Build on Gopnik · v1

A first-class XRPL interface — for developers.

Every wallet flow is also an API. Mint a token, bridge to Solana, sign a multi-sig, route a swap across every AMM and order book — programmatically, with the same security model your users get. Python-first, REST + WebSocket + x402.

Open OpenAPI playground Download spec Integration guides
Quickstart

Two API calls. One coffee.

Plain HTTPS + JSON. Authenticate, then call. Every endpoint is documented in the playground and replayable from your terminal.

We ship Python first — the trading agents, bridge attestor, RWAiSE wizard and Merkle anchor are all Python services. SDK uses httpx for sync + async.

# pip install httpx
import httpx

API_KEY = "gpk_live_..."
client = httpx.Client(
    base_url="https://gopnik.wallet",
    headers={"X-API-Key": API_KEY},
    timeout=10.0,
)

# 1. List the XLS-20 NFTs you own.
me = client.get("/nft/arena/api/my-nfts",
                params={"address": "rGopnikDemo...", "per_page": 50})
print(len(me.json()["nfts"]), "NFTs")

# 2. Bridge 100 XRP from XRPL to Solana.
job = client.post("/api/v1/bridges/xrpl-solana/submit", json={
    "amount_drops": 100_000_000,
    "dest_solana": "5N7aC6cK...819Jm8F9NUwo",
})
print(job.json()["job_id"], job.json()["status"])

Every endpoint is plain HTTPS + JSON. The OpenAPI spec is browseable at /api/docs/openapi.json and the interactive playground is one click away.

# Fetch the live OpenAPI 3.0 spec
curl -s https://gopnik.wallet/api/docs/openapi.json | jq .info

# Authenticated call (cookie + CSRF)
curl -s https://gopnik.wallet/nft/dashboard/api/portfolio \
     -b cookies.txt -H "X-CSRF-Token: $CSRF"

# API-key authenticated call (higher rate-limit tier)
curl -s https://gopnik.wallet/api/v1/wallets/me \
     -H "X-API-Key: $GOPNIK_API_KEY"

Browser-friendly SDK with ESM + types. Subscribes to live event streams (bridge attestations, RWAiSE order fills, x402 receipts) over WebSocket.

// npm i @gopnik/sdk
import { Gopnik } from "@gopnik/sdk";

const gopnik = new Gopnik({ apiKey: process.env.GOPNIK_API_KEY });

// 1. Submit a bridge job.
const job = await gopnik.bridges.submit({
  src: "xrpl", dst: "solana", asset: "XRP",
  amount: 100_000_000,                 // drops
  dest: "5N7aC6cK...819Jm8F9NUwo",
});

// 2. Watch the audit log stream via WebSocket.
gopnik.events.on("bridge.attestor.signed", (e) => {
  console.log(`attestor ${e.signer_id} signed at ${e.t}`);
});
Resource map

The whole surface, organised.

Click a tile to jump straight into the corresponding section of the OpenAPI playground.

Swap

Swap & path-finder

Quote / submit swaps across XRPL AMM, order books and cross-IOU paths. Atomic — settles in one tx or none.

Try in playground →
Bridges

10 native bridges

Submit, watch and cancel bridge jobs across XRPL → Solana, Ethereum, Bitcoin, Cosmos, Polkadot, L2s.

Try in playground →
Tokens

MPT · NFT · RWA

Issue MPTokenIssuance, mint XLS-20, run RWA wizards with compliance presets — every flow is also an API.

Try in playground →
Multi-sig

M-of-N · escrow

Propose payments, collect signatures from an HSM-backed SignerList, seal on-ledger. Time-locked escrow too.

Try in playground →
Agents

AI agents · x402

Plan → validate → execute policy-bound trading agents. Every step is Merkle-anchored to XRPL daily.

Try in playground →
Marketplace

NFT marketplace

Search, list, offer, counter, accept across the XLS-20 market. Watchlist + alerts + analytics included.

Try in playground →
DeFi

DeFi · yield · lending

Pool positions, AMM staking, integrated lending venues with APR snapshots and position histories.

Try in playground →
Analytics

Portfolio · trades · P/L

Trade history with P/L, portfolio snapshots, CSV exports for tax season — paginated and stable.

Try in playground →
Authentication

Four ways in. Same security model.

All four modes share the same audit log, CSP rules and origin checks. Pick the one that matches your trust boundary.

Session cookie

120 req/min

Browser users get auth via the standard Flask login cookie. CSRF token is required for writes — read it from the csrf-token meta tag.

Best for: Browser-side calls from the wallet UI itself.

API key

600 req/min

Issue keys at /api/docs/api-keys. Sent as X-API-Key. Keys are SHA-256 hashed at rest and the raw value is shown to you once at creation.

Best for: Server-to-server integrations, CI jobs, custom dashboards.

OAuth 2.0

600 req/min per token

Three-legged OAuth for third-party apps — the user consents to specific scopes (read-only, trade, compliance-export). Refresh tokens rotate.

Best for: Third-party apps building on Gopnik's wallet primitives.

x402 paid

Quote-bound

Pay-per-call rail for metered data + agent endpoints. Server responds 402 with a payment quote; client pays, retries with the receipt. No subscriptions.

Best for: AI agents, market-data crawlers, anything chargeable.
Rate limits

Generous defaults. Negotiable ceilings.

TierLimitNotes
Anonymous 30 req/min Public reads only — no auth required.
Authenticated 120 req/min Session cookie or login token.
API key 600 req/min Per-key, scoped to the issuing user.
Enterprise Negotiable Custom limits + dedicated infrastructure.

Ready to integrate something specific?

The integrations guide breaks down MCP, webhooks, x402, OAuth2, regulator-export bundles and Bedrock-Claude trading agents — with copy-pasteable recipes for each.

Integration guides → Open the playground