Platform

Overview

How It Works

Beneficiary Identity

Policy Corridors

Deterministic Finality

Architecture

Security Model

Governance

Integration
Solutions

Corridors Overview

Institutional Overview

Pricing

All Scenarios

Humanitarian Impact Fund
Assurance

Technical Assurance

Verify Receipt

Receipt Example
Developers

Documentation

APIs & Bridges

Architecture Docs

Glossary

BID API
Company

About

Team

Partners

Roadmap

Investors

Contact

Blog

All Documentation
Schedule Consultation
← Back to Documentation
Ledger API v1.0 All Documentation →

Ledger API Specification

Complete API reference for the JIL Sovereign L1 Ledger: account registration, balance queries, signed payment transactions, finality proofs, compliance controls, AMM v5 operations, and governance actions. The programmable interface to institutional settlement infrastructure.

API Reference JIL Sovereign February 2026 Port 8000

Overview

The JIL Sovereign Ledger API provides direct programmatic access to the settlement engine. All state reads, transaction submissions, compliance actions, and AMM operations route through the ledger-router at port 8000, which delegates to the Rust-based jil5600-core ledger engine. Transactions require WebAuthn (Passkey P-256) or Ed25519 signatures and are validated by a 14-of-20 validator quorum across 13 jurisdictions.

Base URLs

EnvironmentBase URL
Productionhttps://ledger.jilsovereign.com
Devnethttps://devnet-ledger.jilsovereign.com
Local (Docker)http://ledger-router:8000

Protocol

PropertyValue
TransportHTTPS (TLS 1.3 required in production)
Content Typeapplication/json
Character EncodingUTF-8
Date FormatISO 8601 (2026-02-19T14:30:00.000Z)
Amount PrecisionNumeric (smallest unit) or string-encoded decimals
Auth ModelWebAuthn Passkey (P-256) or Ed25519 per-transaction signing
Devnet Access: Contact developers@jilsovereign.com to provision your devnet credentials and enable the development faucet endpoint before integrating.

Account State

GET /state/accounts/{id}

Get a specific account by ID with full details including authentication configuration, zone assignment, and account status.

Path Parameters

ParameterTypeRequiredDescription
idstringrequiredAccount identifier (e.g. "acc_abc123")

Response (200 OK)

{ "account_id": "acc_abc123", "zone_id": "protected", "status": "active", "auth": { "type": "passkey_p256", "public_key_b64u": "base64url-encoded-public-key" }, "nonce": 42, "created_at": "2026-01-15T10:00:00.000Z" }

GET /state/accounts/{id}/balances

Get account balances for all assets held by the account.

Path Parameters

ParameterTypeRequiredDescription
idstringrequiredAccount identifier

Response (200 OK)

[ { "asset": "JIL", "amount": 1000.00 }, { "asset": "USDC", "amount": 500.00 }, { "asset": "jBTC", "amount": 0.25 } ]

GET /state/accounts/{id}/nonce

Get the current nonce for an account. The nonce must be included in every signed transaction to prevent replay attacks.

Path Parameters

ParameterTypeRequiredDescription
idstringrequiredAccount identifier

Response (200 OK)

{ "account_id": "acc_abc123", "nonce": 42 }

POST /accounts/register

Register a new account on the ledger with optional authentication configuration and zone assignment.

Request Body

FieldTypeRequiredDescription
account_idstringrequiredUnique account identifier
zone_idstringoptionalZone assignment (default: "unprotected")
authAccountAuthoptionalPasskey P-256 or Ed25519 auth configuration

Response (200 OK)

{ "ok": true, "account_id": "acc_abc123", "zone_id": "unprotected" }

Transactions

POST /tx/payment

Submit a signed payment transaction. Requires a WebAuthn (Passkey P-256) or Ed25519 signature over the transaction payload. The ledger validates the signature, checks the nonce, enforces compliance policy, and applies the state transition atomically.

Request Body

FieldTypeRequiredDescription
network_idstringrequiredNetwork identifier (e.g. "devnet", "jil-mainnet-1")
fromstringrequiredSender account ID
tostringrequiredRecipient account ID or @handle
asset_idstringrequiredAsset symbol (e.g. "JIL", "USDC", "jBTC")
amountnumberrequiredAmount in smallest unit
nonceintegerrequiredAccount nonce (must match current nonce from /state/accounts/{id}/nonce)
authTxAuthrequiredPasskey or Ed25519 signature over the transaction payload
memostringoptionalTransaction memo (max 256 characters)

Response (200 OK)

{ "ok": true, "tx_id": "tx_abc123", "applied": true, "cosign_required": false, "policy_decision": "allow", "policy_reasons": [] }
Policy Enforcement: Every transaction passes through the on-chain policy registry. If cosign_required is true, the MPC co-signer must countersign before the transaction is finalized. The policy_reasons array describes any compliance flags triggered.

