Add missing chains
Authentication
A 15-minute token from /auth. Required on every endpoint except /auth.
Headers
Sent by the trusted gateway. When present it overrides any userId in the body.
Request
24-character hex id, returned by /create.
bip39 seed phrase, validated with bip39.validateMnemonic.
Keystore password (AES-256-GCM, scrypt KDF). Unrecoverable — required by /send and /extend.
Response
Echo of the inbound X-Request-Id, or a generated one.