AI Agent Integration

Use this page as the agent entry point for a CryptoSwift integration. It links to relevant source guides and workflow details.

• OpenAPI spec: https://api.cryptoswift.eu/api-json
• Production API: https://api.cryptoswift.eu
• Test API: https://api-dev.cryptoswift.eu
• API agent manifest: https://api.cryptoswift.eu/.well-known/cryptoswift-agent.json
• Machine-readable docs index: https://dev.cryptoswift.eu/docs-index.json

1. Outgoing transactions - Create outgoing Travel Rule messages and track delivery or response statuses. Start with Outgoing transactions.

2. Incoming transaction handling and responses - Receive incoming Travel Rule messages, reconcile them with internal records, then confirm or decline them from your backend. Start with Incoming transactions.

3. Webhook notifications - Register a backend endpoint, verify webhook signatures, process events idempotently, and return a 2xx response after successful handling. Start with Webhooks.

4. Self-hosted wallet verification - Create verification sessions, route users through the hosted flow or widget, and reconcile completion events on your backend. Start with Self-hosted wallet verification.

1. Read the Overview and Test environment.
2. Inspect https://dev.cryptoswift.eu/docs-index.json and the OpenAPI spec.
3. Build a server-side CryptoSwift API client with environment-specific base URLs and X-Api-Key authentication.
4. Implement outgoing transactions using the existing Outgoing transactions guide.
5. Implement incoming transaction handling using Incoming transactions.
6. Implement webhooks using Webhooks and Webhook signatures.
7. Implement self-hosted wallet verification using Self-hosted wallet verification.
8. Add retries, idempotency, structured error handling, and redacted operational logs.
9. Run end-to-end tests against the test API before switching to production credentials and base URLs.

• Test and production base URLs are configurable.
• X-Api-Key is loaded from environment variables or a secrets manager.
• No CryptoSwift API key is present in frontend, mobile, or bundled client code.
• Outgoing Travel Rule messages can be created and reconciled.
• Incoming Travel Rule messages can be received and confirmed or declined.
• Webhook requests are verified, deduplicated, and processed idempotently.
• Wallet verification sessions can be created and completion events are handled.
• Errors, retries, and timeouts are handled without logging sensitive PII.

• Keep X-Api-Key server-side only.
• Never hardcode API keys, webhook secrets, generated tokens, or customer PII in source code.
• Never expose CryptoSwift API calls that require X-Api-Key directly from browser code.
• Use separate credentials for the test and production APIs.
• Verify webhook signatures before trusting webhook payloads.
• Avoid logging names, addresses, national identifiers, account numbers, wallet verification tokens, and raw webhook bodies.
• Prefer redacted structured logs with transaction IDs, statuses, event types, and timestamps.

You are implementing a server-side CryptoSwift integration.

Use these sources:
- https://dev.cryptoswift.eu/docs-index.json
- https://dev.cryptoswift.eu/docs/fundamentals/overview
- https://dev.cryptoswift.eu/docs/fundamentals/test-environment
- https://dev.cryptoswift.eu/docs/integration-guides/getting-started
- https://dev.cryptoswift.eu/docs/integration-guides/outgoing-transactions
- https://dev.cryptoswift.eu/docs/integration-guides/incoming-transactions
- https://dev.cryptoswift.eu/docs/integration-guides/webhooks
- https://dev.cryptoswift.eu/docs/integration-guides/self-hosted-wallet-verification
- https://api.cryptoswift.eu/api-json

Implement the integration in this order:
1. Configure test and production base URLs, defaulting to the test API first.
2. Load the CryptoSwift API key from server-side environment variables or a secrets manager.
3. Add a backend API client that sends `X-Api-Key` only from server-side code.
4. Implement outgoing Travel Rule transaction creation and status reconciliation.
5. Implement incoming transaction handling and CONFIRMED or DECLINED responses.
6. Implement webhook receipt, signature verification, idempotency, and retries.
7. Implement self-hosted wallet verification session creation and completion handling.
8. Add tests that exercise the test environment before any production configuration is enabled.

Constraints:
- Do not hardcode API keys, webhook secrets, generated tokens, credentials, or real customer data.
- Do not expose `X-Api-Key` in frontend, mobile, static, or bundled client code.
- Do not log sensitive PII, raw API keys, webhook secrets, wallet verification tokens, or raw request bodies containing personal data.
- Do not duplicate the existing CryptoSwift guides in project docs; link to the provided docs URLs instead.
- Use the OpenAPI spec for endpoint schemas and the existing docs for workflow sequencing.

• AI Agent Prompts