GET /tx/receipt/{id}

Get the transaction receipt for a completed transaction, including block height, hash, and gas consumed.

Path Parameters

ParameterTypeRequiredDescription
idstringrequiredTransaction ID (e.g. "tx_abc123")

Response (200 OK)

{ "tx_id": "tx_abc123", "status": "confirmed", "block_height": 1000042, "block_hash": "0x4e7f1a...c3d8b2", "timestamp": "2026-02-19T14:30:02.345Z", "gas_used": 21000 }

GET /tx/finality/{id}

Get the finality proof for a transaction with 14-of-20 validator quorum signatures, Merkle state root, and block hash. Used for independent proof verification.

Path Parameters

ParameterTypeRequiredDescription
idstringrequiredTransaction ID

Response (200 OK)

{ "schema": "jil.tx_finality_receipt.v1", "tx_id": "tx_abc123", "finalized": true, "block_height": 1000042, "block_hash_b64u": "base64url-encoded-block-hash", "state_root_b64u": "base64url-encoded-state-root", "quorum_sig_b64u": "base64url-encoded-quorum-signature", "finalized_at": "2026-02-19T14:30:02.345Z" }

Compliance Controls

Compliance endpoints enforce regulatory requirements at the ledger level. These operations require compliance authority credentials and are enforced across all 13 compliance zones. All compliance actions are immutably logged on-chain.

POST /account/freeze

Freeze an account, preventing all outbound transactions. Requires compliance authority. The account can still receive funds while frozen.

Request Body

FieldTypeRequiredDescription
account_idstringrequiredAccount to freeze
reasonstringrequiredReason for freeze (e.g. "sanctions_match", "fraud_alert")
evidence_idstringoptionalReference to supporting evidence record

Response (200 OK)

{ "ok": true, "account_id": "acc_abc123", "status": "frozen", "frozen_at": "2026-02-19T14:30:00.000Z" }

POST /account/unfreeze

Unfreeze an account, restoring normal transaction capabilities. Requires a valid appeal receipt or compliance authority approval.

Request Body

FieldTypeRequiredDescription
account_idstringrequiredAccount to unfreeze
appeal_receipt_idstringrequiredValid appeal receipt authorizing the unfreeze

Response (200 OK)

{ "ok": true, "account_id": "acc_abc123", "status": "active", "unfrozen_at": "2026-02-19T15:00:00.000Z" }

POST /account/containment/set

Set containment mode on an account. Restricts the account to lifeline transactions only - limited recipients and maximum amounts per transaction. Used for partial restrictions rather than full freeze.

Request Body

FieldTypeRequiredDescription
account_idstringrequiredAccount to contain
reasonstringrequiredContainment reason
lifeline_allowliststring[]optionalAllowed recipient addresses during containment
lifeline_max_amountnumberoptionalMaximum amount per transaction during containment

Response (200 OK)

{ "ok": true, "account_id": "acc_abc123", "status": "contained", "lifeline_allowlist": ["acc_essential_001"], "lifeline_max_amount": 500 }

POST /account/containment/release

Release an account from containment mode, restoring full transaction capabilities. Requires a containment release receipt from the compliance authority.

Request Body

FieldTypeRequiredDescription
account_idstringrequiredAccount to release from containment
release_receipt_idstringrequiredValid release receipt

Response (200 OK)

{ "ok": true, "account_id": "acc_abc123", "status": "active", "released_at": "2026-02-19T16:00:00.000Z" }
Compliance Authority Required: All freeze, unfreeze, containment, and release operations require compliance authority credentials. Unauthorized calls will receive a 401 UNAUTHORIZED response. All compliance actions are permanently recorded on-chain.

AMM v5

AMM v5 is the next-generation market making system with batch auctions, RFQ routing, and vault facility. The market operates across four states: NORMAL, ELEVATED, STRESSED, and HALTED, with automatic transitions based on volatility and liquidity metrics.

GET /amm/status

Get the current AMM market status including the active state, volatility metrics, and liquidity utilization.

Response (200 OK)

{ "market_state": "NORMAL", // NORMAL | ELEVATED | STRESSED | HALTED "state_entered_at": "2026-02-19T10:00:00.000Z", "volatility_bps": 150, "liquidity_utilization": "0.42" }

GET /amm/state

Get the full AMM state with parameters for each market state level, including spread adjustments, batch size caps, and RFQ routing thresholds.

