Skip to content

Dashboard APIs

Using these APIs allow you to perform various actions without the need to access the dashboard UI manually.

Auth Token

To obtain an authToken required in the header, you can generate one in your account settings page on the biconomy dashboard.

Paymaster Setup

1. Get list of Paymasters

GET Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired

Responses

200 OK
{
    "statusCode": 200,
    "message": "DApp list fetched",
    "data": [
        {
            "name": "setQuoteAmoy",
            "chainId": 80002,
            "apiKey": "lU3R_dRgt.22c06266-1faa-4c47-8477-e8eaacd90330"
        },
        {
            "name": "setQuote",
            "chainId": 137,
            "apiKey": "rEEgKf5DS.a4e4f2c9-de7e-4a13-ac2d-6a9120714d61"
        }
    ]
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

2. Create a new Paymaster

POST Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired

Body

ParamTypeDescriptionRequired
namestringUnique name of the DApp for a chain idRequired
typestringType of paymaster to be set up, in this case will be "HYBRID"Required
chainIdnumberNetwork on which the DApp existsRequired
versionstringString that represents the version of Paymaster to be used for the dAppRequired
200 OK
{
    "statusCode": 200,
    "message": "DApp registered successfully",
    "data": {
        "name": "setQuoteAmoy",
        "chainId": 80002,
        "apiKey": "vrTVKqTZI.7ea9dae1-9a06-4c17-a4fb-7728177b76d3" // apiKey is used to init biconomy instance to relay transactions for this Dapp
    }
}
400 Bad Request

Paymaster Name Already Exists

{
    "statusCode": 400,
    "message": "paymaster_name_exists"
}
400 Bad Request

Chain Id not supported

{
    "statusCode": 400,
    "message": "Chain ID not supported"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token is required in the headers"
}

To manage the smart contracts associated with your DApp, we provide a set of endpoints that allow you to perform actions such as adding, updating, deleting, and retrieving a list of smart contracts. To access these endpoints, you will need to include the "apiKey" parameter in the header of your requests along with the "authToken".

The "apiKey" can be obtained in two ways:

When creating your DApp, you will receive an "apiKey" as part of the registration process.

Alternatively, if you already have a DApp registered, you can find the "apiKey" in the list API of the DApp.

Configuring Paymaster Rules

1. Whitelist a Smart Contract

POST Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/smart-contract

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
namestringUnique name of smart contractRequired
addressstringAddress of smart contractRequired
abistringStringified ABI of smart contractRequired
whitelistedMethodsarray of stringsList of method names of smart contract which are to be sponsored by DAppOptional

Responses

200 OK
{
    "statusCode": 200,
    "message": "Smart contract registered successfully"
}
400 Bad Request

Smart Contract Already Exists

{
    "statusCode": 400,
    "message": "Smart contract address already exists"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

2. Get List of Smart Contracts

GET Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/smart-contract

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired
200 OK
{
    "statusCode": 200,
    "message": "Smart contract list fetched",
    "data": [
        {
            "name": "Set Quote",
            "address": "0xe31b0bcbda693bff2529f4a1d9f7e8f6d924c6ab",
            "abi": "[ { \"inputs\": [ { \"internalType\": \"string\", \"name\": \"newQuote\", \"type\": \"string\" } ], \"name\": \"setQuote\", \"outputs\": [], \"stateMutability\": \"nonpayable\", \"type\": \"function\" }, { \"inputs\": [], \"stateMutability\": \"nonpayable\", \"type\": \"constructor\" }, { \"inputs\": [], \"name\": \"admin\", \"outputs\": [ { \"internalType\": \"address\", \"name\": \"\", \"type\": \"address\" } ], \"stateMutability\": \"view\", \"type\": \"function\" }, { \"inputs\": [], \"name\": \"getQuote\", \"outputs\": [ { \"internalType\": \"string\", \"name\": \"currentQuote\", \"type\": \"string\" }, { \"internalType\": \"address\", \"name\": \"currentOwner\", \"type\": \"address\" } ], \"stateMutability\": \"view\", \"type\": \"function\" }, { \"inputs\": [], \"name\": \"owner\", \"outputs\": [ { \"internalType\": \"address\", \"name\": \"\", \"type\": \"address\" } ], \"stateMutability\": \"view\", \"type\": \"function\" }, { \"inputs\": [], \"name\": \"quote\", \"outputs\": [ { \"internalType\": \"string\", \"name\": \"\", \"type\": \"string\" } ], \"stateMutability\": \"view\", \"type\": \"function\" } ]",
            "whitelistedMethods": [
                "setQuote"
            ],
            "methods": [
                "setQuote"
            ]
        }
    ]
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

