# Glacier21 Dashboard

> The Glacier21 user dashboard. Sign in, mint API keys, run wallet searches,
> watch usage, and manage billing. Backed by api.glacier21.com: off-chain
> wallet attribution across 35+ chains, 200M+ labeled wallets.

## Discovery

- [API catalog (RFC 9727)](https://dashboard.glacier21.com/.well-known/api-catalog)
- [OAuth metadata (RFC 8414)](https://dashboard.glacier21.com/.well-known/oauth-authorization-server)
- [OAuth protected resource (RFC 9728)](https://dashboard.glacier21.com/.well-known/oauth-protected-resource)
- [MCP server card](https://dashboard.glacier21.com/.well-known/mcp/server-card.json): live MCP endpoint at `POST https://dashboard.glacier21.com/api/mcp` (Streamable HTTP, JSON-RPC 2.0)
- [Agent skills index](https://dashboard.glacier21.com/.well-known/agent-skills/index.json)
- [ACP discovery](https://dashboard.glacier21.com/.well-known/acp.json)
- [OpenAPI 3.1 spec](https://dashboard.glacier21.com/openapi.json)
- [Web Bot Auth keys](https://dashboard.glacier21.com/.well-known/http-message-signatures-directory)
- [robots.txt + Content-Signal](https://dashboard.glacier21.com/robots.txt)

## Capabilities

- **register_account** (Register a new Glacier21 account): Self-serve signup for autonomous agents. Creates a brand-new account with the supplied email and password. Returns `{access_token, token_type}` — extract `access_token` and pass it as `Authorization: Bearer <token>` on every subsequent authenticated tool call. The token is valid for 24 hours. IMPORTANT: the trial 10 wallet lookups unlock only after the email is verified. Verify by hitting `POST /auth/verify` with the `token` from the welcome email; agents that can't read email should hand off to the human at this step.
- **login** (Sign in and get a Bearer token): Exchange an email and password for a 24-hour Bearer JWT. Returns `{access_token, token_type}`. Pass `access_token` in the `Authorization: Bearer <token>` header on every authenticated tool call.
- **verify_email** (Verify the account's email with a token): Confirm the email address on a freshly-registered account using the verification token from the welcome email. Required before wallet search and AWS-backed API key issuance unlock. Body: `{token}`.
- **logout** (Discard the current Bearer token): Acknowledges that the agent will drop the bearer token on its end. JWTs are stateless, so there's no server session to delete; this exists so the OAuth `revocation_endpoint` advertised in `/.well-known/oauth-authorization-server` resolves to a real URL.
- **search_wallet** (Search a wallet address): Look up identity, social handles, owned assets, sanctions exposure, and other off-chain signals for any blockchain wallet address.
- **get_usage_stats** (Get current usage and quota): Returns requests made this period, monthly limit (including referral bonuses), and billing-period dates.
- **list_api_keys** (List API keys): Return every API key on the account with active/revoked status and usage timestamps.
- **create_api_key** (Create an API key): Mint a new AWS-API-Gateway-backed key. The full key value is returned exactly once.
- **revoke_api_key** (Revoke an API key): Disable an API key in AWS API Gateway and mark it inactive on the account.
- **list_plans** (List subscription plans): Returns the public catalog of plans (Free, Frost, Iceberg, Avalanche) with pricing and request quotas.
- **subscribe_to_plan** (Subscribe to a paid plan): Creates a Stripe Checkout session for the chosen plan and returns a hosted checkout URL the agent can complete with a card-on-file or x402 / MPP payment. Self-serve tiers: Frost ($499/mo, 10K lookups/mo) and Iceberg ($2,499/mo, 300K lookups/mo). Avalanche is enterprise-only; call list_plans for the contact path.
- **get_subscription** (Get current subscription): Returns the active Stripe subscription, plan tier, status, and renewal date.
- **cancel_subscription** (Cancel subscription): Cancels the subscription at period end. Access remains until the current period closes.

## Auth

Glacier21 uses Bearer JWTs minted by `POST https://app-api.glacier21.com/auth/login` with
an email/password body. Tokens last 24 hours and carry `iss`,
`aud`, `iat`, `nbf`, and `exp` claims (HS256). Pass them as
`Authorization: Bearer <token>` on every authenticated dashboard call.

Self-serve registration is at `POST https://app-api.glacier21.com/auth/register`. The
returned JWT is immediately usable, but **wallet search and additional
API key creation unlock only after the email is verified** (`POST
https://app-api.glacier21.com/auth/verify` with the token from the welcome email). On
verification a 10-request trial API key is provisioned automatically.

The `X-API-Key` header is for direct consumption of the wallet
*Lambda* at `api.glacier21.com/v1/wallet`, not for the dashboard
endpoints documented here. Mint one at `POST https://app-api.glacier21.com/api-keys/`
(JWT auth required, paid plans only).

## Payments

The subscribe path supports three rails:

1. **Stripe Checkout**: `POST /billing/create-checkout-session` returns a
   hosted URL for human or agent completion.
2. **x402**: `POST https://dashboard.glacier21.com/api/x402/subscribe` returns 402
   with payment requirements an agent can fulfil with USDC on Base.
3. **MPP**: every payable operation in `openapi.json` carries an
   `x-payment-info` extension.

## Full document

See [llms-full.txt](https://dashboard.glacier21.com/llms-full.txt) for the complete
documentation in one file.