OnRampDLT Developer Docs

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

POST /api/auth/signup

Create a new user account. Returns a JWT and user record. Supports optional Cloudflare Turnstile verification.

{ "success": true, "token": "eyJ...", "user": { "id": 42, "email": "user@example.com" } }

POST /api/auth/login

Authenticate an existing user. Rate-limited to 5 attempts per 15 minutes per IP.

{ "success": true, "token": "***", "user": { "id": 42, "email": "user@example.com" } }

POST /api/auth/logout

Revoke the current JWT and clear the auth cookie. The token is immediately invalid on all subsequent requests — both Bearer header and cookie — regardless of remaining expiry. Revocation is enforced server-side via a KV blacklist with TTL matching the token's remaining validity.

{ "success": true }

POST /api/auth/resend-verification

Resend the email verification link to a registered email address. Intended for use when POST /api/auth/login returns HTTP 403 with email_unverified: true. No authentication is required — this endpoint is pre-login. To prevent user enumeration, the response is always { "success": true } regardless of whether the email exists on the platform.

{ "success": true, "message": "If that email is registered and unverified, a verification link has been sent." }

GET /api/auth/me

Return the authenticated user's profile, tier, KYC status, and token mint count. Requires a valid JWT.

{
  "id": 42,
  "email": "user@example.com",
  "tier": "investor",
  "first_name": "Jane",
  "last_name": "Smith",
  "display_name": "JaneSmith",
  "mintCount": 0,
  "kyc_status": "verified",
  "accredited_investor": true,
  "created_at": "2026-04-01T00:00:00Z"
}

PUT /api/auth/me

Update the authenticated user's display profile. Returns the updated user object in the same shape as GET /api/auth/me.

{ "id": 42, "email": "user@example.com", "tier": "investor", "first_name": "Jane", "last_name": "Smith", "display_name": "JaneSmith", ... }

GET /api/tier/features

Return the feature flag set for the authenticated user's current tier. Useful for gating UI elements without re-checking tier strings.

{
  "tier": "investor",
  "can_invest": true,
  "token_issuance": false,
  "bonds_506b": false,
  "bonds_506c": false,
  "api_access": false,
  "wallet_limit": 1,
  "team_seats": 0
}

XAMAN Wallet Authentication

XAMAN (formerly XUMM) is used for QR-based XRPL wallet authentication. Create a payload, display the QR or deep link, then poll status until the user signs.

POST /api/auth/xaman/payload

{
  "uuid": "599f5ffc-a258-4662-8b91-2aebffa63045",
  "qr_png": "https://xumm.app/sign/599f5ffc-a258-4662-8b91-2aebffa63045_q.png",
  "deep_link": "https://xumm.app/sign/599f5ffc-a258-4662-8b91-2aebffa63045"
}

GET /api/auth/xaman/status/:uuid

{ "status": "pending" }

{ "status": "resolved", "account": "rJtG6NREp9FSnKRra7ADmbM5vtw5jAqFDF" }

KYC & Accreditation API

The KYC API records accreditation self-certifications for 506(b) bond subscriptions. Full Stripe Identity verification ($6 add-on) is required for 506(c) bond access. Auth required for all endpoints.

GET /api/kyc/status

{
  "kyc_status": "not_started",
  "accredited_investor": false,
  "accredited_method": null,
  "kyc_verified_at": null,
  "kyc_expires_at": null,
  "days_until_expiry": null
}

POST /api/kyc/self-certify

Submit accredited investor self-certification. Creates a verifiable on-platform record with timestamp and IP. Required before subscribing to 506(b) bond offerings.

{
  "success": true,
  "kyc_status": "verified",
  "accredited_method": "self_cert",
  "message": "Self-certification complete. You can now subscribe to 506(b) bond offerings you have been invited to."
}

Wallet Management

Register and manage XRPL wallets associated with a user account. Wallet limits are enforced by tier. Auth required for all endpoints.

