Reference

API

REST and WebSocket endpoints for the OPCODE network. Documented ahead of implementation — endpoints land in Phase 3.
Base URL
https://api.opcode.audit

Auth via wallet-signed session token ($NOP not required to read). Rate limited per key.

REST

GET
/v1/audits

List verified reports. Supports ?severity, ?vendor, ?cursor pagination.

GET
/v1/audits/:id

Fetch a single report with findings, disassembly, and review state.

POST
/v1/submissions

Submit a binary (multipart). Returns a queue position. Auth required.

GET
/v1/bounties

Open bounties by pool size and request count.

POST
/v1/audits

Publish a report. Auditor role only.

POST
/v1/peer-reviews

Vote up/down on a report. One vote per auditor.

GET
/v1/treasury

Treasury balance, burn total, and recent on-chain events.

WebSocket

WS
/v1/stream/audits

Live feed of newly verified reports.

WS
/v1/stream/treasury

Buyback / burn / payout events as they settle.

These endpoints are illustrative. The live API is wired to Supabase + Privy auth in Phase 3.