API Reference: Delegated Contract Mode
API Configurations
Base URLs
The API is deployed across different environments. Please use the appropriate base URL for your integration stage .
Testnet
Production
https://openapi.ur.app
API Authentication
The authentication method for the following Core Banking APIs refers to this document.
User Onboarding Process
Authorization URL Construction
Partner directly constructs the authorization URL without needing to call an API beforehand. When users click the link, they will enter the UR authorization page to complete identity verification and authorization.
Authorization URL Format
https://get.ur.app/auth/authorize?partner_id={partner_id}&redirect_uri={callback_url}&scope={scopes}&state={custom_state}&response_type=codeURL Parameter Description
partner_id
Yes
ID generated by UR for the Partner
""
redirect_uri
Yes
Callback address after authorization completion, must be pre-registered with UR
https://partner.com/callback
scope
No
Requested permission scopes, multiple scopes separated by spaces (URL encoding required)
allowance.mantle.USDC%20allowance.mantle.USD24
state
No
Partner custom state parameter for CSRF attack prevention and business information tracking. UR doesn't parse this value, only returns it as-is during redirection
A random string you provide to verify against CSRF attacks. The length of this string can be up to 500 characters.
response_type
Yes
Fixed value: code (authorization code mode)
code
Key Design
No need to call API beforehand: Partner directly constructs URL, reducing integration complexity
partner_id: UR identifies Partner through
partner_idand confirms identity through signature when verifying code laterstate is completely customizable: Random string to prevent CSRF
Similar to standard authorization flow: Developers don't need to learn a new authorization pattern
Available Scopes
allowance.mantle.USDC
USDC authorization on Mantle chain
allowance.mantle.USD24
USD authorization on Mantle chain
allowance.mantle.EUR24
EUR authorization on Mantle chain
allowance.mantle.CHF24
CHF authorization on Mantle chain
allowance.mantle.CNH24
CNH authorization on Mantle chain
allowance.mantle.SGD24
SGD authorization on Mantle chain
allowance.mantle.HKD24
HKD authorization on Mantle chain
allowance.mantle.JPY24
JPY authorization on Mantle chain
allowance.bsc.USDC
USDC authorization on BSC chain
card
Card issuance
User Completes Authorization
After the user clicks the authorization link, they will enter the UR authorization page to complete KYC and authorization operations. After authorization is complete, UR will redirect back to the Partner's redirect_uri with the authorization code code and state parameters.
Redirect URL Format
Parameter Description
code
Authorization code, Partner uses this code to exchange for user information (one-time use, valid for 5 minutes)
UAC_a1b2c3d4e5f6g7h8i9j0
state
Returns the state parameter provided by Partner in step one as-is
""
Redirect Example
Assuming the Partner set redirect_uri to https://partner.example.com/oauth/callback in step one, after the user completes authorization, the browser will redirect to:
Partner Callback Handling Example
Partner to Fetch User Onboarding Information
After receiving the authorization code code, Partner calls the UR API to exchange for the user's UR identity and authorization information. This step requires Ethereum signature verification of Partner identity. For detailed signing and verification rules, please refer to Signature and Verification.
Field Description:
userId: UR user IDuserAddress: User's Ethereum addressscope: Granted permission scopesstate: Returns the state parameter provided by Partner as-isauthorizedAt: Authorization completion timestamp (Unix timestamp)
Error Response:
Public Data Structures
TransactionData
Transaction data structure used in /v1/transactions, /v1/transaction/query, and webhook.event.transaction.
Complete Example (based on actual API response):
Field Descriptions:
urId
string
Yes
UR user ID (string format)
title
string
Yes
Transaction title (for display)
subtitle
string
Yes
Transaction subtitle (e.g., counterparty UR ID, merchant name, chain info, etc.)