3. Update Smart Contract Whitelisted Methods

PATCH Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/smart-contract

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
addressstringSmart contract addressRequired
whitelistedMethodsarray of stringsList of method names of smart contract which are to be sponsored by DAppRequired

Responses

200 OK
{
    "statusCode": 200,
    "message": "Smart contract updated",
    "data": {
        "name": "Set Quote",
        "address": "0xe31b0bcbda693bff2529f4a1d9f7e8f6d924c6ab",
        "abi": "[ { \"inputs\": [ { \"internalType\": \"string\", \"name\": \"newQuote\", \"type\": \"string\" } ], \"name\": \"setQuote\", \"outputs\": [], \"stateMutability\": \"nonpayable\", \"type\": \"function\" }, { \"inputs\": [], \"stateMutability\": \"nonpayable\", \"type\": \"constructor\" }, { \"inputs\": [], \"name\": \"admin\", \"outputs\": [ { \"internalType\": \"address\", \"name\": \"\", \"type\": \"address\" } ], \"stateMutability\": \"view\", \"type\": \"function\" }, { \"inputs\": [], \"name\": \"getQuote\", \"outputs\": [ { \"internalType\": \"string\", \"name\": \"currentQuote\", \"type\": \"string\" }, { \"internalType\": \"address\", \"name\": \"currentOwner\", \"type\": \"address\" } ], \"stateMutability\": \"view\", \"type\": \"function\" }, { \"inputs\": [], \"name\": \"owner\", \"outputs\": [ { \"internalType\": \"address\", \"name\": \"\", \"type\": \"address\" } ], \"stateMutability\": \"view\", \"type\": \"function\" }, { \"inputs\": [], \"name\": \"quote\", \"outputs\": [ { \"internalType\": \"string\", \"name\": \"\", \"type\": \"string\" } ], \"stateMutability\": \"view\", \"type\": \"function\" } ]",
        "whitelistedMethods": [
            "setQuote"
        ],
        "methods": [
            "setQuote"
        ]
    }
 
}
400 Bad Request

Whitelisted methods must be an array

{
    "statusCode": 400,
    "message": "whitelistedMethods must be an array"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}
404 Not Found

Usually, this occurs when incorrect apiKey is used or the address is not added

{
    "statusCode": 400,
    "message": "Smart contract not found"
}

4. Update Sponsorship Paymaster Funding Wallet

It is a 3-step process

Generate a message from Biconomy servers for the sponsorship paymaster

GET Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/funding-message/{{paymasterId}}

Headers

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Responses

200 OK
{
    "statusCode": 200,
        "message": "Funding message sent",
        "data": {
        "fundingMessage": "Timestamp: November 27, 2023, 5:05 PM\nWelcome to Biconomy! This request will connect your gas tank to our app. It will not trigger a blockchain transaction or incur any fees."
    }
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

Sign the generated message using the private key of the EOA (Funding Wallet).

Send the request to Biconomy to update the funding wallet address.