Response (200 OK)

{ "current_state": "NORMAL", "states": { "NORMAL": { "spread_bps": 10, "batch_cap": 1000, "rfq_first": false }, "ELEVATED": { "spread_bps": 25, "batch_cap": 500, "rfq_first": false }, "STRESSED": { "spread_bps": 50, "batch_cap": 100, "rfq_first": true }, "HALTED": { "spread_bps": 0, "batch_cap": 0, "rfq_first": false } } }

POST /amm/preflight

Pre-flight check whether a transaction would be allowed under the current AMM state and entity risk profiles. Does not submit the transaction - use this to preview slippage and warnings before committing.

Request Body

FieldTypeRequiredDescription
from_entitystringrequiredSender entity ID
to_entitystringrequiredRecipient entity ID
amountstringrequiredAmount in decimal format (e.g. "1000.00")
pool_idstringoptionalSpecific liquidity pool ID to route through

Response (200 OK)

{ "allowed": true, "estimated_slippage": "0.0015", "warnings": ["High volatility period"] }

Governance

Governance endpoints control AMM market state transitions that require human authorization. All governance actions require multi-signature approval from authorized governance signers.

POST /amm/governance/halt

Emergency halt the AMM market. Transitions the market to HALTED state, stopping all new trades while allowing settlement of existing orders. Requires governance authority multi-sig.

Request Body

FieldTypeRequiredDescription
signerstringrequiredGovernance signer ID
reasonstringrequiredHalt reason (e.g. "oracle_deviation", "exploit_detected")

Response (200 OK)

{ "ok": true, "market_state": "HALTED", "halted_at": "2026-02-19T14:30:00.000Z", "signer": "gov_signer_001", "reason": "oracle_deviation" }

POST /amm/governance/resume

Resume AMM market from HALTED state. Transitions the market back to NORMAL with a gradual ramp-up. Requires governance authority multi-sig.

Request Body

FieldTypeRequiredDescription
signerstringrequiredGovernance signer ID

Response (200 OK)

{ "ok": true, "market_state": "NORMAL", "resumed_at": "2026-02-19T16:00:00.000Z" }

POST /amm/governance/propose

Propose a governance action for multi-sig approval. Supported actions include emergency_halt, resume_from_halt, and revoke_authority.

Request Body

FieldTypeRequiredDescription
actionstringrequiredGovernance action ("emergency_halt", "resume_from_halt", "revoke_authority")
signerstringrequiredProposer signer ID
reasonstringrequiredReason for the proposal

Response (201 Created)

{ "proposal_id": "prop_xyz789", "action": "emergency_halt", "status": "pending", "required_signatures": 3, "current_signatures": 1, "expires_at": "2026-02-20T14:30:00.000Z" }

Development

POST /dev/faucet

Mint test tokens for development and testing. Only available when JIL_ENABLE_DEV_ENDPOINTS=1 is set on the ledger-router. Disabled by default in production and mainnet environments.

Request Body

FieldTypeRequiredDescription
account_idstringrequiredAccount to fund with test tokens
amountnumberrequiredAmount to mint
asset_idstringoptionalAsset to mint (default: "JIL")

Response (200 OK)

{ "ok": true, "account_id": "acc_abc123", "balance": 1000 }
Devnet Only: The faucet endpoint is disabled by default. Calling this endpoint on a production or mainnet environment will return 403 DEV_ENDPOINTS_DISABLED. Only enable JIL_ENABLE_DEV_ENDPOINTS=1 on devnet instances used for development and testing.

Error Codes

All error responses include a JSON body with error containing code, message, and optional details fields.

Error Response Format

{ "error": { "code": "ACCOUNT_FROZEN", "message": "Account is frozen and cannot send transactions", "details": { "account_id": "acc_abc123", "frozen_at": "2026-02-19T14:30:00.000Z", "reason": "sanctions_match" } } }

HTTP Status Codes

StatusError CodeDescription
400VALIDATION_ERRORRequest body failed Zod schema validation. Check details for field-level errors.
401UNAUTHORIZEDMissing or invalid authentication. Signature verification failed or compliance authority not recognized.
403DEV_ENDPOINTS_DISABLEDDevelopment endpoints are disabled. Set JIL_ENABLE_DEV_ENDPOINTS=1 on devnet only.
404ACCOUNT_NOT_FOUNDThe specified account ID does not exist on the ledger.
423ACCOUNT_FROZENAccount is frozen. All outbound transactions are blocked until the account is unfrozen.
429RATE_LIMIT_EXCEEDEDToo many requests. Response includes retry_after_ms field indicating when to retry.