Skip to main content
SuperVaults exposes ~107 endpoints across three backend services. All share a single JWT auth model issued by Dynamic.xyz.

Backend Services

ServiceLanguageBase URLOpenAPI Spec
EreborGohttps://erebor.superform.xyz✅ Available
Strategy EngineGohttps://strategy.superform.xyz✅ Available
OMSGohttps://oms.superform.xyz✅ Available

Authentication

All endpoints except explicitly public ones require a Bearer JWT: 
Authorization: Bearer <jwt>
The JWT is issued by Dynamic.xyz upon wallet connection. See Authentication for the full flow.

Public Endpoints

EndpointBackend
GET /api/v1/public/vaultsErebor
GET /api/v1/registry/token-assetsErebor

On-Chain Settings

Settings changes (fees, PPS parameters, timelocks, banned leaves) are on-chain transactions. The curator UI constructs calldata via Erebor’s /prepare endpoints and your wallet signs and submits them to the protocol contracts directly. No Erebor REST endpoint is called for the actual setting change. Current values are read from GET /api/v1/vaults/{chain_id}/{address} (e.g., fee_config and upkeep_info fields in the response).

Common Patterns

Prepare Pattern

On-chain operations use a two-phase flow:
  1. Prepare — POST to a prepare-* endpoint. Returns raw EVM calldata.
  2. Sign — Pass { to, data, value } to your wallet.
  3. Confirm (where applicable) — Notify Erebor of the transaction hash.
{
  "to": "0xContractAddress...",
  "data": "0xencoded_calldata...",
  "value": "0"
}
Used for: vault creation, yield source management, user management, merkle root proposals, emergency pause.

Pagination

Erebor supports cursor-based and offset-based pagination: 
?limit=50&offset=0
?limit=50&cursor=<next_cursor>
Most list responses include has_more or next_cursor.

Async Jobs

Long-running operations (vault creation, merkle tree generation) return a job_id:
  1. Trigger operation → receive job_id
  2. Poll GET /api/v1/.../jobs/{job_id} with exponential backoff
  3. Status: pendingrunningcompleted / failed

Optimistic Concurrency

Strategy Engine PUT operations require a version field. Concurrent edits return 409 Conflict. Refresh and retry with the latest version.

Error Codes

CodeMeaning
400Invalid parameters
401Missing or expired JWT
403JWT valid, insufficient role
404Resource not found
409Duplicate or version conflict
500Internal server error

Route-to-Backend Matrix

FeatureBackendAuth
Home vault listEreborNone
Dashboard analyticsEreborJWT
Strategy canvasStrategy EngineJWT
Merkle tree managementEreborJWT
Yield source managementEreborJWT
User managementEreborJWT
Vault settingsEreborJWT
Service healthEreborJWT
Pause operationsEreborJWT
Registry managementEreborJWT
Admin backfillEreborJWT
Vault creationEreborJWT
DeFiX intentsOMSJWT

Rate Limits

Rate limits are not yet published. Recommended polling intervals for automation:
DataInterval
Vault state15s
Analytics60s
Service health30s
Implement exponential backoff on 429 Too Many Requests.

Endpoint Counts

BackendEndpoints
Erebor~89
Strategy Engine14
OMS4
Total~107