DOCUMENTATION

Build with Glacier21.

One endpoint, every wallet. Real-time identity, attribution, sanctions exposure, and social handles across 35+ chains. The same data we run our white-glove investigations on, served over a clean REST API.

Get started OpenAPI 3.1

01 · Quickstart

Quickstart

You can be calling the API in about ninety seconds.

Create a free account and verify your email. Every account ships with 10 free wallet lookups, no credit card.
Mint an API key on the API keys page. The full key value is shown exactly once. Copy it and store it somewhere private.
Call the endpoint. The example below returns every column the platform has on Vitalik's primary address.

curl

curl -X POST https://api.glacier21.com/v1/wallet \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $GLACIER21_API_KEY" \
  -d '{"wallet": "0xd8da6bf26964af9d7eed9e03e53415d37aa96045"}'

The endpoint accepts EVM and Solana addresses. The chain is detected automatically. Database-cached results return in under 100 ms; cold scrapes typically resolve in 3 to 8 seconds.

02 · Authentication

Authentication

Every request to https://api.glacier21.com/v1/wallet must include an X-API-Key header. Keys are minted and revoked from the dashboard. Each key is bound to one account and counts against that account's monthly quota.

headers

X-API-Key: g21_live_4f8c...d2a1
Content-Type: application/json

Keep keys server-side.

Never embed a key in client-side JavaScript or commit one to a public repo. Use environment variables or a secret manager. Compromised keys can be revoked from /api-keys and rotate immediately.

The dashboard UI itself uses a short-lived Bearer JWT issued by POST /auth/login. That flow is documented in the OpenAPI spec; for direct API consumption you only need the API key.

03 · Wallet lookup

Wallet lookup

POSThttps://api.glacier21.com/v1/wallet

The wallet lookup endpoint is the core of the API. Send an address; receive a unified profile that merges on-chain attribution with off-chain identity signals.

Request body

application/json

{
  "wallet": "string",            // required: an EVM (0x...) or Solana address
  "columns": [
    // Identity
    "wallet", "identity", "tags", "aka", "legalName", "bios",
    "location", "associations", "socialHandles", "emailAddress",
    "phoneNumber", "dateOfBirth",
    // Owned things
    "ownedAssets", "domain", "holdings", "nft", "profileUrl",
    // Documents
    "associatedDocuments", "documentDescription",
    // Sanctions / law enforcement
    "sanctionedBanned", "sanctionList", "sanctionReason",
    "lawEnforcement",
    // Exploits
    "exploitHack", "exploitDescription", "exploitType",
    "exploitAmount", "exploitRole", "exploitName",
    // Context
    "relationship", "verification", "communication", "misc"
  ]
}

columns is optional. Omit it to receive the full profile. Include only the columns you need to reduce response size on high-volume integrations. The Lambda always reads the entity once from DynamoDB, so requesting fewer columns has no effect on query cost or latency, only on response payload. See the column reference below.

04 · Columns

Columns

Every column is best-effort. When we have no data for a column on a given address, we omit it from the response rather than returning null noise.

Identity12 columns

`wallet`	The address you sent in, echoed back so batch callers can match rows to inputs.
`identity`	Best-effort real name or canonical entity label (e.g. `Vitalik Buterin`, `Pump.fun AMM`).
`tags`	Short category labels like `exchange`, `meme`, `mixer`, `bridge`, `treasury`.
`aka`	Also-known-as aliases and on-chain handles attributed to the address.
`legalName`	Real legal name when a primary source (indictment, court filing, sanctions list) has disclosed it.
`bios`	Free-text bio or description collected from labelers and public profiles.
`location`	Country or city for the entity.
`associations`	Other named entities the address is linked to (DAOs, companies, funds).
`socialHandles`	Twitter / X, Telegram, Discord, GitHub, Farcaster and other handles tied to the address.
`emailAddress`	Contact email for the entity.
`phoneNumber`	Contact phone for the entity.
`dateOfBirth`	Reported DOB for named individuals. Often unavailable.

Owned things5 columns

`ownedAssets`	Notable on-chain holdings and websites the entity controls.
`domain`	Domains and domain names attributed to the entity (typed `domain` / `domainName` records).
`holdings`	Tokens and token contracts the entity is known to hold.
`nft`	NFTs, NFT collections, and NFT contracts attributed to the entity.
`profileUrl`	Direct links to off-chain profiles attributed to the entity.

Documents2 columns

`associatedDocuments`	Filings, court documents, indictments, sanctions notices, and other primary sources.
`documentDescription`	Narrative description from each source document (the source citation prose, not just the doc ID).

