clariq / api

Deterministic DeFi vault risk scores with inspectable evidence trails. Base URL: https://api.clariq.fi

Private beta. API keys are issued to integration partners by direct engagement — partners@clariq.fi. Public vault ratings will always have a free tier.

Quickstart

curl -H "Authorization: Bearer clq_live_…" \
  https://api.clariq.fi/v1/scores/steakhouse-usdc

JavaScript — Node 18+; keys are secrets, call from your backend, never a client bundle

const res = await fetch('https://api.clariq.fi/v1/scores/steakhouse-usdc', {
  headers: { Authorization: `Bearer ${process.env.CLARIQ_API_KEY}` },
});
if (!res.ok) {
  const { error } = await res.json();
  throw new Error(`${error.code}: ${error.message}`);
}
const score = await res.json();
console.log(score.score, score.band, score.score_source);

Python — requests

import os, requests

res = requests.get(
    "https://api.clariq.fi/v1/scores/steakhouse-usdc",
    headers={"Authorization": f"Bearer {os.environ['CLARIQ_API_KEY']}"},
)
if not res.ok:
    err = res.json()["error"]
    raise RuntimeError(f"{err['code']}: {err['message']}")
score = res.json()
print(score["score"], score["band"], score["score_source"])

Machine-readable spec: /v1/openapi.json (OpenAPI 3.1), with worked response examples on every endpoint.

Scale & bands

Scores are risk-native: 1.0 = safest, 5.0 = highest risk. The band field bins the score (mapping version band_map.v1, reported on every response):

BandScore range
low1.0 – 2.0
moderate>2.0 – 3.0
elevated>3.0 – 4.0
high>4.0 – 5.0

Endpoints

EndpointDescription
GET /v1/vaultsCatalog of covered vaults with market data (TVL, APY with base/reward split where sourced). Filters: chain, protocol, asset, band, score_source, min_tvl, min_apy; cursor pagination via limit + cursor.
GET /v1/vaults/:idOne catalog record.
GET /v1/scores/:idRisk score: eight factors, 14 named kill-switch checks (tri-state), engine version, facts snapshot hash.
GET /v1/facts/:idThe evidence trail: audits, contract verification, upgradeability, timelock, admin control, governance, incidents — each verified or pending, with its source. Never fabricated.
POST /v1/allocationsAllocation engine — early access for institutional partners (501 until enabled for your key).

:id accepts a slug (steakhouse-usdc), a canonical id, chain:0xaddress, a bare 0xaddress (409 with candidates if it exists on multiple chains), or a DefiLlama pool UUID.

score_source semantics

Every score response says exactly where its number came from:

score_sourceMeaning
deterministicComputed by the versioned rules engine from verified facts. Carries engine_version and facts_snapshot — same facts in, same answer out; the score can be reproduced exactly.
estimateAnalyst assessment (AI-assisted, human-reviewed) used as backfill while deterministic fact collection for this vault completes. No kill-switch map or facts snapshot.
protocol_fallbackVault-level facts incomplete; scored at protocol scope. Explicitly labeled, with missing_vault_fields enumerated — never presented as vault-specific.
pendingNot enough verified evidence to score. score is null — we don't fabricate numbers. Requesting an unknown real vault queues it for evaluation.

Kill-switch checks report TRIGGERED, CLEAR, or NOT_APPLICABLE. NOT_APPLICABLE means the facts to evaluate that condition aren't collected yet — the check honestly reports it did not run, rather than falsely passing.

Worked examples

These are real serializer outputs, regenerated from fixtures by generate-doc-samples.js — the shapes cannot drift from what the API actually returns.

