Skip to main content
GET
/
v1
/
balances
/
{currency}
Retrieve a balance by currency
curl --request GET \
  --url https://api.antonpayments.com/v1/balances/{currency} \
  --header 'Authorization: Bearer <token>' \
  --header 'DPoP: <api-key>'
{
  "id": "bal_01HX8Z9K0M2N3P4Q5R6S7T8UBA1",
  "merchant_id": "mer_01HX8Z9K0M2N3P4Q5R6S7T8UZZ",
  "currency": "USD",
  "available": "12450.00",
  "pending": "550.00",
  "total": "13000.00",
  "updated_at": "2026-04-15T14:30:00Z"
}

Documentation Index

Fetch the complete documentation index at: https://docs.antonpayments.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

OAuth 2.0 client_credentials grant (RFC 6749 §4.4) bound to a DPoP keypair (RFC 9449).

Flow (every authenticated /v1 call requires both an access token AND a fresh per-request DPoP proof):

  1. Register a credential via the merchant portal. Anton issues a client_id (ant_oc_<env>_<32hex>) and a client_secret (ant_ocs_<env>_<48hex>, shown ONCE). The portal generates an ES256 or Ed25519 DPoP keypair in your browser; you store the private half.
  2. Mint an access token: POST /oauth/token with Authorization: Basic <client_id:client_secret> and Content-Type: application/x-www-form-urlencoded. Body: grant_type=client_credentials. A DPoP header carrying a proof signed for the token endpoint is required (no ath claim on this proof).
  3. Use the token: send Authorization: DPoP <access_token> plus a fresh DPoP: <proof> header on every /v1 request. The proof JWT MUST carry htm (request method), htu (request URL, no query/fragment), iat (within ±60s), jti (unique within 5 min), and ath (SHA-256 of the access token, base64url).

Tokens expire in 1 hour in production / staging and 8 hours in sandbox. There are no refresh tokens — call /oauth/token again with your secret. Anton's public signing key is published at /.well-known/jwks.json.

OpenAPI 3.0 has no native DPoP scheme; this declaration plus dpopHeader together convey both the access-token Authorization and the per-request proof header.

DPoP
string
header
required

Per-request DPoP proof JWT (RFC 9449). MUST accompany the Authorization: DPoP <access_token> header on every protected operation. The proof is signed by the merchant's private DPoP key and carries htm, htu, iat, jti, and ath claims.

Path Parameters

currency
string
required

ISO 4217 currency code (or stablecoin/crypto symbol). ISO 4217 three-letter currency code.

Pattern: ^[A-Z]{3}$
Example:

"USD"

Response

Balance.

Available, pending, and total funds in a single currency.

id
string
required
Pattern: ^bal_[a-zA-Z0-9]+$
merchant_id
string
required
Pattern: ^mer_[a-zA-Z0-9]+$
currency
string
required

ISO 4217 three-letter currency code.

Pattern: ^[A-Z]{3}$
Example:

"USD"

available
string
required

Funds usable for new payouts.

Pattern: ^-?\d{1,12}(\.\d+)?$
Example:

"1234.56"

pending
string
required

Funds reserved for in-flight payouts (debited but not yet settled).

Pattern: ^-?\d{1,12}(\.\d+)?$
Example:

"1234.56"

total
string
required

available + pending.

Pattern: ^-?\d{1,12}(\.\d+)?$
Example:

"1234.56"

updated_at
string<date-time>
required

RFC 3339 / ISO 8601 timestamp in UTC.

Example:

"2026-04-15T14:30:00Z"