Convexity Infra is a suite of backend services that let your business build and operate blockchain-enabled products — without standing up your own chain nodes, custody, or payment rails. You integrate these APIs into your own application, and Convexity runs the infrastructure behind them. It covers the full lifecycle of an on-chain product — issuing access tokens, collecting fiat payments, managing subscriptions, provisioning HD wallets, signing and broadcasting transactions, and streaming decoded on-chain events to your webhooks. All services share one set of conventions: a single OAuth 2.0 bearer token, a consistent JSON response envelope, uniform pagination, and a common error model. Learn those once and every endpoint behaves the same way.
Base URLThe base URL is https://dev.api.withconvexity.com. Every path in this reference is relative to that host.

Services

Auth-Edge

Exchange an API key for a short-lived OAuth 2.0 access token.

Payments

List payments and mint virtual bank accounts for top-ups and subscriptions.

Products

Browse the products and capabilities available to your project.

Subscriptions

List plans and manage your project’s subscriptions.

Wallet Infra

HD wallet lifecycle, balances, transfers, signing, and chain discovery.

Indexer Infra

Subscribe to on-chain events and inspect webhook delivery logs.

Quick start

1

Get an access token

Exchange your live API key for a bearer token via the Generate Token endpoint.
2

Call an endpoint

Send the token as Authorization: Bearer <access_token> on every request. See Authentication for the full flow.
3

Read the response envelope

Every response is wrapped in a { status, message, data } envelope. See Conventions.
4

Handle errors uniformly

Errors share a single shape across all services. See Errors.

How requests are authorized

Tokens are minted by Auth-Edge from a project API key and carry the project and business context plus a set of scopes and capabilities. Endpoints check those claims before serving a request:
  • Live vs. test keys — Most business endpoints reject test tokens with 403. Use your sk_live_... key for production traffic.
  • Project context — Indexer endpoints require a token bound to a project and business.
  • Capabilities — Fine-grained permissions (for example indexer.subscribe.evm) gate individual operations. A missing capability returns 403.
Read Authentication before integrating.