All services on this page use the authenticated transport (auth uses the public transport for the
login endpoints only). Methods marked stream return () => void and take onEvent (+ optional onOpen / onClose / onError).
client.auth
Base auth service (all clients):
| Method | Input → Result | Notes |
|---|---|---|
me(options?) | → Me | Backend-verified caller identity: accountId, apiKeyId?, username, session assurance info. |
requestLoginNonce(smartAccountAddress, options?) | → Nonce | Single-use, ~5-minute expiry. |
profile | → ProfileService | See below. |
On PolyesterBrowserClient, auth is an AccountSignerAuthService with the managed login
flow on top:
| Member | Signature | Notes |
|---|---|---|
login(options) | { provider: "metamask" | "turnkey" | "other", loginMethod? } → LoginResult | Signs a nonce, stores the session. |
restoreSession() | → { accountId, username } | null | Restores a persisted, environment-bound session. |
refreshSession(params?) | → LoginResult | Fresh nonce + signature. |
logout() | → void | Clears state, disconnects private realtime. |
getState() | → AuthState | isAuthenticated, addresses, mainAccountId, activeAccount. |
getSessionTimeToExpiry() | → number | Milliseconds remaining. |
hydrateAuthState(data) | AuthHydrationData → void | Seed state from SSR before restoreSession. |
switchAccount(accountId) | → { accountId, isMain } | Changes the active account scope. |
createSubaccount(params) | { accountSigner, label?, walletProvider? } → { subaccountId, smartAccountSaltNonce } | |
setAccountSigner(signer) / getAccountSigner() | Swap or read the signer. | |
events | EventEmitter | authenticated, loggedOut, error, servicesReady, stateChange. |
client.auth.profile
| Method | Input → Result | Notes |
|---|---|---|
get(options?) | → Profile | Username eligibility/cooldown, socials, avatar, VIP tier. |
update(input, options?) | mutable fields → Profile | Empty string clears an optional text field. |
getUsernameHistory(options?) | → UsernameHistoryEntry[] | Newest first, ≤ 20. |
subscribeIdentity(input) | accountId → stream | Public identity updates. |
client.accounts
| Method | Input → Result | Notes |
|---|---|---|
resolve(input, options?) | query (username / id / address), includeSubaccounts? → ResolvedAccount[] | Resolves transfer destinations. |
client.subaccounts
| Method | Input → Result | Notes |
|---|---|---|
list(options?) | → { totalCreated, subaccounts } | Owned + shared. |
get(input, options?) | subaccountId → subaccount + apiKeys, policy, members, invites | Throws if missing. |
create(input, options?) | address/nonce/signature proof → CreateSubaccountResult | Browser apps: prefer auth.createSubaccount. |
update(input, options?) | subaccountId, label/status → result | |
delete(input, options?) | subaccountId → result | Soft delete. |
inviteMember(input, options?) | subaccountId, invitee, role → SubaccountInvite | |
respondInvite(input, options?) | accept/reject/cancel → SubaccountInvite | |
listInvites(input, options?) | direction filter → SubaccountInvite[] | |
listMembers(input, options?) | subaccountId → SubaccountMember[] | Owner + delegates. |
updateMemberRole(input, options?) | → result | |
setMemberMfaRequirement(input, options?) | → result | Owner-controlled MFA gate. |
listEvents(input, options?) | subaccountId, pagination → { events, nextPageToken } | Audit trail, ≤ 200/page. |
subscribe(input) | accountId → stream of subaccount updates | |
subscribeApiKeys(input) | accountId → stream of API key updates |
client.subaccounts.policies
Reusable permission templates for subaccounts.
