List Deposits
Description
Returns the authenticated user's spot deposit history, ordered most-recent first. Only confirmed deposits are surfaced; sub-confirmation deposits are not visible here. Frontends can match a known tx_hash against this list by polling to track deposit progress.
For background on how deposits work end-to-end, see Deposit Flow.
HTTP Request
GET /spot/deposits (JWT or API Key)
Weight
0 — no per-IP weight limit today (MVP).
Request Parameters
| Name | Type | Required | Description |
|---|---|---|---|
limit | NUMBER | NO | Number of records to return. Default 50, range 1–200 (clamped server-side). |
Server-side filtering by token / time range is not yet implemented; do it client-side after fetching.
Response Example
200 OK
[
{
"id": "5af0c1a2-3d4e-4f5a-b6c7-8d9e0f1a2b3c",
"token": "DF",
"amount": "100",
"chain_id": 97,
"tx_hash": "0xabc123...",
"block_number": 106384180,
"status": "confirmed",
"created_at": 1778315530,
"confirmed_at": 1778315570
}
]
| Field | Notes |
|---|---|
id | UUID of the deposit row. |
token | Token symbol — DF in MVP. |
amount | Decimal string of the credited amount. |
chain_id | Source chain id — 97 (BSC Testnet). |
tx_hash | On-chain transaction hash. |
block_number | Block number where the SpotDeposit event was emitted. |
status | confirmed — the only status currently returned. Pending deposits are not surfaced via this endpoint. |
created_at | Unix seconds — when the row was inserted into spot_deposits. |
confirmed_at | Unix seconds — when the listener credited the balance. null if not yet confirmed (unlikely in practice since only confirmed rows are returned). |
Error Responses
| HTTP | error |
|---|---|
401 | (empty body) — missing or invalid credential. |
500 | internal — unexpected database error. |
Full list: Error Codes.
Code Examples
cURL (JWT)
JWT="your_jwt_token"
curl -s "https://api-sepolia.p99.world/api/v1/spot/deposits?limit=20" \
-H "Authorization: Bearer ${JWT}"
cURL (HMAC API Key)
API_KEY="your_api_key"
API_SECRET="your_api_secret"
TIMESTAMP=$(date +%s%3N)
# Signature payload is the EXACT query string sans &signature=, in the same
# order the URL will use. Use any consistent order — server re-signs whatever
# bytes precede &signature=.
PAYLOAD="limit=20×tamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "${PAYLOAD}" | openssl dgst -sha256 -hmac "${API_SECRET}" | awk '{print $2}')
curl -s \
-H "X-MBX-APIKEY: ${API_KEY}" \
"https://api-sepolia.p99.world/api/v1/spot/deposits?${PAYLOAD}&signature=${SIGNATURE}"
Python
import time, hmac, hashlib, requests
API_KEY = "your_api_key"
API_SECRET = "your_api_secret"
BASE_URL = "https://api-sepolia.p99.world/api/v1"
def signed_get(path: str, params: dict) -> list:
ts = int(time.time() * 1000)
# Build the EXACT query string we'll sign and send (order matters)
full_params = {**params, "timestamp": ts}
qs = "&".join(f"{k}={v}" for k, v in full_params.items())
sig = hmac.new(API_SECRET.encode(), qs.encode(), hashlib.sha256).hexdigest()
r = requests.get(
f"{BASE_URL}{path}?{qs}&signature={sig}",
headers={"X-MBX-APIKEY": API_KEY},
timeout=5,
)
r.raise_for_status()
return r.json()
deposits = signed_get("/spot/deposits", {"limit": 20})
for d in deposits:
print(
f" {d['token']:5} {d['amount']:>14} "
f"tx={d['tx_hash'][:12]}... block={d['block_number']} status={d['status']}"
)