PATCH Request
https://paymaster-dashboard-backend.prod.biconomy.io//api/v2/public/sdk/paymaster

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
paymasterIdstringSponsorship Paymaster IdRequired
typestringMethod Name. Use "paymasterFundingId" hereRequired
signaturestringSignature generated using private key of EOARequired
addressstringAddress of the EOA which is to be updated as funding walletRequired

Responses

200 OK
{
    "statusCode": 200,
        "message": "Paymaster updated successfully",
        "data": {
        "name": "testXXX",
        "chainId": 80002,
        "apiKey": "GwfDKydYq.2967f140-XXXX-4042-XXXX-76684f9XXXX",
        "paymasterId": "e998530d-XXXX-451e-XXXX-cb6fXXXXef54"
    }
}
400 Bad Request

This happens, when there is a signature mismatch, either because an older message is used to generate the signature, or EOA address mentioned in the request body, is not the address which signed the message.

{
    "statusCode": 400,
    "message": "Invalid signature"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}
404 Not Found

Usually, this occurs when incorrect apiKey or authToken is used

{
    "statusCode": 404,
    "message": "User not found"
}

5. Delete Smart Contract

DELETE Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/smart-contract

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
addressstringSmart contract addressRequired

Responses

200 OK
{
    "statusCode": 200,
    "message": "Smart contract deleted"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}
404 Not Found
{
    "statusCode": 400,
    "message": "Smart contract not found"
}

Spending Limits & Webhooks

1. Add spending limit rule to a paymaster

POST Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster-policy

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
namestringUnique Policy nameRequired
policyTypestringPass "PAYMASTER_SA_LIMIT" for spending limitRequired
policyDataobjectDescribed belowRequired

Policy Data

ParamTypeDescriptionRequired
typestring"PAYMASTER"(Global limit) / "SMART_ACCOUNT" (Individual User Limit)Required
cycleDurationobjecteg. {value:3, unit: "hour"}, {value:2, unit: "day"}. Currently only supported time units are "hour" and "day"Required
thresholdnumberLimit ValueRequired
thresholdTypetype"COUNT" (Number of Userops) / "NATIVE_ASSET" (Gas Spend in native token, in eth)Required
Responses
200 OK
{
    "statusCode": 200,
    "message": "Paymaster Policy created successfully",
    "data": {
            "_id": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "name": "paymaster limit",
            "policyType": "PAYMASTER_SA_LIMIT",
            "organisationId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "paymasterId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "createdBy": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "chainId": 84532,
            "active": true,
            "policyData": {
            "type": "PAYMASTER",
                "startTimeInEpoch": 1709053430301,
                "durationInMs": 10800000,
                "cycleDuration": {
                "value": 3,
                    "unit": "hour"
                },
                "threshold": 10,
                "thresholdType": "COUNT"
            }
       }     
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

2. Add a webhook rule to the paymaster

POST Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster-policy

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
namestringUnique Policy nameRequired
policyTypestringPass "WEBHOOK" for webhook ruleRequired
policyDataobjectDescribed belowRequired

Policy Data

ParamTypeDescriptionRequired
urlstringWebhook URL which will be sent a POST request with the webhook data, and userOpRequired

Responses

200 OK
{
    "statusCode": 200,
    "message": "Paymaster Policy created successfully",
    "data": {
            "_id": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "name": "webhook rule",
            "policyType": "WEBHOOK",
            "organisationId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "paymasterId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "createdBy": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "chainId": 84532,
            "active": true,
            "policyData": {
                "url": "https://www.google.com"
             },
       }     
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

3. Add a "Wallet Deployment" rule to the paymaster

POST Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster-policy

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
namestringUnique Policy nameRequired
policyTypestringPass "WALLET_DEPLOYMENT"Required
policyDataobjectPass empty object ({})Required

Responses

200 OK
{
    "statusCode": 200,
    "message": "Paymaster Policy created successfully",
    "data": {
            "_id": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "name": "wallet deployment rule",
            "policyType": "WALLET_DEPLOYMENT",
            "organisationId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "paymasterId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "createdBy": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
            "chainId": 84532,
            "active": true,
            "policyData": {
                "operator": "walletDeployment"
             },
       }     
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