GET /v1/scores/steakhouse-usdc — deterministic score

{
  "vault": "steakhouse-usdc",
  "canonical_id": "morpho:ethereum:0xbeef047a543e45807105e51a8bbefcc5950fcfba",
  "chain": "ethereum",
  "protocol": "morpho",
  "name": "Steakhouse USDC",
  "score": 1.8,
  "band": "low",
  "band_map": "band_map.v1",
  "score_source": "deterministic",
  "methodology": "deterministic_engine",
  "score_scope": "vault",
  "score_status": "scored_vault",
  "factors": {
    "technical": 1.5,
    "financial": 1.7,
    "operational": 1.8,
    "systemic": 2.4,
    "complexity": 2,
    "frontend": 1.6,
    "legal": 2.1,
    "chain": 1
  },
  "kill_switches": {
    "K1": "CLEAR",
    "K2": "CLEAR",
    "K3": "CLEAR",
    "K4": "NOT_APPLICABLE",
    "K5": "CLEAR",
    "K6": "CLEAR",
    "K7": "CLEAR",
    "K8": "CLEAR",
    "K9": "CLEAR",
    "LK1": "NOT_APPLICABLE",
    "LK2": "NOT_APPLICABLE",
    "LK3": "NOT_APPLICABLE",
    "LK4": "NOT_APPLICABLE",
    "LK5": "NOT_APPLICABLE"
  },
  "kill_switches_tripped": 0,
  "missing_fields": [],
  "missing_vault_fields": null,
  "evidence": "/v1/facts/steakhouse-usdc",
  "engine_version": "risk-engine.v2",
  "framework_version": "1.0.0",
  "facts_snapshot": "0x7394f12aa6bcadae84275a8a55d0ceeb306250fee439b32f51d738657f8b49ac",
  "facts_collected_at": "2026-07-15T05:02:11Z",
  "assessed_at": null,
  "scored_at": "2026-07-15T06:15:00Z",
  "stale": false
}

GET /v1/facts/steakhouse-usdc — the evidence trail behind it

{
  "vault": "steakhouse-usdc",
  "canonical_id": "morpho:ethereum:0xbeef047a543e45807105e51a8bbefcc5950fcfba",
  "facts_snapshot": "0x7394f12aa6bcadae84275a8a55d0ceeb306250fee439b32f51d738657f8b49ac",
  "collected_at": "2026-07-15T05:02:11Z",
  "facts_completeness": "complete",
  "facts": {
    "audits": {
      "status": "verified",
      "tier1_count": 4,
      "tier2_count": 0,
      "latest_audit_date": "2026-03-01",
      "source": "curated"
    },
    "contract_verified": {
      "status": "verified",
      "value": true,
      "source": "onchain_probe"
    },
    "upgradeability": {
      "status": "verified",
      "value": "immutable",
      "source": "onchain_probe"
    },
    "timelock": {
      "status": "verified",
      "hours": 48,
      "source": "onchain_probe"
    },
    "admin_control": {
      "status": "verified",
      "value": "dao",
      "source": "onchain_probe"
    },
    "governance": {
      "status": "verified",
      "team_doxxed": true,
      "multisig": "5/9",
      "source": "curated"
    },
    "incidents": {
      "status": "verified",
      "known_exploit": false,
      "unreimbursed_exploit": false,
      "exploit_last_date": null,
      "source": "defillama_hacks"
    },
    "tvl_usd": {
      "status": "verified",
      "value": 312450000,
      "source": "defillama"
    },
    "yield_composition": {
      "status": "verified",
      "real_pct": 5.4,
      "emissions_pct": 0.8,
      "speculative_pct": 0,
      "source": "defillama"
    },
    "chain": {
      "status": "verified",
      "is_mainnet": true,
      "l2beat_stage": null,
      "sequencer_model": null,
      "bridge_control": null,
      "source": "l2beat"
    }
  },
  "pending_fields": [],
  "kill_switches_tripped": 0,
  "engine_version": "risk-engine.v2"
}

GET /v1/scores/newprotocol-usdc — a vault we can't score yet (honest pending, queued for evaluation)

{
  "vault": "newprotocol-usdc",
  "canonical_id": "newprotocol:base:0x1234abcd1234abcd1234abcd1234abcd1234abcd",
  "chain": "base",
  "protocol": "newprotocol",
  "name": "NewProtocol USDC",
  "score": null,
  "band": null,
  "band_map": "band_map.v1",
  "score_source": "pending",
  "methodology": null,
  "score_scope": null,
  "score_status": "pending",
  "factors": null,
  "kill_switches": null,
  "kill_switches_tripped": null,
  "missing_fields": null,
  "missing_vault_fields": null,
  "evidence": "/v1/facts/newprotocol-usdc",
  "engine_version": null,
  "framework_version": null,
  "facts_snapshot": null,
  "facts_collected_at": null,
  "assessed_at": null,
  "scored_at": null,
  "stale": false,
  "collection_queued": true
}