amount
string
Yes
Transaction amount (display format with decimals, e.g., "+11.94"), with sign indicating direction
type
string
Yes
Transaction type abbreviation: CTU (cross-chain transfer in), FRX (forex exchange), CTF (crypto transfer), ONR (onramp), CRD (card payment), CDP (deposit), CWP (withdrawal), CWD (withdrawal refund), UNKNOWN
timestamp
int64
Yes
Transaction timestamp (Unix seconds)
image
string
No
Transaction display icon URL or card logo
currency
string
Yes
Currency identifier (lowercase format, e.g., "usd", "eur")
direction
string
Yes
Transaction direction: IN (credit) / OUT (debit)
txHash
string
Yes
On-chain transaction hash (0x prefix)
inputChainId
string
No
Input chain ID (CAIP-2 format, e.g., eip155:5003 for Mantle Sepolia testnet)
inputToken
string
No
Input token symbol
inputAmount
string
No
Input amount (integer string in smallest on-chain unit, e.g., "12")
inputTokenAddress
string
No
Input token contract address (lowercase with 0x prefix)
outputAmount
string
No
Output amount (for exchange transactions, smallest on-chain unit)
mcc
uint64
No
Merchant category code (card payment transactions only)
reference
string
No
Transaction reference number
status
string
No
Transaction status: pending/completed/rejected/unknown. Empty string if status is unknown or not applicable
bankAccount
string
No
Bank account information
crdMultiToken
array
No
Card payment multi-token deduction details (array of {token: string, amount: string})
ctuExternalSender
string
No
External sender address for cross-chain transfer-in transactions (lowercase with 0x prefix)
token
string
No
Token symbol
tokenAddress
string
No
Token contract address
fromAddress
string
No
Sender address
toAddress
string
No
Recipient address
statusCode
string
No
Detailed status code
crdCurrency
string
No
Card payment original currency
listingTitle
string
No
Display title
txHashUrl
string
No
Blockchain explorer link
txIdIcon
string
No
Transaction icon URL
officialName
string
No
Official name
partnerRefId
string
No
Partner custom reference ID (e.g., partner's order number)
Key Field Format Notes:
urId: Always returned as a string, not a numberamount: Display format with sign and decimals (e.g.,"+11.94","-6.00")currency: Lowercase format (e.g.,"usd","eur", not"USD"or"EUR")inputAmount: Integer string representing smallest on-chain unit (e.g.,"12"for USDC means 0.000012 USDC with 6 decimals)txHashUrl: Complete blockchain explorer URL for the transactionOptional fields: May be empty string or omitted depending on transaction type
Chain ID Reference
The chainId field in API requests uses the CAIP-2 standard format eip155:<chainId>, supporting the following chains:
Mantle Chain:
Testnet:
eip155:5003(Mantle Sepolia Testnet)Mainnet:
eip155:5000(Mantle Mainnet)
BSC Chain:
Testnet:
eip155:97(BSC Testnet)Mainnet:
eip155:56(BSC Mainnet)
Important Notes:
If
chainIdis not specified in the request, it defaults to Mantle chainCross-chain deposits (e.g., from BSC) require explicit
chainIdanduserAddressparametersCAIP-2 format example:
eip155:97represents BSC Testnet (chain ID 97)
Unified amount field description
Unified amount field description: All amount-related request fields named amount, minAmount, maxAmount, minUsdcOut, feeAmount, minAmountOut, etc., use the string type and are converted to the smallest on-chain unit based on the token's decimals (integers only). For example, for USD (decimals=2), 5.00 should be sent as "500"; for USDC (decimals=6), 1.23 should be sent as "1230000".
Core Banking APIs
Mint UR NFT
Refers to this open API.
Card
Webview URL: https://get.ur.app/partner-login?partnerId=[Your PartnerId]&feature=card
By opening this URL, users can activate, view, and manage their card.
Profile
Webview Url: https://get.ur.app/partner-login?partnerId=[Your PartnerId]&feature=profile
By logging in to this URL, users can view their personal information, including Name, IBAN, Address, Bank Name, and BIC/SWIFT.
Fetch UR Account Information
Refers to this open API.
Fetch UR Account Balance
Refers to this open API.
Get Supported Asset List
Endpoint: GET /v1/tokens
Partners can fetch the token list currently configured by UR for this partner (including on-chain precision and display precision), synchronized in real time with on-chain chaincontractconfig.
Request Parameters: None (GET request, no request body required).
Response Example:
Response Field Description:
symbol: Token symbolname: Token full nameaddress: Token contract addressdecimals: On-chain smallest unit precision (10^decimals)displayDecimals: Recommended frontend display precision (can differ fromdecimals, e.g., 6 on-chain, 2 for display)isFiat: Whether it's a fiat tokenToken order follows on-chain configured
priority, alphabetically by symbol if priority is the same.
Fetch Currency Exchange Rate
POST /v1/exchangeRate
Get the exchange rate for the given asset pair.
Request Parameters:
inSymbol
string
Yes
Input token
outSymbol
string
Yes
Output token
Response Example:
Response Field Description:
rate: Exchange rateexchangeSpread: Exchange rate spread
Currency Exchange
POST /v1/exchange
User exchange endpoint.
Request Parameters:
urId
int64
Yes
UR user ID
inputToken
string
Yes
Input token, use symbol returned by /v1/tokens
outputToken
string
Yes
Output token, use symbol returned by /v1/tokens
amount
string
Yes
Exchange amount, on-chain smallest unit string (e.g., 100.00 USD => 10000)
requestId
string
Yes
Request idempotency ID (client-defined, for idempotency and troubleshooting)
Response Example:
Response Field Description:
txHash: Transaction hash
Fetch Transaction History
Refers to this open API.
