AGG is currently in alpha. APIs, components, and docs may change.
Authentication
Bot Protection
Users
- GETGet current user
- PATCHUpdate username
- POSTLink partner external user ID (HMAC-verified)
- POSTGet avatar upload URL
- DELDisconnect auth provider
- POSTStart account linking
- POSTConfirm account linking
- GETGet balances
- GETGet user positions
- GETGet user orders
- GETGet user activity feed
- GETGet deposit addresses
- POSTInitiate KYC
Orderbook
Charts
Execution
Verify Turnstile token
curl --request POST \
--url https://api.agg.market/bot-protection/verify \
--header 'Content-Type: application/json' \
--header 'x-app-api-key: <api-key>' \
--data '
{
"turnstileToken": "<string>"
}
'{
"success": true
}Bot Protection
Verify Turnstile token
Verifies a Cloudflare Turnstile token against the app’s linked widget. Intended to be called from your backend, not the browser — API keys are secrets and must never ship to the client. Both x-app-id and x-app-api-key are required; the server rejects the request with 401 if x-app-id does not match the app embedded in the API key. Create a key via POST /apps/:appId/api-keys (admin JWT required). Returns { success: true } on a valid token or 403 if verification fails. Tokens are single-use (replay-protected).
POST
/
bot-protection
/
verify
Verify Turnstile token
curl --request POST \
--url https://api.agg.market/bot-protection/verify \
--header 'Content-Type: application/json' \
--header 'x-app-api-key: <api-key>' \
--data '
{
"turnstileToken": "<string>"
}
'{
"success": true
}Documentation Index
Fetch the complete documentation index at: https://docs.agg.market/llms.txt
Use this file to discover all available pages before exploring further.
⌘I
Assistant
Responses are generated using AI and may contain mistakes.