GET /api/wallets

{ "wallets": [
  {
    "id": 1,
    "xrpl_address": "rJtG6NREp9FSnKRra7ADmbM5vtw5jAqFDF",
    "label": "My Main Wallet",
    "wallet_type": "xaman",
    "network": "mainnet",
    "is_default": 1,
    "verified": 1,
    "created_at": "2026-04-01T00:00:00Z"
  }
] }

POST /api/wallets

Register a new XRPL wallet. Requires Starter tier or above. Wallet limits: free=0, starter=1, pro=3, business=10.

{ "success": true, "wallet": { "id": 1, "xrpl_address": "rXXX...", "label": "My Wallet", "wallet_type": "xaman", "network": "testnet", "is_default": 1 } }

Issuer Profile

Issuer profiles are public-facing company records that appear on bond listings and investor due diligence pages. Auth required to create or update.

GET /api/issuer/profile

{ "profile": { "company_name": "Acme Capital LLC", "tagline": "Real Assets, Real Returns", "description": "...", "website_url": "https://acme.com", "logo_url": null, "linkedin_url": null, "twitter_url": null, "verified": false } }

POST /api/issuer/profile & PUT /api/issuer/profile

Create or update the issuer profile. Both methods perform an upsert. Auth required.

{ "success": true, "profile": { "company_name": "Acme Capital LLC", ... } }

POST /api/issuer/wallet

Register a Xaman XRPL wallet as the authenticated user's bond issuer wallet. Each account can have one issuer wallet. The wallet must be funded with at least 12 XRP before bonds can be activated.

{
  "id": "a1b2c3d4e5f6",
  "xrplAddress": "rXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "funded": false,
  "message": "Fund with at least 12 XRP before activating bonds.",
  "nextStep": "Enable DefaultRipple via Xaman, then POST /api/bonds",
  "xamanAccountSet": {
    "txjson": { "TransactionType": "AccountSet", "Account": "rXXX...", "SetFlag": 8 },
    "instructions": "Sign in Xaman to enable token issuance"
  }
}

GET /api/issuer/wallet

Retrieve the authenticated user's registered issuer wallet, including live XRP balance fetched from XRPL and bond count.

{
  "id": "a1b2c3d4e5f6",
  "xrplAddress": "rXXX...",
  "funded": true,
  "xrpBalance": 45.12,
  "accountExists": true,
  "minRequired": 12,
  "bondCount": 2,
  "xrplExplorer": "https://livenet.xrpl.org/accounts/rXXX..."
}

POST /api/mint

Mint a new XRPL token. Free-tier accounts are limited to 1 token. Pro accounts have unlimited issuance. The API records the mint and returns a transaction reference.

{
  "success": true,
  "token": {
    "name": "MyToken",
    "symbol": "MTK",
    "network": "xrpl",
    "txHash": "xrpl_1711234567890_a1b2c3"
  }
}

GET /api/mints

List all token mints for the authenticated user, ordered by creation date descending.

[
  {
    "id": 1,
    "token_name": "MyToken",
    "token_symbol": "MTK",
    "network": "xrpl",
    "tx_hash": "xrpl_1711234567890_a1b2c3",
    "created_at": "2026-01-15T10:30:00Z"
  }
]

Bond Platform

The bond platform enables Reg D-compliant private bond offerings on the XRPL. Bonds are represented as XRPL trust lines — investors hold bond tokens issued by the offering wallet. All signing is done client-side via Xaman; the API only records metadata and verifies payments on-chain.

POST /api/bonds

Create a new bond offering in draft status. The bond is not visible to investors until activated.

{
  "id": "a1b2c3d4e5f67890",
  "status": "draft",
  "name": "Series A Bond",
  "ticker": "SRAB",
  "tickerHex": "5352414200000000000000000000000000000000",
  "totalUnits": 1000,
  "priceXrp": 100,
  "interestRateBps": 800,
  "termDays": 365,
  "paymentSchedule": "quarterly",
  "metrics": {
    "totalRaiseXrp": 100000,
    "annualInterestXrp": "8000.00",
    "totalXrpRewardPool": "500.00",
    "recommendedWalletFunding": 8520
  },
  "nextStep": "Fund your issuer wallet with at least 520 XRP, then PUT /api/bonds/:id/activate"
}

GET /api/bonds

List bonds by status. Defaults to active. Returns up to 50 bonds.

