REST API - Pegana

The REST API is the default integration path. Public, no auth, soft per-IP rate limit (300 req/min). Every dashboard, embed widget, and the Telegram bot read through it. Base URL: https://api.pegana.xyz

Endpoints at a glance

Method	Path	Purpose
GET	`/v1/assets`	List all tracked assets with latest snapshot
GET	`/v1/assets/{symbol}`	One asset’s detail card (24h series included)
GET	`/v1/assets/{symbol}/state`	Current peg state for one asset
GET	`/v1/assets/{symbol}/history`	Discount history (raw or 1-minute aggregate)
GET	`/v1/alerts`	Global feed of state transitions
GET	`/v1/stats`	Aggregate counters + delivery health
GET	`/healthz`	Liveness probe
GET	`/readyz`	Readiness probe (db/redis/snapshot age)

The full schema lives in the API Reference.

Read one asset’s state

curl https://api.pegana.xyz/v1/assets/USDC/state

{
  "asset": "USDC",
  "state": "PEGGED",
  "since": "2026-05-26T14:32:11Z",
  "discount": "-0.0002",
  "intrinsic_usd": "1.0000",
  "market_usd": "0.9998"
}

This is the single most-used endpoint. It returns the current peg state with the two underlying values. Use it for dashboards, pre-flight checks, automation gates.

List all assets

curl 'https://api.pegana.xyz/v1/assets?class=stablecoin'

Returns an array of AssetCard objects with optional series_24h (hourly avg discount). Filter by class or peg query params.

Asset history

curl 'https://api.pegana.xyz/v1/assets/USDC/history?bucket=1m&limit=120'

bucket=raw — discount snapshots as recorded by the engine
bucket=1m — 1-minute aggregate (use for charts; smaller payload)
from, to — ISO 8601 timestamps; default last 24h
limit — clamped 1–5000, default 500

Pagination

We do not paginate /v1/assets (22 rows). For /v1/alerts and /history, use the since / from + limit parameters and walk forward by adjusting the lower bound.

Errors

We return standard HTTP status codes:

Code	Meaning
`200`	Success
`400`	Bad request (invalid query param)
`404`	Asset not found, or no snapshots yet
`429`	Rate-limited (per-IP, 300 req/min default)
`500`	Server error — open a Sentry-style report
`503`	Not ready (readiness probe only)

Error bodies are {"error": "...", "code": "..."} — short, machine-readable.

CORS

https://pegana.xyz, https://www.pegana.xyz, and http://localhost:3000 are allowed by default. Add more origins via the CORS_EXTRA_ORIGINS env var on self-hosted instances.

Rate limit

Soft per-IP sliding-window: 300 req/min. The limit resets on a 60-second sliding window. /healthz and /readyz are exempt. If you hit 429, slow down or contact raffxweb3@gmail.com for a higher limit.

What about authenticated routes?

The /v1/me/*, /v1/auth/*, and webhook management endpoints require a JWT — see authentication. These are user-scoped routes (your subscriptions, your delivery history, your webhook configuration).

WebSocket stream

Sub-second push for state changes — better than polling.

API Reference

Full OpenAPI spec with try-it-now.

​Endpoints at a glance

​Read one asset’s state

​List all assets

​Asset history

​Pagination

​Errors

​CORS

​Rate limit

​What about authenticated routes?

​Next