API reference.
AllowanceGuard REST API v1. Scan wallets, query allowances, score risk, and simulate revocations — programmatically across all 27 supported EVM chains. Base URL https://www.allowanceguard.com/api/v1. JSON responses, Bearer-token authentication.
Authentication.
Every endpoint except /health requires an API key, sent as a Bearer token in the Authorization header.
curl -H"Authorization: Bearer ag_live_your_key_here" \
https://www.allowanceguard.com/api/v1/chainsKeep your API key secret. Never expose an ag_live_* key in client-side code. Use an ag_pub_* read-only key for browser contexts, or proxy through your server.
Rate limits.
Applied per API key, based on plan. Every response carries rate-limit headers so you can back off cleanly.
| Plan | Daily limit | Burst / min | Price |
|---|---|---|---|
| Free | 100 | 10 | $0 |
| Developer | 10,000 | 60 | $39/mo |
| Growth | 100,000 | 300 | $149/mo |
| Enterprise | Unlimited | Unlimited | Custom |
Response headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.
Response format.
Every endpoint returns a consistent JSON envelope with data, error, and meta fields. Exactly one of data or error is non-null on every response.
{"data": { ... },"error": null,"meta": {"requestId":"550e8400-e29b-41d4-a716-446655440000","timestamp":"2026-03-30T12:00:00.000Z","rateLimit": {"limit": 10000,"remaining": 9999,"window":"rolling-24h"
}
}
}Endpoints.
Eight endpoints, grouped by purpose. The interactive panels let you test against your own key.
Health & info.
Wallet scanning.
Allowances.
Risk assessment.
Simulation.
Quick start.
Scan a wallet and retrieve its risk profile in three API calls.
const API_KEY = 'ag_live_your_key_here';
const BASE = 'https://www.allowanceguard.com/api/v1';
const headers = { 'Authorization': `Bearer ${API_KEY}` };
// 1. Trigger a scan
const scan = await fetch(`${BASE}/scan`, {
method: 'POST',
headers: { ...headers, 'Content-Type': 'application/json' },
body: JSON.stringify({ wallet: '0x1234...abcd' }),
}).then(r => r.json());
const scanId = scan.data.scanId;
// 2. Poll until complete
let status = 'pending';
while (status === 'pending' || status === 'running') {
await new Promise(r => setTimeout(r, 2000));
const job = await fetch(`${BASE}/scan/${scanId}`, { headers }).then(r => r.json());
status = job.data.status;
}
// 3. Get the risk score
const risk = await fetch(
`${BASE}/risk-score?wallet=0x1234...abcd`,
{ headers }
).then(r => r.json());
console.log(`Risk: ${risk.data.riskScore}/100 (${risk.data.riskLevel})`);Error codes.
| HTTP | Code | Description |
|---|---|---|
| 400 | BAD_REQUEST | Invalid request parameters or body |
| 401 | MISSING_AUTH | No Authorization header provided |
| 401 | INVALID_API_KEY | API key is invalid, expired, or revoked |
| 403 | FORBIDDEN | Insufficient plan permissions |
| 404 | NOT_FOUND | Resource does not exist |
| 429 | RATE_LIMIT_EXCEEDED | Daily rate limit exceeded |
| 429 | BURST_RATE_LIMIT_EXCEEDED | Per-minute burst limit exceeded |
| 500 | INTERNAL_ERROR | Unexpected server error |
Ready to integrate? Grab a key from the account dashboard, or review the plans first.