Fetch Offramp Quote
POST /v1/deposit/quote
Returns fees, exchange rates, and estimated receipt amount for Fiat deposit scenarios. The current version supports direct deposits of Mantle-chain USDC to fiat tokens (USD, EUR, CHF, etc.).
Request Parameters:
urId
int64
Yes
UR user ID
fromToken
string
Yes
Input token symbol (currently only supports USDC), available symbol can be obtained from /v1/tokens
toToken
string
Yes
Target tiat token (USD, EUR, etc.), use symbol returned by /v1/tokens
amount
string
Yes
Input amount in smallest on-chain unit (USDC has 6 decimals: 3000000 = 3 USDC). Minimum: 3 USDC
chainId
string
No
Source chain ID in CAIP-2 format (e.g., eip155:5003 for Mantle Sepolia, eip155:97 for BSC Testnet). Defaults to Mantle chain if not specified
userAddress
string
No
User's UR account address (required when the user deposits from non-Mantle chains)
Response Example:
Response Field Description:
feeAmountViaUsdc
string
Network gas fee (USDC denominated, decimal string, e.g., 0.05 means 0.05 USDC)
outputAmount
string
Final amount user will receive in target token (decimal string, after all fees and spread)
exchangeRate
string
Exchange rate from input fromToken to toToken
crossChainFee
string
Cross-chain LayerZero fee in native token's smallest unit (e.g., wei for ETH, only applicable for non-Mantle chains)
feeAmountViaNativeToken
string
Fee in native token
processingFee
string
Processing fee
networkFee
string
Network fee
totalFee
string
Total fee
chainId
string
Chain ID
allQuotes
array
All available quotes. If it is USDC, ignore this field.
best
object
Best quote details. If it is USDC, ignore this field.
Important Notes:
amountmust be at least 3 USDC (3000000 in smallest unit)The actual output amount deducts multiple fees: network fee (~0.05 USDC), processing fee (~0.5% of deposit), and spread adjustment
For cross-chain deposits (BSC, etc.),
crossChainFeeshows the LayerZero bridge fee in native token unitsIf
amountis below minimum ortoTokenis not configured on-chain, error code 20003 will be returned
Create Offramp Request
POST /v1/deposit
User deposit endpoint.
Request Parameters:
urId
int64
Yes
UR user ID
inputToken
string
Yes
Input token (only supports USDC), available symbol can be obtained from /v1/tokens
outputToken
string
Yes
Output token (fiat token), use symbol returned by /v1/tokens
amount
string
Yes
Deposit amount in smallest on-chain unit (e.g., 3 USDC = 3000000). Minimum: 3 USDC
requestId
string
Yes
Idempotent request ID, must remain the same on retry
chainId
string
No
Source chain ID in CAIP-2 format (e.g., eip155:5003 for Mantle Sepolia, eip155:97 for BSC Testnet). Defaults to Mantle if not specified
userAddress
string
No
User's wallet address (required for cross-chain deposits from non-Mantle chains)
Response Example:
Response Field Description:
txHash: Transaction hash
Important Notes:
requestIdmust be globally unique and reused on retry to ensure idempotency
amountmust be at least 3 USDC (3000000 in smallest unit)Currently supports
USDC → Fiat tokendeposits from Mantle and BSC chainsFor BSC deposits,
userAddressis required for cross-chain fee calculation
Create Onramp Request
POST /v1/onramp
Exchanges a fiat token to USDC and (optionally) performs a swap/bridge to the target token based on the quote from /v1/onramp/quote.
Request Parameters
quoteId
string
Yes
Quote ID returned by /v1/onramp/quote
requestId
string
Yes
Idempotent request ID, reuse on retry
urId
int64
Yes
UR user ID
tokenIn
string
Yes
Fiat token symbol, use symbol returned by /v1/tokens
amountIn
string
Yes
Input amount (smallest unit). After BufferPool quote conversion, must be ≥ 5 USDC
withdrawAddress
string
No
User-specified withdrawal address for onramp
chainId
string
No
Source chain ID, e.g. eip155:5000 (currently Mantle only)
dstChainId
string
No
Destination chain ID for bridge/swap, e.g. eip155:8453
dstAggregator
string
No
Aggregator contract address, use best.aggregator from quote
dstTokenOut
string
No
Destination token symbol
dstSwapCalldata
string
No
Swap calldata, use best.swapCalldata from quote
dstMinAmountOut
string
No
Minimum acceptable USDC amount (smallest unit), use best.minUsdcAmount from quote
Response Example
Description
Returns
txHashon success, transaction details can be queried via/v1/transactions.dstAggregator,dstSwapCalldata,dstMinAmountOutshould come from the latest/v1/onramp/quoteresponse.If no swap/bridge is needed, omit all
dst*fields to perform only fiat token → USDC.