{ "bonds": [ { ... } ], "count": 3 }

GET /api/bonds/mine

List all bonds created by the authenticated issuer.

{ "bonds": [ { ... } ], "count": 2 }

GET /api/bonds/my-investments

Return all bond subscriptions belonging to the authenticated user, joined with bond details. No tier gate — available to any authenticated user regardless of current plan, including Free accounts. This endpoint is intentionally ungated so that lapsed Investor subscribers retain permanent access to their holding records.

{
  "investments": [
    {
      "subscription_id": 1,
      "bond_id": "a1b2c3d4",
      "investor_address": "rXXX...",
      "amount": "500.00",
      "tx_hash": "ABCD1234...",
      "subscription_status": "confirmed",
      "subscribed_at": "2026-04-01T00:00:00Z",
      "bond_name": "Series A Bond",
      "symbol": "SRAB",
      "bond_type": "506b",
      "interest_rate": "8.00",
      "duration_months": 24,
      "bond_status": "active",
      "issuer_address": "rISSUER...",
      "network": "mainnet"
    }
  ],
  "count": 1
}

GET /api/bonds/:id

Public bond detail view. Includes holder count, amount raised, payment schedule, and subscription instructions when the bond is active.

{
  "id": "a1b2c3d4e5f67890",
  "status": "active",
  "name": "Series A Bond",
  "holderCount": 12,
  "amountRaisedXrp": "12000.00",
  "payments": [ { "type": "interest", "scheduledDate": "...", "xrpPerUnit": "2.00", "status": "pending" } ],
  "subscribeInstructions": {
    "step1": "Sign a TrustSet to the issuer for the bond currency",
    "step2": "Send 100 XRP per unit to the issuer wallet",
    "step3": "POST /api/bonds/:id/subscribe with address, units, and payment tx hash"
  }
}

PUT /api/bonds/:id/activate

Activate a draft bond and open it for subscriptions. The issuer must sign an AccountSet transaction (SetFlag 8 — DefaultRipple) in their XRPL wallet and submit the transaction hash. DefaultRipple is required on the issuer wallet before bond tokens can be distributed to investors. Verifies the issuer wallet is funded with at least 12 XRP. Builds the full payment schedule on activation. Bond moves from draft to active status. Auth required — issuer must own the bond.

{
  "success": true,
  "bond": {
    "id": "a1b2c3d4e5f67890",
    "status": "active",
    "opensAt": "2026-04-01T00:00:00Z",
    "closesAt": "2026-05-01T00:00:00Z",
    "maturesAt": "2027-04-01T00:00:00Z",
    "paymentCount": 4,
    "bondPageUrl": "https://onrampdlt.io/bonds/a1b2c3d4e5f67890"
  }
}

POST /api/bonds/:id/subscribe

Record an investor subscription after setting a TrustLine and sending XRP payment. Auth required — unauthenticated calls return 401. The subscriber must have at least an Investor tier account ($49/yr), or any paid issuer plan (Starter+). Free accounts return 403. The API verifies the payment transaction on XRPL before recording the subscription and populates the user_id FK on the subscription record.

{
  "success": true,
  "bondId": "a1b2c3d4e5f67890",
  "holderAddress": "rXXX...",
  "units": 5,
  "xrpInvested": 500,
  "xrpRewardExpected": "25.0000 XRP",
  "message": "Subscribed to 5 unit(s). The issuer will send you tokens and reward."
}

GET /api/bonds/:id/xaman/:step

Generate Xaman-ready transaction payloads for issuer operations. Returns the raw txjson to sign in Xaman. Auth required — only the bond issuer can access these.