| Method | Input → Result |
|---|---|
list(options?) | → SubaccountPolicy[] |
get(policyId, options?) | → SubaccountPolicy | null |
create(input, options?) | scopes/actions/limits (+ optional target) → SubaccountPolicy |
update(input, options?) | full replacement → SubaccountPolicy |
delete(policyId, options?) | → void (only when unused) |
apply(input, options?) | { subaccountId, policyId | null } → void |
subscribePolicies(input) | accountId → stream |
client.apiKeys
| Method | Input → Result | Notes |
|---|---|---|
generateKeypair() | → { publicKey: { hex, bytes }, secretKey: { hex, bytes } } | Local only; never sends the secret. |
create(payload, options?) | label, publicKeyEd25519 (bytes), ipWhitelist?, icon?, color?, account? → ApiKey | null | May require stepUpToken. |
list(params?, options?) | → ApiKey[] | Non-revoked, newest first. |
get(input, options?) | keyId (ak_…) → ApiKey | null | |
update(payload, options?) | keyId + metadata/status/whitelist/expiry → ApiKey | null | |
delete(input, options?) | keyId → void | Permanent revocation. |
subscribe(input) | accountId → stream of ApiKey |
client.apiKeys.policies mirrors the subaccount policies API (list / get / create / update / delete / apply) for API key policy templates.
client.balances
| Method | Input → Result | Notes |
|---|---|---|
list(input?, options?) | account? → LedgerBalance[] | Decimal strings. |
getBalanceHistory(input, options?) | time range + asset/bucket filters → BalanceHistoryResponse | Columnar. |
getEquityHistory(input, options?) | time range + grouping → EquityHistoryResponse | Columnar. |
subscribe(input) | accountId → stream of LedgerBalance |
client.mfa
| Method | Purpose |
|---|---|
listFactors(options?) | Enrolled factors + whether unused recovery codes exist. |
beginTotpEnrollment / finishTotpEnrollment | TOTP enrollment (secret + otpauth URI → verify first code → recovery codes). |
beginPasskeyEnrollment / finishPasskeyEnrollment | Passkey (WebAuthn) enrollment. |
beginChallenge(input, options?) | Start a challenge — purpose: "sessionElevation" | "freshStepUp". |
verifyTotpChallenge / finishPasskeyChallenge / verifyRecoveryCodeChallenge | Complete a challenge → { stepUpToken?, … }. |
updateFactor / deleteFactor | Relabel / remove a factor. |
regenerateRecoveryCodes(input?, options?) | Rotate recovery codes (step-up required). |
claimFreshStepUp / consumeFreshStepUp / releaseFreshStepUp | Bind, finalize, or release a step-up proof for one protected request. |
See Error handling for the step-up retry pattern.
client.addressBook
| Method | Purpose |
|---|---|
listBooks(options?) | Root/subaccount books visible to the caller. |
listEntries / createEntry / updateEntry / deleteEntry / copyEntry | Saved destination CRUD (+ copy across books). |
createTag / updateTag / deleteTag | Organizational tags. |
listTransferCounterparties(input?, options?) | Recent counterparties incl. unsaved ones. |
listTransferDestinations(input?, options?) | Saved + whitelisted destinations for transfer flows. |
listInternalTransferWhitelistEntries(input?, options?) | Internal-transfer whitelist with resolution status. |
getWithdrawWhitelistView(input?, options?) | Withdrawal whitelist requirements + mirrored entries. |
getView(input?, options?) | Composite dashboard view in one call. |
subscribeViewInvalidations(input) | stream — signals to refetch getView. |
client.socialVerification
| Method | Purpose |
|---|---|
start(input, options?) | Begin provider verification → poly_… challenge code (~15 min). |
markReady(input, options?) | Queue the provider check once the code is placed. |
get(input, options?) | Current status, attempts, last error. |
client.guardSigner
Backend guard wallets that co-sign protected account actions.
| Method | Purpose |
|---|---|
createWallet(input?, options?) | Create the guard wallet → signer EVM address. |
getStatus(input?, options?) | Stored/live status, null if absent. |
signProtectedAction(input, options?) | One approval signature. |
batchSignProtectedActions(input, options?) | Ordered approvals for a batch. |
rotateWallet(input?, options?) | Replacement wallet + rotation approval. |
exportWallet(input?, options?) | Export key material (owner authorization + fresh step-up). |
client.whiteboard
Collaborative whiteboards: create, get, list, update, updateAcl, archive, and mintJoinToken (string shorthand accepted where an id is the only field).