Skip to main content
If you’re looking to learn more about Byzantine generally, have a look at our General Documentation.
Byzantine is a modular infrastructure layer for institutional digital credit - built for integrators, fintechs, and developers who want to embed better institutional-grade yield directly into their platforms. The Byzantine API is unified, composable, and simple to use. With one endpoint structure, integrators can retrieve vault data, create and manage accounts, and handle deposits and withdrawals programmatically - all through a single integration.
What you can do
Retrieve Vault DataAccess live information on vaults, supported assets, strategies, and yields.
Create and Manage AccountsProgrammatically create user accounts, fetch balances, and track user portfolios.
Handle Deposits and WithdrawalsSubmit and reconcile transactions securely through a unified workflow.
Access User DataRetrieve user-specific performance, transaction history, and positions in real time.

Getting Access

Access to the Byzantine API requires an Integrator API Key. Reach out to learn more about integrating Byzantine - we’ll verify your use case and generate your key manually.

Get in touch →

Authentication

All API requests must be authenticated using ECDSA signature-based authentication. You’ll use your Integrator Private Key to sign each request and include the signature in the request headers.

Authentication Headers

Each API request requires the following headers:
HeaderDescription
X-PubkeyYour public key derived from your private key (hex format with 0x prefix)
X-TimestampCurrent Unix timestamp in seconds
X-SignatureECDSA signature of the request (DER-encoded hex with 0x prefix)
Content-TypeMust be application/json

Signature Generation

The signature is generated by:
  1. Constructing a message string in the format: {timestamp}{method}{path_and_query}{body}
    • timestamp: Unix timestamp in seconds
    • method: HTTP method in uppercase (e.g., GET, POST)
    • path_and_query: Full path including query parameters (e.g., /query/get-deposit?chain_id=1)
    • body: JSON stringified request body (empty string for GET requests)
  2. Hashing the message using SHA-256
  3. Signing the hash with your private key using ECDSA (secp256k1 curve)
  4. Encoding the signature in DER format and converting to hex

Implementation Example

Here’s a reference implementation in Node.js: 
import elliptic from "elliptic";
import { createHash } from "crypto";

const EC = elliptic.ec;
const ec = new EC("p256");

const INTEGRATOR_PRIVATE_KEY = process.env.INTEGRATOR_PRIVATE_KEY;

export function generateHeaders(method, pathAndQuery, body = "") {
  // Get the key pair
  const cleanPrivateKey = INTEGRATOR_PRIVATE_KEY.replace(/^0x/, "");
  const keyPair = ec.keyFromPrivate(cleanPrivateKey, "hex");
  const publicKey = "0x" + keyPair.getPublic(true, "hex");

  // Get the timestamp in seconds since the Unix epoch (UTC)
  const timestamp = Math.floor(Date.now() / 1000).toString();

  // Build the message to sign
  // Format: {timestamp}{method}{path_and_query}{body}
  const bodyStr = typeof body === "object" ? JSON.stringify(body) : body;
  const message = `${timestamp}${method.toUpperCase()}${pathAndQuery}${bodyStr}`;

  // Hash the message and sign it
  const messageHash = createHash("sha256").update(message).digest();
  const signature = keyPair.sign(messageHash);

  // Encode the signature in DER then in hex
  const signatureHex = "0x" + signature.toDER("hex");

  return {
    "X-Pubkey": publicKey,
    "X-Timestamp": timestamp,
    "X-Signature": signatureHex,
    "Content-Type": "application/json",
  };
}

Usage Example

// Example POST request
const body = {
  userId: "user123",
  vaultAddress: "0x..."
};
const headers = generateHeaders("POST", "/submit/deposit", body);

// Make the API call
const response = await fetch("https://api.byzantine.fi/submit/deposit", {
  method: "POST",
  headers: headers,
  body: JSON.stringify(body)
});
Keep your Integrator Private Key secure!

OpenAPI Specification

Explore the full structure and generate your own client using our OpenAPI specification.