Sanctions4 columns

`sanctionedBanned`	OFAC, EU, UK, and platform bans attributed to the address. Also populates heuristically from `documentDescription` content.
`sanctionList`	Specific sanctions lists the entity appears on (OFAC SDN, EU, UN, etc.).
`sanctionReason`	Stated reason / executive order under which the sanction was applied.
`lawEnforcement`	Law-enforcement flags distinct from sanctions (FBI Most Wanted, Interpol notices, active investigations).

Exploits6 columns

`exploitHack`	Aggregate exploit signal. Catches every exploit-family attribute so a single field captures the incident.
`exploitDescription`	Free-text incident narrative.
`exploitType`	Type of incident: ransomware, bridge hack, rugpull, state actor, etc.
`exploitAmount`	Dollar value or token amount stolen / moved in the incident.
`exploitRole`	Role this address played in the incident (attacker, intermediate hop, recipient, victim).
`exploitName`	Named incident (e.g. `Ronin Bridge Hack`, `Wormhole Exploit`, `Locky`).

Context4 columns

`relationship`	Group memberships and structured relationships (Galxe Space membership, DAO roles, etc.).
`verification`	Verification and trust flags (Galxe verified, Blockscout verified contract, whitelist status).
`communication`	Free-form descriptive content from sources.
`misc`	Catch-all bucket for signals that don't fit a structured column (balances, deploy hashes, ad-hoc notes).

05 · Response shape

Response shape

The response is a JSON object with a message string and a data array. The array always contains exactly one entry for the requested address.

200 OK · application/json

{
  "message": "Wallet found",
  "data": [
    {
      "wallet": "0xd8da6bf26964af9d7eed9e03e53415d37aa96045",
      "identity": "Vitalik Buterin",
      "tags": ["co-founder", "ethereum"],
      "aka": ["vitalik.eth", "VitalikButerin"],
      "bios": ["Co-founder of Ethereum. Writes at vitalik.eth.limo."],
      "location": "Switzerland",
      "associations": ["Ethereum Foundation"],
      "socialHandles": {
        "twitter": "https://x.com/VitalikButerin",
        "github":  "https://github.com/vbuterin",
        "website": "https://vitalik.eth.limo"
      },
      "ownedAssets": ["vitalik.eth", "vitalik.eth.limo"],
      "misc": ["ENS primary: vitalik.eth"]
    }
  ]
}

Source attribution

Responses are served from our cache when fresh data exists. When the cache is cold or stale, the lookup transparently runs live scrapers in parallel, writes the result back to the cache, and returns the merged profile in the same request. Whether a given response was a cache hit or a fresh scrape is logged but not surfaced in the response body.

06 · Errors and rate limits

Errors and rate limits

The API uses standard HTTP status codes. Errors return a JSON body with a message field describing what went wrong.

Status	Meaning
200	Wallet found. Data array contains one merged profile.
400	Malformed request: missing `wallet`, or the address failed chain detection.
401	Missing or invalid `X-API-Key` header.
403	Key is revoked or the owning account is suspended.
429	Monthly quota or per-day burst limit reached. Upgrade or wait for the next period.
5xx	Upstream scraper or infrastructure failure. Safe to retry with exponential backoff.

Monthly quotas track to your plan. You can monitor consumption in real time on /usage.

07 · AI-native discovery

AI-native discovery

Glacier21 publishes a full agent-native surface so autonomous agents can find, understand, and pay for the API without a human in the loop. Point your agent or MCP-aware client at the URLs below.

OpenAPI 3.1 spec

Machine-readable description of every endpoint, with x-payment-info on paid operations.

dashboard.glacier21.com/openapi.json

MCP server card

Lets MCP-aware agents auto-discover the tools we expose without scraping the docs.

dashboard.glacier21.com/.well-known/mcp/server-card.json

Agent skills index

Agent Skills v0.2.0 manifest pointing to per-skill markdown at /skills/{name}.

dashboard.glacier21.com/.well-known/agent-skills/index.json

llms.txt

llmstxt.org index for crawlers; pair with /llms-full.txt for the long-form briefing.

dashboard.glacier21.com/llms.txt

The MCP endpoint at https://dashboard.glacier21.com/api/mcp speaks JSON-RPC 2.0 over Streamable HTTP (MCP protocol 2025-06-18). Paid operations declare prices via x-payment-info in the OpenAPI spec and a matching https://dashboard.glacier21.com/api/x402/subscribe challenge endpoint for x402 payment.

08 · Support

Support

Stuck on something the docs don't answer? We answer email fast.

Email support See pricing