{
  "step": "send-tokens",
  "instructions": "Sign each transaction in Xaman to deliver SRAB bond tokens to investors",
  "count": 12,
  "transactions": [
    {
      "holderAddress": "rXXX...",
      "units": 5,
      "txjson": {
        "TransactionType": "Payment",
        "Account": "rISSUER...",
        "Destination": "rXXX...",
        "Amount": { "currency": "5352414200...", "issuer": "rISSUER...", "value": "5" }
      }
    }
  ]
}

Billing

Billing is powered by Stripe. Subscriptions upgrade users from the free tier to Pro or Business. All billing management is handled through the Stripe Customer Portal.

POST /api/subscribe

Create a Stripe Checkout session for upgrading to a paid tier. Returns a checkout URL to redirect the user.

{ "checkoutUrl": "https://checkout.stripe.com/...", "sessionId": "cs_live_..." }

GET /api/manage-billing

Redirect the authenticated user to their Stripe Customer Portal to manage their subscription, payment method, or view invoices. Returns a 302 redirect.

POST /api/stripe/webhook

Stripe webhook receiver. Handles subscription lifecycle events from Stripe and updates user tier accordingly. This endpoint is called by Stripe — not by API clients directly. All events are verified against the STRIPE_WEBHOOK_SECRET before processing. STRIPE_WEBHOOK_SECRET is required — the Worker hard fails at startup if absent.

Security

Authentication & Sessions

• JWT (HS256): Tokens are signed with a server-held secret. Expiry is 30 days, but tokens are validated server-side on every request — a logged-out token is immediately invalid regardless of expiry.
• Password hashing: PBKDF2/SHA-256 via Web Crypto API. Plaintext passwords are never stored, logged, or transmitted after the point of hashing.
• User enumeration protection: Login returns HTTP 401 with a generic message for both email-not-found and wrong-password. Prevents attackers from confirming whether an email is registered.
• JWT revocation: Logout stores the token in a Cloudflare KV revocation list with TTL equal to the token's remaining validity period. All subsequent requests — Bearer header or cookie — are checked against this blacklist before JWT signature verification. Logged-out tokens are immediately and permanently rejected regardless of expiry.

Transport & CORS

• HTTPS enforced via Cloudflare. All traffic is TLS-encrypted at the edge.
• CORS origins: onrampdlt.io, www.onrampdlt.io, onrampdlt.com, www.onrampdlt.com only. Credentials permitted via Access-Control-Allow-Credentials: true.
• Cookie flags: auth_token is set with HttpOnly; Secure; SameSite=None. HttpOnly prevents JavaScript access. Secure restricts to HTTPS.

Non-Custodial Architecture

• Private keys: Never requested, stored, transmitted, or accessible by the platform. All XRPL signing is performed client-side through Xaman.
• Transaction flow: The API constructs txjson and returns it. The user signs in Xaman. The signed transaction is broadcast to the XRPL directly from the client — the platform never submits transactions on behalf of users.
• Fund custody: XRP subscription payments flow directly between investor and issuer XRPL wallets. The platform does not hold or intermediate these payments.

Payment Verification

Subscription payments (POST /api/bonds/:id/subscribe) are verified against the XRPL before any holding is recorded. The check confirms: transaction type is Payment, destination matches the bond issuer address, sender matches holderAddress, result is tesSUCCESS, and XRP amount is within 2% tolerance of expected. The tolerance prevents minor rounding discrepancies from blocking legitimate subscriptions.

Infrastructure

• Runs as a Cloudflare Worker at the edge — no traditional application server.
• Data stored in Cloudflare D1 (SQLite) and Cloudflare KV. No third-party databases hold user data outside Cloudflare and Stripe.
• Cloudflare Turnstile bot protection on auth endpoints when configured.

Required Secrets

The following environment secrets must be set on the Cloudflare Worker. The Worker performs a hard startup failure if any required secret is absent — it will not serve requests in a degraded state.

