000"
priceUsd6 decimal places"1.000000"
weightPercent with up to 2 decimal places"60" or "33.33"
decimalsInteger (the only numeric financial field)6
For full withdrawals, read balanceRaw from GET /v2/portfolios/{portfolioId}/positions and echo it as amountRaw — do not re-derive from balance.

Pagination

Cursor-based (keyset) pagination on (createdAt, id).
  • limit query param — min 1, max 200, default 50.
  • cursor query param — opaque base64url string.
  • nextCursor response field — null when there are no more pages.
Do not decode or construct cursors. They are server-owned and may change format without a version bump. Pass the previous response’s nextCursor verbatim.

Idempotency

Write endpoints that produce irreversible side effects accept an idempotency anchor supplied by the caller. Replays with the same anchor return the original response; replays with a conflicting body return 409 API_008.
RouteAnchorSourced from
POST /v2/enrollflowIdPOST /v2/enroll/signature response
POST /v2/portfolios/{id}/withdrawmessage.noncePOST /v2/portfolios/{id}/withdraw/signature response
See Idempotency for retry rules and the three 409 sub-codes you may see.

Async Operations

Write endpoints that dispatch onchain work (e.g. withdraw) return 202 with an operationId. Poll GET /v2/portfolios/{portfolioId}/operations/{operationId} at 2–5s intervals until the state reaches completed, failed, or cancelled.

Error Codes

All v2 error codes use the API_XXX format. The range prefix signals the category; specific codes below are the ones you are likely to see from v2 endpoints.
CodeHTTPMeaning
API_006404Resource not found
API_007409Idempotency replay in progress — retry after a short wait
API_008409Idempotency key conflict — same anchor, different body
API_101401x-api-key header missing
API_102401API key invalid
API_104403Missing required scope
API_200404Portfolio not found or not owned by tenant
API_202409Portfolio already exists for this (strategyId, ownerAccountId)
API_210400Insufficient balance for withdrawal
API_211400Invalid recipient
API_212400Duplicate assetId in withdrawal
API_213400Withdrawal chain mismatch (recipient vs asset chain)
API_214400Withdrawal message.portfolioId mismatches the path param
API_215400Portfolio has no vault on the recipient’s chain
API_216400Withdrawal authorization expired (past message.expiresAt)
API_217400Withdrawal signature does not recover to the portfolio owner
API_400400Request validation failed — see details[]
API_506503Signature verifier temporarily unavailable — safe to retry
API_600500Internal server error
Full catalog at Error codes.

Tracing and Support

When reporting an issue, include the X-Correlation-Id header from the failing response. It lets us join logs across services without asking you to reproduce.

Next Steps