3. Get all rules for a paymaster (spending limit, webhook, wallet deployment, whitelisted contracts)

GET Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster-policy

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Responses

200 OK
{
  "statusCode": 200,
  "message": "Paymaster Policies found!",
  "data": [
    {
      "_id": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "name": "paymaster spending limit",
      "policyType": "PAYMASTER_SA_LIMIT",
      "organisationId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "paymasterId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "createdBy": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "chainId": 84532,
      "active": true,
      "policyData": {
        "type": "PAYMASTER",
        "startTimeInEpoch": 1709053430301,
        "durationInMs": 10800000,
        "cycleDuration": {
          "value": 3,
          "unit": "hour"
        },
        "threshold": 10,
        "thresholdType": "COUNT"
      }
    },
    {
      "_id": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "name": "wallet deployment rule",
      "policyType": "WALLET_DEPLOYMENT",
      "organisationId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "paymasterId": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "createdBy": "xxxxx-xxxx-xxxx-xxxx-xxxxx",
      "chainId": 84532,
      "active": true,
      "policyData": {
        "operator": "walletDeployment"
      }
    }
  ]
}
401 Unauthorized
{
    "statusCode": 401,
        "message": "Auth token and API key is required in the headers"
}

4. Update spending limit rule for a paymaster

PATCH Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster-policy/limit/:policyId

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Body

ParamTypeDescriptionRequired
namestringNew Policy name
cycleDurationstringupdated cycle duration
thresholdnumberNew spending limit threshold
thresholdTypestringNew spending limit type

Responses

200 OK
{
    "statusCode": 200,
    "message": "Paymaster Limit updated"
}

On a successful update, the cycle of the spending limit will be reset and the new limit will be applied from the time of the update.

{
    "statusCode": 200,
    "message": "Paymaster Limit updated"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

5. Pause a policy

PATCH Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster-policy/deactivate/:policyId

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Responses

200 OK
{
    "statusCode": 200,
    "message": "Paymaster Policy Deactivated!"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

6. Unpause a policy

PATCH Request
https://paymaster-dashboard-backend.prod.biconomy.io/api/v2/public/sdk/paymaster-policy/activate/:policyId

Parameters

Header

ParamTypeDescriptionRequired
authTokenstringToken unique to every user accountRequired
apiKeystringAPI Key Associated with dAppRequired

Responses

200 OK
{
    "statusCode": 200,
    "message": "Paymaster Policy Activated!"
}
401 Unauthorized
{
    "statusCode": 401,
    "message": "Auth token and API key is required in the headers"
}

Using Webhooks with the SDK

When building out the paymasterServiceData object you can optionally pass your webhookData to it. In the example below we pass a num value of 2 into the webhook data. Our webhook will check this data and verify if the number passed is an even or odd number.

let paymasterServiceData: SponsorUserOperationDto = {
  mode: PaymasterMode.SPONSORED,
  smartAccountInfo: {
    name: "BICONOMY",
    version: "2.0.0",
  },
  calculateGasLimits: true,
  webhookData: {
    num: 2,
  },
};

The webhookData gets passed to your webhook from our backend like this:

import axios from "axios";
 
// POST
const response = await axios.post(webhookUrl, {
  data: webhookData,
});
 
// GET
const response = await axios.get(webhookUrl, webhookData);

Our backend expects a response in this format:

const webhookResponseData = response.data;
this.logger.log(
  `webhookResponseData: ${JSON.stringify(
    webhookResponseData,
  )} for dappId: ${dappId}`,
);
const { arePoliciesVerified } = webhookResponseData;

arePoliciesVerified should either be true or false based on which it gets determined if the webhook conditions are passed or not.

A sample webhook implementation that checks if the num data passed to is even:

const express = require("express");
const app = express();
 
app.use(express.json());
 
app.post("/", (req, res) => {
  const data = req.body;
  console.log("data", data);
  const { num } = data.data;
 
  if (num % 2 === 0) {
    res.json({
      arePoliciesVerified: true,
    });
  } else {
    res.json({
      arePoliciesVerified: false,
    });
  }
});
 
app.listen(8080, () => console.log("Server listening on port 8080!"));