Skip to content
Last update: January 26, 2024

Overview

API

As a custodian, you must build an API for MetaMask Institutional to interact with. We will register this API with our configuration service, and you can start testing it with the extension.

Custodians must expose the following endpoints:

  • An endpoint that exchanges the refresh token for an access token. It should follow this specification. High level explanations of each method are provided here.
  • An instance of the Custodian JSON-RPC API.
  • A JWKS endpoint which is publically accessible or accessible through HTTP Basic Auth. This exposes public keys for verifying the Customer proof. An example of this format is given here

JSON RPC API notes

Versioning

The URL for the custodian JSON-RPC API contain a major version and follow the pattern BASE_URL + /v{$MAJOR_VERSION}/json-rpc - e.g. https://custodian-api/eth/v3/json-rpc

Thus, when the major version of the specification is upgraded, we can maintain continuity.

Error handling

See JSON-RPC Errors.