Best viewed on desktop
The Protection API reference is built for wide screens — code samples, payload tables, and the live Swagger console. Open this page on a desktop browser for the full documentation.
cardinal://protect · api reference
The Protection API reference is built for wide screens — code samples, payload tables, and the live Swagger console. Open this page on a desktop browser for the full documentation.
cardinal://protect · api reference
Call one endpoint with transaction details. Use the returned action: ALLOW, REVIEW, or BLOCK.
Use the backend endpoint from trusted server environments. The MVP uses a Next.js proxy route so partner keys never touch the browser.
Store this key server-side. For web products, call your own backend or the built-in Next proxy.
curl -X POST http://localhost:3001/api/check-transaction \
-H "Content-Type: application/json" \
-H "x-api-key: cardinal_demo_key" \
-d '{
"from_address": "0x1230000000000000000000000000000000000456",
"to_address": "0x0000000000000000000000000000000000000001",
"chain": "ethereum",
"token": "USDC",
"amount": 2500,
"transaction_type": "safe_send",
"contract_verified": true,
"permissions": []
}'Do not build product behavior from the score alone. Use recommended_action as the gate and use findings to explain the decision.
`risk_score` helps explain confidence. `recommended_action` decides whether the app continues, warns, or blocks before signature.
{
"request_id": "req_8b2a...",
"risk_score": 18,
"risk_level": "LOW",
"network_valid": true,
"warnings": [],
"findings": [],
"recommended_action": "ALLOW",
"checked_at": "2026-06-22T06:50:00.000Z"
}The request should be boring and explicit. Cardinal turns these transaction facts into explainable risk findings.
Run the backend first, then run the web MVP. Live mode shows a real API error if the backend is offline.
Starts Postgres, applies migrations, seeds demo key, then serves Swagger at `localhost:3001/docs`.
Starts the MVP at `localhost:3004` and calls `/api/protection/check`.
# Terminal 1: backend
cd cardinal-protection-api-be
docker compose up -d
npm run prisma:deploy
npm run prisma:seed
npm run start:dev
# Terminal 2: web MVP
cd cardinal-security-wallet/apps/web-modified-app/cardinal-protocol
npm run dev