Error Codes

All error responses return JSON with an error field. The HTTP status indicates the category of failure.

{ "error": "Human-readable description of what went wrong" }

KYC & Compliance

What OnRampDLT Verifies vs. Does Not Verify

Reg D Requirements by Offering Type

Legal & Compliance

Platform Role

OnRampDLT is a software-as-a-service technology platform. Its functions are limited to providing software tools, recording offering metadata, generating Xaman-compatible XRPL transaction payloads for client-side signing, and verifying that XRPL payment transactions exist on-chain.

OnRampDLT does not:

• Act as a broker-dealer, placement agent, investment adviser, or transfer agent.
• Custody, control, or transmit investor or issuer funds. All XRP flows directly between XRPL wallets without platform intermediation.
• Control private keys. All XRPL signing is performed by the user through Xaman.
• Determine investor suitability, accredited investor status, or eligibility.
• Provide investment advice or recommendations regarding any offering.
• Guarantee the performance, repayment, or legitimacy of any offering.
• File regulatory documents (Form D, state notices) on behalf of issuers.

Regulation D Requirements

Rule 506(b) — Private Offerings

• No general solicitation or advertising. Offering must be made to investors with whom the issuer has a pre-existing substantive relationship.
• Up to 35 non-accredited sophisticated investors; unlimited accredited investors. Non-accredited investors must receive disclosure documents equivalent to a registered offering.
• Form D must be filed with the SEC within 15 days of first sale.

Rule 506(c) — General Solicitation Permitted

• General solicitation and advertising expressly permitted.
• All investors must be accredited. Issuers must take reasonable steps to verify — self-certification alone is not sufficient. Acceptable methods: written confirmation from registered broker-dealer, SEC-registered investment adviser, licensed attorney, or CPA; review of tax returns, W-2s, or financial statements; or third-party verification service.
• Form D must be filed within 15 days of first sale. An amendment noting general solicitation must be filed before or concurrent with any solicitation.

Form D

File electronically through SEC EDGAR within 15 calendar days of first sale. Failure to file may result in loss of the exemption. The platform does not file Form D on behalf of issuers.

Resale Restrictions

Securities sold under Reg D are restricted securities under Rule 144. Investors may not resell without: a satisfied holding period (1 year for non-reporting issuers), and satisfaction of Rule 144 conditions, or a separate registration or exemption. Issuers must ensure investors receive written notice. Subscription agreements should include a restrictive legend.

Bad Actor Disqualification (Rule 506(d))

Issuers must verify no "covered person" — the issuer entity, its directors, officers, 20%+ beneficial owners, placement agents and affiliates — is subject to a disqualifying event (SEC orders, criminal convictions, court injunctions, regulatory sanctions). Diligence must be performed before first sale and periodically thereafter. The platform does not perform this check.

Investor Protections & Disclosures

• Risk of loss: Investment in private bond offerings involves substantial risk, including total loss of principal. These are illiquid, unregistered securities.
• No secondary market: There is no guaranteed secondary market for bond tokens. Investors should expect to hold until maturity.
• No SIPC/FDIC protection: Investments are not bank deposits and are not insured by the FDIC, SIPC, or any government agency.
• Issuer default risk: The platform does not guarantee any issuer's ability to make payments or repay principal and has no recourse mechanism against defaulting issuers.
• Technology risk: XRPL transactions are irreversible once confirmed. Loss of wallet access, incorrect addresses, or XRPL network events are outside the platform's control.
• Regulatory risk: The regulatory treatment of blockchain-based securities is evolving. Changes in law or interpretation could affect the legality or operation of offerings.

Data & Privacy

Glossary

Changelog

Versioning Policy

The API follows semantic versioning. Breaking changes (removed fields, changed response structures, deleted endpoints) will increment the major version with a minimum 90-day deprecation notice. Additive changes (new endpoints, new optional fields) are non-breaking. All endpoints are currently under v1 — no version prefix is required in the URL path.