HTTP API overview

Everything is JSON under a versioned base—production usually looks like https://api.navoswap.com/api/v1. The swap frontend points at the same thing via NEXT_PUBLIC_API_URL.

Two surfaces

Two API surfaces

Public (no auth)

GET /health, GET /assets
GET /swap/quote, POST /swap/create
GET /swap/status, GET /swap/usd
GET /analytics/public (platform metrics)
Optional header on create: partner API key for attribution.

Partner (JWT bearer)

Authorization: Bearer …
Account: signup, sign-in, refresh, profile, 2FA, API keys
Ops: orders list, analytics, logout
Affiliate: ledger, payouts, webhooks, statements, audit under /partners/affiliate/…

Public swap routes need no login. Partner routes require JWT. Attribution uses x-navoswap-api-key only on create order.

Public swap & assets

GET /health: Liveness.
GET /assets: Tradable assets (params, networks, maintenance flags).
GET /swap/quote: Indicative quote.
GET /swap/usd: USD estimate for a from-amount (reference only).
POST /swap/create: Create order; optional x-navoswap-api-key.
GET /swap/status: Order snapshot.
GET /analytics/public: Platform-wide metrics (no auth; optional days query, typically 7–90).

Partner (JWT)

/partners/… covers signup through 2FA, keys, orders, analytics, logout, and /partners/affiliate/… for balances, ledger, payouts, webhooks, CSV, audit. Header: Authorization: Bearer <access_token>.

Next reads: Swap REST · JS SDK · Attribution