API Reference

The Lateo proxy exposes REST endpoints for deposits, payments, withdrawals, and pool statistics.

Base URL


Local:      http://localhost:3002
Production: https://api.lateo.network

Authentication

Most endpoints require a JWT obtained via SEP-53 challenge-response, or localhost access for MCP agents.

Endpoints

`POST /api/deposit/prepare`

Generate a ZK proof and unsigned transaction XDR for a deposit.

Headers: Authorization: Bearer <jwt>, Content-Type: application/json

Body:


{
  "amount": "1.0000000",
  "publicKey": "GABC..."
}

Response (200):


{
  "prepareId": "uuid",
  "transactionXDR": "AAAA..."
}

`POST /api/deposit/submit`

Submit a Freighter-signed deposit transaction.

Body:


{
  "prepareId": "uuid",
  "signedTransactionXDR": "AAAA..."
}

Response (200):


{
  "status": "confirmed",
  "txHash": "819901e4...",
  "amount": "1.0000000",
  "zkProof": { "generated": true, "onChain": true, "timeMs": 8200 }
}

`POST /api/deposit`

MCP localhost deposit (operator signs on behalf of agent).

Body:


{
  "agentId": "my-agent",
  "amount": "1"
}

Response (200):


{
  "status": "confirmed",
  "txHash": "abc123...",
  "zkProof": { "generated": true, "onChain": true }
}

`POST /api/pay`

Pay for an x402 service through the pool.

Body:


{
  "agentId": "my-agent",
  "serviceUrl": "http://service.example/endpoint?q=query",
  "method": "GET"
}

Response (200):


{
  "content": "Service response...",
  "paymentStatus": "confirmed",
  "batchId": "batch-uuid"
}

`POST /api/withdraw`

Withdraw USDC from the pool via atomic ZK proof.

Headers: Authorization: Bearer <jwt>, Content-Type: application/json

Body:


{
  "amount": "1.0000000",
  "destination": "GDEST..."
}

Response (200):


{
  "status": "confirmed",
  "txHash": "dcb61c18...",
  "amount": "1.0000000",
  "destination": "GDEST...",
  "zkProof": { "generated": true, "onChain": true }
}

`GET /api/balance/:agentId`

Get agent’s private balance.

Response (200):


{
  "agentId": "my-agent",
  "balance": "5.0000000",
  "currency": "USDC"
}

`GET /api/pool/stats`

Public aggregate pool statistics (no individual agent data).

Response (200):


{
  "activeAgents": 3,
  "totalTransactions": 26,
  "servicesUsed": 1,
  "recentBatches": [...]
}

`GET /health`

Health check.

Response (200):


{
  "status": "healthy",
  "version": "1.0.0"
}

`GET /api/auth/challenge`

Get a challenge for SEP-53 authentication.

Query: ?publicKey=GABC...

Response (200):


{
  "challenge": "random-challenge-string"
}

`POST /api/auth/verify`

Verify a signed challenge and receive a JWT.

Body:


{
  "publicKey": "GABC...",
  "challenge": "random-challenge-string",
  "signature": "base64-signature"
}

Response (200):


{
  "token": "eyJ...",
  "expiresIn": 86400
}