Fetch Onramp Quote
POST /v1/onramp/quote
Returns a real-time quote for fiat token → USDC (with optional swap/bridge info) based on BufferPool and limit rules.
Request Parameters
urId
int64
Yes
UR user ID
fromToken
string
Yes
Fiat token symbol, use symbol returned by /v1/tokens
toToken
string
Yes
Destination token symbol, use symbol returned by /v1/tokens
amount
string
Yes
Input amount (smallest unit). After BufferPool quote conversion, must be ≥ 5 USDC
slippageBps
int32
No
Slippage in bps, default 50
chainId
string
No
Chain ID, e.g. eip155:5000 (currently Mantle only)
Response Example
Response Field Description
quoteId
string
Quote ID
chainId
string
Chain ID
best
object
Best quote details, see OnrampBestQuote
allQuotes
array
Aggregator quotes list, see OnrampAltQuote
feeAmountViaUsdc
string
Fee amount denominated in USDC (smallest unit)
outputAmount
string
Final output amount (smallest unit)
exchangeRate
string
Effective exchange rate after fee deduction
crossChainFee
string
Cross-chain fee (smallest unit)
feeAmountViaNativeToken
string
Fee amount denominated in native token (smallest unit)
isSupport
bool
Whether the current UR ID is allowed to continue onramp (based on liveness status, region restrictions, USDC de-peg checks, etc.)
needLivenessCheck
bool
Facial verification trigger: Indicates whether the current transaction requires a biometric liveness check (for example, a facial scan) before processing. This is dynamically determined by UR's risk engine based on the user's profile and requested onramp amount. If true, the frontend must guide the user through the verification flow.
maxAmounts
object
The maximum allowable input value for a single transaction. Any input exceeding this threshold will result in a transaction failure. Important: This limit is enforced strictly by risk control rules and is independent of the user's available monthly limit. Users may have sufficient monthly allowance but still be restricted by this single-transaction cap due to security policies.
livenessCheckUrl
string
Liveness check URL (only when isSupport && needLivenessCheck)
OnrampBestQuote
aggregator
string
Aggregator name/address
to
string
Target contract address
swapCalldata
string
Swap calldata
minUsdcAmount
string
Minimum USDC output amount (smallest unit)
expectedUsdcAmount
string
Expected USDC output amount (smallest unit)
slippageBps
int32
Slippage in bps
deadline
int64
Quote deadline timestamp
priceImpact
string
Price impact
OnrampAltQuote
source
string
Aggregator source
expectedUsdcAmount
string
Expected USDC output amount (smallest unit)
priceImpact
string
Price impact
Note: If
isSupport = false, guide the user to try again later or complete the required liveness verification.
Fetch Transaction Details
Refers to this open API.
Webhooks
Webhook definitions are centralized in Webhooks. For delegated contract mode, the relevant events are transaction and allowance.
Environment
Partner Configuration Required
Additional notes:
Both environments have identical signature/authentication logic, differences only in on-chain data and chain ID, choose Base URL as needed.
For QA, staging, or dedicated environments, please contact UR representative to obtain independent domain and public key.
Frequently Asked Questions (FAQ)
Authorization Flow Related
Q: How long is the authorization code valid?
A: Authorization codes are valid for 5 minutes by default and are single-use. Partners should call /v1/profile immediately after receiving the code to exchange for user information.
Q: What happens if the user denies authorization?
A: UR will redirect back to redirect_uri with an error parameter:
Q: Must redirect_uri be pre-registered?
A: Yes. For security, partners must pre-register all possible redirect_uri URLs in the UR system. During authorization, UR will verify if the redirect_uri in the URL is on the whitelist.
Error Code Description
10001
Invalid request signature (ErrSignatureInvalid)
Check signature algorithm, deadline, and whether private key is correct
20001
Request body is empty or missing required fields (ErrReqBodyEmpty)
Ensure request body is valid JSON and includes required fields
20002
Request body parsing failed (ErrParseRequestFailed)
Check JSON format, encoding, and Content-Type
20003
Invalid parameter (ErrInvalidParam), common in amount format, token name, urId errors
Adjust parameters based on error message, follow smallest unit string requirements
30001
NFT already exists (ErrNFTIdExists)
NFT already exists in DB or on-chain, use existing Token ID
50001
Server failed to read request (ErrIoRead)
Typically network read/write exception, can retry
50002
Internal error (ErrInternal)
UR internal service exception, retry later or contact UR support
50003
On-chain or external service exception (ErrChainRpc)
Chain RPC or third-party service failure, can retry later
Last updated