AGG is currently in alpha. APIs, components, and docs may change.
Authentication
Bot Protection
Users
- GETGet current user
- PATCHUpdate username
- POSTLink partner external user ID (HMAC-verified)
- POSTGet avatar upload URL
- DELDisconnect auth provider
- POSTStart account linking
- POSTConfirm account linking
- GETGet balances
- GETGet user positions
- GETGet user orders
- GETGet user activity feed
- GETGet deposit addresses
- POSTInitiate KYC
Orderbook
Charts
Execution
curl --request POST \
--url https://api.agg.market/users/me/link-account/confirm \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--header 'x-app-id: <api-key>' \
--data '
{
"token": "<string>"
}
'{
"status": "linked",
"provider": "<string>"
}Confirm account linking
Exchanges the short-lived link_confirm_token (handed to the partner app by the link callback redirect) for an actual Account row attached to the current user’s principal. The server matches the bearer’s principalId AND appId to the token’s values before writing — this is the final ownership check. A collision with an existing Account attached to a different Principal returns HTTP 409; the 200 success shape only covers linked and already_linked_same.
curl --request POST \
--url https://api.agg.market/users/me/link-account/confirm \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--header 'x-app-id: <api-key>' \
--data '
{
"token": "<string>"
}
'{
"status": "linked",
"provider": "<string>"
}Documentation Index
Fetch the complete documentation index at: https://docs.agg.market/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Your application ID. Required for all app-tier and user-tier routes.
JWT access token returned by POST /auth/verify. Required for user-tier routes.
Body
1