GET /v1/vaults?chain=ethereum&band=low&limit=1 — catalog page with market data

{
  "data": [
    {
      "vault": "steakhouse-usdc",
      "canonical_id": "morpho:ethereum:0xbeef047a543e45807105e51a8bbefcc5950fcfba",
      "name": "Steakhouse USDC",
      "protocol": "morpho",
      "chain": "ethereum",
      "asset": "USDC",
      "vault_address": "0xbeef047a543e45807105e51a8bbefcc5950fcfba",
      "defillama_pool_id": "1c1a3d5c-0000-4000-8000-demo00000000",
      "tvl_usd": 312450000,
      "apy": 6.2,
      "apy_base": 5.4,
      "apy_reward": 0.8,
      "market_data_as_of": "2026-07-15T06:25:00Z",
      "score": 1.8,
      "band": "low",
      "score_source": "deterministic",
      "score_status": "scored_vault",
      "scored_at": "2026-07-15T06:15:00Z",
      "links": {
        "score": "/v1/scores/steakhouse-usdc",
        "facts": "/v1/facts/steakhouse-usdc"
      }
    }
  ],
  "pagination": {
    "next_cursor": "bW9ycGhvOmV0aGVyZXVtOjB4YmVlZg",
    "limit": 50,
    "total": 191
  }
}

Paginating the catalog

Cursors are opaque — always take next_cursor from the response, never construct or modify one. limit caps at 200. A null next_cursor means you have the last page.

let cursor = null;
const vaults = [];
do {
  const url = new URL('https://api.clariq.fi/v1/vaults');
  url.searchParams.set('chain', 'ethereum');
  url.searchParams.set('limit', '200');
  if (cursor) url.searchParams.set('cursor', cursor);
  const res = await fetch(url, {
    headers: { Authorization: `Bearer ${process.env.CLARIQ_API_KEY}` },
  });
  const page = await res.json();
  vaults.push(...page.data);
  cursor = page.pagination.next_cursor;
} while (cursor);

Authentication & keys

Send Authorization: Bearer clq_live_… on every /v1 request. Keys are issued to integration partners by direct engagement — partners@clariq.fi.

Treat keys as secrets: use them server-side only, never in URLs or query strings, and never in client bundles or repositories. To rotate, request a replacement key, run both during your cutover, then ask us to revoke the old one. If a key leaks, report it immediately and we will revoke it.

Rate limits & caching

Every response carries rate-limit headers (X-RateLimit-Limit / -Remaining / -Reset); 429s include Retry-After — honor it and back off. Tiers differ by rate and monthly quota, not by data shape; your tier's numbers are stated in your partner agreement and readable live from the headers.

Responses carry an ETag. Send it back as If-None-Match to get a free 304 Not Modified when nothing changed:

$ curl -i -H "Authorization: Bearer clq_live_…" \
    https://api.clariq.fi/v1/scores/steakhouse-usdc
HTTP/1.1 200 OK
ETag: "9f2b1c8e40aa317d5c6e2b91"
…

$ curl -i -H "Authorization: Bearer clq_live_…" \
    -H 'If-None-Match: "9f2b1c8e40aa317d5c6e2b91"' \
    https://api.clariq.fi/v1/scores/steakhouse-usdc
HTTP/1.1 304 Not Modified

ETags are opaque and per-representation — don't parse them or reuse them across endpoints.

Errors

{ "error": { "code": "not_found", "message": "No vault matches 'x'.", "status": 404 } }

Codes: invalid_request 400 · unauthorized 401 · not_found 404 · ambiguous_identifier 409 · rate_limited / quota_exceeded 429 · internal 500 · early_access 501.

Versioning & deprecation

The API is URL-versioned; the current version is /v1. Within v1, changes are additive: new response fields, new enum values, and new optional query parameters may appear — write clients that tolerate unknown fields. Breaking changes ship as a new URL version (/v2) with at least six months of overlap and advance notice to every key holder.

The scoring methodology is versioned independently of the API surface — engine_version, framework_version, and band_map are reported on every response. A methodology revision is not an API version bump; record those fields alongside any score you store.

Service health

GET /livez and GET /readyz are unauthenticated and suitable for uptime monitors. livez reports process liveness; readyz returns 200 only when scored data is present and fresh (refreshed within 24h), 503 otherwise.

Methodology

The qualitative framework — eight factors, kill switches, honesty guarantees, the facts pipeline — is public: methodology whitepaper. The quantitative specification (numeric factor weights, per-factor scoring bands, and kill-switch trigger thresholds) is proprietary and available to enterprise partners under NDA. The output band mapping (band_map.v1, table above) is public and versioned.

© 2026 clariq.fi — risk intelligence infrastructure. ClariQ provides informational risk analytics to businesses — not investment, financial, or legal advice. ClariQ is never compensated by the protocols it scores.